Page History

The {{calloc()}} function ensures that the newly allocated memory has also been cleared. Because {{sizeof(char)}} is guaranteed to be 1, this solution does not need to check for a numeric overflow as a result of using {{calloc()}} \[[MEM07-A. Ensure that sizethe arguments to calloc() dowhen multiplied notcan resultbe inrepresented anas integera overflowsize_t]\].

NOTE: It is possible that the call to {{memset()}} in this example will be optimized out \[[MSC06-A. Be aware of compiler optimization when dealing with sensitive data]\].  Be very careful to ensure that any sensitive data is actually cleared from memory.

The {{calloc()}} function ensures that the newly allocated memory has also been cleared. Because {{sizeof(char)}} is guaranteed to be 1, this solution does not need to check for a numeric overflow as a result of using {{calloc()}} \[[MEM07-A. Ensure that sizethe arguments to calloc() dowhen multiplied notcan resultbe inrepresented anas integera overflowsize_t]\].

In practice, this type of [security flaw|BB. Definitions#security flaw] can expose sensitive information to unintended parties. The Sun tarball vulnerability discussed in _Secure Coding Principles & Practices: Designing and Implementing Secure Applications_ \[[Graf 03|AA. C References#Graf 03]\] and [Sun Security Bulletin #00122 | http://sunsolve.sun.com/search/document.do?assetkey=1-22-00122-1] illustrates a violation of this recommendation, leading to sensitive data being leaked. Attackers may also be able to leverage this defect to retrieve sensitive information using techniques such as _heap inspection_.