...
This non-compliant code example invokes the malloc()}}s space for a string, copies over a string, and then cleans up the memory. The error lies with the call to the {{free() function from within inside the signal handler. If an interrupt signal is received during or after the free() call in main(), the heap will be corrupted.
| Code Block | ||
|---|---|---|
| ||
#include <signal.h>
char *foo;
void int_handler() {
free(foo);
_Exit(0);
/* _Exit() causes immediate program termination, and is
async-safe, whereas exit() calls cleanup routines first,
and is not async-safe. */
}
int main(void) {
foo = malloc(15);
if(foo == NULL) {
/* handle error condition */
return 0;
}}
signal(SIGINT, int_handler);
strcpy(foo, "Hello World.");
puts(foo);
free(foo);
return 0;
}
Note: The {{_Exit()}} function causes immediate program termination, and is async-safe, whereas {{exit()}} calls cleanup routines first, and is not async-safe.
|
Compliant Solution
Signal handlers should be as minimal as possible, only unconditionally setting a flag where appropriate, and returning. You may also call the _Exit() function to immediately terminate program execution.
...