...
In this noncompliant code example, the int_handler() function is used to carry out tasks specific to SIGINT and then raises SIGTERM. However, there is a nested call to the raise() function, which is undefined behavior 131.
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <signal.h>
#include <stdlib.h>
void term_handler(int signum) {
/* SIGTERM handler */
}
void int_handler(int signum) {
/* SIGINT handler */
if (raise(SIGTERM) != 0) {
/* Handle error */
}
}
int main(void) {
if (signal(SIGTERM, term_handler) == SIG_ERR) {
/* Handle error */
}
if (signal(SIGINT, int_handler) == SIG_ERR) {
/* Handle error */
}
/* Program code */
if (raise(SIGINT) != 0) {
/* Handle error */
}
/* More code */
return EXIT_SUCCESS;
}
|
...
Invoking functions that are not asynchronous-safe from within a signal handler is undefined behavior 132.
Rule | Severity | Likelihood | Detectable | Remediation CostRepairable | Priority | Level |
|---|---|---|---|---|---|---|
SIG30-C | High | Likely | Yes | NoMedium | P18 | L1 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| signal-handler-unsafe-call | Partially checked | ||||||
| Axivion Bauhaus Suite |
| CertC-SIG30 | |||||||
| CodeSonar |
| BADFUNC.SIGNAL | Use of signal | ||||||
| Compass/ROSE | Can detect violations of the rule for single-file programs | ||||||||
| Cppcheck Premium |
| premium-cert-sig30-c | |||||||
| Helix QAC |
| C2028, C2030 | |||||||
| Klocwork |
| CERT.SIG.SIG_HANDLER.ASYNC_SAFE | |||||||
| LDRA tool suite |
| 88 D, 89 D | Partially implemented | ||||||
| Parasoft C/C++test |
| CERT_C-SIG30-a | Properly define signal handlers | ||||||
| PC-lint Plus |
| 2670, 2761 | Fully supported | ||||||
| Checks for function called from signal handler not asynchronous-safe (rule fully covered) | ||||||||
| RuleChecker |
| signal-handler-unsafe-call | Partially checked | ||||||
| Splint |
|
...