98654 – Potential dead-lock in sal/osl/unx/signal.c

Issue 98654 - Potential dead-lock in sal/osl/unx/signal.c

Summary: Potential dead-lock in sal/osl/unx/signal.c

Status:	CONFIRMED

Alias:	None

Product:	porting
Classification:	Code
Component:	code (show other issues)
Version:	DEV300m39
Hardware:	All Unix, all

Importance:	P3 Trivial (vote)
Target Milestone:	---
Assignee:	AOO issues mailing list
QA Contact:

URL:
Keywords:

Depends on:
Blocks:

Reported:	2009-01-30 14:51 UTC by tora3
Modified:	2017-05-20 11:35 UTC (History)
CC List:	2 users (show)

See Also:
Issue Type:	DEFECT
Latest Confirmation in:	---
Developer Difficulty:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.

Description tora3 2009-01-30 14:51:56 UTC

In a signal handler calling functions that might internally try to lock 
a global resource might results in dead-lock.

Example scenario: 
  1. One buggy module mistakenly overwrites a part of heap area with own data.
  2. Another module calls malloc() through System Abstraction Layer to get 
     an allocated memory from the heap area.
  3. malloc() internally locks a resource before manipulating the area.
  4. A segment violation, SIGSEGV, occurs due to accessing to the polluted area.
  5. In a signal handler, some potentially danger functions are used to create 
     a crash dump.
  6. For instance, the first use of fprintf() triggers to get a buffer by 
     calling __flsbuf() normally declared in /usr/include/stdio.h .
  7. __flsbuf() internally calls malloc().
  8. malloc() internally tries to lock a resource, but the resource has been 
     already locked by itself before. 

  Consequently, the signal handler falls into dead-lock. 
  No error report regarding the buggy module would be submitted.


When using fopen() or fdopen(), setbuf() could be called to specify an own buffer.
e.g.

 (current)
   FILE *fp = fopen( filename, "r" );
      sal_uInt8		buffer[4096];
      nBytesRead = fread( buffer, 1, sizeof(buffer), fp );

 (proposal)
   char _buffer[BUFSIZ];
   FILE *fp = fopen( filename, "r" );
   setbuf(fp, _buffer);
      sal_uInt8		buffer[4096];
      nBytesRead = fread( buffer, 1, sizeof(buffer), fp );


When using rtl_uString or rtl_String, be careful to use them, 
e.g.

 (current)
   rtl_uString *ustrCommandArg = NULL;
   osl_getCommandArg( argi, &ustrCommandArg );

 (proposal)
   ... I have no practical idea at this moment ...


References:
  Descriptions regarding a term Async-Signal-Safe could be one of the helpful 
  start points.
  http://docs.sun.com/app/docs/doc/816-5175/attributes-5?a=view

Comment 1 tora3 2009-01-30 16:45:23 UTC

There could be many ways to solve this type of potential problems.

For fread(), use open(), read(), and close(), instead.
 (proposal)
   int fd = open( filename, O_RDONLY );
   if ( fd != -1 )
       sal_uInt8		buffer[4096];
       nBytesRead = read( fd, buffer, sizeof(buffer) );

On Solaris 10, open(), read(), and close(), are Async-Signal-Safe. 

For fprintf(), use setbuf() to make the stream 'unbuffered.'
 (proposal)
   FILE *xmlout = fdopen( fdxml , "w" );
   setbuf(xmlout, NULL);
      fprintf( xmlout, "<errormail:Stack type=\"%s\">\n", STACKTYPE );

etc. etc. etc. ...

Comment 2 Marcus 2017-05-20 11:35:15 UTC

Reset assigne to the default "issues@openoffice.apache.org".