theoretical bug in getugroups.c

bug-gnulib

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

theoretical bug in getugroups.c

From:	Jim Meyering
Subject:	theoretical bug in getugroups.c
Date:	Wed, 23 Jan 2008 17:52:24 +0100

This fixes a theoretical bug: it would be triggered only on a system
with more than INT_MAX groups.  Even so, considering the O(N^2)
complexity, you would have waited a long time for such large N.
And you would have required space for a very large grouplist array.

Lasse Collin spotted it and proposed the fix:

2008-01-23  Lasse Collin <address@hidden>

        Don't rely on signed integer overflowing to negative value.
        * lib/getugroups.c (getugroups): Include <limits.h>.
        Instead, compare against INT_MAX, and increment only if the test passes.

diff --git a/lib/getugroups.c b/lib/getugroups.c
index 6c557cd..4b8752f 100644
--- a/lib/getugroups.c
+++ b/lib/getugroups.c
@@ -21,6 +21,7 @@

 #include "getugroups.h"

+#include <limits.h>
 #include <stdio.h> /* grp.h on alpha OSF1 V2.0 uses "FILE *". */
 #include <grp.h>

@@ -92,12 +93,12 @@ getugroups (int maxcount, GETGROUPS_T *grouplist, char 
const *username,
                    goto done;
                  grouplist[count] = grp->gr_gid;
                }
-             count++;
-             if (count < 0)
+             if (count == INT_MAX)
                {
                  errno = EOVERFLOW;
                  goto done;
                }
+             count++;
            }
        }
     }
--
1.5.4.rc4.15.g80bce

[Prev in Thread]

Current Thread

[Next in Thread]

theoretical bug in getugroups.c, Jim Meyering <=

Prev by Date: Re: 'make' modification time warning
Next by Date: getgrouplist module is now higher priority
Previous by thread: doc restructuring
Next by thread: getgrouplist module is now higher priority
Index(es):
- Date
- Thread