CWE Rule 432

Dangerous Signal Handler not Disabled During Sensitive Operations

Since R2026a

expand all in page

Description

Dangerous Signal Handler not Disabled During Sensitive Operations

Polyspace Implementation

The rule checker checks for Signal handling not disabled in handler.

Examples

expand all

Issue

This issue occurs if the handler of a signal can be reentered by the same signal during its execution. Polyspace® reports a violation if the signal handler performs any action without performing one of these actions first:

  • Ignore the current signal — Invoke signal() using the current signal as the first argument and SIG_IGN as the second argument.

  • Set the handling of the current signal to default action — Invoke signal() using the current signal as the first argument and SIG_DFL as the second argument.

Risk

If the signal handler does not stop listening for the current signal, the handler can be reentered if the current signal is received again during the execution of the handler. Consider this signal handler:

#include <signal.h>
int shared_state = 0;

void signal_handler(int signum) {
	shared_state++;
}

int main() {
	//...
	signal(SIGINT, signal_handler);
	signal(SIGTERM, signal_handler);
}
If the program receives either of SIGINT or SIGTERM signals, signal_handler() is invoked. During the execution of signal_handler(), if either of the signals is received again, the execution of the handler is interrupted and the value of shared_state can be corrupted.

Fix

In the signal handler function, before performing any action, set the handling of the current signal to the default action. Alternatively, ignore the current signal during the signal handling operations. Finally, before exiting the signal handler, assign the current handler to the current signal again. The signal_handler function in the preceding code can be fixed as follows:

void signal_handler(int signum) {
	signal(signum, SIG_DFL);
	shared_state++;
	signal(signum, signal_handler);
}

Example

In this example, the handlers increment_handler() and decrement_handler() can be interrupted during their execution. Polyspace reports violations.

#include <stdio.h>
#include <signal.h>


volatile sig_atomic_t counter = 0;

void increment_handler(int signum) {  //Noncompliant
	counter++;
}

void decrement_handler(int signum) { //Noncompliant
	counter--;
}

int main() {
	signal(SIGUSR1, increment_handler);
	signal(SIGUSR2, decrement_handler);
	//...
	return 0;
}

Correction

To fix these violations, disable the handlers first before performing any action in the handlers.

#include <stdio.h>
#include <signal.h>


volatile sig_atomic_t counter = 0;

void increment_handler(int signum) {  //Compliant
	signal(signum, SIG_DFL);
	counter++;
	signal(signum, increment_handler);
}

void decrement_handler(int signum) { //Compliant
	signal(signum, SIG_DFL);
	counter--;
	signal(signum, increment_handler);
}

int main() {
	signal(SIGUSR1, increment_handler);
	signal(SIGUSR2, decrement_handler);
	//...
	return 0;
}

Check Information

Category: Others
PQL Name: std.cwe_native.R432

Version History

Introduced in R2026a

See Also

Topics

External Websites