Make signal handlers async-signal-safe
Signal handlers can be invoked at any time during program execution,
including when global data is in an inconsistent state. Therefore,
signal handlers must not modify global data without the volatile
sig_atomic_t qualifier and must not call functions outside the
async-signal-safe set; invoking a signal handler which breaks these
rules during the execution of an async-signal-unsafe function results in
undefined behavior.
All of our signal handlers currently violate these rules.
The SIGCHLD handler is easy to fix -- remove the unsafe log_msg() call,
which has outlived its usefulness anyway.
We fix the SIGHUP handler by moving the work of rereading the config
file out of signal handler context and into the main loop. In the new
design, the process opens a pipe, the read end of which is polled in the
GLib event loop. The signal handler writes the signal number to the
write end of the pipe, which causes the event loop to dispatch a request
to reread the config file. It's possible to handle other signals using
the same infrastructure by teaching the dispatcher other signals.
projects / browser-switch / commit