Fix signal handler

SF Markus Elfring elfring at users.sourceforge.net
Mon Sep 24 12:50:12 CEST 2012


>> 1. A shared array is used there.
> 
> And why would that not be safe?

It is not guaranteed that it can be modified in an atomic way.


> Nothing suggests otherwise.

Race conditions are hard to diagnose, aren't they?
Is it also a software challenge to agree on proper solutions for this
implementation detail?

Would anybody like to try a static source code analysis by tools like "LDRA" or
"Compass/ROSE"?


>> Would you like to consider any secure coding recommendations once again?
> 
> Sure, but what of them?

SIG31-C:
'sig_atomic_t ... It is important to note that the behavior of a program that
accesses an object of any other type from a signal handler is undefined.'


Common Weakness Enumeration 364:
'There are several known behaviors related to signal handlers that have received
the label of "signal handler race condition":
* Shared state (e.g. global data or static variables) that are accessible to
both a signal handler and "regular" code'

Regards,
Markus



More information about the libev mailing list