2.6.x signal handler bug

From: Paul Maurides
Date: Fri Jun 25 2004 - 18:57:55 EST

Next message: Andrew Morton: "Re: 2.6.x signal handler bug"
Previous message: Kevin Fox: "Re: Elastic Quota File System (EQFS)"
Next in thread: Andrew Morton: "Re: 2.6.x signal handler bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The bug has been reproduced successfully using the following program
on kernel 2.6.5 and 2.6.7, and probably affects any other 2.6 kernel.

Kernel 2.4 produce the correct behavior, an endless loop of handled signals, but on kernel 2.6 the program segfaults.

#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <setjmp.h>

volatile int len;
volatile int real;
volatile int caught;
jmp_buf env;

void catcher(int sig){
signal(SIGSEGV,catcher);
printf("requested: %9d malloced: %9d\n",len,real);
longjmp(env, 1);
}

int main(){
char* p=0;
len = 0;
signal(SIGSEGV,catcher);

setjmp(env);
len++;
free(p);
p = malloc(len);
real = 0;
while(1){
p[real] = 0;
real++;
}
return 0;
}

PS. I'm not subscribed to this list, so please include me in the cc

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew Morton: "Re: 2.6.x signal handler bug"
Previous message: Kevin Fox: "Re: Elastic Quota File System (EQFS)"
Next in thread: Andrew Morton: "Re: 2.6.x signal handler bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]