From RISKS: secret scrubbing code removed by optimizers
Darren Tucker
dtucker at zip.com.au
Sat Nov 9 09:54:01 EST 2002
Ben Lindstrom wrote:
> On Fri, 8 Nov 2002, Darren Tucker wrote:
> > Dan Kaminsky wrote:
> > > Has somebody actually verified this optimizing behavior in any build
> > > of GCC? Does voliatile actually stop it?
> >
> > Yes (gcc-3.2 on a SPARC). Yes.
>
> does setting -fno-builtin-memset at compile time stop gcc from
> miscompiling?
Yes. Incidentally, the dead code elimination happens with -O so sticking
to -O2 or less won't help in this case.
gcc -S -O3 -fno-builtin-memset myfunc1.c
myfunc1:
!#PROLOGUE# 0
save %sp, -216, %sp
!#PROLOGUE# 1
add %fp, -120, %l0
sethi %hi(.LLC0), %g1
mov %l0, %o1
call scanf, 0
or %g1, %lo(.LLC0), %o0
mov %l0, %o0
mov 0, %o1
call memset, 0
mov 100, %o2
nop
ret
restore
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list