sandbox/linux/seccomp-bpf/trap.cc - Issue 18656004: Added a new SafeSPrintf() function that implements snprintf() in an async-safe-fashion

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: sandbox/linux/seccomp-bpf/trap.cc

Issue 18656004: Added a new SafeSPrintf() function that implements snprintf() in an async-safe-fashion (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Addressed Jeffrey's comments Created 7 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: sandbox/linux/seccomp-bpf/trap.cc

diff --git a/sandbox/linux/seccomp-bpf/trap.cc b/sandbox/linux/seccomp-bpf/trap.cc

index 78a78ee5d09ac68de5ba711eae428c5f8b0e4b01..d9c4a5e95bfa609b288e73cce39d664a4382f32b 100644

--- a/sandbox/linux/seccomp-bpf/trap.cc

+++ b/sandbox/linux/seccomp-bpf/trap.cc

@@ -114,17 +114,28 @@ void Trap::SigSys(int nr, siginfo_t *info, void *void_context) {

// Various sanity checks to make sure we actually received a signal

// triggered by a BPF filter. If something else triggered SIGSYS

// (e.g. kill()), there is really nothing we can do with this signal.

- if (nr != SIGSYS || info->si_code != SYS_SECCOMP || !void_context ||

- info->si_errno <= 0 ||

+ // NOTE: SANDBOX_DIE() can call LOG(FATAL). This is not normally async-signal

+ // safe and can lead to bugs. We should eventually implement a different

+ // logging and reporting mechanism that is safe to be called from

+ // the sigSys() handler.

+ // TODO: If we feel confident that our code otherwise works correctly, we

+ // could actually make an argument that spurious SIGSYS should

+ // just get silently ignored. TBD

+ if (nr != SIGSYS) {

+ SANDBOX_DIE("SIGSYS handler called with unexpected signal number %d.", nr);

+ }

+ if (info->si_code != SYS_SECCOMP) {

+ SANDBOX_DIE("SIGSYS handler called with unexpected signal code %x "

+ "(expected %x).", info->si_code, SYS_SECCOMP);

+ }

+ if (!void_context) {

+ SANDBOX_DIE("SIGSYS handler called without a signal context.");

+ }

+ if (info->si_errno <= 0 ||

static_cast<size_t>(info->si_errno) > trap_array_size_) {

- // SANDBOX_DIE() can call LOG(FATAL). This is not normally async-signal

- // safe and can lead to bugs. We should eventually implement a different

- // logging and reporting mechanism that is safe to be called from

- // the sigSys() handler.

- // TODO: If we feel confident that our code otherwise works correctly, we

- // could actually make an argument that spurious SIGSYS should

- // just get silently ignored. TBD

- SANDBOX_DIE("Unexpected SIGSYS received.");

+ SANDBOX_DIE("SIGSYS handler called for unexpected trap number %d. We "

+ "expect traps to be bigger than 0 and less or equal to %d.",

+ info->si_errno, trap_array_size_);

}

// Signal handlers should always preserve "errno". Otherwise, we could

« base/debug/stack_trace_unittest.cc ('K') | « sandbox/linux/seccomp-bpf/die.h ('k') | no next file » | no next file with comments »