Comment 1 for bug 1890535

Specifically structured /etc/gshadow entries can cause fgetgsent() to return invalid pointers that cause applications to segfault on dereference.

One line must fit into the character buffer (1024 bytes, unless a previous line was longer) but have enough group members such that

     line length + alignment + sizeof(char *) * (#adm + 1 + #mem + 1) > 1024.

The parser would return early to avoid overflow, leaving the static result struct pointing to pointers from the previous line which are now invalid, causing segfaults when those pointers are dereferenced.

See the following for a test program and a patch:

https://sourceware.org/ml/libc-alpha/2016-06/msg01015.html