unsafe functions from signal handler

I came upon the following code yesterday in a signal handler:

fflush(stderr);
fprintf(stderr, "...%d\n", signal);
fflush(stderr);
/* snip */
exit(-1);

This brought to mind several questions:

1. fprintf is not a safe function, so it is a bad idea to
call it from within a signal handler. However, it strikes
me that the only problem with it is that the writes to stderr
will be interleaved and munged a bit. Is there a more
substantial problem? Also, does it matter if the signal
disposition is set with signal() or with sigaction()? In
either case, I would not call fprintf from the signal handler,
but there seems to be a subtlety that I'm missing. In particular,
if the signal is SIGRTMIN or greater, the signals are reliable,
so it would be safe to make the call; is that correct? I apologize
for rambling a bit, but I think my underlying question is as follows:
the man page for signal lists functions which are safe to call
from a signal handler---is it the case that only those functions should
be called even in a handler for a reliable signal?

2. The fflush calls are totally pointless, as stderr is
unbuffered. Am I missing something here, and am I
being harsh in thinking that the author was clueless? Other
than the fact that they are unsafe functions, they don't seem
to cause any problems. How bad is this ? Also, I should
mention that the disposition is reset to default by sigaction, and the
signals
being caught all have abort as there default action, so it seems
that the only real problem is that the code is somewhat silly. Again,
apologies for the rambling, but it seems that the only error here is
one of bad form. Is there a substantial problem with this code? It's
just exiting, so no harm done, right? Is there potentially a
substantial problem with this code?

.

Relevant Pages

  • Re: memmove crash
    ... arrays pointed to by the two pointers, and compare the number of characters to be moved with those sizes. ... all kinds of stuff that has to be done when that signal handler is called, so I'd have to go through it all and make sure none of it calls any libc functions that are going to do a malloc, and it's not like it's easy to tell which ones do and which ones don't. ... Even if that option did guarantee that the C99 standard were strictly followed, that does not mean that every compiler out there supports C99 yet. ... discovered sigaction the other day, which is much nicer than signal in that it lets you do the automatic re-registration of handlers, whereas signal does not, and it lets you mask other signals while in the handler. ...
    (alt.lang.asm)
  • Re: memmove crash
    ... library functions, do not get invalid arguments, thus invoking undefined behavior. ... all kinds of stuff that has to be done when that signal handler is called, so I'd have to go through it all and make sure none of it calls any libc functions that are going to do a malloc, and it's not like it's easy to tell which ones do and which ones don't. ... Now if something that compiles with "-ansi" just fine on my Linux system doesn't compile on yours, then I think I definately want to go back to assembly language. ... those automatically re-registering signals are nice. ...
    (alt.lang.asm)
  • Gl1bC L1nuxThreadz ADV1SORY, was Re: [Full-Disclosure] bombings in bali
    ... int sigaction(int sig, const struct sigaction * act, ... struct sigaction newact; ... /* Record that we're in a signal handler and call the user's ... just mask off all signals for signal handling, ...
    (Full-Disclosure)
  • RE: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server
    ... Well, a signal handler *is* a way of changing the instruction pointer, so it ... - You have a vulnerability which lets you execute an arbitrary sigaction ... simply messing with the signal handlers for fatal signals so it can't clean ... Note that with sigaction, ...
    (Vuln-Dev)
  • Re: malloc crash solaris 2.6 - signal handler
    ... > application a signal handler?) ... I fixed a bug in this many years ago; signals in Xview get written to ... effect of the libc internal mutex used to protect malloc state. ... fix Xview which had an inherent race in the signal handling code since ...
    (comp.unix.solaris)