io/fs: stack exhaustion in Glob

[julieqiu]

Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

This is CVE-2022-30630.

(This was a PRIVATE issue tracked in b/231318890 and fixed by http://tg/1497588.)

[tatianab]

@gopherbot please open backport issues for this security fix

[gopherbot]

Backport issue(s) opened: #53719 (for 1.17), #53720 (for 1.18).

Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://go.dev/wiki/MinorReleases.

[gopherbot]

Change https://go.dev/cl/417058 mentions this issue: [release-branch.go1.18] io/fs: fix stack exhaustion in Glob

[gopherbot]

Change https://go.dev/cl/417065 mentions this issue: io/fs: fix stack exhaustion in Glob

[gopherbot]

Change https://go.dev/cl/417072 mentions this issue: [release-branch.go1.17] io/fs: fix stack exhaustion in Glob