ydb/contrib/tools/m4/lib/c-stack.c

/* Stack overflow handling.

   Copyright (C) 2002, 2004, 2006, 2008-2016 Free Software Foundation, Inc.

   This program is free software: you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 3 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program.  If not, see <http://www.gnu.org/licenses/>.  */

/* Written by Paul Eggert.  */

/* NOTES:

   A program that uses alloca, dynamic arrays, or large local
   variables may extend the stack by more than a page at a time.  If
   so, when the stack overflows the operating system may not detect
   the overflow until the program uses the array, and this module may
   incorrectly report a program error instead of a stack overflow.

   To avoid this problem, allocate only small objects on the stack; a
   program should be OK if it limits single allocations to a page or
   less.  Allocate larger arrays in static storage, or on the heap
   (e.g., with malloc).  Yes, this is a pain, but we don't know of any
   better solution that is portable.

   No attempt has been made to deal with multithreaded applications.  */

#include <config.h>

#ifndef __attribute__
# if __GNUC__ < 3
#  define __attribute__(x)
# endif
#endif

#include "gettext.h"
#define _(msgid) gettext (msgid)

#include <errno.h>

#include <signal.h>
#if ! HAVE_STACK_T && ! defined stack_t
typedef struct sigaltstack stack_t;
#endif
#ifndef SIGSTKSZ
# define SIGSTKSZ 16384
#elif HAVE_LIBSIGSEGV && SIGSTKSZ < 16384
/* libsigsegv 2.6 through 2.8 have a bug where some architectures use
   more than the Linux default of an 8k alternate stack when deciding
   if a fault was caused by stack overflow.  */
# undef SIGSTKSZ
# define SIGSTKSZ 16384
#endif

#include <stdlib.h>
#include <string.h>

/* Posix 2001 declares ucontext_t in <ucontext.h>, Posix 200x in
   <signal.h>.  */
#if HAVE_UCONTEXT_H
# include <ucontext.h>
#endif

#include <unistd.h>

#if HAVE_LIBSIGSEGV
# error #include <sigsegv.h>
#endif

#include "c-stack.h"
#include "exitfail.h"
#include "ignore-value.h"
#include "getprogname.h"

#if defined SA_ONSTACK && defined SA_SIGINFO
# define SIGINFO_WORKS 1
#else
# define SIGINFO_WORKS 0
# ifndef SA_ONSTACK
#  define SA_ONSTACK 0
# endif
#endif

/* The user-specified action to take when a SEGV-related program error
   or stack overflow occurs.  */
static void (* volatile segv_action) (int);

/* Translated messages for program errors and stack overflow.  Do not
   translate them in the signal handler, since gettext is not
   async-signal-safe.  */
static char const * volatile program_error_message;
static char const * volatile stack_overflow_message;

/* Output an error message, then exit with status EXIT_FAILURE if it
   appears to have been a stack overflow, or with a core dump
   otherwise.  This function is async-signal-safe.  */

static _Noreturn void
die (int signo)
{
  char const *message;
#if !SIGINFO_WORKS && !HAVE_LIBSIGSEGV
  /* We can't easily determine whether it is a stack overflow; so
     assume that the rest of our program is perfect (!) and that
     this segmentation violation is a stack overflow.  */
  signo = 0;
#endif /* !SIGINFO_WORKS && !HAVE_LIBSIGSEGV */
  segv_action (signo);
  message = signo ? program_error_message : stack_overflow_message;
  ignore_value (write (STDERR_FILENO, getprogname (), strlen (getprogname ())));
  ignore_value (write (STDERR_FILENO, ": ", 2));
  ignore_value (write (STDERR_FILENO, message, strlen (message)));
  ignore_value (write (STDERR_FILENO, "\n", 1));
  if (! signo)
    _exit (exit_failure);
  raise (signo);
  abort ();
}

#if (HAVE_SIGALTSTACK && HAVE_DECL_SIGALTSTACK \
     && HAVE_STACK_OVERFLOW_HANDLING) || HAVE_LIBSIGSEGV

/* Storage for the alternate signal stack.  */
static union
{
  char buffer[SIGSTKSZ];

  /* These other members are for proper alignment.  There's no
     standard way to guarantee stack alignment, but this seems enough
     in practice.  */
  long double ld;
  long l;
  void *p;
} alternate_signal_stack;

static void
null_action (int signo __attribute__ ((unused)))
{
}

#endif /* SIGALTSTACK || LIBSIGSEGV */

/* Only use libsigsegv if we need it; platforms like Solaris can
   detect stack overflow without the overhead of an external
   library.  */
#if HAVE_LIBSIGSEGV && ! HAVE_XSI_STACK_OVERFLOW_HEURISTIC

/* Nonzero if general segv handler could not be installed.  */
static volatile int segv_handler_missing;

/* Handle a segmentation violation and exit if it cannot be stack
   overflow.  This function is async-signal-safe.  */

static int segv_handler (void *address __attribute__ ((unused)),
                         int serious)
{
# if DEBUG
  {
    char buf[1024];
    sprintf (buf, "segv_handler serious=%d\n", serious);
    write (STDERR_FILENO, buf, strlen (buf));
  }
# endif

  /* If this fault is not serious, return 0 to let the stack overflow
     handler take a shot at it.  */
  if (!serious)
    return 0;
  die (SIGSEGV);
}

/* Handle a segmentation violation that is likely to be a stack
   overflow and exit.  This function is async-signal-safe.  */

static _Noreturn void
overflow_handler (int emergency,
                  stackoverflow_context_t context __attribute__ ((unused)))
{
# if DEBUG
  {
    char buf[1024];
    sprintf (buf, "overflow_handler emergency=%d segv_handler_missing=%d\n",
             emergency, segv_handler_missing);
    write (STDERR_FILENO, buf, strlen (buf));
  }
# endif

  die ((!emergency || segv_handler_missing) ? 0 : SIGSEGV);
}

int
c_stack_action (void (*action) (int))
{
  segv_action = action ? action : null_action;
  program_error_message = _("program error");
  stack_overflow_message = _("stack overflow");

  /* Always install the overflow handler.  */
  if (stackoverflow_install_handler (overflow_handler,
                                     alternate_signal_stack.buffer,
                                     sizeof alternate_signal_stack.buffer))
    {
      errno = ENOTSUP;
      return -1;
    }
  /* Try installing a general handler; if it fails, then treat all
     segv as stack overflow.  */
  segv_handler_missing = sigsegv_install_handler (segv_handler);
  return 0;
}

#elif HAVE_SIGALTSTACK && HAVE_DECL_SIGALTSTACK && HAVE_STACK_OVERFLOW_HANDLING

# if SIGINFO_WORKS

/* Handle a segmentation violation and exit.  This function is
   async-signal-safe.  */

static _Noreturn void
segv_handler (int signo, siginfo_t *info,
              void *context __attribute__ ((unused)))
{
  /* Clear SIGNO if it seems to have been a stack overflow.  */
#  if ! HAVE_XSI_STACK_OVERFLOW_HEURISTIC
  /* We can't easily determine whether it is a stack overflow; so
     assume that the rest of our program is perfect (!) and that
     this segmentation violation is a stack overflow.

     Note that although both Linux and Solaris provide
     sigaltstack, SA_ONSTACK, and SA_SIGINFO, currently only
     Solaris satisfies the XSI heuristic.  This is because
     Solaris populates uc_stack with the details of the
     interrupted stack, while Linux populates it with the details
     of the current stack.  */
  signo = 0;
#  else
  if (0 < info->si_code)
    {
      /* If the faulting address is within the stack, or within one
         page of the stack, assume that it is a stack overflow.  */
      ucontext_t const *user_context = context;
      char const *stack_base = user_context->uc_stack.ss_sp;
      size_t stack_size = user_context->uc_stack.ss_size;
      char const *faulting_address = info->si_addr;
      size_t page_size = sysconf (_SC_PAGESIZE);
      size_t s = faulting_address - stack_base + page_size;
      if (s < stack_size + 2 * page_size)
        signo = 0;

#   if DEBUG
      {
        char buf[1024];
        sprintf (buf,
                 "segv_handler fault=%p base=%p size=%lx page=%lx signo=%d\n",
                 faulting_address, stack_base, (unsigned long) stack_size,
                 (unsigned long) page_size, signo);
        write (STDERR_FILENO, buf, strlen (buf));
      }
#   endif
    }
#  endif

  die (signo);
}
# endif

int
c_stack_action (void (*action) (int))
{
  int r;
  stack_t st;
  struct sigaction act;
  st.ss_flags = 0;
# if SIGALTSTACK_SS_REVERSED
  /* Irix mistakenly treats ss_sp as the upper bound, rather than
     lower bound, of the alternate stack.  */
  st.ss_sp = alternate_signal_stack.buffer + SIGSTKSZ - sizeof (void *);
  st.ss_size = sizeof alternate_signal_stack.buffer - sizeof (void *);
# else
  st.ss_sp = alternate_signal_stack.buffer;
  st.ss_size = sizeof alternate_signal_stack.buffer;
# endif
  r = sigaltstack (&st, NULL);
  if (r != 0)
    return r;

  segv_action = action ? action : null_action;
  program_error_message = _("program error");
  stack_overflow_message = _("stack overflow");

  sigemptyset (&act.sa_mask);

# if SIGINFO_WORKS
  /* POSIX 1003.1-2001 says SA_RESETHAND implies SA_NODEFER, but
     this is not true on Solaris 8 at least.  It doesn't hurt to use
     SA_NODEFER here, so leave it in.  */
  act.sa_flags = SA_NODEFER | SA_ONSTACK | SA_RESETHAND | SA_SIGINFO;
  act.sa_sigaction = segv_handler;
# else
  act.sa_flags = SA_NODEFER | SA_ONSTACK | SA_RESETHAND;
  act.sa_handler = die;
# endif

# if FAULT_YIELDS_SIGBUS
  if (sigaction (SIGBUS, &act, NULL) < 0)
    return -1;
# endif
  return sigaction (SIGSEGV, &act, NULL);
}

#else /* ! ((HAVE_SIGALTSTACK && HAVE_DECL_SIGALTSTACK
             && HAVE_STACK_OVERFLOW_HANDLING) || HAVE_LIBSIGSEGV) */

int
c_stack_action (void (*action) (int)  __attribute__ ((unused)))
{
  errno = ENOTSUP;
  return -1;
}

#endif