[Bug 1972043] [NEW] Please add -ftrivial-auto-var-init=zero to default build flags
Launchpad Bug Tracker
1972043 at bugs.launchpad.net
Thu Sep 15 15:38:31 UTC 2022
You have been subscribed to a public bug by Matthieu Clemenceau (mclemenceau):
Please add "-ftrivial-auto-var-init=zero" for GCC 12 (which is the first
release of GCC to provide this flag).
It goes well with the other important security flaw mitigation flags already enabled in Ubuntu for GCC:
https://wiki.ubuntu.com/ToolChain/CompilerFlags
While many variables are initialized (due to -Wuninitialized), there is
a blind spot for variables passed by reference, padding, and cases where
-Wuninitialized just fails to track it. Universally wiping the variables
eliminates nearly the entire class of uninitialized stack variable use
(https://cwe.mitre.org/data/definitions/457.html) with nearly no
overhead (e.g. any duplicate assignments will already be squashed during
dead store elimination, etc).
** Affects: dpkg (Ubuntu)
Importance: Wishlist
Status: New
** Affects: gcc-12 (Ubuntu)
Importance: Wishlist
Status: New
** Affects: dpkg (Ubuntu Kinetic)
Importance: Wishlist
Status: New
** Affects: gcc-12 (Ubuntu Kinetic)
Importance: Wishlist
Status: New
** Tags: fr-2368 sec-994
--
Please add -ftrivial-auto-var-init=zero to default build flags
https://bugs.launchpad.net/bugs/1972043
You received this bug notification because you are a member of Ubuntu Foundations Bugs, which is subscribed to the bug report.
More information about the foundations-bugs
mailing list