1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2025-01-10 01:17:44 +03:00

meson: use better shellscript argument passing

Passing potentially arbitrary data into a shellscript is potentially
very broken if you do not correctly quote it for use. This quoting must
be done as part of the interpretation of the data itself, e.g. python's
shlex.quote; simply formatting it into a string with double quotes is
NOT sufficient.

An alternative is to communicate the data reliably via argv to the shell
process, and allow the shell to internally handle it via `"$1"`, which
is quote-safe and will expand the data from argv as a single tokenized
word.
This commit is contained in:
Eli Schwartz 2022-05-15 11:11:24 -04:00 committed by Yu Watanabe
parent 63d08a8571
commit ac3eda3489
2 changed files with 2 additions and 3 deletions

View File

@ -669,8 +669,7 @@ gperf_test_format = '''
const char * in_word_set(const char *, @0@);
@1@
'''
gperf_snippet_format = 'echo foo,bar | @0@ -L ANSI-C'
gperf_snippet = run_command(sh, '-c', gperf_snippet_format.format(gperf.path()),
gperf_snippet = run_command(sh, '-c', 'echo foo,bar | "$1" -L ANSI-C', '_', gperf,
check : true)
gperf_test = gperf_test_format.format('size_t', gperf_snippet.stdout())
if cc.compiles(gperf_test)

View File

@ -183,7 +183,7 @@ if want_tests != 'false' and dmi_arches.contains(host_machine.cpu_family())
check: true)
else
out = run_command(
sh, '-c', 'cd "@0@"; echo test/dmidecode-dumps/*.bin'.format(project_source_root),
sh, '-c', 'cd "$1"; echo test/dmidecode-dumps/*.bin', '_', project_source_root,
check: true)
endif