cmd/cover: error out if a requested source file contains a newline

cmd/cover uses '//line' directives to map instrumented source files
back to the original source file and line numbers.
Line directives have no way to escape newline characters, so cmd/cover
must not be used with source file paths that contain such characters.

Updates #60167.

Change-Id: I6dc039392d59fc3a5a6121ef6ca97b0ab0da5288
Reviewed-on: https://go-review.googlesource.com/c/go/+/501577
Auto-Submit: Bryan Mills <bcmills@google.com>
Run-TryBot: Bryan Mills <bcmills@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>

diff --git a/src/cmd/cover/cover.go b/src/cmd/cover/cover.go
index b86d777ffe43485805ae318c6a451431c1c55853..ea6562c9999553e3aff770fe0d73c2c9a93c3197 100644 (file)
--- a/src/cmd/cover/cover.go
+++ b/src/cmd/cover/cover.go
@@ -577,6 +577,11 @@ func annotate(names []string) {
        }
        // TODO: process files in parallel here if it matters.
        for k, name := range names {
+               if strings.ContainsAny(name, "\r\n") {
+                       // annotateFile uses '//line' directives, which don't permit newlines.
+                       log.Fatalf("cover: input path contains newline character: %q", name)
+               }
+
                fd := os.Stdout
                isStdout := true
                if *pkgcfg != "" {
@@ -660,6 +665,11 @@ func (p *Package) annotateFile(name string, fd io.Writer) {
        }
        newContent := file.edit.Bytes()
 
+       if strings.ContainsAny(name, "\r\n") {
+               // This should have been checked by the caller already, but we double check
+               // here just to be sure we haven't missed a caller somewhere.
+               panic(fmt.Sprintf("annotateFile: name contains unexpected newline character: %q", name))
+       }
        fmt.Fprintf(fd, "//line %s:1:1\n", name)
        fd.Write(newContent)
 

diff --git a/src/cmd/cover/cover_test.go b/src/cmd/cover/cover_test.go
index 1292bbbf1fa5fd0459a8bd76342e263bcf403e24..7bfe2d072830483ba66d9c9da8a1d5868fb1e9a8 100644 (file)
--- a/src/cmd/cover/cover_test.go
+++ b/src/cmd/cover/cover_test.go
@@ -616,3 +616,34 @@ func TestCoverage(t *testing.T) { }
        cmd.Dir = noeolDir
        run(cmd, t)
 }
+
+func TestSrcPathWithNewline(t *testing.T) {
+       testenv.MustHaveExec(t)
+       t.Parallel()
+
+       // srcPath is intentionally not clean so that the path passed to testcover
+       // will not normalize the trailing / to a \ on Windows.
+       srcPath := t.TempDir() + string(filepath.Separator) + "\npackage main\nfunc main() { panic(string([]rune{'u', 'h', '-', 'o', 'h'}))\n/*/main.go"
+       mainSrc := ` package main
+
+func main() {
+       /* nothing here */
+       println("ok")
+}
+`
+       if err := os.MkdirAll(filepath.Dir(srcPath), 0777); err != nil {
+               t.Skipf("creating directory with bogus path: %v", err)
+       }
+       if err := os.WriteFile(srcPath, []byte(mainSrc), 0666); err != nil {
+               t.Skipf("writing file with bogus directory: %v", err)
+       }
+
+       cmd := testenv.Command(t, testcover(t), "-mode=atomic", srcPath)
+       cmd.Stderr = new(bytes.Buffer)
+       out, err := cmd.Output()
+       t.Logf("%v:\n%s", cmd, out)
+       t.Logf("stderr:\n%s", cmd.Stderr)
+       if err == nil {
+               t.Errorf("unexpected success; want failure due to newline in file path")
+       }
+}