...
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <string.h>
struct test {
int a;
char b;
int c;
};
/* Safely copy bytes to user space */
extern int copy_to_user(void *dest, void *src, size_t size);
void do_stuff(void *usr_buf) {
struct test arg;
/* Set all bytes (including padding bytes) to zero */
memset(&arg, 0, sizeof(arg));
arg.a = 1;
arg.b = 2;
arg.c = 3;
copy_to_user(usr_buf, &arg, sizeof(arg));
}
|
However, compilers are a C11-compliant compiler is free to implement arg.b = 2 by setting the low byte -order bits of a 32-bit register to 2, leaving the high bytes -order bits unchanged and storing all 32 bits of the register into memory. This implementation could containing sensitive information. Then the platform copies all register bits into memory, leaving sensitive information in the padding bits. Consequently, this implementation could leak the high-order bytes resident in bits from the register to a user.
Compliant Solution
...