[llvm-bugs] [Bug 50241] New: `signal` returns wrong pointer with `-fsanitize=memory`

via llvm-bugs llvm-bugs at lists.llvm.org
Thu May 6 02:21:33 PDT 2021 

https://bugs.llvm.org/show_bug.cgi?id=50241

            Bug ID: 50241
           Summary: `signal` returns wrong pointer with
                    `-fsanitize=memory`
           Product: clang
           Version: 11.0
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P
         Component: -New Bugs
          Assignee: unassignedclangbugs at nondot.org
          Reporter: enzo.baldisserri at outlook.fr
                CC: htmldeveloper at gmail.com, llvm-bugs at lists.llvm.org,
                    neeilans at live.com, richard-llvm at metafoo.co.uk

Created attachment 24833
  --> https://bugs.llvm.org/attachment.cgi?id=24833&action=edit
Valgrind usage on produced `signal` executable

The code below produces unexpected result with `fsanitize=memory`.
This was tested on WSL 2 (uname -a : `Linux DESKTOP-I5KOTDQ
4.19.128-microsoft-standard #1 SMP Tue Jun 23 12:58:10 UTC 2020 x86_64 x86_64
x86_64 GNU/Linux`) and Arch Linux (a colleague did the test, I don't have much
more information about his system, sorry), using both clang-10 and clang-11.

```c
// signal.c
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>

void handler1(int signal) {
        puts("handler1 called");
        exit(0);
}

void handler2(int signal) {
        puts("handler2 called");
        exit(0);
}

int main(void) {
        // ignore the return value, it doesn't matter here
        signal(SIGUSR1, handler1);
        // `signal` returns the former handler
        // so here, it should be `handler1`
        __sighandler_t should_be_handler1 = signal(SIGUSR1, handler2);
        // and here, "handler1 called" should be printed
        should_be_handler1(SIGUSR1);
        return 0;
}
```

```sh
$ clang -o signal signal.c
$ ./signal
handler1 called
$ clang -o signal -fsanitize=memory signal.c
$ ./signal
handler2 called
```

When using valgrind on the produced `signal` executable, my PC's resources
consumption peeked (see attachment), and my colleague's computer froze.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20210506/7055711a/attachment-0001.html>

More information about the llvm-bugs mailing list