Walter said:
Ah? Even if you caught a SIGSEGV?
Let's examine for a moment how one can come across a SIGSEGV:
1. Through undefined behavior leading to "an invalid access
to storage" (C99 7.14#3), although such conditions are not
required to be detected (C99 7.14#4).
2. As a result of calling raise (or other POSIX or system-
specific functions, e.g. kill).
If your program goes the way of #1, then internal C library memory
allocation structures may be corrupted or inconsistent. This is often
seen when overflowing a malloc-ed buffer or freeing a non-allocated or
invalid buffer location (including double frees). It should be obvious
why one should not allocate or free memory within a SIGSEGV handler.
The C standard is clear enough regarding what is allowed from a SIGSEGV
handler:
7.14 [...]
[#5] If the signal occurs other than as the result of
calling the abort or raise function, the behavior is
undefined if the signal handler refers to any object with
static storage duration other than by assigning a value to
an object declared as volatile sig_atomic_t, or the signal
handler calls any function in the standard library other
than the abort function or the signal function with the
first argument equal to the signal number corresponding to
the signal that caused the invocation of the handler.
[...]
But it's the undefined behavior that's the underlying problem. Some
implementations may be able to report certain undefined behavior via
SIGSEGV, and some may not. The best way to avoid having to worry about
it is to write correct, robust programs that do not invoke undefined
behavior.
Users of POSIX-compliant systems may be able to differentiate #1 from
#2 via the si_code member of siginfo_t.
Mark F. Haigh
(e-mail address removed)