From 61ed3ae6c8569b350f26dfdeb0864e6e68716b24 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 11 May 2026 07:03:04 +0000
Subject: [PATCH] Tighten tptp filename checks and rename output buffer
 constant

Agent-Logs-Url: https://github.com/Z3Prover/z3/sessions/dc1d46fc-4b6c-4f64-91a0-9fb57c73c166

Co-authored-by: NikolajBjorner <3085284+NikolajBjorner@users.noreply.github.com>
---
 src/test/tptp.cpp | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/test/tptp.cpp b/src/test/tptp.cpp
index 06d00c704..7d9daa85f 100644
--- a/src/test/tptp.cpp
+++ b/src/test/tptp.cpp
@@ -22,11 +22,15 @@ struct tptp_case {
     char const* expected_status;
 };
 
-constexpr unsigned tptp_buffer_size = 4096;
+constexpr unsigned command_output_buffer_size = 4096;
 
 static bool is_safe_file_name(char const* s) {
     if (!s || !*s)
         return false;
+    if (s[0] == '-' || s[0] == '.')
+        return false;
+    if (std::string(s).find('/') != std::string::npos || std::string(s).find('\\') != std::string::npos)
+        return false;
     if (std::string(s).find("..") != std::string::npos)
         return false;
     while (*s) {
@@ -52,7 +56,7 @@ static std::string run_tptp(char const* file) {
         ENSURE(false);
     }
     std::string out;
-    char buffer[tptp_buffer_size];
+    char buffer[command_output_buffer_size];
     while (fgets(buffer, sizeof(buffer), pipe))
         out += buffer;
     int code = Z3_PCLOSE(pipe);