Fix a malloc race condition involving strsignal.

A signal can arrive in the middle of a malloc, and Emacs's signal handler can invoke strsignal, which can invoke malloc, which is not portable. This race condition bug makes Emacs hang on GNU/Linux. Fix it by altering the signal handler so that it does not invoke strsignal. * emacs.c (shut_down_emacs): Use safe_strsignal, not strsignal. * process.c (status_message): Use const pointer, in case strsignal is #defined to safe_strsignal. * sysdep.c (sys_siglist, init_signals): Always define and initialize a substitute sys_siglist if the system does not define one, even if HAVE_STRSIGNAL. (safe_strsignal): Rename from strsignal. Always define, using sys_siglist. Return a const pointer. * syssignal.h (safe_strsignal): New decl. (strsignal) [!HAVE_STRSIGNAL]: Define in terms of safe_strsignal.
author: Paul Eggert 2012-10-01 15:12:44 -0700
committer: Paul Eggert 2012-10-01 15:12:44 -0700
commit: aa1ba90e4a95542c83cf636de3bc67e8fb23bad3 (patch)
tree: 1407a999bbc11bf54aaeba40764d6a75565db182 /src/sysdep.c
parent: ace917bddb2ed2448a97ddf279445bb581c5cd32 (diff)
download: emacs-aa1ba90e4a95542c83cf636de3bc67e8fb23bad3.tar.gz
emacs-aa1ba90e4a95542c83cf636de3bc67e8fb23bad3.zip
1 files changed, 13 insertions, 16 deletions
diff --git a/src/sysdep.c b/src/sysdep.c
index a825145c6dd..74617fcaf0f 100644
--- a/src/sysdep.c
+++ b/src/sysdep.c
@@ -1543,12 +1543,10 @@ deliver_thread_signal (int sig, signal_handler_t handler)
  errno = old_errno;
 }
-#if !defined HAVE_STRSIGNAL && !HAVE_DECL_SYS_SIGLIST
+#if !HAVE_DECL_SYS_SIGLIST
-static char *my_sys_siglist[NSIG];
+# undef sys_siglist
-# ifdef sys_siglist
-#  undef sys_siglist
-# endif
 # define sys_siglist my_sys_siglist
+static char const *sys_siglist[NSIG];
 #endif
 /* Handle bus errors, invalid instruction, etc.  */
@@ -1611,7 +1609,7 @@ init_signals (bool dumping)
  main_thread = pthread_self ();
 #endif
-#if !defined HAVE_STRSIGNAL && !HAVE_DECL_SYS_SIGLIST
+#if !HAVE_DECL_SYS_SIGLIST
  if (! initialized)
    {
      sys_siglist[SIGABRT] = "Aborted";
@@ -1759,7 +1757,7 @@ init_signals (bool dumping)
      sys_siglist[SIGXFSZ] = "File size limit exceeded";
 # endif
    }
-#endif /* !defined HAVE_STRSIGNAL && !defined HAVE_DECL_SYS_SIGLIST */
+#endif /* !HAVE_DECL_SYS_SIGLIST */
  /* Don't alter signal handlers if dumping.  On some machines,
     changing signal handlers sets static data that would make signals
@@ -2280,21 +2278,20 @@ set_file_times (int fd, const char *filename,
  return fdutimens (fd, filename, timespec);
 }
-#ifndef HAVE_STRSIGNAL
+/* Like strsignal, except async-signal-safe, and this function typically
-char *
+   returns a string in the C locale rather than the current locale.  */
-strsignal (int code)
+char const *
+safe_strsignal (int code)
 {
-  char *signame = 0;
+  char const *signame = 0;
  if (0 <= code && code < NSIG)
-    {
+    signame = sys_siglist[code];
-      /* Cast to suppress warning if the table has const char *.  */
+  if (! signame)
-      signame = (char *) sys_siglist[code];
+    signame = "Unknown signal";
-    }
  return signame;
 }
-#endif /* HAVE_STRSIGNAL */
 #ifndef DOS_NT
 /* For make-serial-process  */
author	Paul Eggert	2012-10-01 15:12:44 -0700
committer	Paul Eggert	2012-10-01 15:12:44 -0700
commit	aa1ba90e4a95542c83cf636de3bc67e8fb23bad3 (patch)
tree	1407a999bbc11bf54aaeba40764d6a75565db182 /src/sysdep.c
parent	ace917bddb2ed2448a97ddf279445bb581c5cd32 (diff)
download	emacs-aa1ba90e4a95542c83cf636de3bc67e8fb23bad3.tar.gz emacs-aa1ba90e4a95542c83cf636de3bc67e8fb23bad3.zip