From 60e890e8b85f111e1c8ca5cc86c160420e0e7366 Mon Sep 17 00:00:00 2001
From: deuce <>
Date: Sat, 10 Feb 2018 08:20:40 +0000
Subject: [PATCH] Fix memory clobbering bug in _fullpath()...

If part of the path were removed (ie: "//", "/./", or "/../"), it's possible
that the outer loop would extend past the string into uninitialized memory
where it could potentially corrupt things.

This was HIGHLY unlikely as it would stop at the first '/' and only corrupt
memory in the presence of the previously mentioned patterns.
---
 src/xpdev/dirwrap.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/xpdev/dirwrap.c b/src/xpdev/dirwrap.c
index aed79886b3..26df7d5528 100644
--- a/src/xpdev/dirwrap.c
+++ b/src/xpdev/dirwrap.c
@@ -968,8 +968,8 @@ char * DLLCALL _fullpath(char *target, const char *path, size_t size)  {
 	if(sb.st_mode&S_IFDIR)
 		strcat(target,"/"); */
 
-	for(;*out;out++)  {
-		while(*out=='/')  {
+	for(;*out;out++) {
+		while(*out=='/') {
 			if(*(out+1)=='/')
 				memmove(out,out+1,strlen(out));
 			else if(*(out+1)=='.' && (*(out+2)=='/' || *(out+2)==0))
@@ -986,6 +986,8 @@ char * DLLCALL _fullpath(char *target, const char *path, size_t size)  {
 				out++;
 			}
 		}
+		if (!*out)
+			break;
 	}
 	return(target);
 }
-- 
GitLab