Avoid calling gettext() in signal handlers.

tglsfdc · tglsfdc · commit 2131c049d338 · 2022-01-17T13:30:04.000-05:00
It seems highly unlikely that gettext() can be relied on to be async-signal-safe. psql used to understand that, but someone got it wrong long ago in the src/bin/scripts/ version of handle_sigint, and then the bad idea was perpetuated when those two versions were unified into src/fe_utils/cancel.c. I'm unsure why there have not been field complaints about this ... maybe gettext() is signal-safe once it's translated at least one message? But we have no business assuming any such thing. In cancel.c (v13 and up), I preserved our ability to localize "Cancel request sent" messages by invoking gettext() before the signal handler is set up. In earlier branches I just made src/bin/scripts/ not localize those messages, as psql did then. (Just for extra unsafety, the src/bin/scripts/ version was invoking fprintf() from a signal handler. Sigh.) Noted while fixing signal-safety issues in PQcancel() itself. Back-patch to all supported branches. Discussion: https://postgr.es/m/2937814.1641960929@sss.pgh.pa.us
diff --git a/src/fe_utils/cancel.c b/src/fe_utils/cancel.c
@@ -42,6 +42,13 @@
  */
 static PGcancel *volatile cancelConn = NULL;
 
+/*
+ * Predetermined localized error strings --- needed to avoid trying
+ * to call gettext() from a signal handler.
+ */
+static const char *cancel_sent_msg = NULL;
+static const char *cancel_not_sent_msg = NULL;
+
 /*
  * CancelRequested is set when we receive SIGINT (or local equivalent).
  * There is no provision in this module for resetting it; but applications
@@ -158,11 +165,11 @@ handle_sigint(SIGNAL_ARGS)
 	{
 		if (PQcancel(cancelConn, errbuf, sizeof(errbuf)))
 		{
-			write_stderr(_("Cancel request sent\n"));
+			write_stderr(cancel_sent_msg);
 		}
 		else
 		{
-			write_stderr(_("Could not send cancel request: "));
+			write_stderr(cancel_not_sent_msg);
 			write_stderr(errbuf);
 		}
 	}
@@ -179,6 +186,9 @@ void
 setup_cancel_handler(void (*callback) (void))
 {
 	cancel_callback = callback;
+	cancel_sent_msg = _("Cancel request sent\n");
+	cancel_not_sent_msg = _("Could not send cancel request: ");
+
 	pqsignal(SIGINT, handle_sigint);
 }
 
@@ -203,11 +213,11 @@ consoleHandler(DWORD dwCtrlType)
 		{
 			if (PQcancel(cancelConn, errbuf, sizeof(errbuf)))
 			{
-				write_stderr(_("Cancel request sent\n"));
+				write_stderr(cancel_sent_msg);
 			}
 			else
 			{
-				write_stderr(_("Could not send cancel request: "));
+				write_stderr(cancel_not_sent_msg);
 				write_stderr(errbuf);
 			}
 		}
@@ -225,6 +235,8 @@ void
 setup_cancel_handler(void (*callback) (void))
 {
 	cancel_callback = callback;
+	cancel_sent_msg = _("Cancel request sent\n");
+	cancel_not_sent_msg = _("Could not send cancel request: ");
 
 	InitializeCriticalSection(&cancelConnLock);
 

Original file line number	Diff line number	Diff line change
`@@ -42,6 +42,13 @@`
`42`	`42`	`*/`
`43`	`43`	`static PGcancel *volatile cancelConn = NULL;`
`44`	`44`
	`45`	`+/*`
	`46`	`+ * Predetermined localized error strings --- needed to avoid trying`
	`47`	`+ * to call gettext() from a signal handler.`
	`48`	`+ */`
	`49`	`+static const char *cancel_sent_msg = NULL;`
	`50`	`+static const char *cancel_not_sent_msg = NULL;`
	`51`	`+`
`45`	`52`	`/*`
`46`	`53`	`* CancelRequested is set when we receive SIGINT (or local equivalent).`
`47`	`54`	`* There is no provision in this module for resetting it; but applications`
`@@ -158,11 +165,11 @@ handle_sigint(SIGNAL_ARGS)`
`158`	`165`	`{`
`159`	`166`	`if (PQcancel(cancelConn, errbuf, sizeof(errbuf)))`
`160`	`167`	`{`
`161`		`- write_stderr(_("Cancel request sent\n"));`
	`168`	`+ write_stderr(cancel_sent_msg);`
`162`	`169`	`}`
`163`	`170`	`else`
`164`	`171`	`{`
`165`		`- write_stderr(_("Could not send cancel request: "));`
	`172`	`+ write_stderr(cancel_not_sent_msg);`
`166`	`173`	`write_stderr(errbuf);`
`167`	`174`	`}`
`168`	`175`	`}`
`@@ -179,6 +186,9 @@ void`
`179`	`186`	`setup_cancel_handler(void (*callback) (void))`
`180`	`187`	`{`
`181`	`188`	`cancel_callback = callback;`
	`189`	`+ cancel_sent_msg = _("Cancel request sent\n");`
	`190`	`+ cancel_not_sent_msg = _("Could not send cancel request: ");`
	`191`	`+`
`182`	`192`	`pqsignal(SIGINT, handle_sigint);`
`183`	`193`	`}`
`184`	`194`
`@@ -203,11 +213,11 @@ consoleHandler(DWORD dwCtrlType)`
`203`	`213`	`{`
`204`	`214`	`if (PQcancel(cancelConn, errbuf, sizeof(errbuf)))`
`205`	`215`	`{`
`206`		`- write_stderr(_("Cancel request sent\n"));`
	`216`	`+ write_stderr(cancel_sent_msg);`
`207`	`217`	`}`
`208`	`218`	`else`
`209`	`219`	`{`
`210`		`- write_stderr(_("Could not send cancel request: "));`
	`220`	`+ write_stderr(cancel_not_sent_msg);`
`211`	`221`	`write_stderr(errbuf);`
`212`	`222`	`}`
`213`	`223`	`}`
`@@ -225,6 +235,8 @@ void`
`225`	`235`	`setup_cancel_handler(void (*callback) (void))`
`226`	`236`	`{`
`227`	`237`	`cancel_callback = callback;`
	`238`	`+ cancel_sent_msg = _("Cancel request sent\n");`
	`239`	`+ cancel_not_sent_msg = _("Could not send cancel request: ");`
`228`	`240`
`229`	`241`	`InitializeCriticalSection(&cancelConnLock);`
`230`	`242`