This is the mail archive of the gcc-help@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Optimising away memset() calls?


There is discussion in Linux mailing lists threads about code along these lines:

some_function()
{
        char temp[N] ;
        ...
        do something that puts sensitive data in temp[]
        ....
        memset( temp, 0, N ) ;
}
The claim is that gcc may optimise away the memset() call since that
memory will not be referenced again.

The threads are:
https://lkml.org/lkml/2014/8/25/497
http://marc.info/?l=linux-crypto-vger&m=141247858212197&w=2
The second one has links to other discussion on the web as well.

There are various solutions to this. Linux now has memzero_explicit(),
Open SSH has bzero_explicit(), C11 has memset_s(). Here's Apple's man
page:
https://developer.apple.com/library/mac/documentation/Darwin/Reference/Manpages/man3/memset_s.3.html

As I see it, though, and wrote in one thread:

" A real fix would make memset() do the right thing reliably; if the
" programmer puts in memset( x, 0, nbytes) then the memory should
" be cleared, no ifs or buts. I do not know or care if that means
" changes in the compiler or in the library code or even both, but
" the fix should make the standard library code work right, not
" require adding a new function and expecting everyone to use it.

It seemed worth tossing this out for comment here.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]