On Sat, Mar 02, 2019 at 11:41:21PM -0700, Theo de Raadt wrote: > We previously decided that the dprintf family is as safe as > snprintf+write, and we are preferring dprintf in various places, > such as signal-safe. > > Can you explain why it not safe here? > > What is different?
vdprintf() calls fflush() which in turn calls FLOCKFILE(), causing a lock recursion in this case. The recursion could happen with signals as well because the spin lock code does not block them.
