SEI CERT C Coding Standard

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 84 Next »

Calling the signal() function in a multithreaded program is undefined behavior. (See undefined behavior 135.)

Noncompliant Code Example

This noncompliant code example invokes the signal() function from a multithreaded program:

#include <signal.h>
#include <stddef.h>
#include <threads.h>
 
volatile sig_atomic_t flag = 0;

void handler(int signum) {
  flag = 1;
}

/* Runs until user sends SIGUSR1 */
int func(void *data) {
  while (!flag) {
    /* ... */
  }
  return 0;
}

int main(void) {
  signal(SIGUSR1, handler); /* Undefined behavior */
  thrd_t tid;
  
  if (thrd_success != thrd_create(&tid, func, NULL)) {
    /* Handle error */
  }
  /* ... */
  return 0;
}

NOTE: The SIGUSR1 signal value is not defined in the C Standard; consequently, this is not a C-compliant code example.

Compliant Solution

This compliant solution uses an object of type atomic_bool to indicate when the child thread should terminate its loop:

#include <stdatomic.h>
#include <stdbool.h>
#include <stddef.h>
#include <threads.h>
 
atomic_bool flag = ATOMIC_VAR_INIT(false);

int func(void *data) {
  while (!flag) {
    /* ... */
  }
  return 0;
}

int main(void) {
  thrd_t tid;
  
  if (thrd_success != thrd_create(&tid, func, NULL)) {
    /* Handle error */
  }
  /* ... */
  /* Set flag when done */
  flag = true;

  return 0;
}

Exceptions

CON37-C-EX1: Implementations such as POSIX that provide defined behavior when multithreaded programs use custom signal handlers are exempt from this rule [IEEE Std 1003.1-2013].

Risk Assessment

Mixing signals and threads causes undefined behavior.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

CON37-C

Low

Probable

Low

P6

L2

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Automated Detection

ToolVersionCheckerDescription
Astrée
24.04

Supported, but no explicit checker
CodeSonar
8.1p0
BADFUNC.SIGNALUse of signal
Coverity
2017.07
MISRA C 2012 Rule 21.5Over-constraining
LDRA tool suite
9.7.1
44 SEnhanced enforcement
Parasoft C/C++test
2023.1

CERT_C-CON37-a

The signal handling facilities of <signal.h> shall not be used
RuleChecker
24.04

Supported, but no explicit checker
PRQA QA-C++
4.4
5022

Bibliography

[IEEE Std 1003.1-2013]XSH 2.9.1, "Thread Safety"



  • No labels