> From: owner-openssl-us...@openssl.org [mailto:owner-openssl- > us...@openssl.org] On Behalf Of Jakob Bohm > Sent: Thursday, 03 July, 2014 12:11 > > The previous posters claims about initializing all variables is > equally possible in C90. However his dead-code elimination > assumption will probably only be true for major CPU/platform > target combinations, because minor platforms often suffer from > missing or buggy optimizers as a rule of thumb. Thus once again, > portability implies that overreliance on compilers being state > of the art is not portable.
It's also worth noting that always explicitly initializing variables prevents static- and dynamic-analysis code-verification tools from detecting paths where uninitialized variables are used, and those code paths often indicate unexpected control flows. So while "initialize everything" can be one defensive technique, it also obstructs others. It is not an unalloyed Good Thing. -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense. www.websense.com