parse: Reject -{exec,ok}dir if $PATH contains a relative path

This matches the behaviour of GNU find.

src/parse.c

@@ -1263,6 +1263,28 @@ static struct bfs_expr *parse_exec(struct parser_state *state, int flags, int ar
 	expr->ephemeral_fds = 2;
 
 	if (execbuf->flags & BFS_EXEC_CHDIR) {
+		// Check for relative paths in $PATH
+		const char *path = getenv("PATH");
+		while (path) {
+			if (*path != '/') {
+				size_t len = strcspn(path, ":");
+				char *comp = strndup(path, len);
+				if (comp) {
+					parse_expr_error(state, expr,
+						"This action would be unsafe, since ${bld}$$PATH${rs} contains the relative path ${bld}%pq${rs}\n", comp);
+					free(comp);
+				} else {
+					parse_perror(state, "strndup()");
+				}
+				goto fail;
+			}
+
+			path = strchr(path, ':');
+			if (path) {
+				++path;
+			}
+		}
+
 		// To dup() the parent directory
 		if (execbuf->flags & BFS_EXEC_MULTI) {
 			++expr->persistent_fds;
@@ -1276,6 +1298,10 @@ static struct bfs_expr *parse_exec(struct parser_state *state, int flags, int ar
 	}
 
 	return expr;
+
+fail:
+	bfs_expr_free(expr);
+	return NULL;
 }
 
 /**

tests/gnu/execdir_path_dot.sh

@@ -0,0 +1 @@
+! PATH=".:$PATH" invoke_bfs basic -execdir echo {} +

tests/gnu/execdir_path_empty.sh

@@ -0,0 +1 @@
+! PATH=":$PATH" invoke_bfs basic -execdir echo {} +

tests/gnu/execdir_path_relative.sh

@@ -0,0 +1 @@
+! PATH="foo:$PATH" invoke_bfs basic -execdir echo {} +

tests/gnu/okdir_path_dot.sh

@@ -0,0 +1 @@
+! PATH=".:$PATH" invoke_bfs basic -okdir echo {} \;

tests/gnu/okdir_path_empty.sh

@@ -0,0 +1 @@
+! PATH=":$PATH" invoke_bfs basic -okdir echo {} \;

tests/gnu/okdir_path_relative.sh

@@ -0,0 +1 @@
+! PATH="foo:$PATH" invoke_bfs basic -okdir echo {} \;