[glib/glib-2-70: 1/2] glib: fix buffer overflow in g_canonicalize_filename()

[Sebastian Dröge <sdroege src gnome org>]

commit 6c60b12b3e487c205f41ad481f2dc075d2d05859
Author: Marc-André Lureau <marcandre lureau redhat com>
Date:   Fri Jan 21 12:59:23 2022 +0400

    glib: fix buffer overflow in g_canonicalize_filename()
    
    The output pointer must not go past the ending \0.
    
    warning: HEAP[testglib.exe]:
    warning: Heap block at 0000011EA35745A0 modified at 0000011EA35745BF past requested size of f
    
    Fixes commit 9a30a495ec3 "gfileutils: Improve performance of g_canonicalize_filename()"
    
    Signed-off-by: Marc-André Lureau <marcandre lureau redhat com>

 glib/gfileutils.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)
---
diff --git a/glib/gfileutils.c b/glib/gfileutils.c
index 66a558e40..9ef473101 100644
--- a/glib/gfileutils.c
+++ b/glib/gfileutils.c
@@ -2754,8 +2754,12 @@ g_canonicalize_filename (const gchar *filename,
     *output = G_DIR_SEPARATOR;
 
   /* 1 to re-increment after the final decrement above (so that output >= canon),
-   * and 1 to skip the first `/` */
-  output += 2;
+   * and 1 to skip the first `/`. There might not be a first `/` if
+   * the @canon is a Windows `//server/share` style path with no
+   * trailing directories. @after_root will be '\0' in that case. */
+  output++;
+  if (*output == G_DIR_SEPARATOR)
+    output++;
 
   /* POSIX allows double slashes at the start to mean something special
    * (as does windows too). So, "//" != "/", but more than two slashes