From 1051bfe11e699244c4f376702a6c7a802a5133f1 Mon Sep 17 00:00:00 2001
From: Philip Withnall <withnall@endlessm.com>
Date: Mon, 22 Jun 2020 13:11:32 +0100
Subject: [PATCH] =?UTF-8?q?gspawn:=20Don=E2=80=99t=20use=20g=5Fassert()=20?=
 =?UTF-8?q?in=20async-signal-safe=20context?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Use the error handling infrastructure which already exists for other
failures in the async-signal-safe context.

`g_assert()` is unlikely to have caused problems in practice because it
is only async-signal-unsafe when the assertion condition fails.

See `man 7 signal-safety`.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

Helps: #2140
---
 glib/gspawn.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/glib/gspawn.c b/glib/gspawn.c
index 458f6c8a2..d062681a1 100644
--- a/glib/gspawn.c
+++ b/glib/gspawn.c
@@ -1386,9 +1386,10 @@ do_exec (gint                  child_err_report_fd,
   else if (!child_inherits_stdin)
     {
       /* Keep process from blocking on a read of stdin */
-      /* FIXME: g_assert() is not async-signal-safe on failure. */
       gint read_null = safe_open ("/dev/null", O_RDONLY);
-      g_assert (read_null != -1);
+      if (read_null < 0)
+        write_err_and_exit (child_err_report_fd,
+                            CHILD_DUP2_FAILED);
       safe_dup2 (read_null, 0);
       close_and_invalidate (&read_null);
     }
@@ -1405,9 +1406,10 @@ do_exec (gint                  child_err_report_fd,
     }
   else if (stdout_to_null)
     {
-      /* FIXME: g_assert() is not async-signal-safe on failure. */
       gint write_null = safe_open ("/dev/null", O_WRONLY);
-      g_assert (write_null != -1);
+      if (write_null < 0)
+        write_err_and_exit (child_err_report_fd,
+                            CHILD_DUP2_FAILED);
       safe_dup2 (write_null, 1);
       close_and_invalidate (&write_null);
     }