On Thu, Jan 27 2022 at 11:37:29 AM +0100, Mark Wielaard
<mark@xxxxxxxxx> wrote:
If you believe the tools are pretty good for detecting
these issues (and I believe they are, the example given was just
unfortunate because some of the issues weren't actually bad code and
some others were rightfully optimized out, so would never trigger),
then it is a bad compromise.
I don't agree. valgrind could detect disaster 100% of the time on
certain malicious input, but that does us no good unless somebody tests
that same malicious input before the bad guys do. The certainty of
knowing that all stack memory is initialized to 0 when our users run
the code is way more valuable than the chance that good guys with
fuzzers will find a programming error before the bad guys with fuzzers
do.
A couple other considerations:
* The vast majority of uninitialized stack memory bugs are "forgot to
initialize to NULL or 0," so the effects of these bugs are obviated,
and finding them becomes academic rather than interesting.
* If you really want to be able to find these bugs using valgrind,
recompiling the software for testing purposes is an option. That's not
an option for our users who expect Fedora production builds to be as
secure as possible.
Michael
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
