should we have a rtl_secureZeroMemory ?
sbergman at redhat.com
Tue Mar 10 03:14:03 PDT 2015
On 03/10/2015 10:43 AM, Caolán McNamara wrote:
> This is in the context of the http://www.viva64.com/en/b/0308/#ID0ESAGK
> section and these memset calls
> Or should we just use c++11's memset_s in these places ?
> (And persumably either way, have rtl_freeZeroMemory call that instead of
> memset ?)
memset_s is a bit hairy, as it is C11 but not C++11, and conditional in
C11 on __STDC_LIB_EXT1__, effectively requiring every include of any
standard library header in the compilation unit to see
__STDC_WANT_LIB_EXT1__ defined to 1. So it looks like wrapping it in
some rtl_secureZeroMemory abstraction looks like a good idea.
A nice approach would be to restrict this to rtl_freeZeroMemory, but at
least some of the places in LibreOffice-V597.txt use memset on e.g.
stack-allocated memory, so making rtl_secureZeroMemory available in
addition to rtl_freeZeroMemory seems to be needed.
More information about the LibreOffice