Commit 71572bca authored by fendor's avatar fendor
Browse files

Read file contents strictly to avoid resource exhaustion

parent 4aad1823
...@@ -21,10 +21,12 @@ module Distribution.Client.Init.Heuristics ( ...@@ -21,10 +21,12 @@ module Distribution.Client.Init.Heuristics (
) where ) where
import Prelude () import Prelude ()
import qualified Data.ByteString as BS
import Distribution.Client.Compat.Prelude import Distribution.Client.Compat.Prelude
import Distribution.Utils.Generic (safeHead, safeTail, safeLast) import Distribution.Utils.Generic (safeHead, safeTail, safeLast)
import Distribution.Simple.Setup (Flag(..), flagToMaybe) import Distribution.Simple.Setup (Flag(..), flagToMaybe)
import Distribution.Simple.Utils (fromUTF8BS)
import Distribution.ModuleName import Distribution.ModuleName
( ModuleName, toFilePath ) ( ModuleName, toFilePath )
import qualified Distribution.Package as P import qualified Distribution.Package as P
...@@ -156,9 +158,11 @@ scanForModulesIn projectRoot srcRoot = scan srcRoot [] ...@@ -156,9 +158,11 @@ scanForModulesIn projectRoot srcRoot = scan srcRoot []
ignoreDir ('.':_) = True ignoreDir ('.':_) = True
ignoreDir dir = dir `elem` ["dist", "_darcs"] ignoreDir dir = dir `elem` ["dist", "_darcs"]
-- | Read the contents of the handle and parse for Language pragmas
-- and other module names that might be part of this project.
findImportsAndExts :: FilePath -> SourceFileEntry -> IO SourceFileEntry findImportsAndExts :: FilePath -> SourceFileEntry -> IO SourceFileEntry
findImportsAndExts projectRoot sf = do findImportsAndExts projectRoot sf = do
s <- readFile (sfToFileName projectRoot sf) s <- fromUTF8BS <$> BS.readFile (sfToFileName projectRoot sf)
let modules = mapMaybe let modules = mapMaybe
( getModName ( getModName
......
synopsis: Avoid resource exhaustion in `cabal init`
packages: cabal-install
prs: #7283
issues: #5115
description: {
- Read file contents strictly to avoid resource exhaustion in `cabal init`.
- Ignore UTF-8 decoding errors.
}
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment