Merge #1129

1129: Getgroups reserve up to limit r=posborne a=otavio



Co-authored-by: Otavio Salvador <[email protected]>

Author: bors[bot]

src/unistd.rs

@@ -1336,33 +1336,39 @@ pub fn setgid(gid: Gid) -> Result<()> {
 /// with the `opendirectoryd` service.
 #[cfg(not(any(target_os = "ios", target_os = "macos")))]
 pub fn getgroups() -> Result<Vec<Gid>> {
-    // First get the number of groups so we can size our Vec
-    let ret = unsafe { libc::getgroups(0, ptr::null_mut()) };
+    // First get the maximum number of groups. The value returned
+    // shall always be greater than or equal to one and less than or
+    // equal to the value of {NGROUPS_MAX} + 1.
+    let ngroups_max = match sysconf(SysconfVar::NGROUPS_MAX) {
+        Ok(Some(n)) => (n + 1) as usize,
+        Ok(None) | Err(_) => <usize>::max_value(),
+    };
+
+    // Next, get the number of groups so we can size our Vec
+    let ngroups = unsafe { libc::getgroups(0, ptr::null_mut()) };
 
     // Now actually get the groups. We try multiple times in case the number of
     // groups has changed since the first call to getgroups() and the buffer is
     // now too small.
-    let mut groups = Vec::<Gid>::with_capacity(Errno::result(ret)? as usize);
+    let mut groups = Vec::<Gid>::with_capacity(Errno::result(ngroups)? as usize);
     loop {
         // FIXME: On the platforms we currently support, the `Gid` struct has
         // the same representation in memory as a bare `gid_t`. This is not
         // necessarily the case on all Rust platforms, though. See RFC 1785.
-        let ret = unsafe {
+        let ngroups = unsafe {
             libc::getgroups(groups.capacity() as c_int, groups.as_mut_ptr() as *mut gid_t)
         };
 
-        match Errno::result(ret) {
+        match Errno::result(ngroups) {
             Ok(s) => {
                 unsafe { groups.set_len(s as usize) };
                 return Ok(groups);
             },
             Err(Error::Sys(Errno::EINVAL)) => {
-                // EINVAL indicates that the buffer size was too small. Trigger
-                // the internal buffer resizing logic of `Vec` by requiring
-                // more space than the current capacity.
-                let cap = groups.capacity();
-                unsafe { groups.set_len(cap) };
-                groups.reserve(1);
+                // EINVAL indicates that the buffer size was too
+                // small, resize it up to ngroups_max as limit.
+                reserve_double_buffer_size(&mut groups, ngroups_max)
+                    .or(Err(Error::Sys(Errno::EINVAL)))?;
             },
             Err(e) => return Err(e)
         }