27 Jul
2004
27 Jul
'04
9:51 a.m.
On 27.7.2004, at 09:27, Alexander Sabourenkov wrote:
safe_memset() exists pretty much for this reason. Compilers may sooner or later optimize out this kind of code because it seems useless to it. Microsoft's compilers already do in some cases.
That's called bzero() on *nix (POSIX.1).
Nope:
CONFORMING TO 4.3BSD. This function is deprecated -- use memset in new programs.
Also I just tested how gcc 3.3.3 works. In a function like:
void test(void) { char arr[4];
scanf("%3s", arr);
printf("your secure password: %s\n", arr);
bzero(arr, sizeof(arr));
memset(arr, 0, sizeof(arr));
}
Both bzero() and memset() are optimized away if optimizations are turned on.