1 /* Stack overflow handling. 2 3 Copyright (C) 2002, 2004, 2006, 2008-2011 Free Software Foundation, Inc. 4 5 This program is free software: you can redistribute it and/or modify 6 it under the terms of the GNU General Public License as published by 7 the Free Software Foundation; either version 3 of the License, or 8 (at your option) any later version. 9 10 This program is distributed in the hope that it will be useful, 11 but WITHOUT ANY WARRANTY; without even the implied warranty of 12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 GNU General Public License for more details. 14 15 You should have received a copy of the GNU General Public License 16 along with this program. If not, see <http://www.gnu.org/licenses/>. */ 17 18 /* Written by Paul Eggert. */ 19 20 /* NOTES: 21 22 A program that uses alloca, dynamic arrays, or large local 23 variables may extend the stack by more than a page at a time. If 24 so, when the stack overflows the operating system may not detect 25 the overflow until the program uses the array, and this module may 26 incorrectly report a program error instead of a stack overflow. 27 28 To avoid this problem, allocate only small objects on the stack; a 29 program should be OK if it limits single allocations to a page or 30 less. Allocate larger arrays in static storage, or on the heap 31 (e.g., with malloc). Yes, this is a pain, but we don't know of any 32 better solution that is portable. 33 34 No attempt has been made to deal with multithreaded applications. */ 35 36 #include <config.h> 37 38 #ifndef __attribute__ 39 # if __GNUC__ < 3 40 # define __attribute__(x) 41 # endif 42 #endif 43 44 #include "gettext.h" 45 #define _(msgid) gettext (msgid) 46 47 #include <errno.h> 48 49 #include <signal.h> 50 #if ! HAVE_STACK_T && ! defined stack_t 51 typedef struct sigaltstack stack_t; 52 #endif 53 #ifndef SIGSTKSZ 54 # define SIGSTKSZ 16384 55 #elif HAVE_LIBSIGSEGV && SIGSTKSZ < 16384 56 /* libsigsegv 2.6 through 2.8 have a bug where some architectures use 57 more than the Linux default of an 8k alternate stack when deciding 58 if a fault was caused by stack overflow. */ 59 # undef SIGSTKSZ 60 # define SIGSTKSZ 16384 61 #endif 62 63 #include <stdlib.h> 64 #include <string.h> 65 66 /* Posix 2001 declares ucontext_t in <ucontext.h>, Posix 200x in 67 <signal.h>. */ 68 #if HAVE_UCONTEXT_H 69 # include <ucontext.h> 70 #endif 71 72 #include <unistd.h> 73 74 #if HAVE_LIBSIGSEGV 75 # include <sigsegv.h> 76 #endif 77 78 #include "c-stack.h" 79 #include "exitfail.h" 80 #include "ignore-value.h" 81 82 #if defined SA_ONSTACK && defined SA_SIGINFO 83 # define SIGINFO_WORKS 1 84 #else 85 # define SIGINFO_WORKS 0 86 # ifndef SA_ONSTACK 87 # define SA_ONSTACK 0 88 # endif 89 #endif 90 91 extern char *program_name; 92 93 /* The user-specified action to take when a SEGV-related program error 94 or stack overflow occurs. */ 95 static void (* volatile segv_action) (int); 96 97 /* Translated messages for program errors and stack overflow. Do not 98 translate them in the signal handler, since gettext is not 99 async-signal-safe. */ 100 static char const * volatile program_error_message; 101 static char const * volatile stack_overflow_message; 102 103 /* Output an error message, then exit with status EXIT_FAILURE if it 104 appears to have been a stack overflow, or with a core dump 105 otherwise. This function is async-signal-safe. */ 106 107 static _Noreturn void 108 die (int signo) 109 { 110 char const *message; 111 #if !SIGINFO_WORKS && !HAVE_LIBSIGSEGV 112 /* We can't easily determine whether it is a stack overflow; so 113 assume that the rest of our program is perfect (!) and that 114 this segmentation violation is a stack overflow. */ 115 signo = 0; 116 #endif /* !SIGINFO_WORKS && !HAVE_LIBSIGSEGV */ 117 segv_action (signo); 118 message = signo ? program_error_message : stack_overflow_message; 119 ignore_value (write (STDERR_FILENO, program_name, strlen (program_name))); 120 ignore_value (write (STDERR_FILENO, ": ", 2)); 121 ignore_value (write (STDERR_FILENO, message, strlen (message))); 122 ignore_value (write (STDERR_FILENO, "\n", 1)); 123 if (! signo) 124 _exit (exit_failure); 125 raise (signo); 126 abort (); 127 } 128 129 #if (HAVE_SIGALTSTACK && HAVE_DECL_SIGALTSTACK \ 130 && HAVE_STACK_OVERFLOW_HANDLING) || HAVE_LIBSIGSEGV 131 132 /* Storage for the alternate signal stack. */ 133 static union 134 { 135 char buffer[SIGSTKSZ]; 136 137 /* These other members are for proper alignment. There's no 138 standard way to guarantee stack alignment, but this seems enough 139 in practice. */ 140 long double ld; 141 long l; 142 void *p; 143 } alternate_signal_stack; 144 145 static void 146 null_action (int signo __attribute__ ((unused))) 147 { 148 } 149 150 #endif /* SIGALTSTACK || LIBSIGSEGV */ 151 152 /* Only use libsigsegv if we need it; platforms like Solaris can 153 detect stack overflow without the overhead of an external 154 library. */ 155 #if HAVE_LIBSIGSEGV && ! HAVE_XSI_STACK_OVERFLOW_HEURISTIC 156 157 /* Nonzero if general segv handler could not be installed. */ 158 static volatile int segv_handler_missing; 159 160 /* Handle a segmentation violation and exit if it cannot be stack 161 overflow. This function is async-signal-safe. */ 162 163 static int segv_handler (void *address __attribute__ ((unused)), 164 int serious) 165 { 166 # if DEBUG 167 { 168 char buf[1024]; 169 sprintf (buf, "segv_handler serious=%d\n", serious); 170 write (STDERR_FILENO, buf, strlen (buf)); 171 } 172 # endif 173 174 /* If this fault is not serious, return 0 to let the stack overflow 175 handler take a shot at it. */ 176 if (!serious) 177 return 0; 178 die (SIGSEGV); 179 } 180 181 /* Handle a segmentation violation that is likely to be a stack 182 overflow and exit. This function is async-signal-safe. */ 183 184 static _Noreturn void 185 overflow_handler (int emergency, 186 stackoverflow_context_t context __attribute__ ((unused))) 187 { 188 # if DEBUG 189 { 190 char buf[1024]; 191 sprintf (buf, "overflow_handler emergency=%d segv_handler_missing=%d\n", 192 emergency, segv_handler_missing); 193 write (STDERR_FILENO, buf, strlen (buf)); 194 } 195 # endif 196 197 die ((!emergency || segv_handler_missing) ? 0 : SIGSEGV); 198 } 199 200 int 201 c_stack_action (void (*action) (int)) 202 { 203 segv_action = action ? action : null_action; 204 program_error_message = _("program error"); 205 stack_overflow_message = _("stack overflow"); 206 207 /* Always install the overflow handler. */ 208 if (stackoverflow_install_handler (overflow_handler, 209 alternate_signal_stack.buffer, 210 sizeof alternate_signal_stack.buffer)) 211 { 212 errno = ENOTSUP; 213 return -1; 214 } 215 /* Try installing a general handler; if it fails, then treat all 216 segv as stack overflow. */ 217 segv_handler_missing = sigsegv_install_handler (segv_handler); 218 return 0; 219 } 220 221 #elif HAVE_SIGALTSTACK && HAVE_DECL_SIGALTSTACK && HAVE_STACK_OVERFLOW_HANDLING 222 223 # if SIGINFO_WORKS 224 225 /* Handle a segmentation violation and exit. This function is 226 async-signal-safe. */ 227 228 static _Noreturn void 229 segv_handler (int signo, siginfo_t *info, 230 void *context __attribute__ ((unused))) 231 { 232 /* Clear SIGNO if it seems to have been a stack overflow. */ 233 # if ! HAVE_XSI_STACK_OVERFLOW_HEURISTIC 234 /* We can't easily determine whether it is a stack overflow; so 235 assume that the rest of our program is perfect (!) and that 236 this segmentation violation is a stack overflow. 237 238 Note that although both Linux and Solaris provide 239 sigaltstack, SA_ONSTACK, and SA_SIGINFO, currently only 240 Solaris satisfies the XSI heueristic. This is because 241 Solaris populates uc_stack with the details of the 242 interrupted stack, while Linux populates it with the details 243 of the current stack. */ 244 signo = 0; 245 # else 246 if (0 < info->si_code) 247 { 248 /* If the faulting address is within the stack, or within one 249 page of the stack, assume that it is a stack overflow. */ 250 ucontext_t const *user_context = context; 251 char const *stack_base = user_context->uc_stack.ss_sp; 252 size_t stack_size = user_context->uc_stack.ss_size; 253 char const *faulting_address = info->si_addr; 254 size_t page_size = sysconf (_SC_PAGESIZE); 255 size_t s = faulting_address - stack_base + page_size; 256 if (s < stack_size + 2 * page_size) 257 signo = 0; 258 259 # if DEBUG 260 { 261 char buf[1024]; 262 sprintf (buf, 263 "segv_handler fault=%p base=%p size=%lx page=%lx signo=%d\n", 264 faulting_address, stack_base, (unsigned long) stack_size, 265 (unsigned long) page_size, signo); 266 write (STDERR_FILENO, buf, strlen (buf)); 267 } 268 # endif 269 } 270 # endif 271 272 die (signo); 273 } 274 # endif 275 276 int 277 c_stack_action (void (*action) (int)) 278 { 279 int r; 280 stack_t st; 281 struct sigaction act; 282 st.ss_flags = 0; 283 # if SIGALTSTACK_SS_REVERSED 284 /* Irix mistakenly treats ss_sp as the upper bound, rather than 285 lower bound, of the alternate stack. */ 286 st.ss_sp = alternate_signal_stack.buffer + SIGSTKSZ - sizeof (void *); 287 st.ss_size = sizeof alternate_signal_stack.buffer - sizeof (void *); 288 # else 289 st.ss_sp = alternate_signal_stack.buffer; 290 st.ss_size = sizeof alternate_signal_stack.buffer; 291 # endif 292 r = sigaltstack (&st, NULL); 293 if (r != 0) 294 return r; 295 296 segv_action = action ? action : null_action; 297 program_error_message = _("program error"); 298 stack_overflow_message = _("stack overflow"); 299 300 sigemptyset (&act.sa_mask); 301 302 # if SIGINFO_WORKS 303 /* POSIX 1003.1-2001 says SA_RESETHAND implies SA_NODEFER, but 304 this is not true on Solaris 8 at least. It doesn't hurt to use 305 SA_NODEFER here, so leave it in. */ 306 act.sa_flags = SA_NODEFER | SA_ONSTACK | SA_RESETHAND | SA_SIGINFO; 307 act.sa_sigaction = segv_handler; 308 # else 309 act.sa_flags = SA_NODEFER | SA_ONSTACK | SA_RESETHAND; 310 act.sa_handler = die; 311 # endif 312 313 # if FAULT_YIELDS_SIGBUS 314 if (sigaction (SIGBUS, &act, NULL) < 0) 315 return -1; 316 # endif 317 return sigaction (SIGSEGV, &act, NULL); 318 } 319 320 #else /* ! ((HAVE_SIGALTSTACK && HAVE_DECL_SIGALTSTACK 321 && HAVE_STACK_OVERFLOW_HANDLING) || HAVE_LIBSIGSEGV) */ 322 323 int 324 c_stack_action (void (*action) (int) __attribute__ ((unused))) 325 { 326 errno = ENOTSUP; 327 return -1; 328 } 329 330 #endif 331