Call to
memset
may be deleted
ID: cpp/memset-may-be-deleted
Kind: problem
Security severity: 7.8
Severity: warning
Precision: high
Tags:
- security
- external/cwe/cwe-14
Query suites:
- cpp-code-scanning.qls
- cpp-security-extended.qls
- cpp-security-and-quality.qls
Click to see the query in the CodeQL repository
Calling
memset
or
bzero
on a buffer to clear its contents may get optimized away by the compiler if the buffer is not subsequently used. This is not desirable behavior if the buffer contains sensitive data that could somehow be retrieved by an attacker.
Recommendation
Use alternative platform-supplied functions that will not get optimized away. Examples of such functions include
memset_s
,
SecureZeroMemory
, and
bzero_explicit
. Alternatively, passing the
-fno-builtin-memset
option to the GCC/Clang compiler usually also prevents the optimization. Finally, you can use the public-domain
secure_memzero
function (see references below). This function, however, is not guaranteed to work on all platforms and compilers.
Example
The following program fragment uses
memset
to erase sensitive information after it is no longer needed:
char
password
[
MAX_PASSWORD_LENGTH
];
// read and verify password
memset
(
password
,
0
,
MAX_PASSWORD_LENGTH
);
Because of dead store elimination, the call to
memset
may be removed by the compiler (since the buffer is not subsequently used), resulting in potentially sensitive data remaining in memory.
The best solution to this problem is to use the
memset_s
function instead of
memset
:
char
password
[
MAX_PASSWORD_LENGTH
];
// read and verify password
memset_s
(
password
,
MAX_PASSWORD_LENGTH
,
0
,
MAX_PASSWORD_LENGTH
);