supplied area of PATH_MAX+2 (buffer as well as buffer2). A tampered
environment variable can be used to modify program flow.
Way too many functions handle a return value of NULL for wexpandpath
improperly, resulting in segfaults (and maybe other problems). To
prove the existance of these issues:
The improper parsing of environment variables can lead to expansion
of path names that were not intended to be expanded.
patch from Tobias Stoeckmann
