Le lundi 22 novembre 2010 Ã 15:50 -0800, Andrew Morton a Ãcrit : > Well. We certainly assume in many places that > > struct foo { > int a; > int b; > } f = { > .a = 1, > }; > > will initialise b to zero. But I doubt if much code at all assumes > that this initialisation patterm will reliably zero out *holes* in the > struct. > We did such assertions in the past, we were wrong. Check commit 1c40be12f7d8ca1d387510d39787b12e512a7ce8 for an example (net sched: fix some kernel memory leaks) I guess we must make a full audit of all C99 initializers or structures copied to userspace, giving a name to hidden holes, to force gcc to init them to 0. # cat try.c struct s { char c; long l; }; void bar(void *v) { unsigned long *p = v; printf("%lx %lx\n", p[0], p[1]); } int main() { struct s s1 = { .c = 1, .l = 2, }; bar(&s1); return 0; } # gcc -O2 -o try try.c # ./try 8049401 2 Strangely, if we remove ".l = 2," line, gcc emits code to clear al the fields main: pushl %ebp movl %esp, %ebp andl $-16, %esp subl $32, %esp leal 24(%esp), %eax movl $0, 24(%esp) movl %eax, (%esp) movl $0, 28(%esp) movb $1, 24(%esp) call bar xorl %eax, %eax leave ret -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html