Page History

Do not send an uncaught signal to a thread to terminate, because it kills the entire process as opposed to killing just the individual thread. This rule is a specific instance of SIG02-C. Avoid using signals to implement normal functionality.Calling the signal() function in a multithreaded program is undefined behavior. (See undefined behavior 135.)

Noncompliant Code Example

This code uses the pthread_killnoncompliant code example invokes the signal() function to send a SIGKILL signal to the created thread. The thread receives the signal and the entire process is terminated.from a multithreaded program:

#include <signal.h>
#include <stddef.h>
#include <threads.h>
 
volatile sig_atomic_t flag = 0;

void handler(int signum) {
  flag = 1;
}

/* Runs until user sends SIGUSR1 */
int func(void *data) {
  while (!flag) {
    /* ... */
  }
int main(void){
  pthread_t thread;

  pthread_create(&thread, NULL, func, 0);
  pthread_kill(thread, SIGKILL);

  /* May continue executing briefly until the signal kills the process */

  return 0;
}

int main(void) func(void *foo){
  signal(SIGUSR1, handler); /* Undefined behavior */
  thrd_t tid;
  
  if (thrd_success != thrd_create(&tid, func, NULL)) {
    /* Handle error * Execution of thread/
  }
  /* ... */
}

  return 0;
}

NOTE: The SIGUSR1 signal value is not defined in the C Standard; consequently, this is not a C-compliant code example.

Compliant Solution

This code instead uses the pthread_cancel() to terminate the thread. The thread continues to run until it reaches a cancellation point. See [MKS] for a list of functions that are cancellation points. If the cancellation type is set to asynchronous, the thread is terminated immediately. However, POSIX only requires the pthread_cancel(), pthread_setcancelstate(), and pthread_setcanceltype() functions to be async-cancel safe. An application that calls other POSIX functions with asynchronous cancellation enabled is non-conforming.compliant solution uses an object of type atomic_bool to indicate when the child thread should terminate its loop:

#include <stdatomic.h>
#include <stdbool.h>
#include <stddef.h>
#include <threads.h>
 
atomic_bool flag = ATOMIC_VAR_INIT(false);

int func(void *data) {
  while (!flag) {
    /* ... */
  }
  return 0;
}

int main(void) {
  pthreadthrd_t threadtid;
  
  if (thrd_success != pthreadthrd_create(&threadtid, NULL, func, (void*NULL)0); {
  pthread_cancel(thread);

  /* ContinuesHandle error */

  return 0;
}

void func(void *foo){  /* ... */
  /* ExecutionSet flag ofwhen threaddone */
}

  flag = true;

  return 0;
}

Exceptions

CON37-C-EX1: Implementations such as POSIX that provide defined behavior when multithreaded programs use custom signal handlers are exempt from this rule [IEEE Std 1003.1-2013].

Risk Assessment

Sending the signal to a program causes it to be abnormally terminatedMixing signals and threads causes undefined behavior 135.

References

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Automated Detection

Bibliography

...

Image Added Image Added Image Added Wiki Markup\[[OpenBSD|AA. References#OpenBSD]\] [{{signal()}} Man Page|http://www.openbsd.org/cgi-bin/man.cgi?query=signal] \[[MKS|AA. References#MKS]\] [{{pthread_cancel()}} Man Page|http://www.mkssoftware.com/docs/man3/pthread_cancel.3.asp] \[[Open Group 97a|AA. References#Open Group 97a]\] [Threads Overview|http://www.opengroup.org/onlinepubs/007908799/xsh/threads.html]