My understanding of AllocatorWithCleanup is that it is intended to zero out memory before releasing it back to the heap, and FixedSizeAllocatorWithCleanup does something similar for statically- allocated objects. The deallocate() method for each of these classes dutifully calls through to memset() before memory is freed.
I think this is probably a bug, as the better optimizing compilers are likely to eliminate the call to memset(): https://www.securecoding.cert.org/confluence/display/cplusplus/MSC06-CPP.+Be+aware+of+compiler+optimization+when+dealing+with+sensitive+data Am I missing anything? I don't see the use of any mechanism that is guaranteed to foil this optimization. Paul --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. -~----------~----~----~----~------~----~------~--~---
