www.digitalmars.com         C & C++   DMDScript  

digitalmars.D.bugs - [Issue 13334] New: [infoleak] DMD always places module paths in data

https://issues.dlang.org/show_bug.cgi?id=13334

          Issue ID: 13334
           Summary: [infoleak] DMD always places module paths in data
                    segment
           Product: D
           Version: D2
          Hardware: All
                OS: All
            Status: NEW
          Keywords: performance
          Severity: normal
          Priority: P1
         Component: DMD
          Assignee: nobody puremagic.com
          Reporter: thecybershadow gmail.com

Consider the following minimalistic Win32 executable program:

/////////////// winmain.d //////////////
import win32.windows;

extern(Windows) void ExitProcess(DWORD);

void start() { ExitProcess(0); }

pragma(startaddress, start);
pragma(lib, "kernel32");
////////////////////////////////////////

If the program is compiled, then the EXE passed through the standard `strings`
utility, the output is as follows:

ExitProcess
KERNEL32.dll
C:\Soft\dmd2d\windows\bin\..\..\import\druntime\object.di
C:\Soft\dmd2d\windows\bin\..\..\import\win32\w32api.d
C:\Soft\dmd2d\windows\bin\..\..\import\win32\windef.d
C:\Soft\dmd2d\windows\bin\..\..\import\win32\basetsd.d
C:\Soft\dmd2d\windows\bin\..\..\import\win32\winbase.d
C:\Soft\dmd2d\windows\bin\..\..\import\win32\winuser.d
C:\Soft\dmd2d\windows\bin\..\..\import\win32\mmsystem.d
C:\Soft\dmd2d\windows\bin\..\..\import\win32\winsock2.d
C:\Soft\dmd2d\windows\bin\..\..\import\win32\ws2tcpip.d

The executable contains an unused (unreferenced) string containing the path of
each module of the program.

These strings are present even if the program is compiled with -release
-betterC!

These strings seem to be generated by the Module::genhelpers function in
mars.c. This function generates functions to handle range check errors,
assertion failures, and unittest failures. Now, the functions themselves are
generated each in a separate section, and as they are not used by the program,
they are ultimately stripped by the linker. However, the strings are not
stripped, because they are emitted directly to the object file's data segment.

I can see two solutions:

1) Do not generate these helper functions or strings when -betterC is
specified.
2) Emit the strings to a separate segment, so that they can be stripped away by
the linker as well.

--
Aug 19 2014