On Mon, Feb 01, 2021 at 13:42:02 +0100, Tim Wiederhake wrote:
> This was found by clang-tidy's
> "clang-analyzer-security.insecureAPI.bzero" check.
>
> bzero is marked as deprecated ("LEGACY") in POSIX.1-2001 and
> removed in POSIX.1-2008.
>
> Besides its deprecation, bzero can be unsafe to use under certain
> circumstances, e.g. when used to zero-out memory containing secrects.
> These calls can be optimized away by the compiler, if it concludes no
> further access happens to the memory, thus leaving the secrets still
> in memory. Hence its classification as "insecureAPI".
>
> Signed-off-by: Tim Wiederhake <twiederh@xxxxxxxxxx>
> ---
> src/util/virarptable.c | 2 +-
> tests/virpcimock.c | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
Reviewed-by: Peter Krempa <pkrempa@xxxxxxxxxx>
