Evgeny Kotsuba wrote:
> First, it is bad style programming as for C as for C++, second we don't
> know what will be in future and I don't know details on non-intel
> platphorms, and last, the high level optimization with moving all as
> possible to registers don't know about memory allocating/commiting.
It is not CPU dependent, it is OS and security dependent.
OS:es not guaranteeing that the memory assigned to new processes is
cleared from data has a security problem where sensitive data may leak
from a privileged process to a less privileged process. Because of this
all OS:es having isolation between processes (memory protection) clears
any memory assigned to new processes, and even most OS:es not having
such isolation is doing the same (but then more of
stability/predicatability reasons than security).
And I do agree that it is bad style to not initialize variables even if
in global or file scope and is a problem, but I do not exactly regard it
as a bug.
> There is one more on uzing of uninitialized variables:
>
> squid\src\comm_select.c -> comm_select(int msec)
>
> comm_select(int msec)
> {
> [...]
> fd_set pendingfds;
> [..]
> /******************
> * What about FD_ZERO(&pendingfds); here ?
> *****************/
> pending = 0;
Right, this is truly a bug, but fortunately with the only negative
impact of slightly higher CPU usage than intended.
Regards
Henrik
Received on Sat Apr 27 2002 - 02:30:35 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:15:22 MST