public inbox for cygwin-cvs@sourceware.org
help / color / mirror / Atom feed
* [newlib-cygwin] Cygwin: fix potential SEGV in sigwaitinfo/signalfd scenario
@ 2019-08-13 10:21 Corinna Vinschen
0 siblings, 0 replies; only message in thread
From: Corinna Vinschen @ 2019-08-13 10:21 UTC (permalink / raw)
To: cygwin-cvs
https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=92115a83a4579635e253be2887d3706d28b477fd
commit 92115a83a4579635e253be2887d3706d28b477fd
Author: Corinna Vinschen <corinna@vinschen.de>
Date: Mon Aug 12 22:40:50 2019 +0200
Cygwin: fix potential SEGV in sigwaitinfo/signalfd scenario
On sigwaitinfo or reading from a signalfd, signal processing sets up
signal handling via sigdelayed even if the handler address is NULL.
This doesn't have any impact on sigwaitinfo scenarios (or at least, I
wasn't able to come up with a reproducer) but it breaks signalfd
scenarios, where eventually a call to call_signal_handler from
sigdelayed will try to call the NULL function.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Diff:
---
winsup/cygwin/exceptions.cc | 17 ++++++++++++++---
winsup/cygwin/release/3.1.0 | 3 +++
2 files changed, 17 insertions(+), 3 deletions(-)
diff --git a/winsup/cygwin/exceptions.cc b/winsup/cygwin/exceptions.cc
index 1765f43..9bdf9f0 100644
--- a/winsup/cygwin/exceptions.cc
+++ b/winsup/cygwin/exceptions.cc
@@ -1628,7 +1628,7 @@ _cygtls::call_signal_handler ()
if (retaddr () == (__tlsstack_t) sigdelayed)
pop ();
- debug_only_printf ("dealing with signal %d", sig);
+ debug_only_printf ("dealing with signal %d, handler %p", sig, func);
this_sa_flags = sa_flags;
sigset_t this_oldmask = set_process_mask_delta ();
@@ -1647,8 +1647,12 @@ _cygtls::call_signal_handler ()
ucontext_t *thiscontext = NULL, context_copy;
- /* Only make a context for SA_SIGINFO handlers */
- if (this_sa_flags & SA_SIGINFO)
+ /* Only make a context for SA_SIGINFO handlers, only if a handler
+ exists. If handler is NULL, drop SA_SIGINFO flag to avoid
+ accidental context access later in the function. */
+ if (!thisfunc)
+ this_sa_flags &= ~SA_SIGINFO;
+ else if (this_sa_flags & SA_SIGINFO)
{
context.uc_link = 0;
context.uc_flags = 0;
@@ -1710,6 +1714,11 @@ _cygtls::call_signal_handler ()
sig = 0; /* Flag that we can accept another signal */
unlock (); /* unlock signal stack */
+ /* Handler may be NUll in sigwaitinfo/signalfd scenario. Avoid
+ crashing by calling a NULL function. */
+ if (!thisfunc)
+ goto skip_calling_handler;
+
/* Alternate signal stack requested for this signal and alternate signal
stack set up for this thread? */
if (this_sa_flags & SA_ONSTACK
@@ -1817,6 +1826,8 @@ _cygtls::call_signal_handler ()
signal handler. */
thisfunc (thissig, &thissi, thiscontext);
+skip_calling_handler:
+
incyg = true;
set_signal_mask (_my_tls.sigmask, (this_sa_flags & SA_SIGINFO)
diff --git a/winsup/cygwin/release/3.1.0 b/winsup/cygwin/release/3.1.0
index ccb63c3..c9cb7c0 100644
--- a/winsup/cygwin/release/3.1.0
+++ b/winsup/cygwin/release/3.1.0
@@ -71,3 +71,6 @@ Bug Fixes
- 64 bit only: Avoid collisions between memory maps created with shmat
and Windows datastructures during fork.
Addresses: https://cygwin.com/ml/cygwin/2019-08/msg00107.html
+
+- Avoid a SEGV after using signalfd.
+ Addresses: https://cygwin.com/ml/cygwin/2019-08/msg00148.html
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2019-08-13 10:21 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-13 10:21 [newlib-cygwin] Cygwin: fix potential SEGV in sigwaitinfo/signalfd scenario Corinna Vinschen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).