ASAN still reports a one-byte read underrun in path_norm() from libauparse

Hello, the function path_norm() from libauparse.so in audit-4.1.1 still reads one byte below the allocated "working" buffer and triggers AddressSanitizer and valgrind reports for inputs like "a/../.." or "a/.././..". Attached is a test that produces the asan report. Process paths like these were generated when processing audit syscall events for clone and probably others. Most of the read underruns in path_norm() were fixed in 2025 and the issue mentioned above is apparently the only one remaining in that code. Would replacing the while loop with the code below ensure that path_norm does not read below the "working" buffer ? - while (dest > rpath && (--dest)[-1] != '/'); + char *slash = (char *)memrchr(rpath, '/', dest - rpath); + if (slash) + dest = (slash == rpath) ? (rpath + 1) : slash; + else + dest = rpath; Regards, Bogdan Harjoc