This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug c/77992] Failures to initialize padding bytes -- causing many information leaks
- From: "kjlu at gatech dot edu" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Sat, 15 Oct 2016 04:13:28 +0000
- Subject: [Bug c/77992] Failures to initialize padding bytes -- causing many information leaks
- Auto-submitted: auto-generated
- References: <bug-77992-4@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77992
--- Comment #9 from Kangjie Lu <kjlu at gatech dot edu> ---
(In reply to Andrew Pinski from comment #8)
> A simple google search (secure memset [glibc]) finds a few things:
> http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1381.pdf
>
> https://sourceware.org/ml/libc-alpha/2014-12/msg00506.html
>
> https://www.securecoding.cert.org/confluence/display/c/MSC06-C.
> +Beware+of+compiler+optimizations
>
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=8537
Thanks for sharing these interesting links.
Sure, compiler optimizations sometime may aggressively eliminate dead code.
As I mentioned in my last reply, this is not a problem in our work because
our instrumentation is inserted after all LLVM optimization passes.
The inserted memset will not be removed.
Back to my original problem, many Linux kernel developers also hope GCC can
provide a feature (like a compilation option) that can zero-initialize
padding bytes. Fixing these information leaks manually will make the code
maintenance extremely difficult.
Anyway, I just wanted to report this issue :)