[PATCH 1/3] New string function explicit_bzero (from OpenBSD).
Paul Eggert
eggert@cs.ucla.edu
Thu Sep 15 15:59:00 GMT 2016
On 09/15/2016 06:05 AM, Zack Weinberg wrote:
> +The compiler will not delete a call to this function, even
> +if the object beginning at @var{block} is never referred to again.
That's too strong, no? It'd be OK if the compiler inlined the call, or
if it deleted the call if LEN is zero. Also, "referred to" is too vague,
as we don't care whether the block is written to later, only whether it
is read from. And "beginning at @var{block}" is redundant given the
previous sentence. I suggest rewording this to "The zeros are written
even if the object is never read again."
> +Without the call to @code{explicit_bzero}, @var{k} might not need to
> +be stored in memory: depending on the ABI, its value could be returned
Although this info is helpful, it would be even more helpful if the
example explained how to fix the problem. (Can one declare K to be
volatile, for example? If not, explain why this does not suffice. Does
it help to pass &K to explicit_bzero before initializing K? If not,
explain that too.) If there is no portable way to address the problem,
the discussion should flat-out say so.
I hate to say it, but multithreading issues might need a brief mention
too. If some other thread is compromised, a call to explicit_bzero can
make the current thread more vulnerable, not less.
I must say that after thinking about the above, my opinion of
explicit_bzero has gone down a bit....
More information about the Libc-alpha
mailing list