Legacy code giving core dump when compiled on new OS

Question

I am working on a legacy c/c++ project. The project initially was on UNIX and then they migrated to Linux many years back. Now, we upgraded to RHEL 7.9. Since we upgraded, we compiled all the old code with new dependent libraries. The code has the following thing...

#include <pwd.h>
...
{
    struct passwd   *pwd;
    ...
    ...
    // U2L commented for skiping ACMgetpwuid
    //  if ((pwd = ACMgetpwuid(primuid)) == NULL)
    ...
    
    if (strlen_u2l(pwd->pw_passwd) == 0) {    
    ...
    }

This code is still in production which is running RHEL 7 and is working fine (I believe that they compiled on RHEL 5, and same is put on RHEL 7 and is working fine). As you can see, they are not allocating any memory and also forgot the comment the if block and they are accessing the pwd->pw_passwd. But when we compiled same code on the new RHEL 7 now, the same code is giving core dump.

Why the same code is giving core dump when compiled on RHEL 7? But old compiled binary (compiled on RHEL 5) is not giving core dump on RHEL 7. Am I the victim of UB?

Answer 1

You're a victim of undefined behavior due to dereferencing through an uninitialized pointer.

It looks like whoever commented out pwd = ACMgetpwuid(primuid) broke the code that follows. At the very least they should have commented out both if statements.

pwd is uninitialized, so its value is indeterminate; it can depend on the previous bytes on the stack or in a certain register. What that previous value is can depend on the OS, compiler version, compile flags used, current program state, i.e. practically anything.

Some compilers even omit entire sections of code leading to a UB (like the if (strlen_u2l(pwd->pw_passwd) == 0)), not even bothering with issuing a return instruction for such a function.