public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/63479] New: Compiler flag to zero structure padding
@ 2014-10-08 3:52 josh at joshtriplett dot org
0 siblings, 0 replies; only message in thread
From: josh at joshtriplett dot org @ 2014-10-08 3:52 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63479
Bug ID: 63479
Summary: Compiler flag to zero structure padding
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: enhancement
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: josh at joshtriplett dot org
Many memory disclosure vulnerabilities occur due to uninitialized structure
padding. For instance, if the kernel declares a structure, initializes its
fields, and copies the entire structure to userspace, it discloses the contents
of the padding to userspace.
To eliminate that source of memory disclosure vulnerabilities, GCC could have a
compiler option to always zero structure padding, either when initializing all
fields of the structure, or when doing structure assignment. In many cases,
this could be done very inexpensively, or even with no additional instructions
at all. For instance, given a struct like this:
struct foo {
char c;
uint64_t i;
};
On 64-bit x86, GCC typically generates four 64-bit mov instructions, into and
out of registers. GCC could instead generate a movzx and three mov
instructions.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2014-10-08 3:52 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-10-08 3:52 [Bug c/63479] New: Compiler flag to zero structure padding josh at joshtriplett dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).