Re: unitialized variables

From: Henrik Nordstrom <>
Date: Sat, 27 Apr 2002 10:30:31 +0200

Evgeny Kotsuba wrote:

> First, it is bad style programming as for C as for C++, second we don't
> know what will be in future and I don't know details on non-intel
> platphorms, and last, the high level optimization with moving all as
> possible to registers don't know about memory allocating/commiting.

It is not CPU dependent, it is OS and security dependent.

OS:es not guaranteeing that the memory assigned to new processes is
cleared from data has a security problem where sensitive data may leak
from a privileged process to a less privileged process. Because of this
all OS:es having isolation between processes (memory protection) clears
any memory assigned to new processes, and even most OS:es not having
such isolation is doing the same (but then more of
stability/predicatability reasons than security).

And I do agree that it is bad style to not initialize variables even if
in global or file scope and is a problem, but I do not exactly regard it
as a bug.

> There is one more on uzing of uninitialized variables:
> squid\src\comm_select.c -> comm_select(int msec)
> comm_select(int msec)
> {
> [...]
> fd_set pendingfds;
> [..]
> /******************
> * What about FD_ZERO(&pendingfds); here ?
> *****************/
> pending = 0;

Right, this is truly a bug, but fortunately with the only negative
impact of slightly higher CPU usage than intended.

Received on Sat Apr 27 2002 - 02:30:35 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:15:22 MST