Clean up abort.
* A dlmalloc usage error shouldn't call abort(3) because we want to
cause a SIGSEGV by writing the address dlmalloc didn't like to an
address the kernel won't like, so that debuggerd will dump the
memory around the address that upset dlmalloc.
* Switch to the simpler FreeBSD/NetBSD style of registering stdio
cleanup. Hopefully this will let us simplify more of the stdio
implementation.
* Clear the stdio cleanup handler before we abort because of a dlmalloc
corruption error. This fixes the reported bug, where we'd hang inside
dlmalloc because the stdio cleanup reentered dlmalloc.
Bug: 9301265
Change-Id: Ief31b389455d6876e5a68f0f5429567d37277dbc
diff --git a/libc/bionic/abort.cpp b/libc/bionic/abort.cpp
new file mode 100644
index 0000000..6fcdfda
--- /dev/null
+++ b/libc/bionic/abort.cpp
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 1985 Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <signal.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include "atexit.h"
+
+__LIBC_HIDDEN__ void (*__cleanup)();
+
+#ifdef __arm__
+extern "C" __LIBC_HIDDEN__ void __libc_android_abort()
+#else
+void abort()
+#endif
+{
+ // Don't block SIGABRT to give any signal handler a chance; we ignore
+ // any errors -- X311J doesn't allow abort to return anyway.
+ sigset_t mask;
+ sigfillset(&mask);
+ sigdelset(&mask, SIGABRT);
+ sigprocmask(SIG_SETMASK, &mask, NULL);
+
+ // POSIX requires we flush stdio buffers on abort.
+ if (__cleanup) {
+ (*__cleanup)();
+ }
+
+ raise(SIGABRT);
+
+ // If SIGABRT ignored, or caught and the handler returns,
+ // remove the SIGABRT signal handler and raise SIGABRT again.
+ struct sigaction sa;
+ sa.sa_handler = SIG_DFL;
+ sa.sa_flags = SA_RESTART;
+ sigemptyset(&sa.sa_mask);
+ sigaction(SIGABRT, &sa, &sa);
+ sigprocmask(SIG_SETMASK, &mask, NULL);
+ raise(SIGABRT);
+ _exit(1);
+}
diff --git a/libc/bionic/dlmalloc.c b/libc/bionic/dlmalloc.c
index 51c62a7..78f2e1d 100644
--- a/libc/bionic/dlmalloc.c
+++ b/libc/bionic/dlmalloc.c
@@ -28,13 +28,17 @@
// Ugly inclusion of C file so that bionic specific #defines configure dlmalloc.
#include "../upstream-dlmalloc/malloc.c"
+extern void (*__cleanup)();
+
static void __bionic_heap_corruption_error(const char* function) {
- __libc_fatal("@@@ ABORTING: heap corruption detected by %s", function);
+ __cleanup = NULL; // The heap is corrupt. We can forget trying to shut down stdio.
+ __libc_fatal("heap corruption detected by %s", function);
}
static void __bionic_heap_usage_error(const char* function, void* address) {
- __libc_fatal("@@@ ABORTING: invalid address or address of corrupt block %p passed to %s",
+ __libc_fatal_no_abort("invalid address or address of corrupt block %p passed to %s",
address, function);
- // So that we can get a memory dump around the specific address.
+ // So that debuggerd gives us a memory dump around the specific address.
+ // TODO: improve the debuggerd protocol so we can tell it to dump an address when we abort.
*((int**) 0xdeadbaad) = (int*) address;
}
diff --git a/libc/bionic/libc_logging.cpp b/libc/bionic/libc_logging.cpp
index 74e599c..ffc5335 100644
--- a/libc/bionic/libc_logging.cpp
+++ b/libc/bionic/libc_logging.cpp
@@ -488,13 +488,10 @@
__libc_fatal("FORTIFY_SOURCE: %s. Calling abort().", msg);
}
-void __libc_fatal(const char* format, ...) {
+static void __libc_fatal(const char* format, va_list args) {
char msg[1024];
BufferOutputStream os(msg, sizeof(msg));
- va_list args;
- va_start(args, format);
out_vformat(os, format, args);
- va_end(args);
// TODO: log to stderr for the benefit of "adb shell" users.
@@ -502,7 +499,20 @@
__libc_write_log(ANDROID_LOG_FATAL, "libc", msg);
__libc_set_abort_message(msg);
+}
+void __libc_fatal_no_abort(const char* format, ...) {
+ va_list args;
+ va_start(args, format);
+ __libc_fatal(format, args);
+ va_end(args);
+}
+
+void __libc_fatal(const char* format, ...) {
+ va_list args;
+ va_start(args, format);
+ __libc_fatal(format, args);
+ va_end(args);
abort();
}