lib/misc: Fix out-of-bounds reads in get_absolute_path backward scans

Author: Mintsuki

common/lib/misc.s2.c

@@ -90,12 +90,12 @@ bool get_absolute_path(char *path_ptr, const char *path, const char *pwd, size_t
                 }
                 if ((!strncmp(path, "..\0", 3))
                 ||  (!strncmp(path, "../\0", 4))) {
-                    while (*path_ptr != '/') path_ptr--;
+                    while (path_ptr > orig_ptr && *path_ptr != '/') path_ptr--;
                     if (path_ptr == orig_ptr) path_ptr++;
                     goto term;
                 }
                 if (!strncmp(path, "../", 3)) {
-                    while (*path_ptr != '/') path_ptr--;
+                    while (path_ptr > orig_ptr && *path_ptr != '/') path_ptr--;
                     if (path_ptr == orig_ptr) path_ptr++;
                     path += 2;
                     *path_ptr = 0;
@@ -105,15 +105,15 @@ bool get_absolute_path(char *path_ptr, const char *path, const char *pwd, size_t
                     path += 1;
                     continue;
                 }
-                if (((path_ptr - 1) != orig_ptr) && (*(path_ptr - 1) != '/')) {
+                if (path_ptr > orig_ptr && ((path_ptr - 1) != orig_ptr) && (*(path_ptr - 1) != '/')) {
                     if (path_ptr >= end_ptr) return false;
                     *path_ptr = '/';
                     path_ptr++;
                 }
                 continue;
             case '\0':
 term:
-                if ((*(path_ptr - 1) == '/') && ((path_ptr - 1) != orig_ptr))
+                if (path_ptr > orig_ptr && (*(path_ptr - 1) == '/') && ((path_ptr - 1) != orig_ptr))
                     path_ptr--;
                 *path_ptr = 0;
                 return true;