diff options
| author | Werner Koch <wk@gnupg.org> | 2019-01-04 13:13:53 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2019-01-04 13:13:53 +0100 |
| commit | 933bfd7b652a907c0d8dd5337c6b5b9cb82ce7b7 (patch) | |
| tree | 2c3d78726642c6ccad34296082d5c85e3189a51c /src/estream-printf.c | |
| parent | 12349de46d241cfbadbdf99773d6cabfcbc97578 (diff) | |
| download | libgpg-error-933bfd7b652a907c0d8dd5337c6b5b9cb82ce7b7.tar.gz | |
core: New functions gpgrt_abort and gpgrt_add_emergency_cleanup.
* src/init.c (emergency_cleanup_list): New gloabl var.
(_gpgrt_add_emergency_cleanup): New.
(_gpgrt_abort): New. Repalce all calls to abort by this. Also replace
all assert by either log_assert or a stderr output followed by a
_gpgrt_abort.
(run_emergency_cleanup): New.
* src/visibility.c (gpgrt_add_emergency_cleanup): New public API.
(gpgrt_abort): New public API.
--
Libgcrypt uses its own assert function which makes sure to terminate
the secure memory. This is safe as log as an assert is triggered
internally in Libgcrypt. GnuPG runs emergency cleanup handlers right
before log_fatal etc to tell Libgcrypt to terminate the secure memory.
With the move of the logging function to gpgrt in gnupg 2.3 this did
not anymore. Thus we now provide a mechanism in gpgrt to do right
that. Eventually Libgcrypt can also make use of this.
What this does not handle are calls to abort or failed asserts in
external libraries or in libc. We can't do anything about it in a
library because a library may not setup signal handlers.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'src/estream-printf.c')
| -rw-r--r-- | src/estream-printf.c | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/src/estream-printf.c b/src/estream-printf.c index 2171409..bce6147 100644 --- a/src/estream-printf.c +++ b/src/estream-printf.c @@ -89,7 +89,6 @@ #include <stdarg.h> #include <errno.h> #include <stddef.h> -#include <assert.h> #if defined(HAVE_INTMAX_T) || defined(HAVE_UINTMAX_T) # ifdef HAVE_STDINT_H # include <stdint.h> @@ -1405,13 +1404,13 @@ do_format (estream_printf_out_t outfnc, void *outfncarg, s += arg->length; format = s; - assert (argidx < argspecs_len); + gpgrt_assert (argidx < argspecs_len); argidx++; /* Apply indirect field width and precision values. */ if (arg->width == STAR_FIELD_VALUE) { - assert (valuetable[arg->width_pos-1].vt == VALTYPE_INT); + gpgrt_assert (valuetable[arg->width_pos-1].vt == VALTYPE_INT); arg->width = valuetable[arg->width_pos-1].value.a_int; if (arg->width < 0) { @@ -1421,7 +1420,7 @@ do_format (estream_printf_out_t outfnc, void *outfncarg, } if (arg->precision == STAR_FIELD_VALUE) { - assert (valuetable[arg->precision_pos-1].vt == VALTYPE_INT); + gpgrt_assert (valuetable[arg->precision_pos-1].vt == VALTYPE_INT); arg->precision = valuetable[arg->precision_pos-1].value.a_int; if (arg->precision < 0) arg->precision = NO_FIELD_VALUE; @@ -1431,13 +1430,13 @@ do_format (estream_printf_out_t outfnc, void *outfncarg, value.a_string = strerror (myerrno); else { - assert (arg->vt == valuetable[arg->arg_pos-1].vt); + gpgrt_assert (arg->vt == valuetable[arg->arg_pos-1].vt); value = valuetable[arg->arg_pos-1].value; } switch (arg->conspec) { - case CONSPEC_UNKNOWN: assert (!"bug"); break; + case CONSPEC_UNKNOWN: gpgrt_assert (!"bug"); break; case CONSPEC_DECIMAL: case CONSPEC_UNSIGNED: @@ -1864,7 +1863,7 @@ _gpgrt_estream_vasprintf (char **bufp, const char *format, va_list arg_ptr) *bufp = NULL; return -1; } - assert (parm.used); /* We have at least the terminating Nul. */ + gpgrt_assert (parm.used); /* We have at least the terminating Nul. */ *bufp = parm.buffer; return parm.used - 1; /* Do not include that Nul. */ } |