Previously, two bugs exist in sigtimedwait(). One is, that since _my_tls.sigwait_mask was left non-zero if the signal arrives after the timeout, sigpacket::process() would wrongly try to handle it. The other is if a timeout occurs after sigpacket::process() is called, but not completed yet, the signal handler can be called accidentally. If the signal handler is set to SIG_DFL or SIG_IGN, access violation will occur in both cases.
With this patch, in sigwait_common(), check if sigwait_mask == 0 to confirm that sigpacket::process() cleared it. In this case, do not treat WAIT_TIMEOUT, but call cygwait() again to retrieve the signal. Furthermore, sigpacket::process() checks whether timeout occurs in sigwait_common() and if timeout already happens, do not treat the signal as waited. In both cases, to avoid race issues, the code is guarded by cygtls::lock(). Addresses: https://cygwin.com/pipermail/cygwin/2024-November/256762.html Fixes: 24ff42d79aab ("Cygwin: Implement sigtimedwait") Reported-by: Christian Franke <christian.fra...@t-online.de> Reviewed-by: Signed-off-by: Takashi Yano <takashi.y...@nifty.ne.jp> --- winsup/cygwin/exceptions.cc | 5 ++++- winsup/cygwin/signal.cc | 11 +++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/winsup/cygwin/exceptions.cc b/winsup/cygwin/exceptions.cc index 3195d5719..60c1f594f 100644 --- a/winsup/cygwin/exceptions.cc +++ b/winsup/cygwin/exceptions.cc @@ -1527,11 +1527,14 @@ sigpacket::process () if ((HANDLE) *tls) tls->signal_debugger (si); - if (issig_wait) + tls->lock (); + if (issig_wait && tls->sigwait_mask != 0) { tls->sigwait_mask = 0; + tls->unlock (); goto dosig; } + tls->unlock (); if (handler == SIG_IGN) { diff --git a/winsup/cygwin/signal.cc b/winsup/cygwin/signal.cc index 77152910b..74b304606 100644 --- a/winsup/cygwin/signal.cc +++ b/winsup/cygwin/signal.cc @@ -615,6 +615,7 @@ sigwait_common (const sigset_t *set, siginfo_t *info, PLARGE_INTEGER waittime) set_signal_mask (_my_tls.sigwait_mask, *set); sig_dispatch_pending (true); +do_wait: switch (cygwait (NULL, waittime, cw_sig_eintr | cw_cancel | cw_cancel_self)) { @@ -640,6 +641,16 @@ sigwait_common (const sigset_t *set, siginfo_t *info, PLARGE_INTEGER waittime) } break; case WAIT_TIMEOUT: + _my_tls.lock (); + if (_my_tls.sigwait_mask == 0) + { + /* sigpacket::process() already started. */ + waittime = cw_infinite; + _my_tls.unlock (); + goto do_wait; + } + _my_tls.sigwait_mask = 0; + _my_tls.unlock (); set_errno (EAGAIN); break; default: -- 2.45.1
