Page History

According to the C Standard, subclause 7.14.1.1 [ISO/IEC 9899:2011], returning from a SIGSEGV, SIGILL, or SIGFPE signal handler is undefined behavior:

If and when the function returns, if the value of sig is SIGFPE, SIGILL, SIGSEGV, or any other implementation-defined value corresponding to a computational exception, the behavior is undefined; otherwise, the program will resume execution at the point it was interrupted.

...

#include <signal.h>
#include <stddef.h>
#include <stdlib.h>

volatile sig_atomic_t denom;

void sighandle(int s){
  /* Fix the offending volatile. */
  if (denom == 0) {
    denom = 1;
  }
}

int main(int argc, char *argv[]){
  int result = 0;
    
  if (argc < 2) {
    return 0;
  }
  denom = (sig_atomic_t)strtol(argv[1], NULL, 10);
    
  signal(SIGFPE,(*sighandle));

  result = 100 / (int)denom;
  return 0;
}

...

#include <signal.h>
#include <stddef.h>
#include <stdlib.h>

volatile sig_atomic_t denom;

void sighandle(int s){
  /* Recovery is impossible. */
  abort();
}

int main(int argc, char *argv[]){
  int result = 0;
    
  if (argc < 2) {
    return 0;
  }
  denom = (sig_atomic_t)strtol(argv[1], NULL, 10);
    
  signal(SIGFPE,(*sighandle));

  result = 100 / (int)denom;
  return 0;
}

Implementation Details

Some implementations define useful behavior for programs that return from one or more of these signal handlers. For example, Solaris provides the sigfpe() function specifically to set a SIGFPE handler that a program may safely return from. Sun also provides platform-specific computational exceptions for the SIGTRAP, SIGBUS, and SIGEMT signals. Finally, GNU libsigsegv takes advantage of the ability to return from a SIGSEGV handler to implement page-level memory management in user mode.

...

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Bibliography

...