Re: getgrouplist segfault?

From: Anton Monroe <akm meer net>
To: mc-devel gnome org
Subject: Re: getgrouplist segfault?
Date: Wed, 6 Jul 2005 15:58:40 -0500

On Wed, Jul 06, 2005 at 05:03:26PM +0300, Pavel Tsekov wrote:
> The backtrace indicates heap corruption. I've looked at the init_groups()
> and it seems ok AFAICT. The crash happens in the following block of code
> inside init_groups():
> 
>         if (getgrouplist (pwd->pw_name, pwd->pw_gid, groups, &ng) == -1) {
>             newgroups = g_new (gid_t, ng);
>             if (newgroups != NULL) {
>                 g_free (groups); <--- Crashes in this calls
>                 groups = newgroups;
>                 getgrouplist (pwd->pw_name, pwd->pw_gid, groups, &ng);
>             } else
>                 ng = 1;
>         }
> 
> It doesn't go further (the for loop or beyond) since the value of `i' is
> still uninitialized as it can be seen from the backtrace.
> 
> Now looking at the manpage of `getgrouplist' I noticed this:
> 
> [...]
> BUGS
>        The glibc 2.3.2 implementation of this function is broken: it
>        overwrites memory when the actual number of groups  is  larger
>        than *ngroups.
> [...]
> 
> So the next question to ask is - what version of glibc are you using ?

I'm using glibc 2.2.4.78, packaged by SuSE.  Does this have anything to
do with NGROUPS_MAX?  The glibc 'BUGS' says:

       On Linux, there should be a way to prevent defining the symbol
       NGROUPS_MAX in the <linux/limits.h> header file.  In glibc it
       is defined in <posix1_lim.h> which must not make the other
       symbols in <linux/limits.h> available.
       [PR libc/140]

Anton

Follow-Ups:
- Re: getgrouplist segfault?
  - From: Pavel Tsekov

References:
- getgrouplist segfault?
  - From: Anton Monroe
- Re: getgrouplist segfault?
  - From: Anton Monroe
- Re: getgrouplist segfault?
  - From: Pavel Tsekov

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]