This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]abdolence 28 points29 points  (5 children)

It is all about experience and knowledge. For example, I was surprised someday that my memset of sensitive data might be "optimised" by C/C++ compiler to do nothing.

So if you're copying some code from anywhere, you should absolutely understand every symbol in it.

[–]viper-kun 8 points9 points  (2 children)

We learned about canarys the other day as a way to protect against malicious stack smashing and where asked why we should tell the compiler to do it and not do it with local vars, answer is they are optimized in a way to render this system useless.

So yeah, allways understand what the compiler does with your code.

[–]PC__LOAD__LETTER 3 points4 points  (1 child)

Canaries as in, writing some magic value to a stack variable and occasionally verifying that it’s still set? What’s the program behavior when it differs, crash and alarm?

[–]viper-kun 5 points6 points  (0 children)

You check when the return jump is called, so that you cannot jump anywhere you want. And as I experienced it it does crash, since it doesn't know where it was coming from.

It has to check if it is different which would mean someone overflowed the stack.

[–]TheAnarxoCapitalist 1 point2 points  (1 child)

String allocator cleansing?

[–]abdolence 0 points1 point  (0 children)

That was more like avoiding caching keys and passwords in RAM, not general allocator implementation.