Bug 1078640: Sanitize path used to load XPCOM on OSX. r=smichaud
authorStephen Pohl <spohl.mozilla.bugs@gmail.com>
Tue, 07 Oct 2014 09:33:09 -0400
changeset 233694 5884c9f92f3d4e8503f02319c9bf6472185530d9
parent 233693 f1a21d8fcdd0835000b68264a1c530b2d84d9448
child 233695 9e7dff9e44045775d6e852d4d249346dc2290aa9
push id611
push userraliiev@mozilla.com
push dateMon, 05 Jan 2015 23:23:16 +0000
treeherdermozilla-release@345cd3b9c445 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssmichaud
bugs1078640
milestone35.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1078640: Sanitize path used to load XPCOM on OSX. r=smichaud
xpcom/build/BinaryPath.h
--- a/xpcom/build/BinaryPath.h
+++ b/xpcom/build/BinaryPath.h
@@ -51,23 +51,39 @@ private:
       return NS_ERROR_FAILURE;
     }
 
     CFURLRef executableURL = CFBundleCopyExecutableURL(appBundle);
     if (!executableURL) {
       return NS_ERROR_FAILURE;
     }
 
+    UInt8 tempBuffer[MAXPATHLEN];
     nsresult rv;
-    if (CFURLGetFileSystemRepresentation(executableURL, false, (UInt8*)aResult,
+    if (CFURLGetFileSystemRepresentation(executableURL, false, tempBuffer,
                                          MAXPATHLEN)) {
       rv = NS_OK;
     } else {
       rv = NS_ERROR_FAILURE;
     }
+
+    // Sanitize path in case the app was launched from Terminal via './firefox'
+    // for example.
+    size_t readPos = 0;
+    size_t writePos = 0;
+    while (tempBuffer[readPos] != '\0') {
+      if (tempBuffer[readPos] == '.' && tempBuffer[readPos + 1] == '/') {
+        readPos += 2;
+      }
+      aResult[writePos] = tempBuffer[readPos];
+      readPos++;
+      writePos++;
+    }
+    aResult[writePos] = '\0';
+
     CFRelease(executableURL);
     return rv;
   }
 
 #elif defined(ANDROID)
   static nsresult Get(const char* argv0, char aResult[MAXPATHLEN])
   {
     // On Android, we use the GRE_HOME variable that is set by the Java