According to section Section 7.14.1.1 (signals) of the C standard; , returning from a SIGSEGV, SIGILL, or SIGFPE signal handler is undefined behavior:
If and when the function returns, if the value of
sigisSIGFPE,SIGILL,SIGSEGV, or any other implementation-defined value corresponding to a computational exception, the behavior is undefined; otherwise, the program will resume execution at the point it was interrupted.
Furthermore, SIGFPE may not be caught for a significant amount of instructions after the floating-point instruction which that creates it.
Noncompliant Code Example
...
The noncompliant code example will loop infinitely on input 0 when compiled with gcc GCC 4.3 or gcc GCC 3.4. This illustrates that even when a SIGFPE handler attempts to fix the error condition while obeying all other rules of signal handling, the program still does not behave as expected.
...
The only portably safe way to leave a SIGFPE, SIGILL, or SIGSEGV handler is through abort() or /_Exit(). In the case of SIGFPE, the default handler calls abort(), so no user-defined handler is actually needed. The handler shown is only for consistency.
...
Some implementations define useful behavior for programs that return from one or more of these signal handlers. For example, For instance, Solaris provides the sigfpe() function specifically to set a SIGFPE handler that a program may safely return from. Sun also provides platform-specific computational exceptions for the SIGTRAP, SIGBUS, and SIGEMT signals. Finally, GNU libsigsegv takes advantage of the ability to return from a SIGSEGV handler to implement page-level memory management in user mode.
...
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
SIG35-C | low | unlikely | high | P3 | L3 |
Bibliography
Related Guidelines
ISO/IEC 9899:1999 7.14.1.1
Bibliography
Wiki Markup
...