2 * @brief Run an external filter and capture its output in a std::string.
4 * Copyright (C) 2003,2006,2007,2009,2010,2011,2013,2015 Olly Betts
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
23 #include "runfilter.h"
29 #include <sys/types.h>
30 #include "safeerrno.h"
31 #include "safefcntl.h"
33 #ifdef HAVE_SYS_TIME_H
34 # include <sys/time.h>
36 #ifdef HAVE_SYS_RESOURCE_H
37 # include <sys/resource.h>
39 #include "safesysselect.h"
40 #ifdef HAVE_SYS_SOCKET_H
41 # include <sys/socket.h>
43 #include "safesyswait.h"
44 #include "safeunistd.h"
46 #if defined HAVE_FORK && defined HAVE_SOCKETPAIR
54 # define pclose _pclose
59 #if defined HAVE_FORK && defined HAVE_SOCKETPAIR
60 static pid_t pid_to_kill_on_signal
;
63 static struct sigaction old_hup_handler
;
64 static struct sigaction old_int_handler
;
65 static struct sigaction old_quit_handler
;
66 static struct sigaction old_term_handler
;
71 handle_signal(int signum
)
73 if (pid_to_kill_on_signal
) {
74 kill(pid_to_kill_on_signal
, SIGKILL
);
75 pid_to_kill_on_signal
= 0;
79 sigaction(signum
, &old_hup_handler
, NULL
);
82 sigaction(signum
, &old_int_handler
, NULL
);
85 sigaction(signum
, &old_quit_handler
, NULL
);
88 sigaction(signum
, &old_term_handler
, NULL
);
102 sa
.sa_handler
= handle_signal
;
103 sigemptyset(&sa
.sa_mask
);
106 sigaction(SIGHUP
, &sa
, &old_hup_handler
);
107 sigaction(SIGINT
, &sa
, &old_int_handler
);
108 sigaction(SIGQUIT
, &sa
, &old_quit_handler
);
109 sigaction(SIGTERM
, &sa
, &old_term_handler
);
112 static sighandler_t old_hup_handler
;
113 static sighandler_t old_int_handler
;
114 static sighandler_t old_quit_handler
;
115 static sighandler_t old_term_handler
;
120 handle_signal(int signum
)
122 if (pid_to_kill_on_signal
) {
123 kill(pid_to_kill_on_signal
, SIGKILL
);
124 pid_to_kill_on_signal
= 0;
128 signal(signum
, old_hup_handler
);
131 signal(signum
, old_int_handler
);
134 signal(signum
, old_quit_handler
);
137 signal(signum
, old_term_handler
);
150 old_hup_handler
= signal(SIGHUP
, handle_signal
);
151 old_int_handler
= signal(SIGINT
, handle_signal
);
152 old_quit_handler
= signal(SIGQUIT
, handle_signal
);
153 old_term_handler
= signal(SIGTERM
, handle_signal
);
164 stdout_to_string(const string
&cmd
, bool use_shell
)
167 #if defined HAVE_FORK && defined HAVE_SOCKETPAIR
168 // We want to be able to get the exit status of the child process.
169 signal(SIGCHLD
, SIG_DFL
);
172 if (socketpair(AF_UNIX
, SOCK_STREAM
, PF_UNSPEC
, fds
) < 0)
173 throw ReadError("socketpair failed");
175 pid_t child
= fork();
177 // We're the child process.
180 // Put the child process into its own process group, so that we can
181 // easily kill it and any children it in turn forks if we need to.
183 pid_to_kill_on_signal
= -child
;
185 pid_to_kill_on_signal
= child
;
188 // Close the parent's side of the socket pair.
191 // Connect stdout to our side of the socket pair.
194 #ifdef HAVE_SETRLIMIT
195 // Impose some pretty generous resource limits to prevent run-away
196 // filter programs from causing problems.
198 // Limit CPU time to 300 seconds (5 minutes).
199 struct rlimit cpu_limit
= { 300, RLIM_INFINITY
} ;
200 setrlimit(RLIMIT_CPU
, &cpu_limit
);
202 #if defined RLIMIT_AS || defined RLIMIT_VMEM || defined RLIMIT_DATA
203 // Limit process data to free physical memory.
204 long mem
= get_free_physical_memory();
206 struct rlimit ram_limit
= {
207 static_cast<rlim_t
>(mem
),
211 setrlimit(RLIMIT_AS
, &ram_limit
);
212 #elif defined RLIMIT_VMEM
213 setrlimit(RLIMIT_VMEM
, &ram_limit
);
215 // Only limits the data segment rather than the total address
216 // space, but that's better than nothing.
217 setrlimit(RLIMIT_DATA
, &ram_limit
);
224 execl("/bin/sh", "/bin/sh", "-c", cmd
.c_str(), (void*)NULL
);
229 vector
<const char *> argv
;
232 size_t i
= s
.find_first_not_of(" \t\n", j
);
233 if (i
== string::npos
) break;
239 j
= s
.find('\'', j
+ 1);
241 // Unmatched ' in command string.
242 // dash exits 2 in this case, bash exits 1.
245 // Replace four character sequence '\'' with ' - this is
246 // how a single quote inside single quotes gets escaped.
247 if (s
[j
+ 1] != '\\' ||
254 if (j
+ 1 != s
.size()) {
256 if (ch
!= ' ' && ch
!= '\t' && ch
!= '\n') {
257 // Handle the expansion of e.g.: --input=%f,html
264 j
= s
.find_first_of(" \t\n'", j
+ 1);
265 // Handle the expansion of e.g.: --input=%f
266 if (j
!= s
.npos
&& s
[j
] == '\'') goto single_quoted
;
271 const char * word
= s
.c_str() + i
;
272 argv
.push_back(word
);
274 argv
.push_back(NULL
);
276 execvp(argv
[0], const_cast<char **>(&argv
[0]));
280 // We're the parent process.
282 // Close the child's side of the socket pair.
287 throw ReadError("fork failed");
295 // If we wait 300 seconds (5 minutes) without getting data from the
296 // filter, then give up to avoid waiting forever for a filter which
297 // has ended up blocked waiting for something which will never happen.
301 FD_SET(fd
, &readfds
);
302 int r
= select(fd
+ 1, &readfds
, NULL
, NULL
, &tv
);
305 if (errno
== EINTR
) {
306 // select() interrupted by a signal, so retry.
309 cerr
<< "Reading from filter failed (" << strerror(errno
) << ")"
312 cerr
<< "Filter inactive for too long" << endl
;
315 kill(-child
, SIGKILL
);
317 kill(child
, SIGKILL
);
321 while (waitpid(child
, &status
, 0) < 0 && errno
== EINTR
) { }
322 pid_to_kill_on_signal
= 0;
323 throw ReadError(status
);
327 ssize_t res
= read(fd
, buf
, sizeof(buf
));
330 if (errno
== EINTR
) {
331 // read() interrupted by a signal, so retry.
336 kill(-child
, SIGKILL
);
339 while (waitpid(child
, &status
, 0) < 0 && errno
== EINTR
) { }
340 pid_to_kill_on_signal
= 0;
341 throw ReadError(status
);
343 out
.append(buf
, res
);
348 kill(-child
, SIGKILL
);
351 while (waitpid(child
, &status
, 0) < 0) {
353 throw ReadError("wait pid failed");
355 pid_to_kill_on_signal
= 0;
358 FILE * fh
= popen(cmd
.c_str(), "r");
359 if (fh
== NULL
) throw ReadError("popen failed");
362 size_t len
= fread(buf
, 1, 4096, fh
);
365 throw ReadError("fread failed");
367 out
.append(buf
, len
);
369 int status
= pclose(fh
);
373 if (WIFEXITED(status
) && WEXITSTATUS(status
) == 127) {
374 throw NoSuchFilter();
377 if (WIFSIGNALED(status
) && WTERMSIG(status
) == SIGXCPU
) {
378 cerr
<< "Filter process consumed too much CPU time" << endl
;
381 throw ReadError(status
);