Page History

Using {{realloc()}} to resize dynamic memory may inadvertently expose sensitive information, or it may allow heap inspection as described in the _Fortify's _Taxonomy of: Software Security Errors_ \[[vulncat|http://vulncat.fortifysoftware.com/2/HI.htmlFortify 06|AA. C References#Fortify 06]\] and NIST's _Source Code Analysis Tool Functional Specification_ \[[NIST 06b|AA. C References#NIST 06b]\]. When {{realloc()}} is called it may allocate a new, larger object, copy the contents of {{secret}} to this new object, {{free()}} the original object, and assign the newly allocated object to {{secret}}. However, the contents of the original object may remain in memory.

\[[Fortify 06|AA. C References#Fortify 06]\]
\[[Graff 03|AA. C References#Graf 03]\]
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.20.3, "Memory management functions"
\[[NIST 06b|AA. C References#NIST 06b]\]