From: Eli Schwartz Date: Sun, 15 May 2022 15:11:24 +0000 (-0400) Subject: meson: use better shellscript argument passing X-Git-Tag: v251~34 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ac3eda348952687bf2cd9efca86edd77bd7ee52b;p=thirdparty%2Fsystemd.git meson: use better shellscript argument passing Passing potentially arbitrary data into a shellscript is potentially very broken if you do not correctly quote it for use. This quoting must be done as part of the interpretation of the data itself, e.g. python's shlex.quote; simply formatting it into a string with double quotes is NOT sufficient. An alternative is to communicate the data reliably via argv to the shell process, and allow the shell to internally handle it via `"$1"`, which is quote-safe and will expand the data from argv as a single tokenized word. --- diff --git a/meson.build b/meson.build index dfe1ff17b33..60e646ec9fb 100644 --- a/meson.build +++ b/meson.build @@ -669,8 +669,7 @@ gperf_test_format = ''' const char * in_word_set(const char *, @0@); @1@ ''' -gperf_snippet_format = 'echo foo,bar | @0@ -L ANSI-C' -gperf_snippet = run_command(sh, '-c', gperf_snippet_format.format(gperf.path()), +gperf_snippet = run_command(sh, '-c', 'echo foo,bar | "$1" -L ANSI-C', '_', gperf, check : true) gperf_test = gperf_test_format.format('size_t', gperf_snippet.stdout()) if cc.compiles(gperf_test) diff --git a/test/meson.build b/test/meson.build index f2e4ee09673..d4e1e3088d1 100644 --- a/test/meson.build +++ b/test/meson.build @@ -183,7 +183,7 @@ if want_tests != 'false' and dmi_arches.contains(host_machine.cpu_family()) check: true) else out = run_command( - sh, '-c', 'cd "@0@"; echo test/dmidecode-dumps/*.bin'.format(project_source_root), + sh, '-c', 'cd "$1"; echo test/dmidecode-dumps/*.bin', '_', project_source_root, check: true) endif