[cfe-dev] Security fail (memset being optimized away)

Keane, Erich via cfe-dev cfe-dev at lists.llvm.org
Thu Jan 3 08:31:42 PST 2019

I believe that solution is able to be optimized out as well (see the comment in the C99 solution).   memset_s (C11)  and SecureZeroMemory (MSVC) are the two standards compliant ways that guarantee they won't be optimized out.

-----Original Message-----
From: cfe-dev [mailto:cfe-dev-bounces at lists.llvm.org] On Behalf Of myLC at gmx.de via cfe-dev
Sent: Thursday, January 3, 2019 8:28 AM
To: cfe-dev at lists.llvm.org
Subject: [cfe-dev] Security fail (memset being optimized away)

On Jan 3 7:53, Paul Anderson wrote:
 > Hi:
 > There's a discussion of this very issue here:
 > https://wiki.sei.cmu.edu/confluence/display/c/MSC06-C.+Beware+of+compiler+optimizations
 > -Paul

Thanks! I just read through it and couldn't really reach a conclusion. The section above lists non-portable or "clumsy"
In the comments, Douglas A. Gwyn suggested a simple:
memset((volatile char *)pwd, 0, sizeof(pwd));

Unless I'm mistaken, this SHOULD work. Then again, it should also give you a warning...

cfe-dev mailing list
cfe-dev at lists.llvm.org

More information about the cfe-dev mailing list