...

To prevent information leakage, sensitive information must be cleared from dynamically allocated buffers before they are freed.

free()

Non-Compliant Code Example: free()

Calling free() on a block of dynamic memory causes the space to be deallocated, that is, the memory block is made available for future allocation. However, the data stored in the block of memory to be recycled may be preserved. If this memory block contains sensitive information, that information may be unintentionally exposed.

...

The {{calloc()}} function ensures that the newly allocated memory has also been cleared. Because {{sizeof(char)}} is guaranteed to be 1, this solution does not need to check for a numeric overflow as a result of using {{calloc()}} \[[MEM07-A. Ensure that size arguments to calloc() do not result in an integer overflow]\].

realloc()

Non-Compliant Code Example: realloc()

Reallocating memory using the realloc() function is a regenerative case of freeing memory. The realloc() function deallocates the old object and returns a pointer to a new object.

...

\[[Graff 03|AA. C References#Graf 03]\] 
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.20.3, "Memory management functions"
\[[NIST 06b|AA. C References#NIST 06b]\]