This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug c/77992] Failures to initialize padding bytes -- causing many information leaks
- From: "pinskia at gcc dot gnu.org" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Sat, 15 Oct 2016 03:37:21 +0000
- Subject: [Bug c/77992] Failures to initialize padding bytes -- causing many information leaks
- Auto-submitted: auto-generated
- References: <bug-77992-4@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77992
--- Comment #6 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
>More information can be found in our research paper: http://www.cc.gatech.edu/~klu38/publications/unisan-ccs16.pdf
You research paper is wrong and does not consider C is an inherently insecure
language to be begin with. There are many other things wrong with it. Like
for an example recommending the use of memset when you want to hide the stores
from the compiler. There is already a thread on the glibc mailing list about
this exact thing about adding a secure memset which is GCC is not going to
optimize away.