diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/c-stack.c | 429 | ||||
-rw-r--r-- | lib/c-stack.h | 19 |
2 files changed, 448 insertions, 0 deletions
diff --git a/lib/c-stack.c b/lib/c-stack.c new file mode 100644 index 000000000..6e724b74c --- /dev/null +++ b/lib/c-stack.c @@ -0,0 +1,429 @@ +/* Stack overflow handling. + + Copyright (C) 2002 Free Software Foundation, Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software Foundation, + Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ + +/* Written by Paul Eggert. */ + +/* NOTES: + + A program that uses alloca, dynamic arrays, or large local + variables may extend the stack by more than a page at a time. If + so, when the stack overflows the operating system may not detect + the overflow until the program uses the array, and this module may + incorrectly report a program error instead of a stack overflow. + + To avoid this problem, allocate only small objects on the stack; a + program should be OK if it limits single allocations to a page or + less. Allocate larger arrays in static storage, or on the heap + (e.g., with malloc). Yes, this is a pain, but we don't know of any + better solution that is portable. + + No attempt has been made to deal with multithreaded applications. + + If ! HAVE_XSI_STACK_OVERFLOW_HEURISTIC, the current implementation + assumes that, if the RLIMIT_STACK limit changes during execution, + then c_stack_action is invoked immediately afterwards. */ + +#if HAVE_CONFIG_H +# include <config.h> +#endif + +#ifndef __attribute__ +# if __GNUC__ < 3 || __STRICT_ANSI__ +# define __attribute__(x) +# endif +#endif + +#include "gettext.h" +#define _(msgid) gettext (msgid) + +#include <errno.h> +#ifndef ENOTSUP +# define ENOTSUP EINVAL +#endif +#ifndef EOVERFLOW +# define EOVERFLOW EINVAL +#endif + +#include <signal.h> +#if ! HAVE_STACK_T && ! defined stack_t +typedef struct sigaltstack stack_t; +#endif + +#include <stdlib.h> +#include <string.h> + +#if HAVE_SYS_RESOURCE_H +# include <sys/resource.h> +#endif + +#if HAVE_UCONTEXT_H +# include <ucontext.h> +#endif + +#if HAVE_UNISTD_H +# include <unistd.h> +#endif +#ifndef STDERR_FILENO +# define STDERR_FILENO 2 +#endif + +#if DEBUG +# include <stdio.h> +#endif + +#include "c-stack.h" +#include "exitfail.h" + +extern char *program_name; + +/* The user-specified action to take when a SEGV-related program error + or stack overflow occurs. */ +static void (* volatile segv_action) (int); + +/* Translated messages for program errors and stack overflow. Do not + translate them in the signal handler, since gettext is not + async-signal-safe. */ +static char const * volatile program_error_message; +static char const * volatile stack_overflow_message; + +/* Output an error message, then exit with status EXIT_FAILURE if it + appears to have been a stack overflow, or with a core dump + otherwise. This function is async-signal-safe. */ + +static void die (int) __attribute__ ((noreturn)); +static void +die (int signo) +{ + char const *message = + signo ? program_error_message : stack_overflow_message; + segv_action (signo); + write (STDERR_FILENO, program_name, strlen (program_name)); + write (STDERR_FILENO, ": ", 2); + write (STDERR_FILENO, message, strlen (message)); + write (STDERR_FILENO, "\n", 1); + if (! signo) + _exit (exit_failure); + kill (getpid (), signo); + abort (); +} + +#if HAVE_SIGALTSTACK && HAVE_DECL_SIGALTSTACK + +/* Direction of the C runtime stack. This function is + async-signal-safe. */ + +# if STACK_DIRECTION +# define find_stack_direction(ptr) STACK_DIRECTION +# else +static int +find_stack_direction (char const *addr) +{ + char dummy; + return ! addr ? find_stack_direction (&dummy) : addr < &dummy ? 1 : -1; +} +# endif + +# if HAVE_XSI_STACK_OVERFLOW_HEURISTIC +# define get_stack_location(argv) 0 +# else + +# if defined RLIMIT_STACK && defined _SC_PAGESIZE + +/* Return the minimum machine address deducible from ARGV. This + includes the addresses of all the strings that ARGV points at, as + well as the address of ARGV itself. */ + +static char const * +min_address_from_argv (char * const *argv) +{ + char const *min = (char const *) argv; + char const *p; + while ((p = *argv++)) + if (p < min) + min = p; + return min; +} + +/* Return the maximum machine address deducible from ARGV. */ + +static char const * +max_address_from_argv (char * const *argv) +{ + char const *max = *argv; + char const *max1; + char const *p; + while ((p = *argv++)) + if (max < p) + max = p; + max1 = (char const *) (argv + 1); + return max && max1 < max ? max + strlen (max) + 1 : max1; +} +# endif + +/* The base and size of the stack, determined at startup. */ +static char const * volatile stack_base; +static size_t volatile stack_size; + +/* Store the base and size of the stack into the static variables + STACK_BASE and STACK_SIZE. The base is the numerically lowest + address in the stack. Return -1 (setting errno) if this cannot be + done. */ + +static int +get_stack_location (char * const *argv) +{ +# if ! (defined RLIMIT_STACK && defined _SC_PAGESIZE) + + errno = ENOTSUP; + return -1; + +# else + + struct rlimit rlimit; + int r = getrlimit (RLIMIT_STACK, &rlimit); + if (r == 0) + { + char const *base; + size_t size = rlimit.rlim_cur; + extern char **environ; + size_t page_size = sysconf (_SC_PAGESIZE); + int stack_direction = find_stack_direction (0); + +# if HAVE_GETCONTEXT && HAVE_DECL_GETCONTEXT + ucontext_t context; + if (getcontext (&context) == 0) + { + base = context.uc_stack.ss_sp; + if (stack_direction < 0) + base -= size - context.uc_stack.ss_size; + } + else +# endif + { + if (stack_direction < 0) + { + char const *a = max_address_from_argv (argv); + char const *b = max_address_from_argv (environ); + base = (a < b ? b : a) - size; + base += - (size_t) base % page_size; + } + else + { + char const *a = min_address_from_argv (argv); + char const *b = min_address_from_argv (environ); + base = a < b ? a : b; + base -= (size_t) base % page_size; + } + } + + if (size != rlimit.rlim_cur + || rlimit.rlim_cur < 0 + || base + size < base +# ifdef RLIM_SAVED_CUR + || rlimit.rlim_cur == RLIM_SAVED_CUR +# endif +# ifdef RLIM_SAVED_MAX + || rlimit.rlim_cur == RLIM_SAVED_MAX +# endif +# ifdef RLIM_INFINITY + || rlimit.rlim_cur == RLIM_INFINITY +# endif + ) + { + errno = EOVERFLOW; + return -1; + } + + stack_base = base; + stack_size = size; + +# if DEBUG + fprintf (stderr, "get_stack_location base=%p size=%lx\n", + base, (unsigned long) size); +# endif + } + + return r; + +# endif +} +# endif + +/* Storage for the alternate signal stack. */ +static union +{ + char buffer[SIGSTKSZ]; + + /* These other members are for proper alignment. There's no + standard way to guarantee stack alignment, but this seems enough + in practice. */ + long double ld; + long l; + void *p; +} alternate_signal_stack; + +# if defined SA_ONSTACK && defined _SC_PAGESIZE + +/* Handle a segmentation violation and exit. This function is + async-signal-safe. */ + +static void segv_handler (int, siginfo_t *, void *) __attribute__((noreturn)); +static void +segv_handler (int signo, siginfo_t *info, + void *context __attribute__ ((unused))) +{ + /* Clear SIGNO if it seems to have been a stack overflow. */ + if (0 < info->si_code) + { + /* If the faulting address is within the stack, or within one + page of the stack end, assume that it is a stack + overflow. */ +# if HAVE_XSI_STACK_OVERFLOW_HEURISTIC + ucontext_t const *user_context = context; + char const *stack_base = user_context->uc_stack.ss_sp; + size_t stack_size = user_context->uc_stack.ss_size; +# endif + char const *faulting_address = info->si_addr; + size_t s = faulting_address - stack_base; + size_t page_size = sysconf (_SC_PAGESIZE); + if (find_stack_direction (0) < 0) + s += page_size; + if (s < stack_size + page_size) + signo = 0; + +# if DEBUG + { + char buf[1024]; + sprintf (buf, + "segv_handler fault=%p base=%p size=%lx page=%lx signo=%d\n", + faulting_address, stack_base, (unsigned long) stack_size, + (unsigned long) page_size, signo); + write (STDERR_FILENO, buf, strlen (buf)); + } +# endif + } + + die (signo); +} +# endif + +static void +null_action (int signo __attribute__ ((unused))) +{ +} + +/* Assuming ARGV is the argument vector of `main', set up ACTION so + that it is invoked on C stack overflow. Return -1 (setting errno) + if this cannot be done. + + When ACTION is called, it is passed an argument equal to SIGSEGV + for a segmentation violation that does not appear related to stack + overflow, and is passed zero otherwise. + + A null ACTION acts like an action that does nothing. + + ACTION must be async-signal-safe. ACTION together with its callees + must not require more than SIGSTKSZ bytes of stack space. */ + +int +c_stack_action (char * const *argv __attribute__ ((unused)), + void (*action) (int)) +{ + int r = get_stack_location (argv); + if (r != 0) + return r; + + { + stack_t st; + st.ss_flags = 0; + st.ss_sp = alternate_signal_stack.buffer; + st.ss_size = sizeof alternate_signal_stack.buffer; + r = sigaltstack (&st, 0); + if (r != 0) + return r; + } + + segv_action = action ? action : null_action; + program_error_message = _("program error"); + stack_overflow_message = _("stack overflow"); + + { +# if ! (defined SA_ONSTACK && defined _SC_PAGESIZE) + return signal (SIGSEGV, die) == SIG_ERR ? -1 : 0; +# else + struct sigaction act; + sigemptyset (&act.sa_mask); + + /* POSIX 1003.1-2001 says SA_RESETHAND implies SA_NODEFER, but + this is not true on Solaris 8 at least. It doesn't hurt to use + SA_NODEFER here, so leave it in. */ + act.sa_flags = SA_NODEFER | SA_ONSTACK | SA_RESETHAND | SA_SIGINFO; + + act.sa_sigaction = segv_handler; + + return sigaction (SIGSEGV, &act, 0); +# endif + } +} + +#else /* ! (HAVE_SIGALTSTACK && HAVE_DECL_SIGALTSTACK) */ + +int +c_stack_action (char * const *argv __attribute__ ((unused)), + void (*action) (int) __attribute__ ((unused))) +{ + errno = ENOTSUP; + return -1; +} + +#endif + + + +#if DEBUG + +int volatile exit_failure; + +static long +recurse (char *p) +{ + char array[500]; + array[0] = 1; + return *p + recurse (array); +} + +char *program_name; + +int +main (int argc __attribute__ ((unused)), char **argv) +{ + program_name = argv[0]; + fprintf (stderr, "The last line of output should be \"stack overflow\".\n"); + if (c_stack_action (argv, 0) == 0) + return recurse ("\1"); + perror ("c_stack_action"); + return 1; +} + +#endif /* DEBUG */ + +/* +Local Variables: +compile-command: "gcc -DDEBUG -DHAVE_CONFIG_H -I.. -g -O -Wall -W c-stack.c" +End: +*/ diff --git a/lib/c-stack.h b/lib/c-stack.h new file mode 100644 index 000000000..8ef4ca22c --- /dev/null +++ b/lib/c-stack.h @@ -0,0 +1,19 @@ +/* Stack overflow handling. + + Copyright (C) 2002 Free Software Foundation, Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software Foundation, + Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ + +int c_stack_action (char * const *, void (*) (int)); |