Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: "Chris M. Thomasson" <chris.m.thomasson.1@gmail.com>
Newsgroups: comp.lang.c
Subject: Re: A Famous Security Bug
Date: Wed, 20 Mar 2024 19:45:14 -0700
Organization: A noiseless patient Spider
Lines: 23
Message-ID: <utg6vq$1vdv8$1@dont-email.me>
References: <bug-20240320191736@ram.dialup.fu-berlin.de>
 <utfdte$1lou1$1@dont-email.me> <utfmd6$1nv2m$1@dont-email.me>
 <87r0g41ofh.fsf@nosuchdomain.example.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 21 Mar 2024 02:45:14 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="2ab8e2f24273ba6122fc526819eafbc5";
	logging-data="2078696"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX1+7/1jr7QjMPR0emyuigAQ7Zp6xAGek5lc="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:n4u9gkBNkMTVxizLkqDEG9IkAqY=
In-Reply-To: <87r0g41ofh.fsf@nosuchdomain.example.com>
Content-Language: en-US
Bytes: 1820

On 3/20/2024 4:19 PM, Keith Thompson wrote:
> "Chris M. Thomasson" <chris.m.thomasson.1@gmail.com> writes:
>> On 3/20/2024 12:37 PM, Chris M. Thomasson wrote:
>>> On 3/20/2024 11:18 AM, Stefan Ram wrote:
>>>>     A "famous security bug":
>>>>
>>>> void f( void )
>>>> { char buffer[ MAX ];
>>>>     /* . . . */
>>>>     memset( buffer, 0, sizeof( buffer )); }
>>>>
>>>>     . Can you see what the bug is?
>>>>
>>>>     (I have already read the answer; I post it as a pastime.)
>>> Add in a volatile? ;^)
>>
>> Instead of zeroing, what about filling it with random bytes reaped
>> from a TRNG?
> 
> Why?
> 

Those zeros might be "targets" for a nefarious program?