Public bug reported: Please add "-ftrivial-auto-var-init=zero" for GCC 12 (which is the first release of GCC to provide this flag).
It goes well with the other important security flaw mitigation flags already enabled in Ubuntu for GCC: https://wiki.ubuntu.com/ToolChain/CompilerFlags While many variables are initialized (due to -Wuninitialized), there is a blind spot for variables passed by reference, padding, and cases where -Wuninitialized just fails to track it. Universally wiping the variables eliminates nearly the entire class of uninitialized stack variable use (https://cwe.mitre.org/data/definitions/457.html) with nearly no overhead (e.g. any duplicate assignments will already be squashed during dead store elimination, etc). ** Affects: gcc-12 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1972043 Title: Please add -ftrivial-auto-var-init=zero to default build flags To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gcc-12/+bug/1972043/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
