xref: /freebsd/contrib/diff/lib/c-stack.c (revision 57431792c8c059292f0cd03d0478dd33a2df0cc1) 
1  /* Stack overflow handling.
2  
3     Copyright (C) 2002, 2004 Free Software Foundation, Inc.
4  
5     This program is free software; you can redistribute it and/or modify
6     it under the terms of the GNU General Public License as published by
7     the Free Software Foundation; either version 2, or (at your option)
8     any later version.
9  
10     This program is distributed in the hope that it will be useful,
11     but WITHOUT ANY WARRANTY; without even the implied warranty of
12     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13     GNU General Public License for more details.
14  
15     You should have received a copy of the GNU General Public License
16     along with this program; if not, write to the Free Software Foundation,
17     Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.  */
18  
19  /* Written by Paul Eggert.  */
20  
21  /* NOTES:
22  
23     A program that uses alloca, dynamic arrays, or large local
24     variables may extend the stack by more than a page at a time.  If
25     so, when the stack overflows the operating system may not detect
26     the overflow until the program uses the array, and this module may
27     incorrectly report a program error instead of a stack overflow.
28  
29     To avoid this problem, allocate only small objects on the stack; a
30     program should be OK if it limits single allocations to a page or
31     less.  Allocate larger arrays in static storage, or on the heap
32     (e.g., with malloc).  Yes, this is a pain, but we don't know of any
33     better solution that is portable.
34  
35     No attempt has been made to deal with multithreaded applications.  */
36  
37  #if HAVE_CONFIG_H
38  # include <config.h>
39  #endif
40  
41  #ifndef __attribute__
42  # if __GNUC__ < 3 || __STRICT_ANSI__
43  #  define __attribute__(x)
44  # endif
45  #endif
46  
47  #include "gettext.h"
48  #define _(msgid) gettext (msgid)
49  
50  #include <errno.h>
51  #ifndef ENOTSUP
52  # define ENOTSUP EINVAL
53  #endif
54  #ifndef EOVERFLOW
55  # define EOVERFLOW EINVAL
56  #endif
57  
58  #include <signal.h>
59  #if ! HAVE_STACK_T && ! defined stack_t
60  typedef struct sigaltstack stack_t;
61  #endif
62  
63  #include <stdlib.h>
64  #include <string.h>
65  
66  #if HAVE_SYS_RESOURCE_H
67  /* Include sys/time.h here, because...
68     SunOS-4.1.x <sys/resource.h> fails to include <sys/time.h>.
69     This gives "incomplete type" errors for ru_utime and tu_stime.  */
70  # if HAVE_SYS_TIME_H
71  #  include <sys/time.h>
72  # endif
73  # include <sys/resource.h>
74  #endif
75  
76  #if HAVE_UCONTEXT_H
77  # include <ucontext.h>
78  #endif
79  
80  #if HAVE_UNISTD_H
81  # include <unistd.h>
82  #endif
83  #ifndef STDERR_FILENO
84  # define STDERR_FILENO 2
85  #endif
86  
87  #if DEBUG
88  # include <stdio.h>
89  #endif
90  
91  #include "c-stack.h"
92  #include "exitfail.h"
93  
94  #if (HAVE_STRUCT_SIGACTION_SA_SIGACTION && defined SA_NODEFER \
95       && defined SA_ONSTACK && defined SA_RESETHAND && defined SA_SIGINFO)
96  # define SIGACTION_WORKS 1
97  #else
98  # define SIGACTION_WORKS 0
99  #endif
100  
101  extern char *program_name;
102  
103  /* The user-specified action to take when a SEGV-related program error
104     or stack overflow occurs.  */
105  static void (* volatile segv_action) (int);
106  
107  /* Translated messages for program errors and stack overflow.  Do not
108     translate them in the signal handler, since gettext is not
109     async-signal-safe.  */
110  static char const * volatile program_error_message;
111  static char const * volatile stack_overflow_message;
112  
113  /* Output an error message, then exit with status EXIT_FAILURE if it
114     appears to have been a stack overflow, or with a core dump
115     otherwise.  This function is async-signal-safe.  */
116  
117  static void die (int) __attribute__ ((noreturn));
118  static void
119  die (int signo)
120  {
121    char const *message;
122    segv_action (signo);
123    message = signo ? program_error_message : stack_overflow_message;
124    write (STDERR_FILENO, program_name, strlen (program_name));
125    write (STDERR_FILENO, ": ", 2);
126    write (STDERR_FILENO, message, strlen (message));
127    write (STDERR_FILENO, "\n", 1);
128    if (! signo)
129      _exit (exit_failure);
130    kill (getpid (), signo);
131    abort ();
132  }
133  
134  #if HAVE_SIGALTSTACK && HAVE_DECL_SIGALTSTACK
135  
136  /* Direction of the C runtime stack.  This function is
137     async-signal-safe.  */
138  
139  # if STACK_DIRECTION
140  #  define find_stack_direction(ptr) STACK_DIRECTION
141  # else
142  static int
143  find_stack_direction (char const *addr)
144  {
145    char dummy;
146    return ! addr ? find_stack_direction (&dummy) : addr < &dummy ? 1 : -1;
147  }
148  # endif
149  
150  /* Storage for the alternate signal stack.  */
151  static union
152  {
153    char buffer[SIGSTKSZ];
154  
155    /* These other members are for proper alignment.  There's no
156       standard way to guarantee stack alignment, but this seems enough
157       in practice.  */
158    long double ld;
159    long l;
160    void *p;
161  } alternate_signal_stack;
162  
163  # if SIGACTION_WORKS
164  
165  /* Handle a segmentation violation and exit.  This function is
166     async-signal-safe.  */
167  
168  static void segv_handler (int, siginfo_t *, void *) __attribute__((noreturn));
169  static void
170  segv_handler (int signo, siginfo_t *info,
171  	      void *context __attribute__ ((unused)))
172  {
173    /* Clear SIGNO if it seems to have been a stack overflow.  */
174    if (0 < info->si_code)
175      {
176  #  if ! HAVE_XSI_STACK_OVERFLOW_HEURISTIC
177        /* We can't easily determine whether it is a stack overflow; so
178  	 assume that the rest of our program is perfect (!) and that
179  	 this segmentation violation is a stack overflow.  */
180        signo = 0;
181  #  else
182        /* If the faulting address is within the stack, or within one
183  	 page of the stack end, assume that it is a stack
184  	 overflow.  */
185        ucontext_t const *user_context = context;
186        char const *stack_base = user_context->uc_stack.ss_sp;
187        size_t stack_size = user_context->uc_stack.ss_size;
188        char const *faulting_address = info->si_addr;
189        size_t s = faulting_address - stack_base;
190        size_t page_size = sysconf (_SC_PAGESIZE);
191        if (find_stack_direction (0) < 0)
192  	s += page_size;
193        if (s < stack_size + page_size)
194  	signo = 0;
195  
196  #   if DEBUG
197        {
198  	char buf[1024];
199  	sprintf (buf,
200  		 "segv_handler fault=%p base=%p size=%lx page=%lx signo=%d\n",
201  		 faulting_address, stack_base, (unsigned long) stack_size,
202  		 (unsigned long) page_size, signo);
203  	write (STDERR_FILENO, buf, strlen (buf));
204        }
205  #   endif
206  #  endif
207      }
208  
209    die (signo);
210  }
211  # endif
212  
213  static void
214  null_action (int signo __attribute__ ((unused)))
215  {
216  }
217  
218  /* Set up ACTION so that it is invoked on C stack overflow.  Return -1
219     (setting errno) if this cannot be done.
220  
221     When ACTION is called, it is passed an argument equal to SIGSEGV
222     for a segmentation violation that does not appear related to stack
223     overflow, and is passed zero otherwise.  On many platforms it is
224     hard to tell; when in doubt, zero is passed.
225  
226     A null ACTION acts like an action that does nothing.
227  
228     ACTION must be async-signal-safe.  ACTION together with its callees
229     must not require more than SIGSTKSZ bytes of stack space.  */
230  
231  int
232  c_stack_action (void (*action) (int))
233  {
234    int r;
235    stack_t st;
236    st.ss_flags = 0;
237    st.ss_sp = alternate_signal_stack.buffer;
238    st.ss_size = sizeof alternate_signal_stack.buffer;
239    r = sigaltstack (&st, 0);
240    if (r != 0)
241      return r;
242  
243    segv_action = action ? action : null_action;
244    program_error_message = _("program error");
245    stack_overflow_message = _("stack overflow");
246  
247    {
248  # if SIGACTION_WORKS
249      struct sigaction act;
250      sigemptyset (&act.sa_mask);
251  
252      /* POSIX 1003.1-2001 says SA_RESETHAND implies SA_NODEFER, but
253         this is not true on Solaris 8 at least.  It doesn't hurt to use
254         SA_NODEFER here, so leave it in.  */
255      act.sa_flags = SA_NODEFER | SA_ONSTACK | SA_RESETHAND | SA_SIGINFO;
256  
257      act.sa_sigaction = segv_handler;
258  
259      return sigaction (SIGSEGV, &act, 0);
260  # else
261      return signal (SIGSEGV, die) == SIG_ERR ? -1 : 0;
262  # endif
263    }
264  }
265  
266  #else /* ! (HAVE_SIGALTSTACK && HAVE_DECL_SIGALTSTACK) */
267  
268  int
269  c_stack_action (void (*action) (int)  __attribute__ ((unused)))
270  {
271    errno = ENOTSUP;
272    return -1;
273  }
274  
275  #endif
276  
277  
278  
279  #if DEBUG
280  
281  int volatile exit_failure;
282  
283  static long
284  recurse (char *p)
285  {
286    char array[500];
287    array[0] = 1;
288    return *p + recurse (array);
289  }
290  
291  char *program_name;
292  
293  int
294  main (int argc __attribute__ ((unused)), char **argv)
295  {
296    program_name = argv[0];
297    fprintf (stderr,
298  	   "The last output line should contain \"stack overflow\".\n");
299    if (c_stack_action (0) == 0)
300      return recurse ("\1");
301    perror ("c_stack_action");
302    return 1;
303  }
304  
305  #endif /* DEBUG */
306  
307  /*
308  Local Variables:
309  compile-command: "gcc -DDEBUG -DHAVE_CONFIG_H -I.. -g -O -Wall -W c-stack.c"
310  End:
311  */
312