Login

Recent searches

No recent searches

Search options

Only available when logged in.
fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software. If you wish to join, contact us for an invite.

Administered by:

Server stats:

10K
active users

fosstodon.org: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

Public *
Kees Cook :tux:

Well I guess everyone everywhere will want to use -fzero-init-padding-bits=all when updating to GCC15 to avoid regressing their uninitialized variable mitigations... Why in the world would the C standard committee work to make things *less* safe by default??!

Edit: this appears to be a decision on GCC's part and not a new change from the C committee. (See down-thread.)

infosec.exchange/@edmonds/1138

Infosec ExchangeRobert Edmonds (@edmonds@infosec.exchange)@bert_hubert@fosstodon.org Oh yes I was just idly wondering if that would work, I've already poured over the disassembly and seen the movl's and movb's in the actual broken code 🙂 In the upcoming gcc 15 they have introduced new behavior due to C23 which allows for a standards compliant "= {}" initializer in C that zeroes all the bits (https://www.open-std.org/jtc1/sc22/wg14/www/docs/n2900.htm), and they've, coincidentally, taken the opportunity to change the behavior of the "= {0}" initializer from one standards compliant interpretation (zero all the bits) to another standards compliant interpretation (don't necessarily zero all the bits). C23 6.2.6.1 paragraph 7 (same as in previous versions of the C standard): > When a value is stored in a member of an object of union type, the bytes of the object representation that do not correspond to that member but do correspond to other members take unspecified values. There is a new -fzero-init-padding-bits= option in gcc 15 that controls the behavior (https://gcc.gnu.org/onlinedocs/gcc/Code-Gen-Options.html#index-fzero-init-padding-bits_003dvalue) which I found completely confusing until I realized gcc uses the term "union padding bits" in a sort of unconventional way. But you don't really want to rely on those new flags in gcc 15 if you can reorder the members of the union and rely on standards compliant "= {0}" initialization. In that case, always remember to put the biggest, strongest member of your union at the front if you want it initialized, just like a real union 😃
Quiet public
Christian Brauner 🦊🐺

@kees They did send aail about this around or before Christmas about this to lkml btw.

Neal Gompa (ニール・ゴンパ) :fedora:

@thesamesam @kees @brauner @uecker @pinskia Okay, this might be me just being stupid here, but in "PR118575", does "PR" stand for "problem report" or something else?

Jan 21, 2025, 01:22 AM·Quiet public·Elk
0boosts·0favorites
ExploreLive feeds
About