[cfe-dev] Security fail (memset being optimized away)
Jonny Grant via cfe-dev
cfe-dev at lists.llvm.org
Fri Jan 4 06:47:44 PST 2019
On 04/01/2019 14:31, myLC at gmx.de wrote:
> On 1/4/19 1:47 PM, Jonny Grant wrote:
>> Why not just write an inline function which does after memset :-
>>
>> if(*buf!=0) *buf=0;
>
>
> This would only zero one byte, but it would get optimized away
> as the buffer goes out of scope (= is being discarded).
Maybe add an abort() ?
eg
inline void check_memset(void *s, int c, size_t n);
{
const char * buf = (char*)buf;
memset(2, 0, n);
if(0 != *buf)
{
abort();
}
}
Or use a for loop to verify all bytes are now 0.
Jonny
More information about the cfe-dev
mailing list