|
|
|
|
|
|
by loup-vaillant
2972 days ago
|
|
|
Here's a real world example: https://github.com/LoupVaillant/Monocypher/commit/d7bb73f65a... So I have this function, `crypto_wipe()` that wipes memory regions with `volatile` so the compiler doesn't optimises it away. In the link above I was using it thus: crypto_stuff(stuff_ctx *ctx) {
// stuff
crypto_wipe(ctx, sizeof(ctx)); // BUUUG!!
}
See the bug? I should have dereferenced `ctx` in the sizeof operator. As it was, was only wiping a pointer's worth of data instead of the whole structure. Oops.Now I write this instead: crypto_stuff(stuff_ctx *ctx) {
// stuff
WIPE_CTX(ctx); // correct!
}
The amount of repetition I avoid this way is almost negligible, but that was enough to trigger a mistake (I had quite a lot of wiping to do). With the macro, errors are much easier to spot (so much so that I am willing to give 100€ to anyone who finds such an error, see https://monocypher.org/quality-assurance/bug-bounty) |
|
|