> When compiled with any level of optimisation using gcc, the key clearing call
> goes away because of dead code elimination (see the MSDN article for more
> details on this, which uses VC++ to get the same effect).
I was unable to reproduce this with gcc 2.95.4.
I can clearly find the zeroing back in the assembler output.
Peter Gutmann wrote:
> When compiled with any level of optimisation using gcc, the key clearing call
> goes away because of dead code elimination (see the MSDN article for more
> details on this, which uses VC++ to get the same effect).
I was unable to reproduce this with gcc 2.95.4.
I can clearly find the zeroing back in the assembler output.
Not optimized:
[..]
pushl $16
pushl $0
leal -16(%ebp),%eax
pushl %eax
call memset
Optimized (-O3):
[..]
movl $0,-16(%ebp)
movl $0,-12(%ebp)
movl $0,-8(%ebp)
movl $0,-4(%ebp)
Cya,
Bram Matthys.
== clearit.c (just copy/pasted from you + made encrypt "usefull") ==
#include <stdio.h>
#include <stdlib.h>
int encrypt(char *key)
{
int i;
for (i=0; i < strlen(key); i++)
{
printf("bla %c\n", key[i]);
}
return 1;
}
int main()
{
char key[16];
strcpy( key, "secretkey" );
encrypt(key);
memset(key, 0, 16);
}
== commands ==
gcc -S -o clearit.asm clearit.c
gcc -S -o clearit.asm.optimized clearit.c -O3
[ reply ]