Move __cleanup into mprotect'ed page to prevent unintentional modifications

similar to the atexit handlers. Idea and help deraadt@, ok deraadt@
author: dhartmei <> 2002-09-14 22:03:14 +0000
committer: dhartmei <> 2002-09-14 22:03:14 +0000
commit: 99933708b28d8f1a889e6109eb237499bf59eba2 (patch)
tree: 95adbcf0e9cc0d976e8e7b18bd1836b0faa0ecbf /src
parent: 3a3a489a756f2852d798376f20cc0d4ab609c866 (diff)
download: openbsd-99933708b28d8f1a889e6109eb237499bf59eba2.tar.gz
openbsd-99933708b28d8f1a889e6109eb237499bf59eba2.tar.bz2
openbsd-99933708b28d8f1a889e6109eb237499bf59eba2.zip
5 files changed, 90 insertions, 27 deletions
diff --git a/src/lib/libc/stdlib/abort.c b/src/lib/libc/stdlib/abort.c
index 41a9f0f48b..7057f9b1ad 100644
--- a/src/lib/libc/stdlib/abort.c
+++ b/src/lib/libc/stdlib/abort.c
@@ -32,19 +32,19 @@
 */
 #if defined(LIBC_SCCS) && !defined(lint)
-static char *rcsid = "$OpenBSD: abort.c,v 1.7 2001/08/12 12:03:01 heko Exp $";
+static char *rcsid = "$OpenBSD: abort.c,v 1.8 2002/09/14 22:03:14 dhartmei Exp $";
 #endif /* LIBC_SCCS and not lint */
 #include <signal.h>
 #include <stdlib.h>
 #include <unistd.h>
 #include "thread_private.h"
+#include "atexit.h"
-void (*__cleanup)();
 void
 abort()
 {
+        struct atexit *p = __atexit;
        static int cleanup_called = 0;
        sigset_t mask;
@@ -64,9 +64,13 @@ abort()
        /*
         * POSIX requires we flush stdio buffers on abort
         */
-        if (cleanup_called == 0 && __cleanup != NULL) {
+        if (cleanup_called == 0) {
-                cleanup_called = 1;
+                while (p != NULL && p->next != NULL)
-                (*__cleanup)();
+                        p = p->next;
+                if (p != NULL && p->fns[0] != NULL) {
+                        cleanup_called = 1;
+                        (*p->fns[0])();
+                }
        }
        (void)kill(getpid(), SIGABRT);
diff --git a/src/lib/libc/stdlib/atexit.c b/src/lib/libc/stdlib/atexit.c
index da5a0ddda0..98564d0dd3 100644
--- a/src/lib/libc/stdlib/atexit.c
+++ b/src/lib/libc/stdlib/atexit.c
@@ -29,7 +29,7 @@
 */
 #if defined(LIBC_SCCS) && !defined(lint)
-static char *rcsid = "$OpenBSD: atexit.c,v 1.6 2002/09/06 22:48:34 henning Exp $";
+static char *rcsid = "$OpenBSD: atexit.c,v 1.7 2002/09/14 22:03:14 dhartmei Exp $";
 #endif /* LIBC_SCCS and not lint */
 #include <sys/types.h>
@@ -42,6 +42,20 @@ int __atexit_invalid = 1;
 struct atexit *__atexit;
 /*
+ * Function pointers are stored in a linked list of pages. The list
+ * is initially empty, and pages are allocated on demand. The first
+ * function pointer in the first allocated page (the last one in
+ * the linked list) is reserved for the cleanup function.
+ *
+ * Outside the following two functions, all pages are mprotect()'ed
+ * to prevent unintentional/malicious corruption.
+ *
+ * The free(malloc(1)) is a workaround causing malloc_init() to
+ * ensure that malloc.c gets the first mmap() call for its sbrk()
+ * games.
+ */
+/*
 * Register a function to be performed at exit.
 */
 int
@@ -61,9 +75,6 @@ atexit(fn)
        }
        if (p == NULL) {
                if (__atexit_invalid) {
-                        /* malloc.c wants the first mmap() for sbrk()
-                           games ('nice hack'), so enforce
-                           malloc_init() with a dummy call.  */
                        free(malloc(1));
                        __atexit_invalid = 0;
                }
@@ -71,7 +82,11 @@ atexit(fn)
                    MAP_ANON | MAP_PRIVATE, -1, 0);
                if (p == MAP_FAILED)
                        return (-1);
-                p->ind = 0;
+                if (__atexit == NULL) {
+                        p->fns[0] = NULL;
+                        p->ind = 1;
+                } else
+                        p->ind = 0;
                p->max = (pgsize - ((char *)&p->fns[0] - (char *)p)) /
                    sizeof(p->fns[0]);
                p->next = __atexit;
@@ -82,3 +97,39 @@ atexit(fn)
                return (-1);
        return (0);
 }
+/*
+ * Register the cleanup function
+ */
+void
+__atexit_register_cleanup(fn)
+        void (*fn)();
+{
+        register struct atexit *p = __atexit;
+        register int pgsize = getpagesize();
+        if (pgsize < sizeof(*p))
+                return;
+        while (p != NULL && p->next != NULL)
+                p = p->next;
+        if (p == NULL) {
+                if (__atexit_invalid) {
+                        free(malloc(1));
+                        __atexit_invalid = 0;
+                }
+                p = mmap(NULL, pgsize, PROT_READ | PROT_WRITE,
+                    MAP_ANON | MAP_PRIVATE, -1, 0);
+                if (p == MAP_FAILED)
+                        return;
+                p->ind = 1;
+                p->max = (pgsize - ((char *)&p->fns[0] - (char *)p)) /
+                    sizeof(p->fns[0]);
+                p->next = NULL;
+                __atexit = p;
+        } else {
+                if (mprotect(p, pgsize, PROT_READ | PROT_WRITE))
+                    return;
+        }
+        p->fns[0] = fn;
+        mprotect(p, pgsize, PROT_READ);
+}
diff --git a/src/lib/libc/stdlib/exit.c b/src/lib/libc/stdlib/exit.c
index c69639125e..e22bd5178e 100644
--- a/src/lib/libc/stdlib/exit.c
+++ b/src/lib/libc/stdlib/exit.c
@@ -32,7 +32,7 @@
 */
 #if defined(LIBC_SCCS) && !defined(lint)
-static char *rcsid = "$OpenBSD: exit.c,v 1.7 2002/08/30 07:58:07 dhartmei Exp $";
+static char *rcsid = "$OpenBSD: exit.c,v 1.8 2002/09/14 22:03:14 dhartmei Exp $";
 #endif /* LIBC_SCCS and not lint */
 #include <sys/types.h>
@@ -42,8 +42,6 @@ static char *rcsid = "$OpenBSD: exit.c,v 1.7 2002/08/30 07:58:07 dhartmei Exp $"
 #include "atexit.h"
 #include "thread_private.h"
-void (*__cleanup)();
 /*
 * This variable is zero until a process has created a thread.
 * It is used to avoid calling locking functions in libc when they
@@ -67,13 +65,13 @@ exit(status)
                p = __atexit;
                while (p != NULL) {
                        for (n = p->ind; --n >= 0;)
-                                (*p->fns[n])();
+                                if (p->fns[n] != NULL)
+                                        (*p->fns[n])();
                        q = p;
                        p = p->next;
                        munmap(q, pgsize);
                }
        }
-        if (__cleanup)
+        /* cleanup, if registered, was called through fns[0] in the last page */
-                (*__cleanup)();
        _exit(status);
 }
diff --git a/src/regress/lib/libc/atexit/Makefile b/src/regress/lib/libc/atexit/Makefile
index 89625e2a7b..55c3f3981e 100644
--- a/src/regress/lib/libc/atexit/Makefile
+++ b/src/regress/lib/libc/atexit/Makefile
@@ -1,4 +1,4 @@
-#       $OpenBSD: Makefile,v 1.2 2002/09/02 19:59:51 avsm Exp $
+#       $OpenBSD: Makefile,v 1.3 2002/09/14 22:03:14 dhartmei Exp $
 NOMAN=
 PROG=atexit_test
@@ -6,7 +6,9 @@ PROG=atexit_test
 run-regress-atexit_test: ${PROG}
        ./${PROG} -valid 2>${.OBJDIR}/valid.out
        cmp -s ${.OBJDIR}/valid.out ${.CURDIR}/valid.ok
-        ./${PROG} -invalid 2>${.OBJDIR}/invalid.out
+        ./${PROG} -invalid-atexit 2>${.OBJDIR}/invalid.out
+        cmp -s ${.OBJDIR}/invalid.out ${.CURDIR}/invalid.ok
+        ./${PROG} -invalid-cleanup 2>${.OBJDIR}/invalid.out
        cmp -s ${.OBJDIR}/invalid.out ${.CURDIR}/invalid.ok
 .include <bsd.regress.mk>
diff --git a/src/regress/lib/libc/atexit/atexit_test.c b/src/regress/lib/libc/atexit/atexit_test.c
index fcfe95cb02..fea95832ab 100644
--- a/src/regress/lib/libc/atexit/atexit_test.c
+++ b/src/regress/lib/libc/atexit/atexit_test.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: atexit_test.c,v 1.1 2002/07/29 19:51:41 dhartmei Exp $ */
+/*      $OpenBSD: atexit_test.c,v 1.2 2002/09/14 22:03:14 dhartmei Exp $ */
 /*
 * Copyright (c) 2002 Daniel Hartmeier
@@ -39,9 +39,6 @@
 #include <signal.h>
 #include "/usr/src/lib/libc/stdlib/atexit.h"
-extern struct atexit *__atexit;
-extern void (*__cleanup)();
 void    handle_first();
 void    handle_middle();
 void    handle_last();
@@ -57,8 +54,10 @@ main(int argc, char *argv[])
        int i;
        if (argc != 2 || (strcmp(argv[1], "-valid") &&
-            strcmp(argv[1], "-invalid"))) {
+            strcmp(argv[1], "-invalid-atexit") &&
-                fprintf(stderr, "%s -valid/-invalid\n", argv[0]);
+            strcmp(argv[1], "-invalid-cleanup"))) {
+                fprintf(stderr, "%s -valid/-invalid-atexit/-invalid-cleanup\n",
+                    argv[0]);
                return (1);
        }
        fprintf(stderr, "main()\n");
@@ -77,11 +76,20 @@ main(int argc, char *argv[])
                return (1);
        }
        /* this is supposed to segfault */
-        if (strcmp(argv[1], "-valid")) {
+        if (!strcmp(argv[1], "-invalid-atexit")) {
                signal(SIGSEGV, handle_signal);
                __atexit->fns[0] = handle_invalid;
+        } else if (!strcmp(argv[1], "-invalid-cleanup")) {
+                struct atexit *p = __atexit;
+                signal(SIGSEGV, handle_signal);
+                while (p != NULL && p->next != NULL)
+                        p = p->next;
+                if (p == NULL)
+                        fprintf(stderr, "p == NULL, no page found\n");
+                p->fns[0] = handle_invalid;
        }
-        __cleanup = handle_cleanup;
+        __atexit_register_cleanup(handle_cleanup);
        counter = 0;
        fprintf(stderr, "main() returns\n");
        return (0);
author	dhartmei <>	2002-09-14 22:03:14 +0000
committer	dhartmei <>	2002-09-14 22:03:14 +0000
commit	99933708b28d8f1a889e6109eb237499bf59eba2 (patch)
tree	95adbcf0e9cc0d976e8e7b18bd1836b0faa0ecbf /src
parent	3a3a489a756f2852d798376f20cc0d4ab609c866 (diff)
download	openbsd-99933708b28d8f1a889e6109eb237499bf59eba2.tar.gz openbsd-99933708b28d8f1a889e6109eb237499bf59eba2.tar.bz2 openbsd-99933708b28d8f1a889e6109eb237499bf59eba2.zip

diff --git a/src/lib/libc/stdlib/abort.c b/src/lib/libc/stdlib/abort.c index 41a9f0f48b..7057f9b1ad 100644 --- a/src/lib/libc/stdlib/abort.c +++ b/src/lib/libc/stdlib/abort.c
@@ -32,19 +32,19 @@
32	*/	32	*/
33		33
34	#if defined(LIBC_SCCS) && !defined(lint)	34	#if defined(LIBC_SCCS) && !defined(lint)
35	static char *rcsid = "$OpenBSD: abort.c,v 1.7 2001/08/12 12:03:01 heko Exp $";	35	static char *rcsid = "$OpenBSD: abort.c,v 1.8 2002/09/14 22:03:14 dhartmei Exp $";
36	#endif /* LIBC_SCCS and not lint */	36	#endif /* LIBC_SCCS and not lint */
37		37
38	#include <signal.h>	38	#include <signal.h>
39	#include <stdlib.h>	39	#include <stdlib.h>
40	#include <unistd.h>	40	#include <unistd.h>
41	#include "thread_private.h"	41	#include "thread_private.h"
42		42	#include "atexit.h"
43	void (*__cleanup)();
44		43
45	void	44	void
46	abort()	45	abort()
47	{	46	{
		47	struct atexit *p = __atexit;
48	static int cleanup_called = 0;	48	static int cleanup_called = 0;
49	sigset_t mask;	49	sigset_t mask;
50		50
@@ -64,9 +64,13 @@ abort()
64	/*	64	/*
65	* POSIX requires we flush stdio buffers on abort	65	* POSIX requires we flush stdio buffers on abort
66	*/	66	*/
67	if (cleanup_called == 0 && __cleanup != NULL) {	67	if (cleanup_called == 0) {
68	cleanup_called = 1;	68	while (p != NULL && p->next != NULL)
69	(*__cleanup)();	69	p = p->next;
		70	if (p != NULL && p->fns[0] != NULL) {
		71	cleanup_called = 1;
		72	(*p->fns[0])();
		73	}
70	}	74	}
71		75
72	(void)kill(getpid(), SIGABRT);	76	(void)kill(getpid(), SIGABRT);


diff --git a/src/lib/libc/stdlib/atexit.c b/src/lib/libc/stdlib/atexit.c index da5a0ddda0..98564d0dd3 100644 --- a/src/lib/libc/stdlib/atexit.c +++ b/src/lib/libc/stdlib/atexit.c
@@ -29,7 +29,7 @@
29	*/	29	*/
30		30
31	#if defined(LIBC_SCCS) && !defined(lint)	31	#if defined(LIBC_SCCS) && !defined(lint)
32	static char *rcsid = "$OpenBSD: atexit.c,v 1.6 2002/09/06 22:48:34 henning Exp $";	32	static char *rcsid = "$OpenBSD: atexit.c,v 1.7 2002/09/14 22:03:14 dhartmei Exp $";
33	#endif /* LIBC_SCCS and not lint */	33	#endif /* LIBC_SCCS and not lint */
34		34
35	#include <sys/types.h>	35	#include <sys/types.h>
@@ -42,6 +42,20 @@ int __atexit_invalid = 1;
42	struct atexit *__atexit;	42	struct atexit *__atexit;
43		43
44	/*	44	/*
		45	* Function pointers are stored in a linked list of pages. The list
		46	* is initially empty, and pages are allocated on demand. The first
		47	* function pointer in the first allocated page (the last one in
		48	* the linked list) is reserved for the cleanup function.
		49	*
		50	* Outside the following two functions, all pages are mprotect()'ed
		51	* to prevent unintentional/malicious corruption.
		52	*
		53	* The free(malloc(1)) is a workaround causing malloc_init() to
		54	* ensure that malloc.c gets the first mmap() call for its sbrk()
		55	* games.
		56	*/
		57
		58	/*
45	* Register a function to be performed at exit.	59	* Register a function to be performed at exit.
46	*/	60	*/
47	int	61	int
@@ -61,9 +75,6 @@ atexit(fn)
61	}	75	}
62	if (p == NULL) {	76	if (p == NULL) {
63	if (__atexit_invalid) {	77	if (__atexit_invalid) {
64	/* malloc.c wants the first mmap() for sbrk()
65	games ('nice hack'), so enforce
66	malloc_init() with a dummy call. */
67	free(malloc(1));	78	free(malloc(1));
68	__atexit_invalid = 0;	79	__atexit_invalid = 0;
69	}	80	}
@@ -71,7 +82,11 @@ atexit(fn)
71	MAP_ANON \| MAP_PRIVATE, -1, 0);	82	MAP_ANON \| MAP_PRIVATE, -1, 0);
72	if (p == MAP_FAILED)	83	if (p == MAP_FAILED)
73	return (-1);	84	return (-1);
74	p->ind = 0;	85	if (__atexit == NULL) {
		86	p->fns[0] = NULL;
		87	p->ind = 1;
		88	} else
		89	p->ind = 0;
75	p->max = (pgsize - ((char )&p->fns[0] - (char )p)) /	90	p->max = (pgsize - ((char )&p->fns[0] - (char )p)) /
76	sizeof(p->fns[0]);	91	sizeof(p->fns[0]);
77	p->next = __atexit;	92	p->next = __atexit;
@@ -82,3 +97,39 @@ atexit(fn)
82	return (-1);	97	return (-1);
83	return (0);	98	return (0);
84	}	99	}
		100
		101	/*
		102	* Register the cleanup function
		103	*/
		104	void
		105	__atexit_register_cleanup(fn)
		106	void (*fn)();
		107	{
		108	register struct atexit *p = __atexit;
		109	register int pgsize = getpagesize();
		110
		111	if (pgsize < sizeof(*p))
		112	return;
		113	while (p != NULL && p->next != NULL)
		114	p = p->next;
		115	if (p == NULL) {
		116	if (__atexit_invalid) {
		117	free(malloc(1));
		118	__atexit_invalid = 0;
		119	}
		120	p = mmap(NULL, pgsize, PROT_READ \| PROT_WRITE,
		121	MAP_ANON \| MAP_PRIVATE, -1, 0);
		122	if (p == MAP_FAILED)
		123	return;
		124	p->ind = 1;
		125	p->max = (pgsize - ((char )&p->fns[0] - (char )p)) /
		126	sizeof(p->fns[0]);
		127	p->next = NULL;
		128	__atexit = p;
		129	} else {
		130	if (mprotect(p, pgsize, PROT_READ \| PROT_WRITE))
		131	return;
		132	}
		133	p->fns[0] = fn;
		134	mprotect(p, pgsize, PROT_READ);
		135	}


diff --git a/src/lib/libc/stdlib/exit.c b/src/lib/libc/stdlib/exit.c index c69639125e..e22bd5178e 100644 --- a/src/lib/libc/stdlib/exit.c +++ b/src/lib/libc/stdlib/exit.c
@@ -32,7 +32,7 @@
32	*/	32	*/
33		33
34	#if defined(LIBC_SCCS) && !defined(lint)	34	#if defined(LIBC_SCCS) && !defined(lint)
35	static char *rcsid = "$OpenBSD: exit.c,v 1.7 2002/08/30 07:58:07 dhartmei Exp $";	35	static char *rcsid = "$OpenBSD: exit.c,v 1.8 2002/09/14 22:03:14 dhartmei Exp $";
36	#endif /* LIBC_SCCS and not lint */	36	#endif /* LIBC_SCCS and not lint */
37		37
38	#include <sys/types.h>	38	#include <sys/types.h>
@@ -42,8 +42,6 @@ static char *rcsid = "$OpenBSD: exit.c,v 1.7 2002/08/30 07:58:07 dhartmei Exp $"
42	#include "atexit.h"	42	#include "atexit.h"
43	#include "thread_private.h"	43	#include "thread_private.h"
44		44
45	void (*__cleanup)();
46
47	/*	45	/*
48	* This variable is zero until a process has created a thread.	46	* This variable is zero until a process has created a thread.
49	* It is used to avoid calling locking functions in libc when they	47	* It is used to avoid calling locking functions in libc when they
@@ -67,13 +65,13 @@ exit(status)
67	p = __atexit;	65	p = __atexit;
68	while (p != NULL) {	66	while (p != NULL) {
69	for (n = p->ind; --n >= 0;)	67	for (n = p->ind; --n >= 0;)
70	(*p->fns[n])();	68	if (p->fns[n] != NULL)
		69	(*p->fns[n])();
71	q = p;	70	q = p;
72	p = p->next;	71	p = p->next;
73	munmap(q, pgsize);	72	munmap(q, pgsize);
74	}	73	}
75	}	74	}
76	if (__cleanup)	75	/* cleanup, if registered, was called through fns[0] in the last page */
77	(*__cleanup)();
78	_exit(status);	76	_exit(status);
79	}	77	}


diff --git a/src/regress/lib/libc/atexit/Makefile b/src/regress/lib/libc/atexit/Makefile index 89625e2a7b..55c3f3981e 100644 --- a/src/regress/lib/libc/atexit/Makefile +++ b/src/regress/lib/libc/atexit/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.2 2002/09/02 19:59:51 avsm Exp $	1	# $OpenBSD: Makefile,v 1.3 2002/09/14 22:03:14 dhartmei Exp $
2		2
3	NOMAN=	3	NOMAN=
4	PROG=atexit_test	4	PROG=atexit_test
@@ -6,7 +6,9 @@ PROG=atexit_test
6	run-regress-atexit_test: ${PROG}	6	run-regress-atexit_test: ${PROG}
7	./${PROG} -valid 2>${.OBJDIR}/valid.out	7	./${PROG} -valid 2>${.OBJDIR}/valid.out
8	cmp -s ${.OBJDIR}/valid.out ${.CURDIR}/valid.ok	8	cmp -s ${.OBJDIR}/valid.out ${.CURDIR}/valid.ok
9	./${PROG} -invalid 2>${.OBJDIR}/invalid.out	9	./${PROG} -invalid-atexit 2>${.OBJDIR}/invalid.out
		10	cmp -s ${.OBJDIR}/invalid.out ${.CURDIR}/invalid.ok
		11	./${PROG} -invalid-cleanup 2>${.OBJDIR}/invalid.out
10	cmp -s ${.OBJDIR}/invalid.out ${.CURDIR}/invalid.ok	12	cmp -s ${.OBJDIR}/invalid.out ${.CURDIR}/invalid.ok
11		13
12	.include <bsd.regress.mk>	14	.include <bsd.regress.mk>


diff --git a/src/regress/lib/libc/atexit/atexit_test.c b/src/regress/lib/libc/atexit/atexit_test.c index fcfe95cb02..fea95832ab 100644 --- a/src/regress/lib/libc/atexit/atexit_test.c +++ b/src/regress/lib/libc/atexit/atexit_test.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: atexit_test.c,v 1.1 2002/07/29 19:51:41 dhartmei Exp $ */	1	/* $OpenBSD: atexit_test.c,v 1.2 2002/09/14 22:03:14 dhartmei Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 2002 Daniel Hartmeier	4	* Copyright (c) 2002 Daniel Hartmeier
@@ -39,9 +39,6 @@
39	#include <signal.h>	39	#include <signal.h>
40	#include "/usr/src/lib/libc/stdlib/atexit.h"	40	#include "/usr/src/lib/libc/stdlib/atexit.h"
41		41
42	extern struct atexit *__atexit;
43	extern void (*__cleanup)();
44
45	void handle_first();	42	void handle_first();
46	void handle_middle();	43	void handle_middle();
47	void handle_last();	44	void handle_last();
@@ -57,8 +54,10 @@ main(int argc, char *argv[])
57	int i;	54	int i;
58		55
59	if (argc != 2 \|\| (strcmp(argv[1], "-valid") &&	56	if (argc != 2 \|\| (strcmp(argv[1], "-valid") &&
60	strcmp(argv[1], "-invalid"))) {	57	strcmp(argv[1], "-invalid-atexit") &&
61	fprintf(stderr, "%s -valid/-invalid\n", argv[0]);	58	strcmp(argv[1], "-invalid-cleanup"))) {
		59	fprintf(stderr, "%s -valid/-invalid-atexit/-invalid-cleanup\n",
		60	argv[0]);
62	return (1);	61	return (1);
63	}	62	}
64	fprintf(stderr, "main()\n");	63	fprintf(stderr, "main()\n");
@@ -77,11 +76,20 @@ main(int argc, char *argv[])
77	return (1);	76	return (1);
78	}	77	}
79	/* this is supposed to segfault */	78	/* this is supposed to segfault */
80	if (strcmp(argv[1], "-valid")) {	79	if (!strcmp(argv[1], "-invalid-atexit")) {
81	signal(SIGSEGV, handle_signal);	80	signal(SIGSEGV, handle_signal);
82	__atexit->fns[0] = handle_invalid;	81	__atexit->fns[0] = handle_invalid;
		82	} else if (!strcmp(argv[1], "-invalid-cleanup")) {
		83	struct atexit *p = __atexit;
		84
		85	signal(SIGSEGV, handle_signal);
		86	while (p != NULL && p->next != NULL)
		87	p = p->next;
		88	if (p == NULL)
		89	fprintf(stderr, "p == NULL, no page found\n");
		90	p->fns[0] = handle_invalid;
83	}	91	}
84	__cleanup = handle_cleanup;	92	__atexit_register_cleanup(handle_cleanup);
85	counter = 0;	93	counter = 0;
86	fprintf(stderr, "main() returns\n");	94	fprintf(stderr, "main() returns\n");
87	return (0);	95	return (0);