summaryrefslogtreecommitdiff
path: root/lib/c-stack.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/c-stack.c')
-rw-r--r--lib/c-stack.c330
1 files changed, 330 insertions, 0 deletions
diff --git a/lib/c-stack.c b/lib/c-stack.c
new file mode 100644
index 0000000..03db242
--- /dev/null
+++ b/lib/c-stack.c
@@ -0,0 +1,330 @@
+/* Stack overflow handling.
+
+ Copyright (C) 2002, 2004, 2006, 2008-2013 Free Software Foundation, Inc.
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+
+/* Written by Paul Eggert. */
+
+/* NOTES:
+
+ A program that uses alloca, dynamic arrays, or large local
+ variables may extend the stack by more than a page at a time. If
+ so, when the stack overflows the operating system may not detect
+ the overflow until the program uses the array, and this module may
+ incorrectly report a program error instead of a stack overflow.
+
+ To avoid this problem, allocate only small objects on the stack; a
+ program should be OK if it limits single allocations to a page or
+ less. Allocate larger arrays in static storage, or on the heap
+ (e.g., with malloc). Yes, this is a pain, but we don't know of any
+ better solution that is portable.
+
+ No attempt has been made to deal with multithreaded applications. */
+
+#include <config.h>
+
+#ifndef __attribute__
+# if __GNUC__ < 3
+# define __attribute__(x)
+# endif
+#endif
+
+#include "gettext.h"
+#define _(msgid) gettext (msgid)
+
+#include <errno.h>
+
+#include <signal.h>
+#if ! HAVE_STACK_T && ! defined stack_t
+typedef struct sigaltstack stack_t;
+#endif
+#ifndef SIGSTKSZ
+# define SIGSTKSZ 16384
+#elif HAVE_LIBSIGSEGV && SIGSTKSZ < 16384
+/* libsigsegv 2.6 through 2.8 have a bug where some architectures use
+ more than the Linux default of an 8k alternate stack when deciding
+ if a fault was caused by stack overflow. */
+# undef SIGSTKSZ
+# define SIGSTKSZ 16384
+#endif
+
+#include <stdlib.h>
+#include <string.h>
+
+/* Posix 2001 declares ucontext_t in <ucontext.h>, Posix 200x in
+ <signal.h>. */
+#if HAVE_UCONTEXT_H
+# include <ucontext.h>
+#endif
+
+#include <unistd.h>
+
+#if HAVE_LIBSIGSEGV
+# include <sigsegv.h>
+#endif
+
+#include "c-stack.h"
+#include "exitfail.h"
+#include "ignore-value.h"
+
+#if defined SA_ONSTACK && defined SA_SIGINFO
+# define SIGINFO_WORKS 1
+#else
+# define SIGINFO_WORKS 0
+# ifndef SA_ONSTACK
+# define SA_ONSTACK 0
+# endif
+#endif
+
+extern char *program_name;
+
+/* The user-specified action to take when a SEGV-related program error
+ or stack overflow occurs. */
+static void (* volatile segv_action) (int);
+
+/* Translated messages for program errors and stack overflow. Do not
+ translate them in the signal handler, since gettext is not
+ async-signal-safe. */
+static char const * volatile program_error_message;
+static char const * volatile stack_overflow_message;
+
+/* Output an error message, then exit with status EXIT_FAILURE if it
+ appears to have been a stack overflow, or with a core dump
+ otherwise. This function is async-signal-safe. */
+
+static _Noreturn void
+die (int signo)
+{
+ char const *message;
+#if !SIGINFO_WORKS && !HAVE_LIBSIGSEGV
+ /* We can't easily determine whether it is a stack overflow; so
+ assume that the rest of our program is perfect (!) and that
+ this segmentation violation is a stack overflow. */
+ signo = 0;
+#endif /* !SIGINFO_WORKS && !HAVE_LIBSIGSEGV */
+ segv_action (signo);
+ message = signo ? program_error_message : stack_overflow_message;
+ ignore_value (write (STDERR_FILENO, program_name, strlen (program_name)));
+ ignore_value (write (STDERR_FILENO, ": ", 2));
+ ignore_value (write (STDERR_FILENO, message, strlen (message)));
+ ignore_value (write (STDERR_FILENO, "\n", 1));
+ if (! signo)
+ _exit (exit_failure);
+ raise (signo);
+ abort ();
+}
+
+#if (HAVE_SIGALTSTACK && HAVE_DECL_SIGALTSTACK \
+ && HAVE_STACK_OVERFLOW_HANDLING) || HAVE_LIBSIGSEGV
+
+/* Storage for the alternate signal stack. */
+static union
+{
+ char buffer[SIGSTKSZ];
+
+ /* These other members are for proper alignment. There's no
+ standard way to guarantee stack alignment, but this seems enough
+ in practice. */
+ long double ld;
+ long l;
+ void *p;
+} alternate_signal_stack;
+
+static void
+null_action (int signo __attribute__ ((unused)))
+{
+}
+
+#endif /* SIGALTSTACK || LIBSIGSEGV */
+
+/* Only use libsigsegv if we need it; platforms like Solaris can
+ detect stack overflow without the overhead of an external
+ library. */
+#if HAVE_LIBSIGSEGV && ! HAVE_XSI_STACK_OVERFLOW_HEURISTIC
+
+/* Nonzero if general segv handler could not be installed. */
+static volatile int segv_handler_missing;
+
+/* Handle a segmentation violation and exit if it cannot be stack
+ overflow. This function is async-signal-safe. */
+
+static int segv_handler (void *address __attribute__ ((unused)),
+ int serious)
+{
+# if DEBUG
+ {
+ char buf[1024];
+ sprintf (buf, "segv_handler serious=%d\n", serious);
+ write (STDERR_FILENO, buf, strlen (buf));
+ }
+# endif
+
+ /* If this fault is not serious, return 0 to let the stack overflow
+ handler take a shot at it. */
+ if (!serious)
+ return 0;
+ die (SIGSEGV);
+}
+
+/* Handle a segmentation violation that is likely to be a stack
+ overflow and exit. This function is async-signal-safe. */
+
+static _Noreturn void
+overflow_handler (int emergency,
+ stackoverflow_context_t context __attribute__ ((unused)))
+{
+# if DEBUG
+ {
+ char buf[1024];
+ sprintf (buf, "overflow_handler emergency=%d segv_handler_missing=%d\n",
+ emergency, segv_handler_missing);
+ write (STDERR_FILENO, buf, strlen (buf));
+ }
+# endif
+
+ die ((!emergency || segv_handler_missing) ? 0 : SIGSEGV);
+}
+
+int
+c_stack_action (void (*action) (int))
+{
+ segv_action = action ? action : null_action;
+ program_error_message = _("program error");
+ stack_overflow_message = _("stack overflow");
+
+ /* Always install the overflow handler. */
+ if (stackoverflow_install_handler (overflow_handler,
+ alternate_signal_stack.buffer,
+ sizeof alternate_signal_stack.buffer))
+ {
+ errno = ENOTSUP;
+ return -1;
+ }
+ /* Try installing a general handler; if it fails, then treat all
+ segv as stack overflow. */
+ segv_handler_missing = sigsegv_install_handler (segv_handler);
+ return 0;
+}
+
+#elif HAVE_SIGALTSTACK && HAVE_DECL_SIGALTSTACK && HAVE_STACK_OVERFLOW_HANDLING
+
+# if SIGINFO_WORKS
+
+/* Handle a segmentation violation and exit. This function is
+ async-signal-safe. */
+
+static _Noreturn void
+segv_handler (int signo, siginfo_t *info,
+ void *context __attribute__ ((unused)))
+{
+ /* Clear SIGNO if it seems to have been a stack overflow. */
+# if ! HAVE_XSI_STACK_OVERFLOW_HEURISTIC
+ /* We can't easily determine whether it is a stack overflow; so
+ assume that the rest of our program is perfect (!) and that
+ this segmentation violation is a stack overflow.
+
+ Note that although both Linux and Solaris provide
+ sigaltstack, SA_ONSTACK, and SA_SIGINFO, currently only
+ Solaris satisfies the XSI heuristic. This is because
+ Solaris populates uc_stack with the details of the
+ interrupted stack, while Linux populates it with the details
+ of the current stack. */
+ signo = 0;
+# else
+ if (0 < info->si_code)
+ {
+ /* If the faulting address is within the stack, or within one
+ page of the stack, assume that it is a stack overflow. */
+ ucontext_t const *user_context = context;
+ char const *stack_base = user_context->uc_stack.ss_sp;
+ size_t stack_size = user_context->uc_stack.ss_size;
+ char const *faulting_address = info->si_addr;
+ size_t page_size = sysconf (_SC_PAGESIZE);
+ size_t s = faulting_address - stack_base + page_size;
+ if (s < stack_size + 2 * page_size)
+ signo = 0;
+
+# if DEBUG
+ {
+ char buf[1024];
+ sprintf (buf,
+ "segv_handler fault=%p base=%p size=%lx page=%lx signo=%d\n",
+ faulting_address, stack_base, (unsigned long) stack_size,
+ (unsigned long) page_size, signo);
+ write (STDERR_FILENO, buf, strlen (buf));
+ }
+# endif
+ }
+# endif
+
+ die (signo);
+}
+# endif
+
+int
+c_stack_action (void (*action) (int))
+{
+ int r;
+ stack_t st;
+ struct sigaction act;
+ st.ss_flags = 0;
+# if SIGALTSTACK_SS_REVERSED
+ /* Irix mistakenly treats ss_sp as the upper bound, rather than
+ lower bound, of the alternate stack. */
+ st.ss_sp = alternate_signal_stack.buffer + SIGSTKSZ - sizeof (void *);
+ st.ss_size = sizeof alternate_signal_stack.buffer - sizeof (void *);
+# else
+ st.ss_sp = alternate_signal_stack.buffer;
+ st.ss_size = sizeof alternate_signal_stack.buffer;
+# endif
+ r = sigaltstack (&st, NULL);
+ if (r != 0)
+ return r;
+
+ segv_action = action ? action : null_action;
+ program_error_message = _("program error");
+ stack_overflow_message = _("stack overflow");
+
+ sigemptyset (&act.sa_mask);
+
+# if SIGINFO_WORKS
+ /* POSIX 1003.1-2001 says SA_RESETHAND implies SA_NODEFER, but
+ this is not true on Solaris 8 at least. It doesn't hurt to use
+ SA_NODEFER here, so leave it in. */
+ act.sa_flags = SA_NODEFER | SA_ONSTACK | SA_RESETHAND | SA_SIGINFO;
+ act.sa_sigaction = segv_handler;
+# else
+ act.sa_flags = SA_NODEFER | SA_ONSTACK | SA_RESETHAND;
+ act.sa_handler = die;
+# endif
+
+# if FAULT_YIELDS_SIGBUS
+ if (sigaction (SIGBUS, &act, NULL) < 0)
+ return -1;
+# endif
+ return sigaction (SIGSEGV, &act, NULL);
+}
+
+#else /* ! ((HAVE_SIGALTSTACK && HAVE_DECL_SIGALTSTACK
+ && HAVE_STACK_OVERFLOW_HANDLING) || HAVE_LIBSIGSEGV) */
+
+int
+c_stack_action (void (*action) (int) __attribute__ ((unused)))
+{
+ errno = ENOTSUP;
+ return -1;
+}
+
+#endif
View Lorry Controller Status