gresource: Fix potential array overflow if using empty paths

Adds tests to cover this case and similar cases for various GResource
methods in future.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

https://gitlab.gnome.org/GNOME/glib/issues/927

gio/gresource.c

@@ -606,8 +606,9 @@ do_lookup (GResource             *resource,
   gboolean res = FALSE;
   GVariant *value;
 
+  /* Drop any trailing slash. */
   path_len = strlen (path);
-  if (path[path_len-1] == '/')
+  if (path_len >= 1 && path[path_len-1] == '/')
     {
       path = free_path = g_strdup (path);
       free_path[path_len-1] = 0;

gio/tests/resources.c

@@ -32,14 +32,24 @@ test_resource (GResource *resource)
   char **children;
   GInputStream *in;
   char buffer[128];
+  const gchar *not_found_paths[] =
+    {
+      "/not/there",
+      "/",
+      "",
+    };
+  gsize i;
 
-  found = g_resource_get_info (resource,
+  for (i = 0; i < G_N_ELEMENTS (not_found_paths); i++)
-			       "/not/there",
+    {
-			       G_RESOURCE_LOOKUP_FLAGS_NONE,
+      found = g_resource_get_info (resource,
-			       &size, &flags, &error);
+                                   not_found_paths[i],
-  g_assert (!found);
+                                   G_RESOURCE_LOOKUP_FLAGS_NONE,
-  g_assert_error (error, G_RESOURCE_ERROR, G_RESOURCE_ERROR_NOT_FOUND);
+                                   &size, &flags, &error);
-  g_clear_error (&error);
+      g_assert_error (error, G_RESOURCE_ERROR, G_RESOURCE_ERROR_NOT_FOUND);
+      g_clear_error (&error);
+      g_assert_false (found);
+    }
 
   found = g_resource_get_info (resource,
 			       "/test1.txt",
@@ -68,6 +78,17 @@ test_resource (GResource *resource)
   g_assert_cmpint (size, ==, 6);
   g_assert_cmpuint (flags, ==, 0);
 
+  for (i = 0; i < G_N_ELEMENTS (not_found_paths); i++)
+    {
+      data = g_resource_lookup_data (resource,
+                                     not_found_paths[i],
+                                     G_RESOURCE_LOOKUP_FLAGS_NONE,
+                                     &error);
+      g_assert_error (error, G_RESOURCE_ERROR, G_RESOURCE_ERROR_NOT_FOUND);
+      g_clear_error (&error);
+      g_assert_null (data);
+    }
+
   data = g_resource_lookup_data (resource,
 				 "/test1.txt",
 				 G_RESOURCE_LOOKUP_FLAGS_NONE,
@@ -76,6 +97,17 @@ test_resource (GResource *resource)
   g_assert_no_error (error);
   g_bytes_unref (data);
 
+  for (i = 0; i < G_N_ELEMENTS (not_found_paths); i++)
+    {
+      in = g_resource_open_stream (resource,
+                                   not_found_paths[i],
+                                   G_RESOURCE_LOOKUP_FLAGS_NONE,
+                                   &error);
+      g_assert_error (error, G_RESOURCE_ERROR, G_RESOURCE_ERROR_NOT_FOUND);
+      g_clear_error (&error);
+      g_assert_null (in);
+    }
+
   in = g_resource_open_stream (resource,
 			       "/test1.txt",
 			       G_RESOURCE_LOOKUP_FLAGS_NONE,
@@ -118,13 +150,19 @@ test_resource (GResource *resource)
   g_assert_cmpstr (g_bytes_get_data (data, NULL), ==, "test2\n");
   g_bytes_unref (data);
 
-  children = g_resource_enumerate_children  (resource,
+  for (i = 0; i < G_N_ELEMENTS (not_found_paths); i++)
-					     "/not/here",
+    {
-					     G_RESOURCE_LOOKUP_FLAGS_NONE,
+      if (g_str_equal (not_found_paths[i], "/"))
-					     &error);
+        continue;
-  g_assert (children == NULL);
+
-  g_assert_error (error, G_RESOURCE_ERROR, G_RESOURCE_ERROR_NOT_FOUND);
+      children = g_resource_enumerate_children (resource,
-  g_clear_error (&error);
+                                                not_found_paths[i],
+                                                G_RESOURCE_LOOKUP_FLAGS_NONE,
+                                                &error);
+      g_assert_error (error, G_RESOURCE_ERROR, G_RESOURCE_ERROR_NOT_FOUND);
+      g_clear_error (&error);
+      g_assert_null (children);
+    }
 
   children = g_resource_enumerate_children  (resource,
 					     "/a_prefix",