Comments inline below On 08/21/2013 02:24 AM, Fuchs, Andreas wrote: > Hi Joel, > > the thing here is that disabling O0 attributes is almost always a security > concern. > The reason is that GCC and Clang will "optimize out" a memset(0) that comes > before a free since "that does not change program's behaviour". > OpenSSL and other just try to be so complex that the compiler will not > recognize > this pattern, but this is a "cats and mice game" (german saying)... ;-)
First, I assume you have no objections to the removal of inline for read_data and write_data? These generate actual compiler errors for clang while the attribute just generates a warning. > > The file spi_utils.h / ps_utils.c for example use O0 in order to prevent > information > leak on free calls. > Specifically, the last commit to spi_utils.h is > "[29a8b1] tspi: add a memset that shouldn't be optimized out" > and goes back to some discussion between myself and Kent... Declaring the variables as volatile should resolve this problem and be more reliable and portable. I'll resend this patch with that change. ------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk _______________________________________________ TrouSerS-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-tech
