[glib: 1/2] glib: fix buffer overflow in g_canonicalize_filename()

[Philip Withnall <pwithnall src gnome org>]

commit 56e87ae1b5ab3ae5f2dcd7f16799aa69898b40f4
Author: Marc-André Lureau <marcandre lureau gmail com>
Date:   Fri Mar 4 20:16:29 2022 +0000

    glib: fix buffer overflow in g_canonicalize_filename()
    
    The output pointer must not go past the ending \0.
    
    warning: HEAP[testglib.exe]:
    warning: Heap block at 0000011EA35745A0 modified at 0000011EA35745BF past requested size of f
    
    Fixes commit 9a30a495ec3 "gfileutils: Improve performance of g_canonicalize_filename()"
    
    Signed-off-by: Marc-André Lureau <marcandre lureau redhat com>

 glib/gfileutils.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)
---
diff --git a/glib/gfileutils.c b/glib/gfileutils.c
index dbbd12011..8681b1326 100644
--- a/glib/gfileutils.c
+++ b/glib/gfileutils.c
@@ -2754,8 +2754,12 @@ g_canonicalize_filename (const gchar *filename,
     *output = G_DIR_SEPARATOR;
 
   /* 1 to re-increment after the final decrement above (so that output >= canon),
-   * and 1 to skip the first `/` */
-  output += 2;
+   * and 1 to skip the first `/`. There might not be a first `/` if
+   * the @canon is a Windows `//server/share` style path with no
+   * trailing directories. @after_root will be '\0' in that case. */
+  output++;
+  if (*output == G_DIR_SEPARATOR)
+    output++;
 
   /* POSIX allows double slashes at the start to mean something special
    * (as does windows too). So, "//" != "/", but more than two slashes