According to Section 7.14.1.1 (signals) of the C standard [ISO/IEC 9899:2011], returning from a SIGSEGV, SIGILL, or SIGFPE signal handler is undefined behavior:
If and when the function returns, if the value of
sigisSIGFPE,SIGILL,SIGSEGV, or any other implementation-defined value corresponding to a computational exception, the behavior is undefined; otherwise, the program will resume execution at the point it was interrupted.
Furthermore, SIGFPE may not be caught for a significant amount significant number of instructions after the floating-point instruction that creates it.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include<signal.h>
#include<stddef.h>
#include<stdlib.h>
volatile sig_atomic_t denom;
void sighandle(int s){
/* Fix the offending volatile */
if (denom == 0) {
denom = 1;
}
/* Everything is ok */
return;
}
int main(int argc, char *argv[]){
int result = 0;
if (argc < 2) {
return 0;
}
denom = (int)strtol(argv[1], (char **)NULL, 10);
signal(SIGFPE,(*sighandle));
result = 100/denom;
return 0;
}
|
The noncompliant code example will loop infinitely on input 0 when compiled with GCC 4.3 or GCC 3.4. This It illustrates that even when a SIGFPE handler attempts to fix the error condition while obeying all other rules of signal handling, the program still does not behave as expected.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include<signal.h>
#include<stddef.h>
#include<stdlib.h>
volatile sig_atomic_t denom;
void sighandle(int s){
/* No recovery */
abort();
}
int main(int argc, char *argv[]){
int result = 0;
if (argc < 2) {
return 0;
}
denom = (int)strtol(argv[1], (char **)NULL, 10);
signal(SIGFPE,(*sighandle));
result = 100/denom;
return 0;
}
|
...
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
SIG35-C | low | unlikely | high | P1 | L3 |
Related Guidelines
ISO/IEC 9899:19992011 Section 7.14.1.1, "The signal function"
Bibliography
http://technopark02.blogspot.com/2005/10/handling-sigfpe.html
...