1 files changed, 52 insertions, 28 deletions

diff --git a/missing/explicit_bzero.c b/missing/explicit_bzero.c
index 99b2e2758c..061e72f800 100644
--- a/missing/explicit_bzero.c
+++ b/missing/explicit_bzero.c
@@ -5,11 +5,14 @@
 #include <windows.h>
 #endif
 
-/*
- *BSD have explicit_bzero().
- Windows, OS-X have memset_s().
- Linux has none. *Sigh*
-*/
+/* Similar to bzero(), but have a guarantee not to be eliminated from compiler
+   optimization. */
+
+/* OS support note:
+ * BSD have explicit_bzero().
+ * Windows, OS-X have memset_s().
+ * Linux has none. *Sigh*
+ */
 
 /*
  * Following URL explain why memset_s is added to the standard.
@@ -21,35 +24,56 @@
 #endif
 
 #ifndef HAVE_EXPLICIT_BZERO
-/* Similar to bzero(), but have a guarantee not to be eliminated from compiler
-   optimization. */
+ #ifdef HAVE_MEMSET_S
+void
+explicit_bzero(void *b, size_t len)
+{
+    memset_s(b, len, 0, len);
+}
+ #elif defined SecureZeroMemory
+void
+explicit_bzero(void *b, size_t len)
+{
+    SecureZeroMemory(b, len);
+}
+
+ #elif defined HAVE_FUNC_WEAK
+
+/* A weak function never be optimization away. Even if nobody use it. */
+WEAK(void ruby_explicit_bzero_hook_unused(void *buf, size_t len));
+void
+ruby_explicit_bzero_hook_unused(void *buf, size_t len)
+{
+}
+
+void
+explicit_bzero(void *b, size_t len)
+{
+    memset(b, len);
+    ruby_explicit_bzero_hook_unused(b, len);
+}
+
+ #else /* Your OS have no capability. Sigh. */
 
-#ifndef HAVE_MEMSET_S
 FUNC_UNOPTIMIZED(void explicit_bzero(void *b, size_t len));
-#endif
 #undef explicit_bzero
 
 void
 explicit_bzero(void *b, size_t len)
 {
-#ifdef HAVE_MEMSET_S
-    memset_s(b, len, 0, len);
-#elif defined SecureZeroMemory
-    SecureZeroMemory(b, len);
-#else
-    {
-	/*
-	 * TODO: volatile is not enough if compiler have a LTO (link time
-	 * optimization)
-	 */
-	volatile char* p = (volatile char*)b;
-
-	while(len) {
-	    *p = 0;
-	    p++;
-	    len--;
-	}
+    /*
+     * volatile is not enough if compiler have a LTO (link time
+     * optimization). At least, the standard provide no guarantee.
+     * However, gcc and major other compiler never optimization a volatile
+     * variable away. So, using volatile is practically ok.
+     */
+    volatile char* p = (volatile char*)b;
+
+    while(len) {
+	*p = 0;
+	p++;
+	len--;
     }
-#endif
 }
-#endif
+ #endif
+#endif /* HAVE_EXPLICIT_BZERO */