about summary refs log tree commit diff
path: root/tvix/castore
diff options
context:
space:
mode:
Diffstat (limited to 'tvix/castore')
-rw-r--r--tvix/castore/src/import/mod.rs11
1 files changed, 10 insertions, 1 deletions
diff --git a/tvix/castore/src/import/mod.rs b/tvix/castore/src/import/mod.rs
index d2b1ee9ff70f..ff27c0fcfd2b 100644
--- a/tvix/castore/src/import/mod.rs
+++ b/tvix/castore/src/import/mod.rs
@@ -40,7 +40,8 @@ pub mod fs;
 /// The stream must have the following invariants:
 /// - All children entries must come before their parents.
 /// - The last entry must be the root node which must have a single path component.
-/// - Every entry should have a unique path.
+/// - Every entry should have a unique path, and only consist of normal components.
+///   This means, no windows path prefixes, absolute paths, `.` or `..`.
 ///
 /// Internally we maintain a [HashMap] of [PathBuf] to partially populated [Directory] at that
 /// path. Once we receive an [IngestionEntry] for the directory itself, we remove it from the
@@ -65,6 +66,14 @@ where
             // we break the loop manually.
             .expect("Tvix bug: unexpected end of stream")?;
 
+        debug_assert!(
+            entry
+                .path()
+                .components()
+                .all(|x| matches!(x, std::path::Component::Normal(_))),
+            "path may only contain normal components"
+        );
+
         let name = entry
             .path()
             .file_name()