Hi, Peter Gutmann wrote: > When compiled with any level of optimisation using gcc, the key clearing call > goes away because of dead code elimination (see the MSDN article for more > details on this, which uses VC++ to get the same effect). I was unable to reproduce this with gcc 2.95.4. I can clearly find the zeroing back in the assembler output. Not optimized: [..] pushl $16 pushl $0 leal -16(%ebp),%eax pushl %eax call memset Optimized (-O3): [..] movl $0,-16(%ebp) movl $0,-12(%ebp) movl $0,-8(%ebp) movl $0,-4(%ebp) Cya, Bram Matthys. == clearit.c (just copy/pasted from you + made encrypt "usefull") == #include <stdio.h> #include <stdlib.h> int encrypt(char *key) { int i; for (i=0; i < strlen(key); i++) { printf("bla %c\n", key[i]); } return 1; } int main() { char key[16]; strcpy( key, "secretkey" ); encrypt(key); memset(key, 0, 16); } == commands == gcc -S -o clearit.asm clearit.c gcc -S -o clearit.asm.optimized clearit.c -O3
This archive was generated by hypermail 2b30 : Wed Oct 30 2002 - 09:44:46 PST