https://bugs.gentoo.org/370949

From 435bad87388821684bb3cd2a33c42787cf970017 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Sun, 6 Nov 2011 00:44:57 -0400
Subject: [PATCH] path: fix 1 byte overflow with empty lists

If pap->pa_cnt is 0, then the local buffer is allocated as 1 byte,
but the code then writes two bytes to it '/' and '\0'.

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
---
 common/path.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/common/path.c b/common/path.c
index 66320de..ca24f6a 100644
--- a/common/path.c
+++ b/common/path.c
@@ -285,6 +285,8 @@ pa_gen( pa_t *pap )
 	for ( i = 0 ; i < pap->pa_cnt ; i++ ) {
 		sz += strlen( pap->pa_array[ i ] ) + 1;
 	}
+	if ( i == 0 )
+		sz++;
 	sz++;
 
 	retp = ( char * )malloc( sz );
-- 
1.7.6.1