memzero(): call the weak function after zeroing

A weak function cannot be inlined, but even if it's a little bit far stretched, a compiler could add code taking different paths according to the callee. With a weak function called after the zeroing, we can be sure that the zeroing has to happen.
7 years ago · 99f8c19a1b
1 changed files with 11 additions and 9 deletions
--- a/src/libsodium/sodium/utils.c
+++ b/src/libsodium/sodium/utils.c
@ -64,15 +64,11 @@ static unsigned char canary[CANARY_SIZE];

 #ifdef HAVE_WEAK_SYMBOLS
 __attribute__((weak)) void
-_sodium_memzero_as_a_weak_symbol_to_prevent_lto(void *const  pnt,
-                                                const size_t len)
+_sodium_dummy_symbol_to_prevent_memzero_lto(void *const  pnt,
+                                            const size_t len)
 {
-    unsigned char *pnt_ = (unsigned char *) pnt;
-    size_t         i    = (size_t) 0U;
-
-    while (i < len) {
-        pnt_[i++] = 0U;
-    }
+    (void) pnt;
+    (void) len;
 }
 #endif

@ -88,7 +84,13 @@ sodium_memzero(void *const pnt, const size_t len)
 #elif defined(HAVE_EXPLICIT_BZERO)
    explicit_bzero(pnt, len);
 #elif HAVE_WEAK_SYMBOLS
-    _sodium_memzero_as_a_weak_symbol_to_prevent_lto(pnt, len);
+    unsigned char *pnt_ = (unsigned char *) pnt;
+    size_t         i    = (size_t) 0U;
+
+    while (i < len) {
+        pnt_[i++] = 0U;
+    }
+    _sodium_dummy_symbol_to_prevent_memzero_lto(pnt, len);
 #else
    volatile unsigned char *volatile pnt_ =
        (volatile unsigned char *volatile) pnt;