According to the C Standard, 7.14.1.1 1 paragraph 3 [ISO/IEC 9899:20112024], if a signal handler returns when it has been entered as a result of a computational exception (that is, with the value of its argument of SIGFPE
, SIGILL
,
, or any other implementation-defined value corresponding to such an exception) returns, then the behavior is undefined. (See undefined behavior 130.)SIGSEGV
When a signal occurs and func points to a function, it is implementation-defined whether the equivalent of signal (sig, SIG_DFL); is executed or the implementation prevents some implementation- defined set of signals (at least including sig) from occurring until the current signal handling has completed; in the case of SIGILL, the implementation may alternatively define that no action is taken. Then the equivalent of (*func)(sig); is executed. If and when the function returns, if the value of sig is SIGFPE, SIGILL, SIGSEGV, or any other implementation-defined value corresponding to a computational exception, the behavior is undefined; otherwise the program will resume execution at the point it was interrupted.
The Portable Operating System Interface (POSIX®), Base Specifications, Issue 7 [IEEE Std 1003.1:2013], adds SIGBUS
to the list of computational exception signal handlers:
...
Tool | Version | Checker | Description | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Axivion Bauhaus Suite |
| CertC-SIG35 | |||||||||
CodeSonar |
| LANG.STRUCT.RFCESH | Return from Computational Exception Signal Handler | ||||||||
Cppcheck Premium | 24.9.0 | premium-cert-sig35-c | Fully implemented | ||||||||
Helix QAC |
| C4846DF4846, | C4847DF4847, | C4848DF4848 | |||||||
Klocwork |
| CERT.STDLIB.SIGNAL | |||||||||
LDRA tool suite |
| 44 S | Enhanced enforcement | ||||||||
Parasoft C/C++test |
| CERT_C-SIG35-a | Do not return from a computational exception signal handler | ||||||||
PC-lint Plus |
| 2671, 2764 | Fully supported | ||||||||
| CERT C: Rule SIG35-C | Checks for return from computational exception signal handler (rule fully covered) |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
[IEEE Std 1003.1:2013] | 2.4.1, Signal Generation and Delivery |
[ISO/IEC 9899:20112024] | Subclause 7.14.1.1, "The signal Function" |
...