Author Vladimir.Ushakov
Recipients Vladimir.Ushakov, christian.heimes, jcea, neologix, pitrou, vstinner
Date 2012-10-14.09:04:47
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1350205488.51.0.396212784135.issue16212@psf.upfronthosting.co.za>
In-reply-to
Content
SIGBUS as well as SIGFPE or SIGSEGV is a synchronous signal. It is delivered to the thread that caused the trouble and the stack contents is well defined.

> https://www.securecoding.cert.org/confluence/display/seccode/SIG35-C.+Do+not+return+from+SIGSEGV,+SIGILL,+or+SIGFPE+signal+handlers

Does not apply here: longjmp is not a return.

> https://www.securecoding.cert.org/confluence/display/seccode/SIG32-C.+Do+not+call+longjmp%28%29+from+inside+a+signal+handler

The grounds are weak. They refer to SIG30-C, which is based on ISO C standard.

POSIX explicitly declares the fact that longjmp is allowed to exit signal handlers as an extension to ISO C standard.

(See http://pubs.opengroup.org/onlinepubs/9699919799/)

Besides, POSIX explicitly states that only async-signal-safe functions can be called from the handlers, which "are invoked asynchronously with process execution". That's not out case as mentioned above, we are not in asynchronous context as it could be with, say, SIGINT.

(See http://pubs.opengroup.org/onlinepubs/009695399/functions/xsh_chap02_04.html)

Glibc doesn't mind as well:

http://www.gnu.org/software/libc/manual/html_node/Longjmp-in-Handler.html

I can doubt about non-POSIX platforms, but with POSIX everything seems clean to me. Especially since the method is already in use with SIGFPE.
History
Date User Action Args
2012-10-14 09:04:48Vladimir.Ushakovsetrecipients: + Vladimir.Ushakov, jcea, pitrou, vstinner, christian.heimes, neologix
2012-10-14 09:04:48Vladimir.Ushakovsetmessageid: <1350205488.51.0.396212784135.issue16212@psf.upfronthosting.co.za>
2012-10-14 09:04:48Vladimir.Ushakovlinkissue16212 messages
2012-10-14 09:04:47Vladimir.Ushakovcreate