From e66dfe1d633d43d946c798627173a67282c948e5 Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Tue, 27 Dec 2005 08:58:04 +0000 Subject: Aubrey writes: When I mounted nfs on my target, the kernel crashed. And I found it was caused by stack overflow. When I digged into it. And I found not only "setgroups.c" but "getgroups.c" have the matrix (__kernel_gid_t kernel_groups[n]) on the stack which can be very large because "n" can be assigned to NGROUPS_MAX. And, NGROUPS_MAX is defined in the file "./linux-2.6.x/include/linux/limits.h" #define NGROUPS_MAX 65536 /* supplemental group IDs are available */ I also changed it to do malloc. --- libc/sysdeps/linux/common/getgroups.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'libc/sysdeps/linux/common/getgroups.c') diff --git a/libc/sysdeps/linux/common/getgroups.c b/libc/sysdeps/linux/common/getgroups.c index c863489b9..b2918c6d9 100644 --- a/libc/sysdeps/linux/common/getgroups.c +++ b/libc/sysdeps/linux/common/getgroups.c @@ -10,6 +10,7 @@ #define sysconf __sysconf #include "syscalls.h" +#include #include #define MIN(a,b) (((a)<(b))?(a):(b)) @@ -21,11 +22,17 @@ static inline _syscall2(int, __syscall_getgroups, int attribute_hidden __getgroups(int n, gid_t * groups) { if (unlikely(n < 0)) { +ret_error: __set_errno(EINVAL); return -1; } else { int i, ngids; - __kernel_gid_t kernel_groups[n = MIN(n, sysconf(_SC_NGROUPS_MAX))]; + __kernel_gid_t *kernel_groups; + + n = MIN(n, sysconf(_SC_NGROUPS_MAX)); + kernel_groups = (__kernel_gid_t *)malloc(sizeof(*kernel_groups) * n); + if (kernel_groups == NULL) + goto ret_error; ngids = __syscall_getgroups(n, kernel_groups); if (n != 0 && ngids > 0) { @@ -33,6 +40,7 @@ int attribute_hidden __getgroups(int n, gid_t * groups) groups[i] = kernel_groups[i]; } } + free(kernel_groups); return ngids; } } -- cgit v1.2.3