[libvirt PATCH 05/11] Replace bzero() with memset()
Daniel P. Berrangé
berrange at redhat.com
Thu Jan 28 11:13:13 UTC 2021
On Thu, Jan 28, 2021 at 12:03:36PM +0100, Peter Krempa wrote:
> On Thu, Jan 28, 2021 at 10:59:41 +0000, Daniel Berrange wrote:
> > On Thu, Jan 28, 2021 at 11:45:07AM +0100, Peter Krempa wrote:
> > > On Thu, Jan 28, 2021 at 11:24:35 +0100, Tim Wiederhake wrote:
> > > > This was found by clang-tidy's
> > > > "clang-analyzer-security.insecureAPI.bzero" check.
> > >
> > > Any reasoning behind why bzero is bad?
> >
> > Yeah, it is wierd to call this an insecure API. If anything memset is
> > more dangerous because people invert the 2nd and 3rd args, resulting
> > in not setting any bytes at all.
>
> According to the manpage it can allegedly be optimized out:
>
> The explicit_bzero() function performs the same task as bzero(). It
> differs from bzero() in that it guarantees that compiler optimizations
> will not remove the erase operation if the compiler deduces that the
> operation is "unnecessary".
A compiler smart enough eliminate bzero can do also likely eliminate
memset.
> > None the less bzero is deprecated, so it makes sense to use the
> > memset funtion in general.
>
> Yes it does, but the reason should be mentioned in the commit message.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the libvir-list
mailing list