1 /* Stack overflow handling. 2 3 Copyright (C) 2002, 2004 Free Software Foundation, Inc. 4 5 This program is free software; you can redistribute it and/or modify 6 it under the terms of the GNU General Public License as published by 7 the Free Software Foundation; either version 2, or (at your option) 8 any later version. 9 10 This program is distributed in the hope that it will be useful, 11 but WITHOUT ANY WARRANTY; without even the implied warranty of 12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 GNU General Public License for more details. 14 15 You should have received a copy of the GNU General Public License 16 along with this program; if not, write to the Free Software Foundation, 17 Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ 18 19 /* Written by Paul Eggert. */ 20 21 /* NOTES: 22 23 A program that uses alloca, dynamic arrays, or large local 24 variables may extend the stack by more than a page at a time. If 25 so, when the stack overflows the operating system may not detect 26 the overflow until the program uses the array, and this module may 27 incorrectly report a program error instead of a stack overflow. 28 29 To avoid this problem, allocate only small objects on the stack; a 30 program should be OK if it limits single allocations to a page or 31 less. Allocate larger arrays in static storage, or on the heap 32 (e.g., with malloc). Yes, this is a pain, but we don't know of any 33 better solution that is portable. 34 35 No attempt has been made to deal with multithreaded applications. */ 36 37 #if HAVE_CONFIG_H 38 # include <config.h> 39 #endif 40 41 #ifndef __attribute__ 42 # if __GNUC__ < 3 || __STRICT_ANSI__ 43 # define __attribute__(x) 44 # endif 45 #endif 46 47 #include "gettext.h" 48 #define _(msgid) gettext (msgid) 49 50 #include <errno.h> 51 #ifndef ENOTSUP 52 # define ENOTSUP EINVAL 53 #endif 54 #ifndef EOVERFLOW 55 # define EOVERFLOW EINVAL 56 #endif 57 58 #include <signal.h> 59 #if ! HAVE_STACK_T && ! defined stack_t 60 typedef struct sigaltstack stack_t; 61 #endif 62 63 #include <stdlib.h> 64 #include <string.h> 65 66 #if HAVE_SYS_RESOURCE_H 67 /* Include sys/time.h here, because... 68 SunOS-4.1.x <sys/resource.h> fails to include <sys/time.h>. 69 This gives "incomplete type" errors for ru_utime and tu_stime. */ 70 # if HAVE_SYS_TIME_H 71 # include <sys/time.h> 72 # endif 73 # include <sys/resource.h> 74 #endif 75 76 #if HAVE_UCONTEXT_H 77 # include <ucontext.h> 78 #endif 79 80 #if HAVE_UNISTD_H 81 # include <unistd.h> 82 #endif 83 #ifndef STDERR_FILENO 84 # define STDERR_FILENO 2 85 #endif 86 87 #if DEBUG 88 # include <stdio.h> 89 #endif 90 91 #include "c-stack.h" 92 #include "exitfail.h" 93 94 #if (HAVE_STRUCT_SIGACTION_SA_SIGACTION && defined SA_NODEFER \ 95 && defined SA_ONSTACK && defined SA_RESETHAND && defined SA_SIGINFO) 96 # define SIGACTION_WORKS 1 97 #else 98 # define SIGACTION_WORKS 0 99 #endif 100 101 extern char *program_name; 102 103 /* The user-specified action to take when a SEGV-related program error 104 or stack overflow occurs. */ 105 static void (* volatile segv_action) (int); 106 107 /* Translated messages for program errors and stack overflow. Do not 108 translate them in the signal handler, since gettext is not 109 async-signal-safe. */ 110 static char const * volatile program_error_message; 111 static char const * volatile stack_overflow_message; 112 113 /* Output an error message, then exit with status EXIT_FAILURE if it 114 appears to have been a stack overflow, or with a core dump 115 otherwise. This function is async-signal-safe. */ 116 117 static void die (int) __attribute__ ((noreturn)); 118 static void 119 die (int signo) 120 { 121 char const *message; 122 segv_action (signo); 123 message = signo ? program_error_message : stack_overflow_message; 124 write (STDERR_FILENO, program_name, strlen (program_name)); 125 write (STDERR_FILENO, ": ", 2); 126 write (STDERR_FILENO, message, strlen (message)); 127 write (STDERR_FILENO, "\n", 1); 128 if (! signo) 129 _exit (exit_failure); 130 kill (getpid (), signo); 131 abort (); 132 } 133 134 #if HAVE_SIGALTSTACK && HAVE_DECL_SIGALTSTACK 135 136 /* Direction of the C runtime stack. This function is 137 async-signal-safe. */ 138 139 # if STACK_DIRECTION 140 # define find_stack_direction(ptr) STACK_DIRECTION 141 # else 142 static int 143 find_stack_direction (char const *addr) 144 { 145 char dummy; 146 return ! addr ? find_stack_direction (&dummy) : addr < &dummy ? 1 : -1; 147 } 148 # endif 149 150 /* Storage for the alternate signal stack. */ 151 static union 152 { 153 char buffer[SIGSTKSZ]; 154 155 /* These other members are for proper alignment. There's no 156 standard way to guarantee stack alignment, but this seems enough 157 in practice. */ 158 long double ld; 159 long l; 160 void *p; 161 } alternate_signal_stack; 162 163 # if SIGACTION_WORKS 164 165 /* Handle a segmentation violation and exit. This function is 166 async-signal-safe. */ 167 168 static void segv_handler (int, siginfo_t *, void *) __attribute__((noreturn)); 169 static void 170 segv_handler (int signo, siginfo_t *info, 171 void *context __attribute__ ((unused))) 172 { 173 /* Clear SIGNO if it seems to have been a stack overflow. */ 174 if (0 < info->si_code) 175 { 176 # if ! HAVE_XSI_STACK_OVERFLOW_HEURISTIC 177 /* We can't easily determine whether it is a stack overflow; so 178 assume that the rest of our program is perfect (!) and that 179 this segmentation violation is a stack overflow. */ 180 signo = 0; 181 # else 182 /* If the faulting address is within the stack, or within one 183 page of the stack end, assume that it is a stack 184 overflow. */ 185 ucontext_t const *user_context = context; 186 char const *stack_base = user_context->uc_stack.ss_sp; 187 size_t stack_size = user_context->uc_stack.ss_size; 188 char const *faulting_address = info->si_addr; 189 size_t s = faulting_address - stack_base; 190 size_t page_size = sysconf (_SC_PAGESIZE); 191 if (find_stack_direction (0) < 0) 192 s += page_size; 193 if (s < stack_size + page_size) 194 signo = 0; 195 196 # if DEBUG 197 { 198 char buf[1024]; 199 sprintf (buf, 200 "segv_handler fault=%p base=%p size=%lx page=%lx signo=%d\n", 201 faulting_address, stack_base, (unsigned long) stack_size, 202 (unsigned long) page_size, signo); 203 write (STDERR_FILENO, buf, strlen (buf)); 204 } 205 # endif 206 # endif 207 } 208 209 die (signo); 210 } 211 # endif 212 213 static void 214 null_action (int signo __attribute__ ((unused))) 215 { 216 } 217 218 /* Set up ACTION so that it is invoked on C stack overflow. Return -1 219 (setting errno) if this cannot be done. 220 221 When ACTION is called, it is passed an argument equal to SIGSEGV 222 for a segmentation violation that does not appear related to stack 223 overflow, and is passed zero otherwise. On many platforms it is 224 hard to tell; when in doubt, zero is passed. 225 226 A null ACTION acts like an action that does nothing. 227 228 ACTION must be async-signal-safe. ACTION together with its callees 229 must not require more than SIGSTKSZ bytes of stack space. */ 230 231 int 232 c_stack_action (void (*action) (int)) 233 { 234 int r; 235 stack_t st; 236 st.ss_flags = 0; 237 st.ss_sp = alternate_signal_stack.buffer; 238 st.ss_size = sizeof alternate_signal_stack.buffer; 239 r = sigaltstack (&st, 0); 240 if (r != 0) 241 return r; 242 243 segv_action = action ? action : null_action; 244 program_error_message = _("program error"); 245 stack_overflow_message = _("stack overflow"); 246 247 { 248 # if SIGACTION_WORKS 249 struct sigaction act; 250 sigemptyset (&act.sa_mask); 251 252 /* POSIX 1003.1-2001 says SA_RESETHAND implies SA_NODEFER, but 253 this is not true on Solaris 8 at least. It doesn't hurt to use 254 SA_NODEFER here, so leave it in. */ 255 act.sa_flags = SA_NODEFER | SA_ONSTACK | SA_RESETHAND | SA_SIGINFO; 256 257 act.sa_sigaction = segv_handler; 258 259 return sigaction (SIGSEGV, &act, 0); 260 # else 261 return signal (SIGSEGV, die) == SIG_ERR ? -1 : 0; 262 # endif 263 } 264 } 265 266 #else /* ! (HAVE_SIGALTSTACK && HAVE_DECL_SIGALTSTACK) */ 267 268 int 269 c_stack_action (void (*action) (int) __attribute__ ((unused))) 270 { 271 errno = ENOTSUP; 272 return -1; 273 } 274 275 #endif 276 277 278 279 #if DEBUG 280 281 int volatile exit_failure; 282 283 static long 284 recurse (char *p) 285 { 286 char array[500]; 287 array[0] = 1; 288 return *p + recurse (array); 289 } 290 291 char *program_name; 292 293 int 294 main (int argc __attribute__ ((unused)), char **argv) 295 { 296 program_name = argv[0]; 297 fprintf (stderr, 298 "The last output line should contain \"stack overflow\".\n"); 299 if (c_stack_action (0) == 0) 300 return recurse ("\1"); 301 perror ("c_stack_action"); 302 return 1; 303 } 304 305 #endif /* DEBUG */ 306 307 /* 308 Local Variables: 309 compile-command: "gcc -DDEBUG -DHAVE_CONFIG_H -I.. -g -O -Wall -W c-stack.c" 310 End: 311 */ 312