Follow

Sensitive data? memset(p, 0, sz); free(p); does not do want you think it does. The compiler is allowed to optimise the memset away. Use freezero(p, sz). For large allocations just unmaps the pages, avoiding the clearing and still making the memory inaccessible.

@otto nice! But but but, shouldn't it be called cfree()? ;) Speaking of which - guessing that the analog holds for calloc()?

Sign in to participate in the conversation
BSD Network

bsd.network is a *BSD-themed Mastodon Instance. General use is encouraged, and everyone is welcome as long as you follow our code of conduct!
If you wish to donate, we are on Liberapay: Donate using
LiberapayDonate using Liberapay