Sujet : Re: A Famous Security Bug
De : david.brown (at) *nospam* hesbynett.no (David Brown)
Groupes : comp.lang.cDate : 22. Mar 2024, 14:38:17
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <utk1k9$2uojo$1@dont-email.me>
References : 1 2 3 4
User-Agent : Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0
On 21/03/2024 21:21, Kaz Kylheku wrote:
Eliminating dead stores is a very basic dataflow-driven optimization.
Because memset is part of the C language, the compiler knows
exactly what effect it has (that it's equivalent to setting
all the bytes to zero, like a sequence of assignments).
Yes.
If you don't want a call to be optimized away, call your
own function in another translation unit.
No.
There are several ways that guarantee your code will carry out the writes here (though none that guarantee the secret data is not also stored elsewhere). Using a function in a different TU is not one of these techniques. You do people a disfavour by recommending it.
(And don't turn
on nonconforming cross-translation-unit optimizations.)
If I knew of any non-conforming cross-translation-unit optimisations in a compiler, I would avoid using them until the compiler vendor had fixed the bug in question.
Re: A Famous Security Bug
Re: A Famous Security Bug