Main Content

CERT C: Rule SIG34-C

Do not call signal() from within interruptible signal handlers

Description

Rule Definition

Do not call signal() from within interruptible signal handlers.1

Polyspace Implementation

The rule checker checks for Signal call from within signal handler.

Examples

expand all

Issue

Signal call from within signal handler occurs when you call the function signal() from a signal handler on Windows® platforms.

The issue is detected only if you specify a Visual Studio compiler. See Compiler (-compiler).

Risk

The function signal() associates a signal with a signal handler function. On platforms such as Windows, which removes this association after receiving the signal, you might call the function signal() again within the signal handler to re-establish the association.

However, this attempt to make a signal handler persistent is prone to race conditions. On Windows platforms, from the time the signal handler begins execution to when the signal function is called again, it is the default signal handling, SIG_DFL, that is active. If a second signal is received within this time window, you see the default signal handling and not the custom signal handler, but you might expect otherwise.

Fix

Do not call signal() from a signal handler on Windows platforms.

Example - signal() Called from Signal Handler
#include <stdio.h>
#include <stdlib.h>
#include <signal.h>
#include <unistd.h>



volatile sig_atomic_t e_flag = 0;

void sig_handler(int signum)
{
    int s0 = signum;
    e_flag = 1;
	
	/* Call signal() to reestablish sig_handler 
	upon receiving SIG_ERR. */
   
    if (signal(s0, sig_handler) == SIG_ERR)  //Noncompliant
    {
        /* Handle error */       
    }
}

void func(void)
{
        if (signal(SIGINT, sig_handler) == SIG_ERR)
        {
            /* Handle error */
            
        }
  /* more code */
}        
      

In this example, the definition of sig_handler() includes a call to signal() when the handler catches SIG_ERR. On Windows platforms, signal handlers are nonpersistent. This code can result in a race condition.

The issue is detected only if you specify a compiler such as visual15.x for the analysis.

Correction — Do Not Call signal() from Signal Handler

Avoid attempting to make a signal handler persistent on Windows. If your code requires the use of a persistent signal handler on a Windows platform, use a persistent signal handler after performing a thorough risk analysis.

#include <stdio.h>
#include <stdlib.h>
#include <signal.h>
#include <unistd.h>



volatile sig_atomic_t e_flag = 0;


void sig_handler(int signum)
{
    int s0 = signum;
    e_flag = 1;
    /* No call to signal() */
}

int main(void)
{
    
        if (signal(SIGINT, sig_handler) == SIG_ERR)
        {
            /* Handle error */
            
        }
}
 

Check Information

Group: Rule 11. Signals (SIG)

Version History

Introduced in R2019a


1 This software has been created by MathWorks incorporating portions of: the “SEI CERT-C Website,” © 2017 Carnegie Mellon University, the SEI CERT-C++ Web site © 2017 Carnegie Mellon University, ”SEI CERT C Coding Standard – Rules for Developing safe, Reliable and Secure systems – 2016 Edition,” © 2016 Carnegie Mellon University, and “SEI CERT C++ Coding Standard – Rules for Developing safe, Reliable and Secure systems in C++ – 2016 Edition” © 2016 Carnegie Mellon University, with special permission from its Software Engineering Institute.

ANY MATERIAL OF CARNEGIE MELLON UNIVERSITY AND/OR ITS SOFTWARE ENGINEERING INSTITUTE CONTAINED HEREIN IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

This software and associated documentation has not been reviewed nor is it endorsed by Carnegie Mellon University or its Software Engineering Institute.