Security flaws caused by compiler optimizations?

Question

5.00/5 (1 vote)

See more:

I've been reading how C/C++ compiler optimizations could potentially introduce security flaws.

Security flaws caused by compiler optimizations[^]

For example, the SecureZeroMemory function[^] is recommended because memset() and ZeroMemory() could be optimized away.

Are there any other examples where this would be an issue?

What I have tried:

I'm just searching for examples. There seems to be limited information on the subject.

Posted 2-Oct-23 6:23am

Randor

Updated 3-Oct-23 6:37am

Deeksha Shenoy

v2

Add a Solution

Comments

[no name] 3-Oct-23 1:54am

If someone is at the point where they are "probing" your exe, I doubt it makes much difference what "zero" function you use.

Member 15627495 3-Oct-23 2:10am

Optimizations by compiler promise a faster execution... but it's giving up for too much features, and that ends on \\security\\ flaws :
- mainly "crashing.exe"

It's 'security' for the code execution, not an affair about 'hacker agaisnt police'

by using the option 'optimization' you make your code unsafe in a way, with 'to guess' strict environment to launch your app.
if you don't have a accurate ENV for your App, it will be crashing, waiting for another crash and so again and again...

the gain could be effiscient with big big loop, and lot of process to achieve, but your code need a review to be reliable with all optimizations purpose,
all you want to optimize, need 'protecting code by you'.

It's kind of 'balance' between what you have code, and what you have compiled.

Dave Kreskowiak 3-Oct-23 13:15pm

The opposite is also true. Running the code in debug can also expose the internals of your app. "Debug" does NOT mean "check everything for security".

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)