1 /* Stack overflow handling.
3 Copyright (C) 2002, 2004, 2006, 2008 Free Software Foundation, Inc.
5 This program is free software: you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 3 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>. */
18 /* Written by Paul Eggert. */
22 A program that uses alloca, dynamic arrays, or large local
23 variables may extend the stack by more than a page at a time. If
24 so, when the stack overflows the operating system may not detect
25 the overflow until the program uses the array, and this module may
26 incorrectly report a program error instead of a stack overflow.
28 To avoid this problem, allocate only small objects on the stack; a
29 program should be OK if it limits single allocations to a page or
30 less. Allocate larger arrays in static storage, or on the heap
31 (e.g., with malloc). Yes, this is a pain, but we don't know of any
32 better solution that is portable.
34 No attempt has been made to deal with multithreaded applications. */
40 # define __attribute__(x)
45 #define _(msgid) gettext (msgid)
49 # define ENOTSUP EINVAL
53 #if ! HAVE_STACK_T && ! defined stack_t
54 typedef struct sigaltstack stack_t;
57 # define SIGSTKSZ 16384
63 /* Posix 2001 declares ucontext_t in <ucontext.h>, Posix 200x in
66 # include <ucontext.h>
71 # define STDERR_FILENO 2
81 #if defined SA_ONSTACK && defined SA_SIGINFO
82 # define SIGACTION_WORKS 1
84 # define SIGACTION_WORKS 0
87 extern char *program_name;
89 /* The user-specified action to take when a SEGV-related program error
90 or stack overflow occurs. */
91 static void (* volatile segv_action) (int);
93 /* Translated messages for program errors and stack overflow. Do not
94 translate them in the signal handler, since gettext is not
96 static char const * volatile program_error_message;
97 static char const * volatile stack_overflow_message;
99 /* Output an error message, then exit with status EXIT_FAILURE if it
100 appears to have been a stack overflow, or with a core dump
101 otherwise. This function is async-signal-safe. */
103 static void die (int) __attribute__ ((noreturn));
109 message = signo ? program_error_message : stack_overflow_message;
110 write (STDERR_FILENO, program_name, strlen (program_name));
111 write (STDERR_FILENO, ": ", 2);
112 write (STDERR_FILENO, message, strlen (message));
113 write (STDERR_FILENO, "\n", 1);
115 _exit (exit_failure);
120 #if (HAVE_SIGALTSTACK && HAVE_DECL_SIGALTSTACK \
121 && HAVE_STACK_OVERFLOW_HANDLING) || HAVE_LIBSIGSEGV
123 /* Storage for the alternate signal stack. */
126 char buffer[SIGSTKSZ];
128 /* These other members are for proper alignment. There's no
129 standard way to guarantee stack alignment, but this seems enough
134 } alternate_signal_stack;
137 null_action (int signo __attribute__ ((unused)))
141 #endif /* SIGALTSTACK || LIBSIGSEGV */
143 /* Only use libsigsegv if we need it; platforms like Solaris can
144 detect stack overflow without the overhead of an external
146 #if HAVE_LIBSIGSEGV && ! HAVE_XSI_STACK_OVERFLOW_HEURISTIC
148 /* Nonzero if general segv handler could not be installed. */
149 static volatile int segv_handler_missing;
151 /* Handle a segmentation violation and exit if it cannot be stack
152 overflow. This function is async-signal-safe. */
154 static int segv_handler (void *address __attribute__ ((unused)),
160 sprintf (buf, "segv_handler serious=%d\n", serious);
161 write (STDERR_FILENO, buf, strlen (buf));
165 /* If this fault is not serious, return 0 to let the stack overflow
166 handler take a shot at it. */
172 /* Handle a segmentation violation that is likely to be a stack
173 overflow and exit. This function is async-signal-safe. */
175 static void overflow_handler (int, stackoverflow_context_t)
176 __attribute__ ((noreturn));
178 overflow_handler (int emergency,
179 stackoverflow_context_t context __attribute__ ((unused)))
184 sprintf (buf, "overflow_handler emergency=%d segv_handler_missing=%d\n",
185 emergency, segv_handler_missing);
186 write (STDERR_FILENO, buf, strlen (buf));
190 die ((!emergency || segv_handler_missing) ? 0 : SIGSEGV);
194 c_stack_action (void (*action) (int))
196 segv_action = action ? action : null_action;
197 program_error_message = _("program error");
198 stack_overflow_message = _("stack overflow");
200 /* Always install the overflow handler. */
201 if (stackoverflow_install_handler (overflow_handler,
202 alternate_signal_stack.buffer,
203 sizeof alternate_signal_stack.buffer))
208 /* Try installing a general handler; if it fails, then treat all
209 segv as stack overflow. */
210 segv_handler_missing = sigsegv_install_handler (segv_handler);
214 #elif HAVE_SIGALTSTACK && HAVE_DECL_SIGALTSTACK && HAVE_STACK_OVERFLOW_HANDLING
216 /* Direction of the C runtime stack. This function is
217 async-signal-safe. */
220 # define find_stack_direction(ptr) STACK_DIRECTION
223 find_stack_direction (char const *addr)
226 return ! addr ? find_stack_direction (&dummy) : addr < &dummy ? 1 : -1;
232 /* Handle a segmentation violation and exit. This function is
233 async-signal-safe. */
235 static void segv_handler (int, siginfo_t *, void *) __attribute__((noreturn));
237 segv_handler (int signo, siginfo_t *info,
238 void *context __attribute__ ((unused)))
240 /* Clear SIGNO if it seems to have been a stack overflow. */
241 if (0 < info->si_code)
243 # if ! HAVE_XSI_STACK_OVERFLOW_HEURISTIC
244 /* We can't easily determine whether it is a stack overflow; so
245 assume that the rest of our program is perfect (!) and that
246 this segmentation violation is a stack overflow.
248 Note that although both Linux and Solaris provide
249 sigaltstack, SA_ONSTACK, and SA_SIGINFO, currently only
250 Solaris satisfies the XSI heueristic. This is because
251 Solaris populates uc_stack with the details of the
252 interrupted stack, while Linux populates it with the details
253 of the current stack. */
256 /* If the faulting address is within the stack, or within one
257 page of the stack end, assume that it is a stack
259 ucontext_t const *user_context = context;
260 char const *stack_base = user_context->uc_stack.ss_sp;
261 size_t stack_size = user_context->uc_stack.ss_size;
262 char const *faulting_address = info->si_addr;
263 size_t s = faulting_address - stack_base;
264 size_t page_size = sysconf (_SC_PAGESIZE);
265 if (find_stack_direction (NULL) < 0)
267 if (s < stack_size + page_size)
274 "segv_handler fault=%p base=%p size=%lx page=%lx signo=%d\n",
275 faulting_address, stack_base, (unsigned long) stack_size,
276 (unsigned long) page_size, signo);
277 write (STDERR_FILENO, buf, strlen (buf));
288 c_stack_action (void (*action) (int))
292 struct sigaction act;
294 st.ss_sp = alternate_signal_stack.buffer;
295 st.ss_size = sizeof alternate_signal_stack.buffer;
296 r = sigaltstack (&st, NULL);
300 segv_action = action ? action : null_action;
301 program_error_message = _("program error");
302 stack_overflow_message = _("stack overflow");
304 sigemptyset (&act.sa_mask);
307 /* POSIX 1003.1-2001 says SA_RESETHAND implies SA_NODEFER, but
308 this is not true on Solaris 8 at least. It doesn't hurt to use
309 SA_NODEFER here, so leave it in. */
310 act.sa_flags = SA_NODEFER | SA_ONSTACK | SA_RESETHAND | SA_SIGINFO;
311 act.sa_sigaction = segv_handler;
313 act.sa_flags = SA_NODEFER | SA_RESETHAND;
314 act.sa_handler = die;
317 return sigaction (SIGSEGV, &act, NULL);
320 #else /* ! ((HAVE_SIGALTSTACK && HAVE_DECL_SIGALTSTACK
321 && HAVE_STACK_OVERFLOW_HANDLING) || HAVE_LIBSIGSEGV) */
324 c_stack_action (void (*action) (int) __attribute__ ((unused)))