standalone fortify-source implementation
git clone
Log | Files | Refs | README | LICENSE

commit 9e65ae387cb7dc955042a1c98c4e8448b01e172c
parent 9b796691eb794e9f5279886e917c028a09f8a728
Author: <>
Date:   Wed, 13 Mar 2019 15:55:48 +0300

getgroups: do not trap on non-positive gidsetsize

First, we should never check the size of __s if __l == 0 since the
array is not going to be modified in that case.

Second, negative __l is a well-defined error case (EINVAL) and we
should never trap on a conforming code like this:

r = getgroups(-1, NULL);
if (r == -1)

An example of non-desired behaviour for negative __l is the gnulib
configure script which checks for getgroups(-1, ...) to catch some
ancient FreeBSD kernel bug. The conftest binary traps even on good
system (e.g. linux/musl) and the unnecessary getgroups wrapper is
enforced for any project that uses gnulib.

This patch also changes the size_t cast to avoid the explicit zero
extension on systems where size_t differs from unsigned int.

Minclude/unistd.h | 2+-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/unistd.h b/include/unistd.h @@ -75,7 +75,7 @@ _FORTIFY_FN(getgroups) int getgroups(int __l, gid_t *__s) { size_t __b = __builtin_object_size(__s, 0); - if (__l < 0 || (size_t)__l > __b / sizeof(gid_t)) + if (__l > 0 && (unsigned)__l > __b / sizeof(gid_t)) __builtin_trap(); return __orig_getgroups(__l, __s); }