Main Content
Sensitive heap memory not cleared before release
Sensitive data not cleared or released by memory routine
Description
This defect occurs when dynamically allocated memory contains sensitive data and you do not clear the data before you free the memory.
Risk
If the memory zone is reallocated, an attacker can still inspect the sensitive data in the old memory zone.
Fix
Before calling free
, clear out the sensitive
data using memset
or SecureZeroMemory
.
Examples
Result Information
Group: Security |
Language: C | C++ |
Default: Off |
Command-Line Syntax: SENSITIVE_HEAP_NOT_CLEARED |
Impact: Medium |
Version History
Introduced in R2015b
See Also
Uncleared sensitive data in stack
| Sensitive data printed out
| Find defects (-checkers)
Topics
- Interpret Bug Finder Results in Polyspace Desktop User Interface
- Interpret Bug Finder Results in Polyspace Access Web Interface (Polyspace Access)
- Address Results in Polyspace User Interface Through Bug Fixes or Justifications
- Address Results in Polyspace Access Through Bug Fixes or Justifications (Polyspace Access)