...
| Code Block | ||||
|---|---|---|---|---|
| ||||
void f(const char *mbs) {
size_t len;
mbstate_t state;
memset(&state, 0, sizeof(state));
len = mbrlen(mbs, strlen(mbs), &state);
/* ... */
}
|
Noncompliant Code Example (POSIX, Entropy)
In this noncompliant code example, the process ID, time of day, and uninitialized memory junk is used to seed a random number generator. This behavior is characteristic of some distributions derived from Debian that use uninitialized memory as a source of entropy because the value stored in junk is indeterminate. However, because accessing indeterminate values is undefined behavior, compilers may optimize out the uninitialized variable access completely, leaving only the time and process ID and resulting in a loss of desired entropy.
...
For this noncompliant code example, OS X 10.6 retains the junk value, but OS X 10.7 and OS X 10.8 do not.
Compliant Solution (POSIX, Entropy)
The previous noncompliant code example can be solved by using a more reliable source for random number generation. This compliant solution uses the CPU clock in addition to the real-time clock to seed the random number generator:
...