[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
theoretical bug in getugroups.c
From: |
Jim Meyering |
Subject: |
theoretical bug in getugroups.c |
Date: |
Wed, 23 Jan 2008 17:52:24 +0100 |
This fixes a theoretical bug: it would be triggered only on a system
with more than INT_MAX groups. Even so, considering the O(N^2)
complexity, you would have waited a long time for such large N.
And you would have required space for a very large grouplist array.
Lasse Collin spotted it and proposed the fix:
2008-01-23 Lasse Collin <address@hidden>
Don't rely on signed integer overflowing to negative value.
* lib/getugroups.c (getugroups): Include <limits.h>.
Instead, compare against INT_MAX, and increment only if the test passes.
diff --git a/lib/getugroups.c b/lib/getugroups.c
index 6c557cd..4b8752f 100644
--- a/lib/getugroups.c
+++ b/lib/getugroups.c
@@ -21,6 +21,7 @@
#include "getugroups.h"
+#include <limits.h>
#include <stdio.h> /* grp.h on alpha OSF1 V2.0 uses "FILE *". */
#include <grp.h>
@@ -92,12 +93,12 @@ getugroups (int maxcount, GETGROUPS_T *grouplist, char
const *username,
goto done;
grouplist[count] = grp->gr_gid;
}
- count++;
- if (count < 0)
+ if (count == INT_MAX)
{
errno = EOVERFLOW;
goto done;
}
+ count++;
}
}
}
--
1.5.4.rc4.15.g80bce
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- theoretical bug in getugroups.c,
Jim Meyering <=