X-Git-Url: http://erislabs.net/gitweb/?a=blobdiff_plain;f=lib%2Fc-stack.c;h=2f902af3a436c355c6d41fd72b9c73654cb5054f;hb=1062e7a84e38a0e708fa3a7de81bba8ad45a2d45;hp=96bd2bf6016422df169d3aa48540bb14c485e65b;hpb=4b2f21b36a615728ebf2a0e1bc2c8def175703a8;p=gnulib.git diff --git a/lib/c-stack.c b/lib/c-stack.c index 96bd2bf60..2f902af3a 100644 --- a/lib/c-stack.c +++ b/lib/c-stack.c @@ -1,6 +1,6 @@ /* Stack overflow handling. - Copyright (C) 2002, 2004, 2006, 2008 Free Software Foundation, Inc. + Copyright (C) 2002, 2004, 2006, 2008-2011 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -45,14 +45,20 @@ #define _(msgid) gettext (msgid) #include -#ifndef ENOTSUP -# define ENOTSUP EINVAL -#endif #include #if ! HAVE_STACK_T && ! defined stack_t typedef struct sigaltstack stack_t; #endif +#ifndef SIGSTKSZ +# define SIGSTKSZ 16384 +#elif HAVE_LIBSIGSEGV && SIGSTKSZ < 16384 +/* libsigsegv 2.6 through 2.8 have a bug where some architectures use + more than the Linux default of an 8k alternate stack when deciding + if a fault was caused by stack overflow. */ +# undef SIGSTKSZ +# define SIGSTKSZ 16384 +#endif #include #include @@ -64,17 +70,22 @@ typedef struct sigaltstack stack_t; #endif #include -#ifndef STDERR_FILENO -# define STDERR_FILENO 2 + +#if HAVE_LIBSIGSEGV +# include #endif #include "c-stack.h" #include "exitfail.h" +#include "ignore-value.h" #if defined SA_ONSTACK && defined SA_SIGINFO -# define SIGACTION_WORKS 1 +# define SIGINFO_WORKS 1 #else -# define SIGACTION_WORKS 0 +# define SIGINFO_WORKS 0 +# ifndef SA_ONSTACK +# define SA_ONSTACK 0 +# endif #endif extern char *program_name; @@ -93,38 +104,30 @@ static char const * volatile stack_overflow_message; appears to have been a stack overflow, or with a core dump otherwise. This function is async-signal-safe. */ -static void die (int) __attribute__ ((noreturn)); -static void +static _Noreturn void die (int signo) { char const *message; +#if !SIGINFO_WORKS && !HAVE_LIBSIGSEGV + /* We can't easily determine whether it is a stack overflow; so + assume that the rest of our program is perfect (!) and that + this segmentation violation is a stack overflow. */ + signo = 0; +#endif /* !SIGINFO_WORKS && !HAVE_LIBSIGSEGV */ segv_action (signo); message = signo ? program_error_message : stack_overflow_message; - write (STDERR_FILENO, program_name, strlen (program_name)); - write (STDERR_FILENO, ": ", 2); - write (STDERR_FILENO, message, strlen (message)); - write (STDERR_FILENO, "\n", 1); + ignore_value (write (STDERR_FILENO, program_name, strlen (program_name))); + ignore_value (write (STDERR_FILENO, ": ", 2)); + ignore_value (write (STDERR_FILENO, message, strlen (message))); + ignore_value (write (STDERR_FILENO, "\n", 1)); if (! signo) _exit (exit_failure); raise (signo); abort (); } -#if HAVE_SIGALTSTACK && HAVE_DECL_SIGALTSTACK - -/* Direction of the C runtime stack. This function is - async-signal-safe. */ - -# if STACK_DIRECTION -# define find_stack_direction(ptr) STACK_DIRECTION -# else -static int -find_stack_direction (char const *addr) -{ - char dummy; - return ! addr ? find_stack_direction (&dummy) : addr < &dummy ? 1 : -1; -} -# endif +#if (HAVE_SIGALTSTACK && HAVE_DECL_SIGALTSTACK \ + && HAVE_STACK_OVERFLOW_HANDLING) || HAVE_LIBSIGSEGV /* Storage for the alternate signal stack. */ static union @@ -139,74 +142,137 @@ static union void *p; } alternate_signal_stack; -# if SIGACTION_WORKS +static void +null_action (int signo __attribute__ ((unused))) +{ +} + +#endif /* SIGALTSTACK || LIBSIGSEGV */ + +/* Only use libsigsegv if we need it; platforms like Solaris can + detect stack overflow without the overhead of an external + library. */ +#if HAVE_LIBSIGSEGV && ! HAVE_XSI_STACK_OVERFLOW_HEURISTIC + +/* Nonzero if general segv handler could not be installed. */ +static volatile int segv_handler_missing; + +/* Handle a segmentation violation and exit if it cannot be stack + overflow. This function is async-signal-safe. */ + +static int segv_handler (void *address __attribute__ ((unused)), + int serious) +{ +# if DEBUG + { + char buf[1024]; + sprintf (buf, "segv_handler serious=%d\n", serious); + write (STDERR_FILENO, buf, strlen (buf)); + } +# endif + + /* If this fault is not serious, return 0 to let the stack overflow + handler take a shot at it. */ + if (!serious) + return 0; + die (SIGSEGV); +} + +/* Handle a segmentation violation that is likely to be a stack + overflow and exit. This function is async-signal-safe. */ + +static _Noreturn void +overflow_handler (int emergency, + stackoverflow_context_t context __attribute__ ((unused))) +{ +# if DEBUG + { + char buf[1024]; + sprintf (buf, "overflow_handler emergency=%d segv_handler_missing=%d\n", + emergency, segv_handler_missing); + write (STDERR_FILENO, buf, strlen (buf)); + } +# endif + + die ((!emergency || segv_handler_missing) ? 0 : SIGSEGV); +} + +int +c_stack_action (void (*action) (int)) +{ + segv_action = action ? action : null_action; + program_error_message = _("program error"); + stack_overflow_message = _("stack overflow"); + + /* Always install the overflow handler. */ + if (stackoverflow_install_handler (overflow_handler, + alternate_signal_stack.buffer, + sizeof alternate_signal_stack.buffer)) + { + errno = ENOTSUP; + return -1; + } + /* Try installing a general handler; if it fails, then treat all + segv as stack overflow. */ + segv_handler_missing = sigsegv_install_handler (segv_handler); + return 0; +} + +#elif HAVE_SIGALTSTACK && HAVE_DECL_SIGALTSTACK && HAVE_STACK_OVERFLOW_HANDLING + +# if SIGINFO_WORKS /* Handle a segmentation violation and exit. This function is async-signal-safe. */ -static void segv_handler (int, siginfo_t *, void *) __attribute__((noreturn)); -static void +static _Noreturn void segv_handler (int signo, siginfo_t *info, - void *context __attribute__ ((unused))) + void *context __attribute__ ((unused))) { /* Clear SIGNO if it seems to have been a stack overflow. */ - if (0 < info->si_code) - { # if ! HAVE_XSI_STACK_OVERFLOW_HEURISTIC - /* We can't easily determine whether it is a stack overflow; so - assume that the rest of our program is perfect (!) and that - this segmentation violation is a stack overflow. */ - signo = 0; + /* We can't easily determine whether it is a stack overflow; so + assume that the rest of our program is perfect (!) and that + this segmentation violation is a stack overflow. + + Note that although both Linux and Solaris provide + sigaltstack, SA_ONSTACK, and SA_SIGINFO, currently only + Solaris satisfies the XSI heueristic. This is because + Solaris populates uc_stack with the details of the + interrupted stack, while Linux populates it with the details + of the current stack. */ + signo = 0; # else + if (0 < info->si_code) + { /* If the faulting address is within the stack, or within one - page of the stack end, assume that it is a stack - overflow. */ + page of the stack, assume that it is a stack overflow. */ ucontext_t const *user_context = context; char const *stack_base = user_context->uc_stack.ss_sp; size_t stack_size = user_context->uc_stack.ss_size; char const *faulting_address = info->si_addr; - size_t s = faulting_address - stack_base; size_t page_size = sysconf (_SC_PAGESIZE); - if (find_stack_direction (NULL) < 0) - s += page_size; - if (s < stack_size + page_size) - signo = 0; + size_t s = faulting_address - stack_base + page_size; + if (s < stack_size + 2 * page_size) + signo = 0; # if DEBUG { - char buf[1024]; - sprintf (buf, - "segv_handler fault=%p base=%p size=%lx page=%lx signo=%d\n", - faulting_address, stack_base, (unsigned long) stack_size, - (unsigned long) page_size, signo); - write (STDERR_FILENO, buf, strlen (buf)); + char buf[1024]; + sprintf (buf, + "segv_handler fault=%p base=%p size=%lx page=%lx signo=%d\n", + faulting_address, stack_base, (unsigned long) stack_size, + (unsigned long) page_size, signo); + write (STDERR_FILENO, buf, strlen (buf)); } # endif -# endif } +# endif die (signo); } # endif -static void -null_action (int signo __attribute__ ((unused))) -{ -} - -/* Set up ACTION so that it is invoked on C stack overflow. Return -1 - (setting errno) if this cannot be done. - - When ACTION is called, it is passed an argument equal to SIGSEGV - for a segmentation violation that does not appear related to stack - overflow, and is passed zero otherwise. On many platforms it is - hard to tell; when in doubt, zero is passed. - - A null ACTION acts like an action that does nothing. - - ACTION must be async-signal-safe. ACTION together with its callees - must not require more than SIGSTKSZ bytes of stack space. */ - int c_stack_action (void (*action) (int)) { @@ -214,8 +280,15 @@ c_stack_action (void (*action) (int)) stack_t st; struct sigaction act; st.ss_flags = 0; +# if SIGALTSTACK_SS_REVERSED + /* Irix mistakenly treats ss_sp as the upper bound, rather than + lower bound, of the alternate stack. */ + st.ss_sp = alternate_signal_stack.buffer + SIGSTKSZ - sizeof (void *); + st.ss_size = sizeof alternate_signal_stack.buffer - sizeof (void *); +# else st.ss_sp = alternate_signal_stack.buffer; st.ss_size = sizeof alternate_signal_stack.buffer; +# endif r = sigaltstack (&st, NULL); if (r != 0) return r; @@ -226,21 +299,26 @@ c_stack_action (void (*action) (int)) sigemptyset (&act.sa_mask); -# if SIGACTION_WORKS +# if SIGINFO_WORKS /* POSIX 1003.1-2001 says SA_RESETHAND implies SA_NODEFER, but this is not true on Solaris 8 at least. It doesn't hurt to use SA_NODEFER here, so leave it in. */ act.sa_flags = SA_NODEFER | SA_ONSTACK | SA_RESETHAND | SA_SIGINFO; act.sa_sigaction = segv_handler; # else - act.sa_flags = SA_NODEFER | SA_RESETHAND; + act.sa_flags = SA_NODEFER | SA_ONSTACK | SA_RESETHAND; act.sa_handler = die; # endif +# if FAULT_YIELDS_SIGBUS + if (sigaction (SIGBUS, &act, NULL) < 0) + return -1; +# endif return sigaction (SIGSEGV, &act, NULL); } -#else /* ! (HAVE_SIGALTSTACK && HAVE_DECL_SIGALTSTACK) */ +#else /* ! ((HAVE_SIGALTSTACK && HAVE_DECL_SIGALTSTACK + && HAVE_STACK_OVERFLOW_HANDLING) || HAVE_LIBSIGSEGV) */ int c_stack_action (void (*action) (int) __attribute__ ((unused)))