implement POSIX functions in grp.h header#491
Conversation
2899f69 to
f6f4c6c
Compare
There was a problem hiding this comment.
Code Review
This pull request refactors group-related functions in Phoenix-RTOS by replacing the old unistd/group.c with a new, more complete implementation in unistd/grp.c and updating the headers and stubs accordingly. However, several critical issues were identified in the new code: buffer management bugs in readgrhdr and readgrusers fail to account for null terminators, empty fields are not null-terminated, and an incorrect logical operator in getgrent prevents proper initialization. Additionally, pushing back a null byte in readgrfield corrupts the stream, setgrent fails to open the database if closed, and uid_t is incorrectly used instead of gid_t. Finally, removing unistd/group.c has deleted several standard POSIX functions, which will lead to link errors.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
Unit Test Results11 143 tests 10 473 ✅ 53m 18s ⏱️ Results for commit 7a486e2. ♻️ This comment has been updated with latest results. |
3081253 to
3820602
Compare
a38af18 to
eb8dd44
Compare
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request implements POSIX group-related functions (getgrnam, getgrgid, getgrnam_r, getgrgid_r, getgrent, endgrent, setgrent) in unistd/grp.c by parsing the /etc/group file, replacing previous stubs. The review feedback highlights several critical issues in the parsing logic: handling malformed lines in readgrfield to prevent database corruption, skipping empty members and ensuring the file pointer is advanced on failure in readgrusers, aligning buffers in getgrby_r to avoid unaligned memory access crashes (SIGBUS), and properly setting errno = ERANGE in getgrent when the static buffer is too small instead of silently skipping entries.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
These functions parse the /etc/group file for information about groups. Added implementations for: getgrnam, getgrgid, getgrnam_r, getgrgid_r, getgrent, endgrent, setgrent. YT: RTOS-1366
eb8dd44 to
7a486e2
Compare
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request implements POSIX group-related functions in libphoenix by adding a new /etc/group parser in unistd/grp.c and updating associated headers and stubs. Feedback on the new implementation highlights several critical issues, including an incorrect buffer boundary calculation in readgrusers that can cause a buffer overflow, a dangerous assertion on external configuration data that could crash applications, logic errors in parsing and initializing empty group member lists, failure to propagate ERANGE errors from readgrusers, and silent skipping of entries in getgrent on buffer size errors.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| if (staticBuf) { | ||
| /* static buffer should always be enough to hold the entire row */ | ||
| assert(ret != ERANGE); | ||
| } |
There was a problem hiding this comment.
Using assert(ret != ERANGE) to guard against a long group entry in /etc/group is extremely dangerous. /etc/group is external configuration data, and a long line (e.g., a group with many members) should be handled gracefully at runtime rather than crashing the entire application via an assertion failure.
Please remove this assertion and allow the function to return ERANGE (or other errors) gracefully to the caller.
/* Avoid asserting on external configuration data; return the error gracefully */| do { | ||
| if (grenteof(grp_common.fp)) { | ||
| return NULL; | ||
| } | ||
| currentBuf = grp_common.buf; | ||
| currentSize = sizeof(grp_common.buf); | ||
| } while (readgrhdr(grp_common.fp, &grp_common.grp, ¤tBuf, ¤tSize) != 0 || readgrusers(grp_common.fp, &grp_common.grp, currentBuf, currentSize) != 0); |
There was a problem hiding this comment.
If readgrhdr or readgrusers fails with ERANGE (which can happen if a group has many members or a very long line), getgrent will silently skip the entry and continue to the next one. This can lead to hard-to-debug issues where some groups are missing from the enumeration.
Instead of silently skipping, getgrent should check if the error is ERANGE and return NULL to notify the caller of the buffer size issue. Note that we should avoid manually setting errno here, as the underlying functions readgrhdr/readgrusers already set it upon failure.
for (;;) {
if (grenteof(grp_common.fp)) {
return NULL;
}
currentBuf = grp_common.buf;
currentSize = sizeof(grp_common.buf);
int ret = readgrhdr(grp_common.fp, &grp_common.grp, ¤tBuf, ¤tSize);
if (ret != 0) {
if (ret == ERANGE) {
return NULL;
}
continue;
}
ret = readgrusers(grp_common.fp, &grp_common.grp, currentBuf, currentSize);
if (ret != 0) {
if (ret == ERANGE) {
return NULL;
}
continue;
}
break;
}References
- Avoid manually setting
errnoin high-level functions if the underlying syscall wrappers or lower-level functions already set it upon failure.
These functions parse the /etc/group file for information about groups. Added implementations for: getgrnam, getgrgid, getgrnam_r, getgrgid_r, getgrent, endgrent, setgrent.
YT: RTOS-1366
Description
Motivation and Context
Types of changes
How Has This Been Tested?
Checklist:
Special treatment