+2012-10-01 Paul Eggert <eggert@cs.ucla.edu>
+
+ Fix a malloc race condition involving strsignal.
+ A signal can arrive in the middle of a malloc, and Emacs's signal
+ handler can invoke strsignal, which can invoke malloc, which is
+ not portable. This race condition bug makes Emacs hang on GNU/Linux.
+ Fix it by altering the signal handler so that it does not invoke
+ strsignal.
+ * emacs.c (shut_down_emacs): Use safe_strsignal, not strsignal.
+ * process.c (status_message): Use const pointer, in case strsignal
+ is #defined to safe_strsignal.
+ * sysdep.c (sys_siglist, init_signals): Always define and
+ initialize a substitute sys_siglist if the system does not define
+ one, even if HAVE_STRSIGNAL.
+ (safe_strsignal): Rename from strsignal. Always define,
+ using sys_siglist. Return a const pointer.
+ * syssignal.h (safe_strsignal): New decl.
+ (strsignal) [!HAVE_STRSIGNAL]: Define in terms of safe_strsignal.
+
2012-10-01 Eli Zaretskii <eliz@gnu.org>
* w32proc.c (timer_loop): Fix code that waits for timer
static char const format[] = "Fatal error %d: ";
char buf[sizeof format - 2 + INT_STRLEN_BOUND (int)];
int buflen = sprintf (buf, format, sig);
- char const *sig_desc = strsignal (sig);
+ char const *sig_desc = safe_strsignal (sig);
ignore_value (write (STDERR_FILENO, buf, buflen));
ignore_value (write (STDERR_FILENO, sig_desc, strlen (sig_desc)));
}
if (EQ (symbol, Qsignal) || EQ (symbol, Qstop))
{
- char *signame;
+ char const *signame;
synchronize_system_messages_locale ();
signame = strsignal (code);
if (signame == 0)
errno = old_errno;
}
\f
-#if !defined HAVE_STRSIGNAL && !HAVE_DECL_SYS_SIGLIST
-static char *my_sys_siglist[NSIG];
-# ifdef sys_siglist
-# undef sys_siglist
-# endif
+#if !HAVE_DECL_SYS_SIGLIST
+# undef sys_siglist
# define sys_siglist my_sys_siglist
+static char const *sys_siglist[NSIG];
#endif
/* Handle bus errors, invalid instruction, etc. */
main_thread = pthread_self ();
#endif
-#if !defined HAVE_STRSIGNAL && !HAVE_DECL_SYS_SIGLIST
+#if !HAVE_DECL_SYS_SIGLIST
if (! initialized)
{
sys_siglist[SIGABRT] = "Aborted";
sys_siglist[SIGXFSZ] = "File size limit exceeded";
# endif
}
-#endif /* !defined HAVE_STRSIGNAL && !defined HAVE_DECL_SYS_SIGLIST */
+#endif /* !HAVE_DECL_SYS_SIGLIST */
/* Don't alter signal handlers if dumping. On some machines,
changing signal handlers sets static data that would make signals
return fdutimens (fd, filename, timespec);
}
\f
-#ifndef HAVE_STRSIGNAL
-char *
-strsignal (int code)
+/* Like strsignal, except async-signal-safe, and this function typically
+ returns a string in the C locale rather than the current locale. */
+char const *
+safe_strsignal (int code)
{
- char *signame = 0;
+ char const *signame = 0;
if (0 <= code && code < NSIG)
- {
- /* Cast to suppress warning if the table has const char *. */
- signame = (char *) sys_siglist[code];
- }
+ signame = sys_siglist[code];
+ if (! signame)
+ signame = "Unknown signal";
return signame;
}
-#endif /* HAVE_STRSIGNAL */
\f
#ifndef DOS_NT
/* For make-serial-process */
typedef void (*signal_handler_t) (int);
extern void emacs_sigaction_init (struct sigaction *, signal_handler_t);
+char const *safe_strsignal (int);
#if NSIG < NSIG_MINIMUM
# undef NSIG
#endif /* ! defined (SIGCLD) */
#ifndef HAVE_STRSIGNAL
-/* strsignal is in sysdep.c */
-char *strsignal (int);
+# define strsignal(sig) safe_strsignal (sig)
#endif
void deliver_process_signal (int, signal_handler_t);
projects / emacs.git / commitdiff