[C-safe-secure-studygroup] Dead store optimization
Robert Seacord
rcseacord at gmail.com
Thu May 4 13:56:45 UTC 2017
The following code is commonly written for security purposes (to clear
sensitive information before freeing dynamically allocated storage):
memset(ptr,0,size);
free(ptr);
But compilers almost always eliminate the memset() as a dead code store.
Has anyone written or know of a static analyzer who can detect these
problems?
Also, maybe something to add to our rule list, if it's not already there.
Thanks,
rCs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.trustable.io/pipermail/c-safe-secure-studygroup/attachments/20170504/f2fca45f/attachment.html>
More information about the C-safe-secure-studygroup
mailing list