MantisBT - Doomseeker
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0003672Doomseeker[All Projects] Bugpublic2019-06-28 08:352019-07-30 10:15
ReporterWubTheCaptain 
Assigned ToZalewa 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusclosedResolutionno change required 
PlatformOSOS Version
Product Version1.2 
Target VersionFixed in Version 
Summary0003672: Zeroing memory with memset() in SRB2 plugin may get optimized out by the compiler
DescriptionUsing explicit_bzero() or memset_s() (with __STDC_LIB_EXT1__) could prevent the compiler from optimizing zeroing memory away in the SRB2 plugin.
Steps To Reproduce
src/plugins/srb2/srb2masterclient.cpp:          memset(this, 0, sizeof(Header));
src/plugins/srb2/srb2server.cpp:                memset(this, 0, sizeof(Header));
src/plugins/srb2/srb2server.cpp:                        memset(this, 0, sizeof(D));
src/plugins/srb2/srb2server.cpp:                                memset(this, 0, sizeof(D));
Additional Information'https://man.openbsd.org/explicit_bzero.3 [^]'
'https://media.ccc.de/v/35c3-9788-memsad [^]'
'https://fahrplan.events.ccc.de/congress/2018/Fahrplan/events/9788.html [^]'
TagsNo tags attached.
Relationships
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2019-06-28 08:35WubTheCaptainNew Issue
2019-06-28 08:35WubTheCaptainNote Added: 0020843
2019-06-30 10:19ZalewaNote Added: 0020848
2019-06-30 11:26WubTheCaptainAssigned To => WubTheCaptain
2019-06-30 11:26WubTheCaptainStatusnew => feedback
2019-06-30 11:26WubTheCaptainAssigned ToWubTheCaptain => Zalewa
2019-06-30 11:27WubTheCaptainNote Added: 0020854
2019-06-30 11:27WubTheCaptainStatusfeedback => assigned
2019-06-30 11:38ZalewaNote Added: 0020857
2019-06-30 11:38ZalewaStatusassigned => resolved
2019-06-30 11:38ZalewaFixed in Version => 1.3
2019-06-30 11:38ZalewaResolutionopen => no change required
2019-06-30 11:43WubTheCaptainFixed in Version1.3 =>
2019-07-30 10:15WubTheCaptainStatusresolved => closed

Notes
(0020843)
WubTheCaptain   
2019-06-28 08:35   
NB: I didn't find the data sensitive (server headers), so I don't consider this as a security bug.
(0020848)
Zalewa   
2019-06-30 10:19   
What are the undesireable side effects of such optimization happening in these specified instances?
(0020854)
WubTheCaptain   
2019-06-30 11:27   
No undesirable side effects I can see, or at least I would assume. (grepping is harder.)
(0020857)
Zalewa   
2019-06-30 11:38   
Resolving as no change required.