Message 172860 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	Vladimir.Ushakov
Recipients	Vladimir.Ushakov, christian.heimes, jcea, neologix, pitrou, vstinner
Date	2012-10-14.09:04:47
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1350205488.51.0.396212784135.issue16212@psf.upfronthosting.co.za>
In-reply-to

Content
SIGBUS as well as SIGFPE or SIGSEGV is a synchronous signal. It is delivered to the thread that caused the trouble and the stack contents is well defined. > https://www.securecoding.cert.org/confluence/display/seccode/SIG35-C.+Do+not+return+from+SIGSEGV,+SIGILL,+or+SIGFPE+signal+handlers Does not apply here: longjmp is not a return. > https://www.securecoding.cert.org/confluence/display/seccode/SIG32-C.+Do+not+call+longjmp%28%29+from+inside+a+signal+handler The grounds are weak. They refer to SIG30-C, which is based on ISO C standard. POSIX explicitly declares the fact that longjmp is allowed to exit signal handlers as an extension to ISO C standard. (See http://pubs.opengroup.org/onlinepubs/9699919799/) Besides, POSIX explicitly states that only async-signal-safe functions can be called from the handlers, which "are invoked asynchronously with process execution". That's not out case as mentioned above, we are not in asynchronous context as it could be with, say, SIGINT. (See http://pubs.opengroup.org/onlinepubs/009695399/functions/xsh_chap02_04.html) Glibc doesn't mind as well: http://www.gnu.org/software/libc/manual/html_node/Longjmp-in-Handler.html I can doubt about non-POSIX platforms, but with POSIX everything seems clean to me. Especially since the method is already in use with SIGFPE.

SIGBUS as well as SIGFPE or SIGSEGV is a synchronous signal. It is delivered to the thread that caused the trouble and the stack contents is well defined.

> https://www.securecoding.cert.org/confluence/display/seccode/SIG35-C.+Do+not+return+from+SIGSEGV,+SIGILL,+or+SIGFPE+signal+handlers

Does not apply here: longjmp is not a return.

> https://www.securecoding.cert.org/confluence/display/seccode/SIG32-C.+Do+not+call+longjmp%28%29+from+inside+a+signal+handler

The grounds are weak. They refer to SIG30-C, which is based on ISO C standard.

POSIX explicitly declares the fact that longjmp is allowed to exit signal handlers as an extension to ISO C standard.

(See http://pubs.opengroup.org/onlinepubs/9699919799/)

Besides, POSIX explicitly states that only async-signal-safe functions can be called from the handlers, which "are invoked asynchronously with process execution". That's not out case as mentioned above, we are not in asynchronous context as it could be with, say, SIGINT.

(See http://pubs.opengroup.org/onlinepubs/009695399/functions/xsh_chap02_04.html)

Glibc doesn't mind as well:

http://www.gnu.org/software/libc/manual/html_node/Longjmp-in-Handler.html

I can doubt about non-POSIX platforms, but with POSIX everything seems clean to me. Especially since the method is already in use with SIGFPE.

History
Date	User	Action	Args
2012-10-14 09:04:48	Vladimir.Ushakov	set	recipients: + Vladimir.Ushakov, jcea, pitrou, vstinner, christian.heimes, neologix
2012-10-14 09:04:48	Vladimir.Ushakov	set	messageid: <1350205488.51.0.396212784135.issue16212@psf.upfronthosting.co.za>
2012-10-14 09:04:48	Vladimir.Ushakov	link	issue16212 messages
2012-10-14 09:04:47	Vladimir.Ushakov	create