From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mark@klomp.org>
Received: from gnu.wildebeest.org (wildebeest.demon.nl [212.238.236.112])
 by sourceware.org (Postfix) with ESMTPS id E99B4386F81E
 for <bzip2-devel@sourceware.org>; Sun, 17 May 2020 19:09:56 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org E99B4386F81E
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=klomp.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=mark@klomp.org
Received: from tarox.wildebeest.org (tarox.wildebeest.org [172.31.17.39])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by gnu.wildebeest.org (Postfix) with ESMTPSA id B1BAA300043C;
 Sun, 17 May 2020 21:09:55 +0200 (CEST)
Received: by tarox.wildebeest.org (Postfix, from userid 1000)
 id E6343406D92B; Sun, 17 May 2020 21:09:54 +0200 (CEST)
From: Mark Wielaard <mark@klomp.org>
To: bzip2-devel@sourceware.org
Cc: David Malcolm <dmalcolm@redhat.com>,
	Mark Wielaard <mark@klomp.org>
Subject: [PATCH] Don't call unsafe functions from SIGSEGV/SIGBUS signal
 handler.
Date: Sun, 17 May 2020 21:09:39 +0200
Message-Id: <20200517190939.29003-1-mark@klomp.org>
X-Mailer: git-send-email 2.18.4
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-13.7 required=5.0 tests=BAYES_00, GIT_PATCH_0,
 JMQ_SPF_NEUTRAL, KAM_DMARC_STATUS, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: bzip2-devel@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Bzip2-devel mailing list <bzip2-devel.sourceware.org>
List-Unsubscribe: <http://sourceware.org/mailman/options/bzip2-devel>,
 <mailto:bzip2-devel-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/bzip2-devel/>
List-Help: <mailto:bzip2-devel-request@sourceware.org?subject=help>
List-Subscribe: <http://sourceware.org/mailman/listinfo/bzip2-devel>,
 <mailto:bzip2-devel-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Sun, 17 May 2020 19:09:58 -0000

GCC10 -fanalyzer notices that we try to call functions that are not
signal safe from our fatal signal handler:

bzip2.c: In function ‘mySIGSEGVorSIGBUScatcher’:
bzip2.c:819:7: warning: call to ‘fprintf’ from within signal handler
               [CWE-479] [-Wanalyzer-unsafe-call-within-signal-handler]

It also notices we then call showFileNames and cleanupAndFail which
also call possibly not signal safe functions.

Just write out the error message directly to STDERR and exit without
trying to clean up any files.
---
 bzip2.c | 40 ++++++++++++++++++++++++----------------
 1 file changed, 24 insertions(+), 16 deletions(-)

diff --git a/bzip2.c b/bzip2.c
index d95d280..d1f2fa8 100644
--- a/bzip2.c
+++ b/bzip2.c
@@ -815,10 +815,9 @@ void mySignalCatcher ( IntNative n )
 static 
 void mySIGSEGVorSIGBUScatcher ( IntNative n )
 {
+   const char *msg;
    if (opMode == OM_Z)
-      fprintf ( 
-      stderr,
-      "\n%s: Caught a SIGSEGV or SIGBUS whilst compressing.\n"
+      msg = ": Caught a SIGSEGV or SIGBUS whilst compressing.\n"
       "\n"
       "   Possible causes are (most likely first):\n"
       "   (1) This computer has unreliable memory or cache hardware\n"
@@ -834,12 +833,9 @@ void mySIGSEGVorSIGBUScatcher ( IntNative n )
       "   bug report should have.  If the manual is available on your\n"
       "   system, please try and read it before mailing me.  If you don't\n"
       "   have the manual or can't be bothered to read it, mail me anyway.\n"
-      "\n",
-      progName );
-      else
-      fprintf ( 
-      stderr,
-      "\n%s: Caught a SIGSEGV or SIGBUS whilst decompressing.\n"
+      "\n";
+   else
+      msg = ": Caught a SIGSEGV or SIGBUS whilst decompressing.\n"
       "\n"
       "   Possible causes are (most likely first):\n"
       "   (1) The compressed data is corrupted, and bzip2's usual checks\n"
@@ -857,13 +853,25 @@ void mySIGSEGVorSIGBUScatcher ( IntNative n )
       "   bug report should have.  If the manual is available on your\n"
       "   system, please try and read it before mailing me.  If you don't\n"
       "   have the manual or can't be bothered to read it, mail me anyway.\n"
-      "\n",
-      progName );
-
-   showFileNames();
-   if (opMode == OM_Z)
-      cleanUpAndFail( 3 ); else
-      { cadvise(); cleanUpAndFail( 2 ); }
+      "\n";
+   write ( STDERR_FILENO, "\n", 1 );
+   write ( STDERR_FILENO, progName, strlen ( progName ) );
+   write ( STDERR_FILENO, msg, strlen ( msg ) );
+
+   msg = "\tInput file = ";
+   write ( STDERR_FILENO, msg, strlen (msg) );
+   write ( STDERR_FILENO, inName, strlen (inName) );
+   write ( STDERR_FILENO, "\n", 1 );
+   msg = "\tOutput file = ";
+   write ( STDERR_FILENO, msg, strlen (msg) );
+   write ( STDERR_FILENO, outName, strlen (outName) );
+   write ( STDERR_FILENO, "\n", 1 );
+
+   /* Don't call cleanupAndFail. If we ended up here something went
+      terribly wrong. Trying to clean up might fail spectacularly. */
+
+   if (opMode == OM_Z) setExit(3); else setExit(2);
+   _exit(exitValue);
 }
 
 
-- 
2.18.4