SBCL

make-pathname fails to sanitize :directory string components

Bug #1278207 reported by Faré on 2014-02-09

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	SBCL	New	Undecided	Unassigned

Bug Description

(pathname-directory (make-pathname :directory "../../a/b/c/"))
(:ABSOLUTE "../../a/b/c/")

(namestring (make-pathname :directory "../../a/b/c/"))
"/../../a/b/c//"

I contend SBCL should throw an error instead.

Revision history for this message

Richard M Kreuter (kreuter) wrote on 2020-08-29:

I'll add that the sanitization problem exists for other component parameters than :DIRECTORY:

--
* (make-pathname :name "a/b")
#P"a/b"
* (namestring (make-pathname :name "a/b"))
"a/b"
--

And it exists for characters other than slash, e.g.,

--
(let* ((string (make-array 3 :element-type 'character
                           :initial-contents '(#\a #\nul #\b)))
       (pathname (make-pathname :name string :defaults #p"/tmp/foo.lisp")))
  (with-open-file (file pathname :direction :output :if-exists :supersede)
    (write-line "foo" file)
    (close file)
    (probe-file file)))
#P"/tmp/a"
--

While I'm at it, PARSE-NAMESTRING also doesn't catch #\NUL:

--
* (parse-namestring (coerce '(#\a #\nul #\b) 'string))
#P"a^@b" ;; that's a rendering, it's actually "a\0b"
3
--

I'd bet, but haven't investigated, that PATTERNs don't get sanitized either, and there might be observable anomalies that could result.

Reproduced under SBCL 2.0.0.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.