Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This non-compliant code example invokes the malloc()}}s space for a string, copies over a string, and then cleans up the memory. The error lies with the call to the {{free() function from within inside the signal handler. If an interrupt signal is received during or after the free() call in main(), the heap will be corrupted.

Code Block
bgColor#FFcccc
#include <signal.h>

char *foo;

void int_handler() {
  free(foo);
  _Exit(0);

/* _Exit() causes immediate program termination, and is
  async-safe, whereas exit() calls cleanup routines first, 
  and is not async-safe. */
}

int main(void) {
  foo = malloc(15);
  if(foo == NULL) {
    /* handle error condition */
  }

return 0;   }
  signal(SIGINT, int_handler);
  strcpy(foo, "Hello World.");
  puts(foo);
  free(foo);
  return 0;
}

Note: The {{_Exit()}} function causes immediate program termination, and is async-safe, whereas {{exit()}} calls cleanup routines first, and is not async-safe.

Compliant Solution

Signal handlers should be as minimal as possible, only unconditionally setting a flag where appropriate, and returning. You may also call the _Exit() function to immediately terminate program execution.

...