Re: 2.6.x signal handler bug

[Jörn Engel]

On Sat, 26 June 2004 02:56:51 +0300, Paul Maurides wrote:
> 
> The bug has been reproduced successfully using the following program
> on kernel 2.6.5 and 2.6.7, and probably affects any other 2.6 kernel.

All, since about 2.5.71 or so.

> Kernel 2.4 produce the correct behavior, an endless loop of handled 
> signals, but on kernel 2.6 the program segfaults.

The program never returns from it's signal handler.  Instead, it
causes yet another segfault.  Any program stupid enough to cause a
segfault inside the segfault handler, should be killed.  Full stop.

> #include <signal.h>
> #include <stdio.h>
> #include <stdlib.h>
> #include <setjmp.h>
> 
> volatile int len;
> volatile int real;
> volatile int caught;
> jmp_buf env;
> 
> void catcher(int sig){
>    signal(SIGSEGV,catcher);
>    printf("requested: %9d malloced: %9d\n",len,real);
>    longjmp(env, 1);
> }
> 
> int main(){
>    char* p=0;
>    len = 0;
>    signal(SIGSEGV,catcher);
> 
>    setjmp(env);
>    len++;
>    free(p);
>    p = malloc(len);
>    real = 0;
>    while(1){
>        p[real] = 0;
>        real++;
>    }
>    return 0;
> }

Jörn

-- 
Fancy algorithms are buggier than simple ones, and they're much harder
to implement. Use simple algorithms as well as simple data structures.
-- Rob Pike
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/