In the attached source code, there is a race condition between
bsd_signal and abort. In most instances when the program is run, abort
successfully terminates the program with a SIGABRT. However, on a very
rare occasion, the program instead terminates with a SIGSEGV. This
should not happen, as it contradicts both POSIX 1003.1-2008 and also the
abort(3) man page.
Since this condition is very hard to reproduce, I ran it as follows:
for i in `seq 1 100000`; do (ulimit -c unlimited; ./testcase; if [ $? -eq 139 ]; then cp core core.segv; fi); done
"gdb ./testcase core.segv" then gives the following:
(gdb) bt full
#0 *__GI_abort () at abort.c:128
act = {__sigaction_handler = {sa_handler = 0, sa_sigaction = 0}, sa_mask = {__val = {18446744073709551615 <repeats 16 times>}},
sa_flags = 0, sa_restorer = 0}
sigs = {__val = {32, 0 <repeats 15 times>}}
#1 0x000000000040067a in main () at testcase.c:23
thrd = 140157473478416