ignore SIGPIPE so a closed peer can't kill the process

hellerve · hellerve · commit 8f6564312a83 · 2026-06-04T00:53:02.000+02:00
A write to a socket whose peer has closed or reset raises SIGPIPE, which by
default terminates the process rather than returning EPIPE. Ignore it at load
via a constructor in common.h (included by every socket module), so send/write
report the error through the normal return path. The loopback tests don't trip
this, so a test-running CI alone would not catch it; this fixes the bug
directly. (The tls library, which mirrors this code, had the same gap.)
diff --git a/src/common.h b/src/common.h
@@ -7,13 +7,22 @@
 #include <netdb.h>
 #include <netinet/in.h>
 #include <netinet/tcp.h>
+#include <signal.h>
 #include <string.h>
 #include <sys/socket.h>
 #include <sys/types.h>
 #include <unistd.h>
 
 #define SOCK_BUF_SIZE 4096
 
+/* A write to a peer that has closed/reset the connection otherwise raises
+   SIGPIPE, which by default kills the whole process. Ignore it at load so
+   send/write return EPIPE instead. Runs before main via the constructor. */
+__attribute__((constructor))
+static void carp_sock_ignore_sigpipe(void) {
+  signal(SIGPIPE, SIG_IGN);
+}
+
 __attribute__((unused))
 static String sock_error_string() {
   const char* msg = strerror(errno);
