On Dec 12, 2019, at 12:12 PM, Jens Alfke <j...@mooseyard.com> wrote: > > On Dec 12, 2019, at 10:36 AM, Simon Slavin <slav...@bigfraud.org> wrote: >> >> For instance CodeSonar reports every use of memset() because you /can/ leak >> uninitialised bits of memory using memset() > > ...by writing to a field of a struct AFTER zeroing the struct with memset
A very common practice, particularly in C, which lacks constructors. > AND only if the struct field has padding As a great many structs do, since it’s become passé to optimize struct layout for optimal byte packing. > AND only if the compiler optimizes the write in a particular way There must be compilers that do this, else no one would be worried about it. Bet on it: this rule was written after damage had occurred somewhere, probably multiple places, not in anticipation of future damage. > AND only if the struct is then copied to a separate trust domain. You mean like in copying from kernel space to user space? Or old-style RPC? Or mmap() based IPC APIs? Or…? I wouldn’t dismiss this warning. _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
