1 /* Stack overflow handling.
3 Copyright (C) 2002, 2004, 2006, 2008-2021 Free Software Foundation, Inc.
5 This program is free software: you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 3 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program. If not, see <https://www.gnu.org/licenses/>. */
18 /* Written by Paul Eggert. */
22 A program that uses alloca, dynamic arrays, or large local
23 variables may extend the stack by more than a page at a time. If
24 so, when the stack overflows the operating system may not detect
25 the overflow until the program uses the array, and this module may
26 incorrectly report a program error instead of a stack overflow.
28 To avoid this problem, allocate only small objects on the stack; a
29 program should be OK if it limits single allocations to a page or
30 less. Allocate larger arrays in static storage, or on the heap
31 (e.g., with malloc). Yes, this is a pain, but we don't know of any
32 better solution that is portable.
34 No attempt has been made to deal with multithreaded applications. */
55 #include "getprogname.h"
57 #include "ignore-value.h"
60 #define _(msgid) gettext (msgid)
62 #if HAVE_STACK_OVERFLOW_RECOVERY
64 /* Storage for the alternate signal stack.
65 64 KiB is not too large for Gnulib-using apps, and is large enough
66 for all known platforms. Smaller sizes may run into trouble.
67 For example, libsigsegv 2.6 through 2.8 have a bug where some
68 architectures use more than the Linux default of an 8 KiB alternate
69 stack when deciding if a fault was caused by stack overflow. */
70 static max_align_t alternate_signal_stack[(64 * 1024
71 + sizeof (max_align_t) - 1)
72 / sizeof (max_align_t)];
74 /* The user-specified action to take when a SEGV-related program error
75 or stack overflow occurs. */
76 static _GL_ASYNC_SAFE void (* volatile segv_action) (int);
78 /* Translated messages for program errors and stack overflow. Do not
79 translate them in the signal handler, since gettext is not
81 static char const * volatile program_error_message;
82 static char const * volatile stack_overflow_message;
84 /* Output an error message, then exit with status EXIT_FAILURE if it
85 appears to have been a stack overflow, or with a core dump
86 otherwise. This function is async-signal-safe. */
88 static char const * volatile progname;
90 static _GL_ASYNC_SAFE _Noreturn void
94 char const *message = signo ? program_error_message : stack_overflow_message;
96 /* If the message is short, write it all at once to avoid
97 interleaving with other messages. Avoid writev as it is not
98 documented to be async-signal-safe. */
99 size_t prognamelen = strlen (progname);
100 size_t messagelen = strlen (message);
101 static char const separator[] = {':', ' '};
102 char buf[sizeof alternate_signal_stack / 16 + sizeof separator];
104 if (prognamelen + messagelen < sizeof buf - sizeof separator)
106 char *p = mempcpy (buf, progname, prognamelen);
107 p = mempcpy (p, separator, sizeof separator);
108 p = mempcpy (p, message, messagelen);
114 ignore_value (write (STDERR_FILENO, progname, prognamelen));
115 ignore_value (write (STDERR_FILENO, separator, sizeof separator));
116 ignore_value (write (STDERR_FILENO, message, messagelen));
120 ignore_value (write (STDERR_FILENO, buf, buflen));
123 _exit (exit_failure);
128 static _GL_ASYNC_SAFE void
129 null_action (int signo _GL_UNUSED)
133 /* Pacify GCC 9.3.1, which otherwise would complain about segv_handler. */
134 # if 4 < __GNUC__ + (6 <= __GNUC_MINOR__)
135 # pragma GCC diagnostic ignored "-Wsuggest-attribute=pure"
138 /* Nonzero if general segv handler could not be installed. */
139 static volatile int segv_handler_missing;
141 /* Handle a segmentation violation and exit if it cannot be stack
142 overflow. This function is async-signal-safe. */
144 static _GL_ASYNC_SAFE int
145 segv_handler (void *address _GL_UNUSED, int serious)
150 int saved_errno = errno;
151 ignore_value (write (STDERR_FILENO, buf,
152 sprintf (buf, "segv_handler serious=%d\n", serious)));
157 /* If this fault is not serious, return 0 to let the stack overflow
158 handler take a shot at it. */
164 /* Handle a segmentation violation that is likely to be a stack
165 overflow and exit. This function is async-signal-safe. */
167 static _GL_ASYNC_SAFE _Noreturn void
168 overflow_handler (int emergency, stackoverflow_context_t context _GL_UNUSED)
173 ignore_value (write (STDERR_FILENO, buf,
174 sprintf (buf, ("overflow_handler emergency=%d"
175 " segv_handler_missing=%d\n"),
176 emergency, segv_handler_missing)));
180 die ((!emergency || segv_handler_missing) ? 0 : SIGSEGV);
184 c_stack_action (_GL_ASYNC_SAFE void (*action) (int))
186 segv_action = action ? action : null_action;
187 program_error_message = _("program error");
188 stack_overflow_message = _("stack overflow");
189 progname = getprogname ();
191 /* Always install the overflow handler. */
192 if (stackoverflow_install_handler (overflow_handler,
193 alternate_signal_stack,
194 sizeof alternate_signal_stack))
199 /* Try installing a general handler; if it fails, then treat all
200 segv as stack overflow. */
201 segv_handler_missing = sigsegv_install_handler (segv_handler);
205 #else /* !HAVE_STACK_OVERFLOW_RECOVERY */
208 c_stack_action (_GL_ASYNC_SAFE void (*action) (int) _GL_UNUSED)