Author: Jan Svoboda Date: 2026-01-06T10:34:38-08:00 New Revision: 128cc16c2588472df1b20878fba5facb04da6157
URL: https://github.com/llvm/llvm-project/commit/128cc16c2588472df1b20878fba5facb04da6157 DIFF: https://github.com/llvm/llvm-project/commit/128cc16c2588472df1b20878fba5facb04da6157.diff LOG: [clang] Bypass sandbox in the rewriter (#174496) Clang's rewriter currently violates the IO sandbox due to a call to `llvm::writeToOutput()`. Since the "blessed" `llvm::vfs::OutputBackend` isn't easily available in that particular spot, this PR instead disables the sandbox and leaves a FIXME behind. Added: Modified: clang/lib/Rewrite/Rewriter.cpp Removed: ################################################################################ diff --git a/clang/lib/Rewrite/Rewriter.cpp b/clang/lib/Rewrite/Rewriter.cpp index ae21a10f81c35..a06fefaa5f188 100644 --- a/clang/lib/Rewrite/Rewriter.cpp +++ b/clang/lib/Rewrite/Rewriter.cpp @@ -22,6 +22,7 @@ #include "llvm/ADT/SmallVector.h" #include "llvm/ADT/StringRef.h" #include "llvm/Support/Error.h" +#include "llvm/Support/IOSandbox.h" #include "llvm/Support/raw_ostream.h" #include <cassert> #include <iterator> @@ -320,6 +321,8 @@ bool Rewriter::overwriteChangedFiles() { OptionalFileEntryRef Entry = getSourceMgr().getFileEntryRefForID(I->first); llvm::SmallString<128> Path(Entry->getName()); getSourceMgr().getFileManager().makeAbsolutePath(Path); + // FIXME(sandboxing): Remove this by adopting `llvm::vfs::OutputBackend`. + auto BypassSandbox = llvm::sys::sandbox::scopedDisable(); if (auto Error = llvm::writeToOutput(Path, [&](llvm::raw_ostream &OS) { I->second.write(OS); return llvm::Error::success(); _______________________________________________ cfe-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
