From 449a48b006fee82a406cd7be8cd4dcc40a9d393a Mon Sep 17 00:00:00 2001
From: Nicolas Stucki <nicolas.stucki@gmail.com>
Date: Wed, 25 Oct 2023 17:07:41 +0200
Subject: [PATCH] Only allow characters and numbers in attributes

---
 compiler/src/dotty/tools/dotc/core/tasty/AttributePickler.scala | 1 +
 .../src/dotty/tools/dotc/core/tasty/AttributeUnpickler.scala    | 1 +
 tasty/src/dotty/tools/tasty/TastyFormat.scala                   | 2 +-
 3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/compiler/src/dotty/tools/dotc/core/tasty/AttributePickler.scala b/compiler/src/dotty/tools/dotc/core/tasty/AttributePickler.scala
index e948d8bb5fef..af2b2e4759ff 100644
--- a/compiler/src/dotty/tools/dotc/core/tasty/AttributePickler.scala
+++ b/compiler/src/dotty/tools/dotc/core/tasty/AttributePickler.scala
@@ -18,6 +18,7 @@ object AttributePickler:
         for attribute <- attributes do
           val bytes = attribute.getBytes(StandardCharsets.UTF_8).nn
           val length = bytes.length
+          assert("[a-zA-Z0-9]+".r.matches(attribute), "Malformed attribute. Attribute must match [a-zA-Z0-9]+")
           buf.writeNat(length)
           buf.writeBytes(bytes, length)
   end pickleAttributes
diff --git a/compiler/src/dotty/tools/dotc/core/tasty/AttributeUnpickler.scala b/compiler/src/dotty/tools/dotc/core/tasty/AttributeUnpickler.scala
index 37a7970e5018..6ed120119d58 100644
--- a/compiler/src/dotty/tools/dotc/core/tasty/AttributeUnpickler.scala
+++ b/compiler/src/dotty/tools/dotc/core/tasty/AttributeUnpickler.scala
@@ -16,6 +16,7 @@ class AttributeUnpickler(reader: TastyReader):
       val length = readNat()
       val bytes = readBytes(length)
       val attribute = new String(bytes, StandardCharsets.UTF_8)
+      assert("[a-zA-Z0-9]+".r.matches(attribute), "Malformed attribute. Attribute must match [a-zA-Z0-9]+")
       attributesBuilder += attribute
     }
     attributesBuilder.result()
diff --git a/tasty/src/dotty/tools/tasty/TastyFormat.scala b/tasty/src/dotty/tools/tasty/TastyFormat.scala
index ae8b4dfd8f2d..0b33a0810a5c 100644
--- a/tasty/src/dotty/tools/tasty/TastyFormat.scala
+++ b/tasty/src/dotty/tools/tasty/TastyFormat.scala
@@ -268,7 +268,7 @@ Standard Section: "Comments" Comment*
   Comment       = Length Bytes LongInt      // Raw comment's bytes encoded as UTF-8, followed by the comment's coordinates.
 ```
 
-Standard Section: "Attributes" UTF8*
+Standard Section: "Attributes" UTF8* // attributes match the regex [a-zA-Z0-9]+
 
 **************************************************************************************/