Proposed GCC 12 Security Option Would Auto Initialize Automatic Variables

Written by Michael Larabel in GNU on 24 February 2021 at 03:00 AM EST. 62 Comments
GNU
An Oracle engineer has proposed introducing a new "-ftrivial-auto-var-init=" option for the GCC compiler that would allowing initializing automatic variables with either a pattern or zeroes in the name of security.

In trying to fight security issues stemming from uninitialized memory disclosure, the suggested -ftrivial-auto-var-init==zero would initialize automatic variables with zeroes unless the new "uninitialized" variable attribute was used on a particular variable for overriding the behavior.

Or there is the -ftrivial-auto-var-init=pattern option that would initialize automatic variables with patterns that would likely transform logic bugs into crashes. The pattern option can be useful for tracking down issues / making them more apparent.

With this patch suggested for GCC 12, the default behavior would remain that automatic variables are uninitialized. And as mentioned as new "uninitialized" attribute would be supported for excluding individual variables.

This is great for security but can incur additional run-time overhead, so if the patch is picked up we'll see how its adoption pans out moving forward. For now the proposed "-ftrivial-auto-var-init" option patch is residing on the GCC mailing list.
62 Comments
Related News
Glibc 2.41 Adds C23's sinpi / cospi / tanpi Functions
GCC 15 Ends Support For Altera Nios II Embedded Processors
GNU Linux-libre 6.12-gnu Continues Dealing With More Blobs In The Kernel
GCC 15 Compiler Development Shifts From Features To Bug Fixing
GCC 15 Moves C Default Language Version To C23
GCC 15 Adds Option For Arm Guarded Control Stack "GCS" Code Generation
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd
KDE Starts December By Landing A Number Of New Features