According to section 7.14.1.1 (signals) of the C standard; returning from a SIGSEGV, SIGILL, or SIGFPE signal handler is undefined behavior:
If and when the function returns, if the value of
sigisSIGFPE,SIGILL,SIGSEGV, or any other implementation-defined value corresponding to a computational exception, the behavior is undefined; otherwise the program will resume execution at the point it was interrupted.
Noncompliant Code Example
In this noncompliant code example, if the given user input is '0', the division operation results in a SIGFPE signal being sent to the program.
volatile sig_atomic_t denom;
void sighandle(int s){
/* Fix the offending volatile */
if (denom == 0) {
denom == 1;
}
/* Everything is ok */
return;
}
int main(int argc, char *argv[]){
int result = 0;
 if (argc < 2) {
   return 0;
}
  denom = (int)strtol(argv[1], (char **)NULL, 10);
 signal(SIGFPE,(*sighandle));
 result = 100/denom;
 return 0;
}
The noncompliant code example will loop infinitely on most systems when supplied with 0 as an argument.
This illustrates that even when a SIGFPE handler attempts to fix the error condition while obeying all other rules of signal handling, the behavior may not be as expected.
Compliant Solution
volatile sig_atomic_t denom;
void sighandle(int s){
/* No recovery */
abort();
}
int main(int argc, char *argv[]){
int result = 0;
if (argc < 2) {
return 0;
}
denom = (int)strtol(argv[1], (char **)NULL, 10);
signal(SIGFPE,(*sighandle));
result = 100/denom;
return 0;
}
The only portably safe way to leave a SIGFPE, SIGILL, or SIGSEGV handler is through abort() or /_Exit().
Risk Assessment
Attempting to handle SIGSEGV/SIGILL/or SIGFPE signals is rare.
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
SIG35-C |
low |
unlikely |
low |
P3 |
L3 |