[cfe-dev] Security fail (memset being optimized away)
Keane, Erich via cfe-dev
cfe-dev at lists.llvm.org
Thu Jan 3 08:31:42 PST 2019
I believe that solution is able to be optimized out as well (see the comment in the C99 solution). memset_s (C11) and SecureZeroMemory (MSVC) are the two standards compliant ways that guarantee they won't be optimized out.
-----Original Message-----
From: cfe-dev [mailto:cfe-dev-bounces at lists.llvm.org] On Behalf Of myLC at gmx.de via cfe-dev
Sent: Thursday, January 3, 2019 8:28 AM
To: cfe-dev at lists.llvm.org
Subject: [cfe-dev] Security fail (memset being optimized away)
On Jan 3 7:53, Paul Anderson wrote:
> Hi:
>
> There's a discussion of this very issue here:
>
> https://wiki.sei.cmu.edu/confluence/display/c/MSC06-C.+Beware+of+compiler+optimizations
>
> -Paul
Thanks! I just read through it and couldn't really reach a conclusion. The section above lists non-portable or "clumsy"
solutions.
In the comments, Douglas A. Gwyn suggested a simple:
memset((volatile char *)pwd, 0, sizeof(pwd));
Unless I'm mistaken, this SHOULD work. Then again, it should also give you a warning...
_______________________________________________
cfe-dev mailing list
cfe-dev at lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
More information about the cfe-dev
mailing list