[C-safe-secure-studygroup] Dead store optimization

Barton Miller bart at cs.wisc.edu
Thu May 4 19:08:03 UTC 2017


Why would the compiler eliminate memset?

--bart


On 5/4/2017 8:56 AM, Robert Seacord wrote:
>
> The following code is commonly written for security purposes (to clear 
> sensitive information before freeing dynamically allocated storage):
>
> memset(ptr,0,size);
>
> free(ptr);
>
>
> But compilers almost always eliminate the memset() as a dead code store.
>
>
> Has anyone written or know of a static analyzer who can detect these 
> problems?
>
>
> Also, maybe something to add to our rule list, if it's not already there.
>
>
> Thanks,
>
> rCs
>
>
>
> _______________________________________________
> C-safe-secure-studygroup mailing list
> C-safe-secure-studygroup at lists.trustable.io
> https://lists.trustable.io/cgi-bin/mailman/listinfo/c-safe-secure-studygroup

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.trustable.io/pipermail/c-safe-secure-studygroup/attachments/20170504/49544577/attachment.html>


More information about the C-safe-secure-studygroup mailing list