Convert libpgport's pqsignal() to a void function.

nathan-bossart · nathan-bossart · commit d4a43b283751 · 2025-01-16T16:41:05.000-06:00
The protections added by commit 3b00fdb introduced race conditions to this function that can lead to bogus return values. Since nobody seems to inspect the return value, this is of little consequence, but it would have been nice to convert it to a void function to avoid any possibility of a bogus return value. I originally thought that doing so would have required also modifying legacy-pqsignal.c's version of the function (which would've required an SONAME bump), but commit 9a45a89 gave legacy-pqsignal.c its own dedicated extern for pqsignal(), thereby decoupling it enough that libpgport's pqsignal() can be modified. This commit also adds an assertion for the return value of sigaction()/signal(). Since a failure most likely indicates a coding error, and nobody has ever bothered to check pqsignal()'s return value, it's probably not worth the effort to do anything fancier. Reviewed-by: Tom Lane Discussion: https://postgr.es/m/Z4chOKfnthRH71mw%40nathan
diff --git a/src/include/port.h b/src/include/port.h
@@ -520,7 +520,7 @@ extern int	pg_mkdir_p(char *path, int omode);
 #define pqsignal pqsignal_be
 #endif
 typedef void (*pqsigfunc) (SIGNAL_ARGS);
-extern pqsigfunc pqsignal(int signo, pqsigfunc func);
+extern void pqsignal(int signo, pqsigfunc func);
 
 /* port/quotes.c */
 extern char *escape_single_quotes_ascii(const char *src);
diff --git a/src/port/pqsignal.c b/src/port/pqsignal.c
@@ -112,31 +112,15 @@ wrapper_handler(SIGNAL_ARGS)
 /*
  * Set up a signal handler, with SA_RESTART, for signal "signo"
  *
- * Returns the previous handler.
- *
- * NB: If called within a signal handler, race conditions may lead to bogus
- * return values.  You should either avoid calling this within signal handlers
- * or ignore the return value.
- *
- * XXX: Since no in-tree callers use the return value, and there is little
- * reason to do so, it would be nice if we could convert this to a void
- * function instead of providing potentially-bogus return values.
- * Unfortunately, that requires modifying the pqsignal() in legacy-pqsignal.c,
- * which in turn requires an SONAME bump, which is probably not worth it.
- *
  * Note: the actual name of this function is either pqsignal_fe when
  * compiled with -DFRONTEND, or pqsignal_be when compiled without that.
  * This is to avoid a name collision with libpq's legacy-pqsignal.c.
  */
-pqsigfunc
+void
 pqsignal(int signo, pqsigfunc func)
 {
-	pqsigfunc	orig_func = pqsignal_handlers[signo];	/* assumed atomic */
 #if !(defined(WIN32) && defined(FRONTEND))
-	struct sigaction act,
-				oact;
-#else
-	pqsigfunc	ret;
+	struct sigaction act;
 #endif
 
 	Assert(signo < PG_NSIG);
@@ -155,17 +139,11 @@ pqsignal(int signo, pqsigfunc func)
 	if (signo == SIGCHLD)
 		act.sa_flags |= SA_NOCLDSTOP;
 #endif
-	if (sigaction(signo, &act, &oact) < 0)
-		return SIG_ERR;
-	else if (oact.sa_handler == wrapper_handler)
-		return orig_func;
-	else
-		return oact.sa_handler;
+	if (sigaction(signo, &act, NULL) < 0)
+		Assert(false);			/* probably indicates coding error */
 #else
 	/* Forward to Windows native signal system. */
-	if ((ret = signal(signo, func)) == wrapper_handler)
-		return orig_func;
-	else
-		return ret;
+	if (signal(signo, func) == SIG_ERR)
+		Assert(false);			/* probably indicates coding error */
 #endif
 }
