...
Automated Detection
Klocwork Version 8.0.4.16 can detect violations of this rule with the SV.USAGERULES.UNINTENDED_COPY checkers. See Klocwork Cross Reference
Compass/ROSE could detect possible violations of this rule by first flagging any usage of realloc(). Also it could flag any usage of free that isn't preceded by code to clear out the preceding memory, using memset. This heuristic is imperfect, as it flags all possible data leaks, not just leaks of 'sensitive' data, because ROSE can't tell which data is 'sensitive'.
...