Date: Thu, 3 Oct 2002 18:15:13 +1000 (EST) From: Bruce Evans <bde@zeta.org.au> To: Gregory Bond <gnb@itga.com.au> Cc: "Jin Guojun [DSD]" <j_guojun@lbl.gov>, Garrett Wollman <wollman@lcs.mit.edu>, <freebsd-bugs@FreeBSD.ORG> Subject: Re: kern/43599: Balloc did not check mallocated pointer in libc/stdlib/strtod.c Message-ID: <20021003180049.Q2910-100000@gamplex.bde.org> In-Reply-To: <200210030033.KAA01121@lightning.itga.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 3 Oct 2002, Gregory Bond wrote: > For FreeBSD, signal(3) contains the sentence: > > See sigaction(2) for a list of functions that are considered safe for use > in signal handlers. > > And sigaction(2) has a list of 40-50 system calls and functions [notably _not_ > including any STDIO ones, or longjmp()] and the comment: > > All functions not in the above lists are considered to be unsafe with > respect to signals. That is to say, the behaviour of such functions when > called from a signal handler is undefined. This bug shows that even sprintf() is unsafe to use in signal handlers, although using it to work around the unsafeness of fprintf seems to be fairly common (n = sprintf(buf, ...); if (n > 0) write(2, buf, n); else ..."). Another problem is that floating point might not work in signal handlers; (it was broken under FreeBSD on i386's until the recent ucontext changes), so calling strtod() from signal handlers was unsafe in practice. strtod(), not to mention simpler functions like strlen() isn't in the list in sigaction(2) (or in the corresponding list in POSIX IIRC), so calling it from signal handlers is unsafe in theory. It's not clear that there is any standard && useful use for floating point in signal handlers. Standards seem to require things like "double x, y; x = 2; y = x + x;" to work, but they don't provide any way for the results to affect the world outside of the signal handler except in the unlikely event that sig_atomic_t is floating point, and except for silly things like encoding the results of floating point operations in variables of type sig_atomic_t. Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021003180049.Q2910-100000>