This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug c/77992] Failures to initialize padding bytes -- causing many information leaks

From: "pinskia at gcc dot gnu.org" <gcc-bugzilla at gcc dot gnu dot org>
To: gcc-bugs at gcc dot gnu dot org
Date: Sat, 15 Oct 2016 03:37:21 +0000
Subject: [Bug c/77992] Failures to initialize padding bytes -- causing many information leaks
Auto-submitted: auto-generated
References: <bug-77992-4@http.gcc.gnu.org/bugzilla/>

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77992

--- Comment #6 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
>More information can be found in our research paper: http://www.cc.gatech.edu/~klu38/publications/unisan-ccs16.pdf


You research paper is wrong and does not consider C is an inherently insecure
language to be begin with.  There are many other things wrong with it.  Like
for an example recommending the use of memset when you want to hide the stores
from the compiler.  There is already a thread on the glibc mailing list about
this exact thing about adding a secure memset which is GCC is not going to
optimize away.

References:
- [Bug driver/77992] New: Failures to initialize padding bytes -- causing many information leaks
  - From: kjlu at gatech dot edu

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]