From owner-freebsd-bugs Fri Sep 19 02:14:41 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id CAA27446 for bugs-outgoing; Fri, 19 Sep 1997 02:14:41 -0700 (PDT) Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id CAA27425; Fri, 19 Sep 1997 02:14:33 -0700 (PDT) Received: (from bde@localhost) by godzilla.zeta.org.au (8.8.5/8.6.9) id TAA09952; Fri, 19 Sep 1997 19:09:04 +1000 Date: Fri, 19 Sep 1997 19:09:04 +1000 From: Bruce Evans Message-Id: <199709190909.TAA09952@godzilla.zeta.org.au> To: grog@lemis.com, peter@spinner.dialix.com.au Subject: Re: Bug in malloc/free Cc: atrens@nortel.ca, freebsd-bugs@FreeBSD.ORG, gram@cdsec.com, hackers@FreeBSD.ORG, phk@critter.freebsd.dk Sender: owner-freebsd-bugs@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > On the other hand, there's not much you can do without calling some > library routine. POSIX.1 defines "safe" routines that you can call > from a signal handler. They are: > > _exit access alarm cfgetispeed cfgetospeed cfsetispeed cfsetospeed > chdir chmod chown close creat dup dup2 execle execve fcntl fork > fstat getegid geteuid getgid getgroups getpgrp getpid getppid getuid > kill link lseek mkdir mkfifo open pathconf pause pipe read rename > rmdir setgid setpgid setsid setuid sigaction sigaddset sigdelset > sigemptyset sigfillset sigismember sigpending sigprocmask sigsuspend > sleep stat sysconf tcdrain tcflow tcflush tcgetattr tcgetpgrp > tcsendbreak tcsetattr tcsetpgrp time times umask uname unlink utime > wait waitpid write > > In addition, System V.4 allows abort, exit, longjmp, and signal. > >Should we produce some such guidelines? We claim to be sort of POSIX conformant. Perhaps this is enough. We aren't actually POSIX conformant. All the above "safe" routines may clobber the global `errno'. STDC only allows operations on auto variables and assignment to static variables of type sig_atomic_t. We aren't STDC conformant either. Operations on auto floating point variables may corrupt the floating point state. This isn't a problem in practice, since nothing useful can be done using only auto floating point variables. Bruce