Problem: An attacker could extract information from uninitialised locations on the stack Fix By: Add -fauto-var-init=zero to the compiler command line Waive If: The overhead of initializing auto variables is too high Example: FAIL: auto-var-init test because -ftrivial-auto-var-init not used or set to 'uninitialized'
This is a future test. It is not enabled by default. It checks a security feature that may not be widely available or enforced.
This test checks to make sure that programs have been compiled with the -ftrivial-auto-var-init=zero command line option. This option ensures that all local variables are initialised, even if they are not used. This includes any padding between structure fields or unused array entries. If this is not done then a potential attacker might be able to access the unitialized memory and extract information.
The test can be enabled via the --test-auto-var-init option and disabled by the --skip-auto-var-init option. It is also enabled if the --test-future option is specified and disabled if the skip-future option is specified.