public inbox for
 help / color / mirror / Atom feed
From: Mark Wielaard <>
Subject: Re: call to ‘fprintf’ from within signal handler [CWE-479]
Date: Thu, 16 Jul 2020 15:55:40 +0200	[thread overview]
Message-ID: <> (raw)
In-Reply-To: <>

Hi Jeffrey,

On Thu, 2020-07-16 at 04:49 -0400, Jeffrey Walton via Bzip2-devel
> I'm testing a build with the GCC 10 analyzer. Add -fanalyzer to
> CFLAGS. If you need GCC 10, then you can find it on Fedora 32.

The GCC -fanalyzer is indeed awesome!

> The Analyzer is producing a finding:
> bzip2.c:677:4: warning: call to ‘fprintf’ from within signal handler
> [CWE-479] [-Wanalyzer-unsafe-call-within-signal-handler]
>   677 |    fprintf (
>       |    ^~~~~~~~~
>   678 |       stderr,
>       |       ~~~~~~~
>   679 |       "\tInput file = %s, output file = %s\n",
>       |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>   680 |       inName, outName
>       |       ~~~~~~~~~~~~~~~
>   681 |    );
> There are two additional findings that are similar.

That should already have been fixed in git:

commit 8ca1faa31f396d94ab927b257f3a05236c84e330
Author: Mark Wielaard <>
Date:   Sun May 17 20:02:31 2020 +0200

    Don't call unsafe functions from SIGSEGV/SIGBUS signal handler.
    GCC10 -fanalyzer notices that we try to call functions that are not
    signal safe from our fatal signal handler:
    bzip2.c: In function ‘mySIGSEGVorSIGBUScatcher’:
    bzip2.c:819:7: warning: call to ‘fprintf’ from within signal handler
                   [CWE-479] [-Wanalyzer-unsafe-call-within-signal-handler]
    It also notices we then call showFileNames and cleanupAndFail which
    also call possibly not signal safe functions.
    Just write out the error message directly to STDERR and exit without
    trying to clean up any files.

  reply	other threads:[~2020-07-16 13:55 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-07-16  8:49 Jeffrey Walton
2020-07-16 13:55 ` Mark Wielaard [this message]
2020-07-16 15:03   ` Jeffrey Walton

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).