From 894ff1e62905abe03420bf510704e58a3b3f6e19 Mon Sep 17 00:00:00 2001
From: Matthias Klumpp <matthias@tenstral.net>
Date: Sun, 7 Jan 2018 18:24:39 +0100
Subject: [PATCH] Ensure subproject_dir is a string and doesn't contain ".."
 segments

This is important so people can not trick Meson to select a
subproject_dir that is not in the project's source directory.
It also ensures a string is used for the path.
---
 mesonbuild/interpreter.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/mesonbuild/interpreter.py b/mesonbuild/interpreter.py
index f47291016..48b8d8277 100644
--- a/mesonbuild/interpreter.py
+++ b/mesonbuild/interpreter.py
@@ -1883,10 +1883,14 @@ to directly access options of other subprojects.''')
             raise InvalidCode('Second call to project().')
         if not self.is_subproject() and 'subproject_dir' in kwargs:
             spdirname = kwargs['subproject_dir']
+            if not isinstance(spdirname, str):
+                raise InterpreterException('Subproject_dir must be a string')
             if os.path.isabs(spdirname):
                 raise InterpreterException('Subproject_dir must not be an absolute path.')
             if spdirname.startswith('.'):
                 raise InterpreterException('Subproject_dir must not begin with a period.')
+            if '..' in spdirname:
+                raise InterpreterException('Subproject_dir must not contain a ".." segment.')
             self.subproject_dir = spdirname
 
         if 'meson_version' in kwargs: