Skip to content

implement POSIX functions in grp.h header#491

Open
julianuziemblo wants to merge 1 commit into
masterfrom
julianuziemblo/RTOS-1366
Open

implement POSIX functions in grp.h header#491
julianuziemblo wants to merge 1 commit into
masterfrom
julianuziemblo/RTOS-1366

Conversation

@julianuziemblo

@julianuziemblo julianuziemblo commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

These functions parse the /etc/group file for information about groups. Added implementations for: getgrnam, getgrgid, getgrnam_r, getgrgid_r, getgrent, endgrent, setgrent.

YT: RTOS-1366

Description

Motivation and Context

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Chore (refactoring, style fixes, git/CI config, submodule management, no code logic changes)

How Has This Been Tested?

Checklist:

  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.
  • All new and existing linter checks and tests passed.
  • My changes generate no new compilation warnings for any of the targets.

Special treatment

  • This PR needs additional PRs to work (list the PRs, preferably in merge-order).
  • I will merge this PR by myself when appropriate.

Comment thread unistd/grp.c Outdated
Comment thread unistd/grp.c Outdated
Comment thread unistd/grp.c Outdated
@julianuziemblo julianuziemblo force-pushed the julianuziemblo/RTOS-1366 branch from 2899f69 to f6f4c6c Compare June 30, 2026 09:01

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request refactors group-related functions in Phoenix-RTOS by replacing the old unistd/group.c with a new, more complete implementation in unistd/grp.c and updating the headers and stubs accordingly. However, several critical issues were identified in the new code: buffer management bugs in readgrhdr and readgrusers fail to account for null terminators, empty fields are not null-terminated, and an incorrect logical operator in getgrent prevents proper initialization. Additionally, pushing back a null byte in readgrfield corrupts the stream, setgrent fails to open the database if closed, and uid_t is incorrectly used instead of gid_t. Finally, removing unistd/group.c has deleted several standard POSIX functions, which will lead to link errors.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread unistd/grp.c Outdated
Comment thread unistd/grp.c
Comment thread unistd/grp.c
Comment thread unistd/grp.c Outdated
Comment thread unistd/grp.c Outdated
Comment thread unistd/Makefile
Comment thread unistd/grp.c
Comment thread unistd/grp.c Outdated
@github-actions

github-actions Bot commented Jun 30, 2026

Copy link
Copy Markdown

Unit Test Results

11 143 tests   10 473 ✅  53m 18s ⏱️
   680 suites     670 💤
     1 files         0 ❌

Results for commit 7a486e2.

♻️ This comment has been updated with latest results.

@julianuziemblo julianuziemblo force-pushed the julianuziemblo/RTOS-1366 branch 2 times, most recently from 3081253 to 3820602 Compare June 30, 2026 10:02
@julianuziemblo julianuziemblo force-pushed the julianuziemblo/RTOS-1366 branch 2 times, most recently from a38af18 to eb8dd44 Compare July 1, 2026 08:39
@julianuziemblo julianuziemblo requested a review from a team July 1, 2026 09:09
@ziemleszcz

Copy link
Copy Markdown
Contributor

/gemini review

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request implements POSIX group-related functions (getgrnam, getgrgid, getgrnam_r, getgrgid_r, getgrent, endgrent, setgrent) in unistd/grp.c by parsing the /etc/group file, replacing previous stubs. The review feedback highlights several critical issues in the parsing logic: handling malformed lines in readgrfield to prevent database corruption, skipping empty members and ensuring the file pointer is advanced on failure in readgrusers, aligning buffers in getgrby_r to avoid unaligned memory access crashes (SIGBUS), and properly setting errno = ERANGE in getgrent when the static buffer is too small instead of silently skipping entries.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread unistd/grp.c
Comment thread unistd/grp.c
Comment thread unistd/grp.c Outdated
Comment thread unistd/grp.c
These functions parse the /etc/group file for information about groups.
Added implementations for: getgrnam, getgrgid, getgrnam_r, getgrgid_r,
getgrent, endgrent, setgrent.

YT: RTOS-1366
@julianuziemblo julianuziemblo force-pushed the julianuziemblo/RTOS-1366 branch from eb8dd44 to 7a486e2 Compare July 1, 2026 12:40
@julianuziemblo

Copy link
Copy Markdown
Contributor Author

/gemini review

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request implements POSIX group-related functions in libphoenix by adding a new /etc/group parser in unistd/grp.c and updating associated headers and stubs. Feedback on the new implementation highlights several critical issues, including an incorrect buffer boundary calculation in readgrusers that can cause a buffer overflow, a dangerous assertion on external configuration data that could crash applications, logic errors in parsing and initializing empty group member lists, failure to propagate ERANGE errors from readgrusers, and silent skipping of entries in getgrent on buffer size errors.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread unistd/grp.c
Comment thread unistd/grp.c
Comment on lines +307 to +310
if (staticBuf) {
/* static buffer should always be enough to hold the entire row */
assert(ret != ERANGE);
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

critical

Using assert(ret != ERANGE) to guard against a long group entry in /etc/group is extremely dangerous. /etc/group is external configuration data, and a long line (e.g., a group with many members) should be handled gracefully at runtime rather than crashing the entire application via an assertion failure.

Please remove this assertion and allow the function to return ERANGE (or other errors) gracefully to the caller.

	/* Avoid asserting on external configuration data; return the error gracefully */

Comment thread unistd/grp.c
Comment thread unistd/grp.c
Comment thread unistd/grp.c
Comment thread unistd/grp.c
Comment on lines +372 to +378
do {
if (grenteof(grp_common.fp)) {
return NULL;
}
currentBuf = grp_common.buf;
currentSize = sizeof(grp_common.buf);
} while (readgrhdr(grp_common.fp, &grp_common.grp, &currentBuf, &currentSize) != 0 || readgrusers(grp_common.fp, &grp_common.grp, currentBuf, currentSize) != 0);

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

If readgrhdr or readgrusers fails with ERANGE (which can happen if a group has many members or a very long line), getgrent will silently skip the entry and continue to the next one. This can lead to hard-to-debug issues where some groups are missing from the enumeration.

Instead of silently skipping, getgrent should check if the error is ERANGE and return NULL to notify the caller of the buffer size issue. Note that we should avoid manually setting errno here, as the underlying functions readgrhdr/readgrusers already set it upon failure.

	for (;;) {
		if (grenteof(grp_common.fp)) {
			return NULL;
		}
		currentBuf = grp_common.buf;
		currentSize = sizeof(grp_common.buf);

		int ret = readgrhdr(grp_common.fp, &grp_common.grp, &currentBuf, &currentSize);
		if (ret != 0) {
			if (ret == ERANGE) {
				return NULL;
			}
			continue;
		}

		ret = readgrusers(grp_common.fp, &grp_common.grp, currentBuf, currentSize);
		if (ret != 0) {
			if (ret == ERANGE) {
				return NULL;
			}
			continue;
		}

		break;
	}
References
  1. Avoid manually setting errno in high-level functions if the underlying syscall wrappers or lower-level functions already set it upon failure.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants