https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63479

            Bug ID: 63479
           Summary: Compiler flag to zero structure padding
           Product: gcc
           Version: unknown
            Status: UNCONFIRMED
          Severity: enhancement
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: josh at joshtriplett dot org

Many memory disclosure vulnerabilities occur due to uninitialized structure
padding.  For instance, if the kernel declares a structure, initializes its
fields, and copies the entire structure to userspace, it discloses the contents
of the padding to userspace.

To eliminate that source of memory disclosure vulnerabilities, GCC could have a
compiler option to always zero structure padding, either when initializing all
fields of the structure, or when doing structure assignment.  In many cases,
this could be done very inexpensively, or even with no additional instructions
at all.  For instance, given a struct like this:

struct foo {
    char c;
    uint64_t i;
};

On 64-bit x86, GCC typically generates four 64-bit mov instructions, into and
out of registers.  GCC could instead generate a movzx and three mov
instructions.

Reply via email to