...
Non Compliant Code Example 1
| Code Block |
|---|
void getPassword() {
char pwd[64];
if( GetPassword(pwd, sizeof(pwd)) {
/* checking of password, secure operations, etc */
}
memset(pwd, 0, sizeof(pwd));
}
|
"code may be removed by the optimizer if it determines that doing so will not alter the behavior of the program."
Some compiler optimization modes may remove code sections if the optimizer determines that doing so will not alter the behavior of the program. In this example, this can Compilers with optimization modes which remove dead code may cause the call to memset() (which the programmer had hoped would clear sensitive memory) to be removed because after the store to pwd, pwd is never accessed again. GCC refers to this behavior as dead code elimination and similar constructs may exist in other compilers. Check compiler documentation for information about this compiler specific behavior.
...