Deutsch English Français Italiano |
<87ttl0pw4n.fsf@jmertens.eternal-september.org> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!jmertens.eternal-september.org!.POSTED!not-for-mail From: Joerg Mertens <joerg-mertens@t-online.de> Newsgroups: comp.lang.c Subject: Re: A Famous Security Bug Date: Wed, 20 Mar 2024 19:59:36 +0100 Organization: privat Lines: 15 Message-ID: <87ttl0pw4n.fsf@jmertens.eternal-september.org> References: <bug-20240320191736@ram.dialup.fu-berlin.de> MIME-Version: 1.0 Content-Type: text/plain Injection-Info: jmertens.eternal-september.org; posting-host="93220d0a9bfe326c1e31a6e4f5afab60"; logging-data="1746594"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19zCf/XN+wjUiWhatmJa2sVmQJiz5E8iQ4=" User-Agent: Gnus/5.13 (Gnus v5.13) Cancel-Lock: sha1:H2GmYbpIpbb2ooaegGdV7FWzdNo= sha1:UX4L/0cpl8pEKypd1ZRYdWi00G0= Bytes: 1268 ram@zedat.fu-berlin.de (Stefan Ram) writes: > A "famous security bug": > > void f( void ) > { char buffer[ MAX ]; > /* . . . */ > memset( buffer, 0, sizeof( buffer )); } > > . Can you see what the bug is? > > (I have already read the answer; I post it as a pastime.) The optimizer deletes the memset statement because buffer is not accessed after it?