[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAPLrYERBcr04-c4baHeGUmJg2TuUpXVp8BUeV+pw=swd9n=o-A@mail.gmail.com>
Date: Thu, 29 Jan 2015 11:54:48 +0100
From: Daniel Cegiełka <daniel.cegielka@...il.com>
To: musl@...ts.openwall.com
Subject: Re: thoughts on reallocarray, explicit_bzero?
2015-01-29 11:04 GMT+01:00 Szabolcs Nagy <nsz@...t70.net>:
> * Daniel Cegie??ka <daniel.cegielka@...il.com> [2015-01-29 10:30:40 +0100]:
>> yet another secure_memzero(). A better solution would be to promote a
>> single standard (eg. memset_s()) and the expectation that the compiler
>> will respect it.
>>
>
> i think you don't know the semantics of memset_s
> (it uses nonsense types, has superflous arguments, handles
> constraint violations through global state etc)
btw. memset_s() is an attempt to solve the same problem. However, this
version will not work with LTO:
ftp://ftp.netbsd.org/pub/NetBSD/misc/apb/memset_s.20120224.diff
#include <sys/cdefs.h>
__RCSID("$NetBSD$");
#define __STDC_WANT_LIB_EXT1__ 1
#include <errno.h>
#include <stdint.h>
#include <string.h>
/*
* __memset_vp is a volatile pointer to a function.
* It is initialised to point to memset, and should never be changed.
*/
static void * (* const volatile __memset_vp)(void *, int, size_t)
= (memset);
#undef memset_s /* in case it was defined as a macro */
errno_t
memset_s(void *s, rsize_t smax, int c, rsize_t n)
{
errno_t err = 0;
if (s == NULL) {
err = EINVAL;
goto out;
}
if (smax > RSIZE_MAX) {
err = E2BIG;
goto out;
}
if (n > RSIZE_MAX) {
err = E2BIG;
n = smax;
}
if (n > smax) {
err = EOVERFLOW;
n = smax;
}
/* Calling through a volatile pointer should never be optimised away. */
(*__memset_vp)(s, c, n);
out:
if (err == 0)
return 0;
else {
errno = err;
/* XXX call runtime-constraint handler */
return err;
}
}
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
