mirror of
https://github.com/postgres/postgres.git
synced 2025-11-04 20:11:56 +03:00
253cf661c2
Per the letter of the C11 standard, one must #define
__STDC_WANT_LIB_EXT1__ as 1 before including <string.h> in order to
have access to memset_s(). It appears that many platforms are lenient
about this, because we weren't doing it and yet the code appeared to
work anyway. But we now find that with -std=c11, macOS is strict and
doesn't declare memset_s, leading to compile failures since we try to
use it anyway. (Given the lack of prior reports, perhaps this is new
behavior in the latest SDK? No matter, we're clearly in the wrong.)
In addition to the immediate problem, which could be fixed merely by
adding the needed #define to explicit_bzero.c, it seems possible that
our configure-time probe for memset_s() could fail in case a platform
implements the function in some odd way due to this spec requirement.
This concern can be fixed in largely the same way that we dealt with
strchrnul() in 6da2ba1d8: switch to using a declaration-based
configure probe instead of a does-it-link probe.
Back-patch to v13 where we started using memset_s().
Reported-by: Lakshmi Narayana Velayudam <dev.narayana.v@gmail.com>
Author: Tom Lane <tgl@sss.pgh.pa.us>
Discussion: https://postgr.es/m/CAA4pTnLcKGG78xeOjiBr5yS7ZeE-Rh=FaFQQGOO=nPzA1L8yEA@mail.gmail.com
Backpatch-through: 13
58 lines
1.1 KiB
C
58 lines
1.1 KiB
C
/*-------------------------------------------------------------------------
|
|
*
|
|
* explicit_bzero.c
|
|
*
|
|
* Portions Copyright (c) 1996-2023, PostgreSQL Global Development Group
|
|
* Portions Copyright (c) 1994, Regents of the University of California
|
|
*
|
|
*
|
|
* IDENTIFICATION
|
|
* src/port/explicit_bzero.c
|
|
*
|
|
*-------------------------------------------------------------------------
|
|
*/
|
|
|
|
#define __STDC_WANT_LIB_EXT1__ 1 /* needed to access memset_s() */
|
|
|
|
#include "c.h"
|
|
|
|
#if HAVE_DECL_MEMSET_S
|
|
|
|
void
|
|
explicit_bzero(void *buf, size_t len)
|
|
{
|
|
(void) memset_s(buf, len, 0, len);
|
|
}
|
|
|
|
#elif defined(WIN32)
|
|
|
|
void
|
|
explicit_bzero(void *buf, size_t len)
|
|
{
|
|
(void) SecureZeroMemory(buf, len);
|
|
}
|
|
|
|
#else
|
|
|
|
/*
|
|
* Indirect call through a volatile pointer to hopefully avoid dead-store
|
|
* optimisation eliminating the call. (Idea taken from OpenSSH.) We can't
|
|
* assume bzero() is present either, so for simplicity we define our own.
|
|
*/
|
|
|
|
static void
|
|
bzero2(void *buf, size_t len)
|
|
{
|
|
memset(buf, 0, len);
|
|
}
|
|
|
|
static void (*volatile bzero_p) (void *, size_t) = bzero2;
|
|
|
|
void
|
|
explicit_bzero(void *buf, size_t len)
|
|
{
|
|
bzero_p(buf, len);
|
|
}
|
|
|
|
#endif
|