...
In this noncompliant code example, sensitive information generated by create_secret() is supposedly stored in the dynamically allocated buffer, secret, which is processed and eventually deallocated by a call to free(). The memory page containing secret can be swapped out to disk. If the program crashes before the call to free(), the information stored in secret may be stored in the core dump.
...