On 2022-11-27 03:27, Simon Josefsson via Gnulib discussion list wrote:
1) Does gnulib support building with gcc -std=c99? I think we should,
but it could have documented missing functionality or breakage.
It should, yes. That's a reasonable portability test, so long as Gnulib
continues to support C99.
2) It seems explicit_bzero.c in gnulib fall backs to using 'asm' for
GCC, which isn't working in non-GNU modes of gcc. Further wondering:
I hope I fixed this particular problem by installing the attached.
Perhaps Gnulib's other uses of asm should also be changed?
1) The reason for having explicit_bzero is read_file, which needs it
for reading sensitive files, a feature we don't use. Uncoupling this
unnecessary dependency would have been nice.
In the long run it should be OK; see below.
2) Is there no other way to implement explicit_bzero without 'asm'?
There is a another fallback code using volatile pointers, but I'm not
sure it really has the same semantics.
That fallback should work, though it's a bit slower.
3) Is there a way to detect if the compiler supports 'asm'? The
current test 'defined __GNUC__ && !defined __clang__' is what is
really failing here.
We could add a configure-time test. Not sure it's worth the hassle.
3) Is the idiom of using separate functions bzero() vs explicit_bzero()
to avoid security-problematic compiler optimization still a good one?
Yes, though we should switch to memset_explicit as that's the name C23
has standardized on. I.e., create a memset_explicit module, have other
modules use that instead of explicit_bzero. No rush, but that's the way
to proceed.
From 04191d1b325186fcd788a4a0a89274f8b9a9943b Mon Sep 17 00:00:00 2001
From: Paul Eggert <[email protected]>
Date: Sun, 27 Nov 2022 09:59:32 -0800
Subject: [PATCH] explicit_bzero: work with gcc -std=c99
* lib/explicit_bzero.c (explicit_bzero) [__GNUC__ && !__clang__]:
Use __asm__ instead of asm.
---
ChangeLog | 6 ++++++
lib/explicit_bzero.c | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index 36825874d2..eedab2ae83 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2022-11-27 Paul Eggert <[email protected]>
+
+ explicit_bzero: work with gcc -std=c99
+ * lib/explicit_bzero.c (explicit_bzero) [__GNUC__ && !__clang__]:
+ Use __asm__ instead of asm.
+
2022-11-26 Paul Eggert <[email protected]>
Prefer "kill -INT" to killing with a number
diff --git a/lib/explicit_bzero.c b/lib/explicit_bzero.c
index ad0bfd170c..584f982924 100644
--- a/lib/explicit_bzero.c
+++ b/lib/explicit_bzero.c
@@ -57,7 +57,7 @@ explicit_bzero (void *s, size_t len)
#elif defined __GNUC__ && !defined __clang__
memset (s, '\0', len);
/* Compiler barrier. */
- asm volatile ("" ::: "memory");
+ __asm__ volatile ("" ::: "memory");
#elif defined __clang__
memset (s, '\0', len);
/* Compiler barrier. */
--
2.37.2
