 
                            ...
The secret_size is tested to ensure that the integer multiplication (secret_size * 2) does not result in an integer overflow. (See INT32INT30-C. Ensure that unsigned integer operations  on signed integers  do not  result in overflowwrap.)
Compliant Solution
A compliant program cannot rely on realloc() because it is not possible to clear the memory before the call. Instead, a custom function must be used that operates similarly to realloc() but sanitizes sensitive information as heap-based buffers are resized. Again, sanitization is done by overwriting the space to be deallocated with '\0' characters.
...