SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 90

changes.mady.by.user Robert Seacord (Manager)

Saved on

compared with

New Version 91

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by NavBot (jp)

...

Wiki Markup
According to Section 7.14.1.1 of the C Rationale \[[ISO/IEC 03|AA. References#ISOBibliography#ISO/IEC 03]\]:

When a signal occurs, the normal flow of control of a program is interrupted. If a signal occurs that is being trapped by a signal handler, that handler is invoked. When it is finished, execution continues at the point at which the signal occurred. This arrangement can cause problems if the signal handler invokes a library function that was being executed at the time of the signal.

Wiki Markup
Similarly, Section 7.14.1 paragraph 5 of C99 \[[ISO/IEC 9899:1999|AA. References#ISOBibliography#ISO/IEC 9899-1999]\] states that if the signal occurs other than as the result of calling the {{abort}} or {{raise}} function, the behavior is [undefined|BB. Definitions#undefined behavior] if

...

Wiki Markup
The second problem is that the {{free()}} function is also not \[[asynchronous-safe|AA. References#asynchronousBibliography#asynchronous-safe]\], and its invocation from within a signal handler is also a violation of this rule. If an interrupt signal is received during the {{free()}} call in {{main()}}, the heap may be corrupted.

...

Wiki Markup
The following table from the the Open Group Base Specifications \[[Open Group 04|AA. References#OpenBibliography#Open Group 04]\], defines a set of functions that are asynchronous—signal-safe. Applications may invoke these functions, without restriction, from signal handler.

...

Wiki Markup
For an overview of software vulnerabilities resulting from improper signal handling, see Zalewski's paper on understanding, exploiting, and preventing signal-handling-related vulnerabilities \[[Zalewski 01|AA. References#ZalewskiBibliography#Zalewski 01]\]. [VU #834865|http://www.kb.cert.org/vuls/id/834865] describes a vulnerability resulting from a violation of this rule.

...

Wiki Markup
\[[Dowd 06|AA. References#DowdBibliography#Dowd 06]\] Chapter 13, "Synchronization and State"
\[[ISO/IEC 03|AA. References#ISOBibliography#ISO/IEC 03]\] Section 5.2.3, "Signals and interrupts"
\[[ISO/IEC 9899:1999|AA. References#ISOBibliography#ISO/IEC 9899-1999]\] Section 7.14, "Signal handling {{<signal.h>}}"
\[[MITRE 07|AA. References#MITREBibliography#MITRE 07]\] [CWE ID 479|http://cwe.mitre.org/data/definitions/479.html], "Unsafe Function Call from a Signal Handler"
\[[Open Group 04|AA. References#OpenBibliography#Open Group 04]\] [longjmp|http://www.opengroup.org/onlinepubs/000095399/functions/longjmp.html]
\[[OpenBSD|AA. References#OpenBSDBibliography#OpenBSD]\] [{{signal()}} Man Page|http://www.openbsd.org/cgi-bin/man.cgi?query=signal]
\[[Zalewski 01|AA. References#ZalewskiBibliography#Zalewski 01]\]

...

      11. Signals (SIG)      SIG31-C. Do not access or modify shared objects in signal handlers