According to section 7.14.1.1 (signals) of the C standard; returning from a SIGSEGV, SIGILL, or SIGFPE signal handler is undefined behavior.
Noncompliant Code Example
In this non-compliant code example, if the given user input is '0', the division operation causes a SIGFPE signal to be sent to the program.
volatile sig_atomic_t denom;
void sighandle(int s);
int main(int argc,char *argv[]){
 if(argc < 2)
   return 0;
 int result = 0;
  denom = atoi(argv[1]);
 signal(SIGFPE,(*sighandle));
 result = 100/denom;
 return 0;
}
void sighandle(int s){
 /* Fix the offending volatile */                  Â
if(denom == 0)
denom == 1;
/* Everything is ok */
return;
}
The above example will loop infinitely on most systems when supplied with 0 as an argument.
This illustrates that even when a SIGFPE handler attempts to fix the error condition while obeying all other rules of signal handling, the behavior may not be as expected.
Compliant Solution
void sighandle(int s){
/* No recovery */
abort();
}
The only safe way to leave a SIGFPE,SIGILL, or SIGSEGV handler is through abort or _exit/_Exit.
Risk Assessment
Attempting to handle SIGSEGV/SIGILL/or SIGFPE signals is rare.
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
SIG35-C |
low |
unlikely |
low |
P3 |
L3 |