Bug 1078640: Sanitize path used to load XPCOM on OSX. r=smichaud
authorStephen Pohl <spohl.mozilla.bugs@gmail.com>
Tue, 07 Oct 2014 09:33:09 -0400
changeset 209159 5884c9f92f3d4e8503f02319c9bf6472185530d9
parent 209158 f1a21d8fcdd0835000b68264a1c530b2d84d9448
child 209160 9e7dff9e44045775d6e852d4d249346dc2290aa9
push id1
push userroot
push dateMon, 20 Oct 2014 17:29:22 +0000
reviewerssmichaud
bugs1078640
milestone35.0a1
Bug 1078640: Sanitize path used to load XPCOM on OSX. r=smichaud
xpcom/build/BinaryPath.h
--- a/xpcom/build/BinaryPath.h
+++ b/xpcom/build/BinaryPath.h
@@ -51,23 +51,39 @@ private:
       return NS_ERROR_FAILURE;
     }
 
     CFURLRef executableURL = CFBundleCopyExecutableURL(appBundle);
     if (!executableURL) {
       return NS_ERROR_FAILURE;
     }
 
+    UInt8 tempBuffer[MAXPATHLEN];
     nsresult rv;
-    if (CFURLGetFileSystemRepresentation(executableURL, false, (UInt8*)aResult,
+    if (CFURLGetFileSystemRepresentation(executableURL, false, tempBuffer,
                                          MAXPATHLEN)) {
       rv = NS_OK;
     } else {
       rv = NS_ERROR_FAILURE;
     }
+
+    // Sanitize path in case the app was launched from Terminal via './firefox'
+    // for example.
+    size_t readPos = 0;
+    size_t writePos = 0;
+    while (tempBuffer[readPos] != '\0') {
+      if (tempBuffer[readPos] == '.' && tempBuffer[readPos + 1] == '/') {
+        readPos += 2;
+      }
+      aResult[writePos] = tempBuffer[readPos];
+      readPos++;
+      writePos++;
+    }
+    aResult[writePos] = '\0';
+
     CFRelease(executableURL);
     return rv;
   }
 
 #elif defined(ANDROID)
   static nsresult Get(const char* argv0, char aResult[MAXPATHLEN])
   {
     // On Android, we use the GRE_HOME variable that is set by the Java