diff options
| author | Corinna Vinschen <corinna@vinschen.de> | 2019-08-12 22:40:50 +0200 |
|---|---|---|
| committer | Corinna Vinschen <corinna@vinschen.de> | 2019-08-13 12:21:05 +0200 |
| commit | 92115a83a4579635e253be2887d3706d28b477fd (patch) | |
| tree | 663ac487407077895541e99e2caca01a23f2ea09 | |
| parent | 8ef2461000797cf01d88eff11189b388709c0ac8 (diff) | |
| download | cygnal-92115a83a4579635e253be2887d3706d28b477fd.tar.gz cygnal-92115a83a4579635e253be2887d3706d28b477fd.tar.bz2 cygnal-92115a83a4579635e253be2887d3706d28b477fd.zip | |
Cygwin: fix potential SEGV in sigwaitinfo/signalfd scenario
On sigwaitinfo or reading from a signalfd, signal processing sets up
signal handling via sigdelayed even if the handler address is NULL.
This doesn't have any impact on sigwaitinfo scenarios (or at least, I
wasn't able to come up with a reproducer) but it breaks signalfd
scenarios, where eventually a call to call_signal_handler from
sigdelayed will try to call the NULL function.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
| -rw-r--r-- | winsup/cygwin/exceptions.cc | 17 | ||||
| -rw-r--r-- | winsup/cygwin/release/3.1.0 | 3 |
2 files changed, 17 insertions, 3 deletions
diff --git a/winsup/cygwin/exceptions.cc b/winsup/cygwin/exceptions.cc index 1765f43b5..9bdf9f054 100644 --- a/winsup/cygwin/exceptions.cc +++ b/winsup/cygwin/exceptions.cc @@ -1628,7 +1628,7 @@ _cygtls::call_signal_handler () if (retaddr () == (__tlsstack_t) sigdelayed) pop (); - debug_only_printf ("dealing with signal %d", sig); + debug_only_printf ("dealing with signal %d, handler %p", sig, func); this_sa_flags = sa_flags; sigset_t this_oldmask = set_process_mask_delta (); @@ -1647,8 +1647,12 @@ _cygtls::call_signal_handler () ucontext_t *thiscontext = NULL, context_copy; - /* Only make a context for SA_SIGINFO handlers */ - if (this_sa_flags & SA_SIGINFO) + /* Only make a context for SA_SIGINFO handlers, only if a handler + exists. If handler is NULL, drop SA_SIGINFO flag to avoid + accidental context access later in the function. */ + if (!thisfunc) + this_sa_flags &= ~SA_SIGINFO; + else if (this_sa_flags & SA_SIGINFO) { context.uc_link = 0; context.uc_flags = 0; @@ -1710,6 +1714,11 @@ _cygtls::call_signal_handler () sig = 0; /* Flag that we can accept another signal */ unlock (); /* unlock signal stack */ + /* Handler may be NUll in sigwaitinfo/signalfd scenario. Avoid + crashing by calling a NULL function. */ + if (!thisfunc) + goto skip_calling_handler; + /* Alternate signal stack requested for this signal and alternate signal stack set up for this thread? */ if (this_sa_flags & SA_ONSTACK @@ -1817,6 +1826,8 @@ _cygtls::call_signal_handler () signal handler. */ thisfunc (thissig, &thissi, thiscontext); +skip_calling_handler: + incyg = true; set_signal_mask (_my_tls.sigmask, (this_sa_flags & SA_SIGINFO) diff --git a/winsup/cygwin/release/3.1.0 b/winsup/cygwin/release/3.1.0 index ccb63c317..c9cb7c011 100644 --- a/winsup/cygwin/release/3.1.0 +++ b/winsup/cygwin/release/3.1.0 @@ -71,3 +71,6 @@ Bug Fixes - 64 bit only: Avoid collisions between memory maps created with shmat and Windows datastructures during fork. Addresses: https://cygwin.com/ml/cygwin/2019-08/msg00107.html + +- Avoid a SEGV after using signalfd. + Addresses: https://cygwin.com/ml/cygwin/2019-08/msg00148.html |