mallopt: fix M_BIONIC_RESTORE_DEFAULT_SIGABRT_HANDLER being a no-op#65
Open
thomasbuilds wants to merge 1 commit intoGrapheneOS:16-qpr2from
Open
mallopt: fix M_BIONIC_RESTORE_DEFAULT_SIGABRT_HANDLER being a no-op#65thomasbuilds wants to merge 1 commit intoGrapheneOS:16-qpr2from
thomasbuilds wants to merge 1 commit intoGrapheneOS:16-qpr2from
Conversation
The saved SIGABRT disposition is captured in __libc_preinit_impl, which runs as __attribute__((constructor(1))) — before any other constructor or .preinit_array entry. At that moment execve(2) has just reset SIGABRT to SIG_DFL, so the saved 'struct sigaction' is zero-initialized and saved_sigabrt_handler.sa_handler / .sa_sigaction (a union) is NULL. The mallopt M_BIONIC_RESTORE_DEFAULT_SIGABRT_HANDLER handler then short-circuits on 'sa_sigaction != nullptr' and never calls sigaction(), so the option is a permanent no-op in the very case it is designed for: restoring SIG_DFL after debuggerd / sigchainlib have installed a SIGABRT handler at a later point during process startup. Restoring a struct that contains SIG_DFL is exactly the documented intent of this option, so drop the null guard and always perform the sigaction() call.
|
Hey @thomasbuilds, we’re impressed with your contributions to GrapheneOS! I'd love to connect and chat about a potential role. If you're open to it, please message me on Matrix here: @jules:grapheneos.org. Cheers! |
Contributor
Author
|
Hi, I've sent you a dm on matrix as user MrPump |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
mallopt(M_BIONIC_RESTORE_DEFAULT_SIGABRT_HANDLER, …)(added in 43d1f48) is silently a no-op in the case it was designed to handle, so callers that rely on it to escape a debuggerd / ART sigchainlib SIGABRT handler still go through that handler instead of crashing with the default disposition.Details
The saved SIGABRT disposition is captured in
__libc_preinit_impl(libc_init_dynamic.cpp):__libc_preinitis declared__attribute__((constructor(1)))(libc_init_dynamic.cpp L223), i.e. it runs before any other constructor or.preinit_arrayentry. At that pointexecve(2)has just reset SIGABRT toSIG_DFL, so the kernel fillssaved_sigabrt_handlerwith a zero-initialized struct. Becausesa_handlerandsa_sigactionshare a union (see signal_types.h),saved_sigabrt_handler.sa_sigactionisNULL.The restore path then short-circuits on that NULL:
The
sigaction()call is never reached and the function returns 0 — the option does nothing in the very scenario it is meant for: switching SIGABRT back toSIG_DFLafter debuggerd / sigchainlib have installed their own handler later in startup.Fix
Drop the null guard. Restoring a
struct sigactionwhosesa_handlerisSIG_DFLis exactly the documented intent of this option, andsigaction()accepts that just fine.Impact
Any caller using
mallopt(M_BIONIC_RESTORE_DEFAULT_SIGABRT_HANDLER, …)to bypass an installed SIGABRT handler — the documented purpose of the API — currently silently fails. After this change, the call performs the intendedsigaction(SIGABRT, …)and returns 1.