prevent buffer underrun in mutt_path_tidy_slash

Fixes #1315

diff --git a/mutt/path.c b/mutt/path.c
index 877f5275478be8ed056aaa3cd20cea1423f4e134..66d7ab2f224ef26aff01e085f9b2526eb5db7916 100644 (file)
--- a/mutt/path.c
+++ b/mutt/path.c
@@ -59,30 +59,31 @@ bool mutt_path_tidy_slash(char *buf)
   {
     *w++ = *r++;
 
-    if (r[-1] == '/')
+    if (r[-1] == '/') /* After a '/' ... */
     {
       for (; (r[0] == '/') || (r[0] == '.'); r++)
       {
-        if (r[0] == '/')
+        if (r[0] == '/') /* skip multiple /s */
           continue;
         if (r[0] == '.')
         {
-          if (r[1] == '/')
+          if (r[1] == '/') /* skip /./ */
           {
             r++;
             continue;
           }
-          else if (r[1] == '\0')
+          else if (r[1] == '\0') /* skip /.$ */
           {
             r[0] = '\0';
           }
-          break;
+          break; /* dot-anything-else isn't special */
         }
       }
     }
   }
 
-  if ((w[-1] == '/') && (w != (buf + 1)))
+  /* Strip a trailing / as long as it's not the only character */
+  if ((w > (buf + 1)) && (w[-1] == '/'))
     w--;
 
   *w = '\0';