<html>

    <head>

      <base href="https://bugs.llvm.org/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - `signal` returns wrong pointer with `-fsanitize=memory`"

   href="https://bugs.llvm.org/show_bug.cgi?id=50241">50241</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>`signal` returns wrong pointer with `-fsanitize=memory`

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>clang

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>11.0

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>All

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>-New Bugs

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedclangbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>enzo.baldisserri@outlook.fr

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>htmldeveloper@gmail.com, llvm-bugs@lists.llvm.org, neeilans@live.com, richard-llvm@metafoo.co.uk

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Created <span class=""><a href="attachment.cgi?id=24833" name="attach_24833" title="Valgrind usage on produced `signal` executable">attachment 24833</a> <a href="attachment.cgi?id=24833&action=edit" title="Valgrind usage on produced `signal` executable">[details]</a></span>

Valgrind usage on produced `signal` executable

The code below produces unexpected result with `fsanitize=memory`.

This was tested on WSL 2 (uname -a : `Linux DESKTOP-I5KOTDQ

4.19.128-microsoft-standard #1 SMP Tue Jun 23 12:58:10 UTC 2020 x86_64 x86_64

x86_64 GNU/Linux`) and Arch Linux (a colleague did the test, I don't have much

more information about his system, sorry), using both clang-10 and clang-11.

```c

// signal.c

#include <signal.h>

#include <stdio.h>

#include <stdlib.h>

void handler1(int signal) {

        puts("handler1 called");

        exit(0);

}

void handler2(int signal) {

        puts("handler2 called");

        exit(0);

}

int main(void) {

        // ignore the return value, it doesn't matter here

        signal(SIGUSR1, handler1);

        // `signal` returns the former handler

        // so here, it should be `handler1`

        __sighandler_t should_be_handler1 = signal(SIGUSR1, handler2);

        // and here, "handler1 called" should be printed

        should_be_handler1(SIGUSR1);

        return 0;

}

```

```sh

$ clang -o signal signal.c

$ ./signal

handler1 called

$ clang -o signal -fsanitize=memory signal.c

$ ./signal

handler2 called

```

When using valgrind on the produced `signal` executable, my PC's resources

consumption peeked (see attachment), and my colleague's computer froze.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>