[C-safe-secure-studygroup] Dead store optimization
Robert Seacord
rcseacord at gmail.com
Thu May 4 19:16:08 UTC 2017
BECAUSE IT CAN!
It's a dead code store, because you are writing to an object that is never
read again.
rCs
On Thu, May 4, 2017 at 3:08 PM, Barton Miller <bart at cs.wisc.edu> wrote:
> Why would the compiler eliminate memset?
>
> --bart
>
> On 5/4/2017 8:56 AM, Robert Seacord wrote:
>
>
> The following code is commonly written for security purposes (to clear
> sensitive information before freeing dynamically allocated storage):
>
> memset(ptr,0,size);
>
> free(ptr);
>
>
> But compilers almost always eliminate the memset() as a dead code store.
>
>
> Has anyone written or know of a static analyzer who can detect these
> problems?
>
>
> Also, maybe something to add to our rule list, if it's not already there.
>
>
> Thanks,
>
> rCs
>
>
> _______________________________________________
> C-safe-secure-studygroup mailing listC-safe-secure-studygroup at lists.trustable.iohttps://lists.trustable.io/cgi-bin/mailman/listinfo/c-safe-secure-studygroup
>
>
>
> _______________________________________________
> C-safe-secure-studygroup mailing list
> C-safe-secure-studygroup at lists.trustable.io
> https://lists.trustable.io/cgi-bin/mailman/listinfo/c-
> safe-secure-studygroup
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.trustable.io/pipermail/c-safe-secure-studygroup/attachments/20170504/e14b7f55/attachment-0001.html>
More information about the C-safe-secure-studygroup
mailing list