diff options
| author | info@mobile-stream.com | 2019-03-13 15:55:48 +0300 |
|---|---|---|
| committer | sin | 2019-03-13 17:47:50 +0000 |
| commit | 9e65ae387cb7dc955042a1c98c4e8448b01e172c (patch) | |
| tree | 3789b2521b9db73bc76f2b6f7f80943e1e55eaf5 /include | |
| parent | 9b796691eb794e9f5279886e917c028a09f8a728 (diff) | |
getgroups: do not trap on non-positive gidsetsize
First, we should never check the size of __s if __l == 0 since the
array is not going to be modified in that case.
Second, negative __l is a well-defined error case (EINVAL) and we
should never trap on a conforming code like this:
r = getgroups(-1, NULL);
if (r == -1)
...
An example of non-desired behaviour for negative __l is the gnulib
configure script which checks for getgroups(-1, ...) to catch some
ancient FreeBSD kernel bug. The conftest binary traps even on good
system (e.g. linux/musl) and the unnecessary getgroups wrapper is
enforced for any project that uses gnulib.
This patch also changes the size_t cast to avoid the explicit zero
extension on systems where size_t differs from unsigned int.
Diffstat (limited to 'include')
| -rw-r--r-- | include/unistd.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/unistd.h b/include/unistd.h index 71dda84..09980ba 100644 --- a/include/unistd.h +++ b/include/unistd.h | |||
| @@ -75,7 +75,7 @@ _FORTIFY_FN(getgroups) int getgroups(int __l, gid_t *__s) | |||
| 75 | { | 75 | { |
| 76 | size_t __b = __builtin_object_size(__s, 0); | 76 | size_t __b = __builtin_object_size(__s, 0); |
| 77 | 77 | ||
| 78 | if (__l < 0 || (size_t)__l > __b / sizeof(gid_t)) | 78 | if (__l > 0 && (unsigned)__l > __b / sizeof(gid_t)) |
| 79 | __builtin_trap(); | 79 | __builtin_trap(); |
| 80 | return __orig_getgroups(__l, __s); | 80 | return __orig_getgroups(__l, __s); |
| 81 | } | 81 | } |