Make sqfs_tree_node_get_path more robust

Test against various invariants:
 - Every non-root node must have a name
 - The root node muts not have a name
 - The name must not be ".." or "."
 - The name must not contain '/'
 - The loop that chases parent pointers must terminate, i.e. we must
   never reach the starting state again (link loop).

Furthermore, make sure the sum of all path components plus separators
does not overflow.

Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>

1 files changed, 12 insertions, 2 deletions

diff --git a/include/sqfs/dir_reader.h b/include/sqfs/dir_reader.h
index 3ae4ca4..e6b23f2 100644
--- a/include/sqfs/dir_reader.h
+++ b/include/sqfs/dir_reader.h
@@ -397,13 +397,23 @@ SQFS_API void sqfs_dir_tree_destroy(sqfs_tree_node_t *root);
  * non-root nodes. The resulting path is slash separated, but (except for
  * the root) never ends with a slash.
  *
+ * While walking the node list, the function enforces various invariantes. It
+ * returns @ref SQFS_ERROR_LINK_LOOP if the list of parent pointers is cyclical,
+ * @ref SQFS_ERROR_CORRUPTED if any node has an empty name, or a name that
+ * contains '/' or equals ".." or ".". The function
+ * returns @ref SQFS_ERROR_ARG_INVALID if given NULL node or the root has a name
+ * set. Additionally, the function can return overflow or allocation failures
+ * while constructing the path.
+ *
  * The returned string needs to be free'd with @ref sqfs_free.
  *
  * @param node A pointer to a tree node.
+ * @param out Returns a pointer to a string on success, set to NULL on failure.
  *
- * @return A pointer to a string on success, NULL on allocation failure.
+ * @return Zero on success, an @ref SQFS_ERROR value on failure.
  */
-SQFS_API char *sqfs_tree_node_get_path(const sqfs_tree_node_t *node);
+SQFS_API int sqfs_tree_node_get_path(const sqfs_tree_node_t *node,
+				     char **out);
 
 #ifdef __cplusplus
 }