Conversation
in some cases they make unsigned overflow into a fatal error also ♥️♥️♥️
3
5
In a bunch of places :), . The media handling code has it on since that was the majority root cause of security bugs there.
I'm a huge believer in turning it on in prod. Rewriting miles of code isn't realistic, testing only finds so much, and it prevents exploits
1
3
Yes! I will happily pay 1% perf for blocking shell code.
1
2
Do we know if these options will end up in gcc? Clang is a possibility for us but it’s a bigger lift.
Also wondering about force initializing to 0 options.
1
there's reasonable stuff in LLVM for forcing zero initialization but I do not know the status, or if GCC has anything analogous
cc
1
1
clang has: clang.llvm.org/docs/ClangComm
and you can force zero with: clang.llvm.org/docs/ClangComm
Which is the *best* name ever.
I believe that GCC was looking at this too? would know.
MSVC has InitAll: msrc-blog.microsoft.com/2020/05/13/sol
and
5
7
An annoying thing about -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang is that you get unused argument warnings from it in certain cases. End up having to disable that warning when building Chromium with automatic zero initialization.
1
2
I mean unused arguments to Clang, which you can disable with -Wno-unused-command-line-argument. AOSP and Chromium provide a compiler toolchain and use -Werror, with everything being dealt with when they upgrade the toolchain. Means this warning is pretty annoying.