On Tue, 2016-07-12 at 15:08 -0400, Kees Cook wrote: > On Mon, Jul 4, 2016 at 7:42 PM, Emese Revfy <re.emese@xxxxxxxxx> > wrote: > > > > The nocapture gcc attribute can be on functions only. > > The attribute takes one or more unsigned integer constants as > > parameters > > that specify the function argument(s) of const char* type to > > initify. > > If the marked argument is a vararg then the plugin initifies > > all vararg arguments. > > Why is this called "nocapture"? Not captured by what? It seems like > it > means "initify this if possible". Am I misunderstanding its purpose? It means they don't escape via that function, i.e. they aren't stored anywhere to be used in any way after the call.
Attachment:
signature.asc
Description: This is a digitally signed message part
