> On Dec 12, 2019, at 10:36 AM, Simon Slavin <slav...@bigfraud.org> wrote: > > For instance CodeSonar reports every use of memset() because you /can/ leak > uninitialised bits of memory using memset() (CERT C Section 3.6 DCL39-C). > But it has no way to check whether what you're doing with memset() does > initialise all bits.
That seems like a silly warning to produce. Reading the CERT section in question*, the real issue is caused not by memset but by writing to a field of a struct AFTER zeroing the struct with memset, AND only if the struct field has padding, AND only if the compiler optimizes the write in a particular way, AND only if the struct is then copied to a separate trust domain. I don't know anything about CodeSonar, but this particular warning sounds like it was added only because it's easy to implement with 'grep'; whereas a useful warning that detects the actual situation described by CERT requires something on the order of valgrind or the Clang Address Sanitizer, to detect which bytes within the struct actually are garbage. —Jens * https://resources.sei.cmu.edu/downloads/secure-coding/assets/sei-cert-c-coding-standard-2016-v01.pdf _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users