Click here to Skip to main content
15,850,753 members
Please Sign up or sign in to vote.
5.00/5 (1 vote)
See more:
I've been reading how C/C++ compiler optimizations could potentially introduce security flaws.

Security flaws caused by compiler optimizations[^]

For example, the SecureZeroMemory function[^] is recommended because memset() and ZeroMemory() could be optimized away.

Are there any other examples where this would be an issue?

What I have tried:

I'm just searching for examples. There seems to be limited information on the subject.
Posted
Updated 3-Oct-23 7:37am
v2
Comments
Gerry Schmitz 3-Oct-23 1:54am    
If someone is at the point where they are "probing" your exe, I doubt it makes much difference what "zero" function you use.
Member 15627495 3-Oct-23 2:10am    
Optimizations by compiler promise a faster execution... but it's giving up for too much features, and that ends on \\security\\ flaws :
- mainly "crashing.exe"

It's 'security' for the code execution, not an affair about 'hacker agaisnt police'

by using the option 'optimization' you make your code unsafe in a way, with 'to guess' strict environment to launch your app.
if you don't have a accurate ENV for your App, it will be crashing, waiting for another crash and so again and again...

the gain could be effiscient with big big loop, and lot of process to achieve, but your code need a review to be reliable with all optimizations purpose,
all you want to optimize, need 'protecting code by you'.

It's kind of 'balance' between what you have code, and what you have compiled.
Dave Kreskowiak 3-Oct-23 13:15pm    
The opposite is also true. Running the code in debug can also expose the internals of your app. "Debug" does NOT mean "check everything for security".

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900