diff --git a/Ghidra/Features/Base/src/main/java/ghidra/app/util/bin/format/dwarf/external/BuildIdDebugFileProvider.java b/Ghidra/Features/Base/src/main/java/ghidra/app/util/bin/format/dwarf/external/BuildIdDebugFileProvider.java index fb7928cdf2..9ac09b506d 100644 --- a/Ghidra/Features/Base/src/main/java/ghidra/app/util/bin/format/dwarf/external/BuildIdDebugFileProvider.java +++ b/Ghidra/Features/Base/src/main/java/ghidra/app/util/bin/format/dwarf/external/BuildIdDebugFileProvider.java @@ -95,6 +95,9 @@ public class BuildIdDebugFileProvider implements DebugFileProvider { } File bucketDir = new File(rootDir, buildId.substring(0, 2)); File file = new File(bucketDir, buildId.substring(2) + ".debug"); + if (!rootDir.equals(bucketDir.getParentFile()) || !bucketDir.equals(file.getParentFile())) { + throw new IOException("Bad buildid: " + buildId); + } return file.isFile() ? file : null; } diff --git a/Ghidra/Features/Base/src/main/java/ghidra/app/util/bin/format/dwarf/external/LocalDirDebugInfoDProvider.java b/Ghidra/Features/Base/src/main/java/ghidra/app/util/bin/format/dwarf/external/LocalDirDebugInfoDProvider.java index 6a2054678c..1f2b457ddd 100644 --- a/Ghidra/Features/Base/src/main/java/ghidra/app/util/bin/format/dwarf/external/LocalDirDebugInfoDProvider.java +++ b/Ghidra/Features/Base/src/main/java/ghidra/app/util/bin/format/dwarf/external/LocalDirDebugInfoDProvider.java @@ -167,11 +167,15 @@ public class LocalDirDebugInfoDProvider implements DebugFileStorage { return null; } - private File getBuildidDir(String buildId) { - return new File(rootDir, buildId); + private File getBuildidDir(String buildId) throws IOException { + File dir = new File(rootDir, buildId); + if (rootDir.equals(dir.getParentFile())) { + throw new IOException("Bad buildid value: " + buildId); + } + return dir; } - private File getCachePath(ExternalDebugInfo id) { + private File getCachePath(ExternalDebugInfo id) throws IOException { String suffix = ""; if (id.getObjectType() == ObjectType.SOURCE) { suffix = "-" + escapePath(Objects.requireNonNullElse(id.getExtra(), ""));