[prev in list] [next in list] [prev in thread] [next in thread] 

List:       busybox
Subject:    Re: [PATCH] memset 0 in obscure is optimized away by compiler
From:       Rich Felker <dalias () libc ! org>
Date:       2014-04-17 0:25:39
Message-ID: 20140417002539.GJ26358 () brightrain ! aerifal ! cx
[Download RAW message or body]

On Wed, Apr 16, 2014 at 07:51:42PM +0200, Harald Becker wrote:
> Hi Tito !
> 
> >my fear is/was that the call to memset is totally
> >optimized away when optimization is turned on
> >and therefore the memory containing the password
> >strings is not zeroed at all.
> 
> This would be a completely ill behavior of compiler optimization.

No it's not. It's identical to optimizing the following to an empty
function:

void foo() { int x; x=1; }

This function is equivalent to the empty function because it has no
observable behavior. Someone who expects it to leave a 1 at some
position on the stack that the caller could later observe is smoking
the undefined behavior pipe and needs to forget everything wrong they
learned about the C language and Read The Fine Standard.

> I do only know one case where the memset may be optimized to
> nothing, that is, when you fill content of an auto variable near
> end of a function, and don't further access that memory space.
> That would be same as something like:
> 
> int func( int i, j )
> {
>   int x;
> 
>   ... // put any code here using variable x
> 
>   x = 0;  // this may be optimized away, as x is not accessed
>   after setting it to a value
> 
>   return i + j; 
> }

That's exactly the situation here. The lifetime of the object being
cleared by memset ends sufficiently close to the memset that the
compiler is able to achieve the same observable effects that would be
seen in the abstract machine without actually performing any memory
fill.

Rich
_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]