[libsoup] Fix out-of-bounds read in URI parsing

[Dan Winship <danw src gnome org>]

commit 7aa41c2f6b2b159a2503cf02dc203cbf1493c4b7
Author: Dan Winship <danw gnome org>
Date:   Mon Aug 7 09:59:49 2017 -0400

    Fix out-of-bounds read in URI parsing
    
    https://bugzilla.gnome.org/show_bug.cgi?id=785042

 libsoup/soup-uri.c  |    2 +-
 tests/uri-parsing.c |    6 +++++-
 2 files changed, 6 insertions(+), 2 deletions(-)
---
diff --git a/libsoup/soup-uri.c b/libsoup/soup-uri.c
index 3eafd87..32ade29 100644
--- a/libsoup/soup-uri.c
+++ b/libsoup/soup-uri.c
@@ -453,7 +453,7 @@ soup_uri_new_with_base (SoupURI *base, const char *uri_string)
                }
                /* Remove "<segment>/.." at end where <segment> != ".." */
                q = strrchr (uri->path, '/');
-               if (q && !strcmp (q, "/..")) {
+               if (q && q != uri->path && !strcmp (q, "/..")) {
                        p = q - 1;
                        while (p > uri->path && *p != '/')
                                p--;
diff --git a/tests/uri-parsing.c b/tests/uri-parsing.c
index ba3b129..85f09b9 100644
--- a/tests/uri-parsing.c
+++ b/tests/uri-parsing.c
@@ -151,7 +151,11 @@ static struct {
        { "http://[fe80::dead:beef%25em1]/";, "http://[fe80::dead:beef%25em1]/";, NULL,
          { "http", NULL, NULL, "fe80::dead:beef%em1", 80, "/", NULL, NULL } },
        { "http://[fe80::dead:beef%10]/";, "http://[fe80::dead:beef%2510]/";, NULL,
-         { "http", NULL, NULL, "fe80::dead:beef%10", 80, "/", NULL, NULL } }
+         { "http", NULL, NULL, "fe80::dead:beef%10", 80, "/", NULL, NULL } },
+
+       /* ".." past top */
+       { "http://example.com/..";, "http://example.com/";, "785042",
+         { "http", NULL, NULL, "example.com", 80, "/", NULL, NULL } },
 };
 static int num_abs_tests = G_N_ELEMENTS(abs_tests);