* Ubuntu: https://bugs.launchpad.net/ubuntu/+source/gcc-12/+bug/1972043 * Debian: https://bugs.debian.org/1010685 * General: https://stackoverflow.com/questions/75061576/using-ftrivial-auto-var-init-to-guarantee-the-initialization-of-padding-bytes * LLVM: https://discourse.llvm.org/t/making-ftrivial-auto-var-init-zero-a-first-class-option/55143/40 * LLVM: https://lists.llvm.org/pipermail/cfe-dev/2020-April/065221.html I don't think this is likely to ever be a candidate for non-hardened, as it's more expensive - like -D_GLIBCXX_ASSERTIONS is. But what are the hardened profiles for if not bits like this? :) Fortunately, the =0 init is cheaper than with a pattern. Apparently ChromiumOS is using zero as well, but I haven't verified that.
kees, maskray: I'd welcome your opinions on if it's worth exploring this for our Hardened profiles yet or not (note that I've done 0 test builds over the repositories yet).
(Note that I don't plan on the similarly-named-but-rather-different -fzero-call-used-regs=all given https://dustri.org/b/paper-notes-clean-the-scratch-registers-a-way-to-mitigate-return-oriented-programming-attacks.html).
Created attachment 869126 [details, diff] enable-ftrivial-auto-var-init-zero-by-default.patch Attached trivial hacky patch for anyone who wants to test.
Sounds great! https://reviews.freebsd.org/D27131 provides choices WITH_INIT_ALL_ZERO/WITH_INIT_ALL_PATTERN Android platform defaulted to -ftrivial-auto-var-init=zero since 2020-05 https://r.android.com/c/platform/build/soong/+/1310902/2/cc/config/global.go https://chromium.googlesource.com/chromium/src/+/refs/heads/main/build/config/compiler/BUILD.gn#139 defaults to pattern (non-official-build-of-Android non-ChromeOS) or zero (ChromeOS)
