On Sat, 2 Mar 2019, Visa Hankala wrote: > On Sat, Mar 02, 2019 at 11:41:21PM -0700, Theo de Raadt wrote: > > We previously decided that the dprintf family is as safe as > > snprintf+write, and we are preferring dprintf in various places, > > such as signal-safe. > > > > Can you explain why it not safe here? > > > > What is different? > > vdprintf() calls fflush() which in turn calls FLOCKFILE(), > causing a lock recursion in this case. The recursion could happen > with signals as well because the spin lock code does not block them.
The internal FILEs used in many places in stdio (vdprintf(), asprintf(), snprintf(), both __sbprintf(), etc) don't require locking, but we have no way to indicate that currently. If we added a flag to say "skip all locking" then we could fix all these cases...and maybe also add support for __fsetlocking(3), originally from Solaris and now in glibc... Philip
