https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77992
--- Comment #6 from Andrew Pinski <pinskia at gcc dot gnu.org> --- >More information can be found in our research paper: >http://www.cc.gatech.edu/~klu38/publications/unisan-ccs16.pdf You research paper is wrong and does not consider C is an inherently insecure language to be begin with. There are many other things wrong with it. Like for an example recommending the use of memset when you want to hide the stores from the compiler. There is already a thread on the glibc mailing list about this exact thing about adding a secure memset which is GCC is not going to optimize away.
