[clang] a698f7e - [clang] Prevent sandbox violations in `CrossTranslationUnitContext` (#175097)

Mon, 12 Jan 2026 08:12:52 -0800 

Author: Jan Svoboda
Date: 2026-01-12T08:12:41-08:00
New Revision: a698f7ebdf3bac1abc1a176ffc886b940f64b237

URL: 
https://github.com/llvm/llvm-project/commit/a698f7ebdf3bac1abc1a176ffc886b940f64b237
DIFF: 
https://github.com/llvm/llvm-project/commit/a698f7ebdf3bac1abc1a176ffc886b940f64b237.diff

LOG: [clang] Prevent sandbox violations in `CrossTranslationUnitContext` 
(#175097)

This uses the VFS to load a file instead of using
`MemoryBuffer::getBufferForFile()` directly to avoid sandbox violation.
Sandbox is then disabled for `CreateASTUnitFromCommandLine()` which
invokes the driver which is not expected to be free of sandbox
violations.

Added: 
    

Modified: 
    clang/lib/CrossTU/CrossTranslationUnit.cpp

Removed: 
    


################################################################################
diff  --git a/clang/lib/CrossTU/CrossTranslationUnit.cpp 
b/clang/lib/CrossTU/CrossTranslationUnit.cpp
index a3fc2cf6bfb3c..7496deb74cb67 100644
--- a/clang/lib/CrossTU/CrossTranslationUnit.cpp
+++ b/clang/lib/CrossTU/CrossTranslationUnit.cpp
@@ -24,6 +24,7 @@
 #include "llvm/ADT/Statistic.h"
 #include "llvm/Option/ArgList.h"
 #include "llvm/Support/ErrorHandling.h"
+#include "llvm/Support/IOSandbox.h"
 #include "llvm/Support/ManagedStatic.h"
 #include "llvm/Support/Path.h"
 #include "llvm/Support/YAMLParser.h"
@@ -620,6 +621,8 @@ CrossTranslationUnitContext::ASTLoader::loadFromSource(
   auto Diags = llvm::makeIntrusiveRefCnt<DiagnosticsEngine>(DiagID, *DiagOpts,
                                                             DiagClient);
 
+  // This runs the driver which isn't expected to be free of sandbox 
violations.
+  auto BypassSandbox = llvm::sys::sandbox::scopedDisable();
   return CreateASTUnitFromCommandLine(
       CommandLineArgs.begin(), (CommandLineArgs.end()),
       CI.getPCHContainerOperations(), DiagOpts, Diags,
@@ -710,7 +713,7 @@ llvm::Error 
CrossTranslationUnitContext::ASTLoader::lazyInitInvocationList() {
     return llvm::make_error<IndexError>(PreviousParsingResult);
 
   llvm::ErrorOr<std::unique_ptr<llvm::MemoryBuffer>> FileContent =
-      llvm::MemoryBuffer::getFile(InvocationListFilePath);
+      CI.getVirtualFileSystem().getBufferForFile(InvocationListFilePath);
   if (!FileContent) {
     PreviousParsingResult = index_error_code::invocation_list_file_not_found;
     return llvm::make_error<IndexError>(PreviousParsingResult);


        
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Reply via email to