Skip to content

Commit

Permalink
Fix signal race in iread. (#280)
Browse files Browse the repository at this point in the history 
The _setjmp call may be half-through with its operation when it is
interrupted by _longjmp. This can happen if iread() reaches line
172 which calls getchr, which in itself can call iread() again.

Effectively, it means that "reading" is already 1 when SET_JUMP is
called. A badly timed SIGINT could therefore mix up register states
and stack pointers of two different situations.

It can be reliably reproduced by using tmux and entering
":send-keys F C-x" to quickly send F and CTRL+x to less.

My tests on Linux/amd64 did not reveal a way to crash less or do
worse stuff, but let's be safe than sorry.

The fix is quite simple: Do not call SET_JUMP from within nested
iread calls. If reading is already 1, keep the read_label as it is.
  • Loading branch information
@stoeckmann
stoeckmann committed Sep 18, 2022
1 parent b00be18 commit 254a767
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion os.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ iread(fd, buf, len)
}
#endif
#endif
if (SET_JUMP(read_label))
if (!reading && SET_JUMP(read_label))
{
/*
* We jumped here from intread.
Expand Down

0 comments on commit 254a767

Please sign in to comment.