When g_file_replace()
is used with G_FILE_CREATE_REPLACE_DESTINATION
to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled.