More on in-memory zeroisation

Dave Korn dave.korn at
Mon Dec 10 13:29:20 EST 2007

On 09 December 2007 06:16, Peter Gutmann wrote:

> Reading through "Secure Programming with Static Analysis", I noticed an
> observation in the text that newer versions of gcc such as 3.4.4 and 4.1.2
> treat the pattern:
>   "memset(?, 0, ?)"
> differently from any other memset in that it's not optimised out.

> Can anyone who knows more about gcc development provide more insight on
> this? Could it be made an official, supported feature of the compiler?

  I'm sure it could; why not raise it on the GCC mailing list?  It sounds like
all it would involve would be a patch to the documentation and maybe a comment
in the source.

Can't think of a witty .sigline today....

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list