dovecot-2.2: safe_memset() wasn't safe with modern compilers any...

[dovecot at dovecot.org]

details:   http://hg.dovecot.org/dovecot-2.2/rev/09c114091c88
changeset: 17247:09c114091c88
user:      Timo Sirainen <tss at iki.fi>
date:      Tue Apr 22 13:15:21 2014 +0300
description:
safe_memset() wasn't safe with modern compilers anymore.
Another try based on David Jacobson's code in
https://www.mail-archive.com/openssl-dev@openssl.org/msg34134.html :

"""
Since vs points to a volatile, the load in the while clause actually has to
be done. That forces the compiler to actually store c into at least the byte
that is tested, in practice byte zero. But the fact that the index is
volatile zero, and since it is volatile it could spontaneously change to
anything, the compiler has to store c into all bytes.

The key observation is that while you can't pass a volatile to memset (you
get a warning and the volatile gets stripped away), you can use a volatile
in a test that could go the wrong way if the memset were elided.
"""

diffstat:

 src/lib/safe-memset.c |  6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

diffs (16 lines):

diff -r 54178ae78835 -r 09c114091c88 src/lib/safe-memset.c
--- a/src/lib/safe-memset.c	Sat Apr 19 11:23:18 2014 +0200
+++ b/src/lib/safe-memset.c	Tue Apr 22 13:15:21 2014 +0300
@@ -5,8 +5,10 @@
 
 void safe_memset(void *data, int c, size_t size)
 {
+	volatile unsigned int volatile_zero_idx = 0;
 	volatile unsigned char *p = data;
 
-	for (; size > 0; size--)
-		*p++ = (unsigned char)c;
+	do {
+		memset(data, c, size);
+	} while (p[volatile_zero_idx] != c);
 }