Problem: An attacker could extract information or use ROP style attacks if call used registers are not initialised Fix By: Add -fzero-call-used-regs=all Waive If: The overhead of initializing the registers is too high Example: FAIL: zero-call-used-regs test because -fzero-call-used-regs not used or set to 'skip'
This is a future test. It is not enabled by default. It checks a security feature that may not be widely available or enforced.
This test checks to make sure that programs have been compiled with the -fzero-call-used-regs= command line option. This option ensures that registers used in a function call are set to zero when the function returns. If this is not done then a potential attacker might be able to access information in the registers and/or use them in ROP style attacks.
The test can be enabled via the --test-zero-call-used-regs option and disabled by the --skip-zero-call-used-regs option. It is also enabled if the --test-future option is specified and disabled if the skip-future option is specified.