From: "eggert (Paul Eggert)" Date: 2021-09-08T06:24:36+00:00 Subject: [ruby-core:105174] [Ruby master Bug#18152] Fix theoretical bug with signals + qsort Issue #18152 has been updated by eggert (Paul Eggert). nobu (Nobuyoshi Nakada) wrote in #note-1: > Can't `qsort_r` be considered async-signal-safe? No. POSIX's list of async-signal-safe functions can be found here: https://pubs.opengroup.org/onlinepubs/9699919799/functions/V2_chap02.html#tag_15_04_03_03 (look for the list starting with `_Exit`). `qsort_r` is not on the list, which means portable code cannot assume that `qsort_r` is async-signal-safe. For example, Glibc's implementation of `qsort_r` is not async-signal-safe because it can call `malloc`. > And `qsort` in the `else` needs the same patch too, I think. Although it wouldn't hurt for the `else` to have a similar patch, I didn't think it necessary because the `else` is not labeled async-signal-safe. The comment at the start of `run_exec_dup2` says that function should be async-signal-safe when `sargp` is `NULL`, and since `sargp` is not `NULL` in the `else` part I thought it unnecessary to make changes to the `else` part. If the comment is incorrect I can submit a revised patch. (I have not reviewed the overall structure of Ruby for async-signal-safety; I am relying on its comments.) ---------------------------------------- Bug #18152: Fix theoretical bug with signals + qsort https://bugs.ruby-lang.org/issues/18152#change-93578 * Author: eggert (Paul Eggert) * Status: Open * Priority: Normal * ruby -v: ruby 3.1.0dev (2021-09-06T18:23:33Z z102 b4d9126e43) [x86_64-linux] * Backport: 2.6: UNKNOWN, 2.7: UNKNOWN, 3.0: UNKNOWN ---------------------------------------- Ruby assumes that qsort is async-signal-safe, but POSIX does not guarantee this and it's not true of some qsort implementations, notably glibc. This is not a practical problem with glibc, since glibc qsort is async-signal-safe with small sorts and in practice Ruby's use of qsort is invariably small enough. However, it's better to be absolutely async-signal-safe, if only to pacify static checkers and the like. I am attaching two alternative patches for the problem. Either will suffice. The first is simple and easier to audit, but does not scale well (though that is not important here). The second patch should scale, but is harder to audit. It would be difficult to write test cases illustrating the bug that these patches fix, as they'd be timing dependent. ---Files-------------------------------- 0001-Fix-theoretical-bug-with-signals-qsort-b.patch (3.56 KB) 0001-Fix-theoretical-bug-with-signals-qsort-a.patch (2.08 KB) -- https://bugs.ruby-lang.org/ Unsubscribe: