...
For all of the below listed compliant code examples, it is strongly recommended that the programmer inspect the generated assembly code to ensure that memory is actually zeroed and none of the function calls were optimized out.
Non-Compliant Code Example 1
| Code Block |
|---|
void getPassword() {
char pwd[64];
if(GetPassword(pwd, sizeof(pwd)) {
/*checking of password, secure operations, etc */
}
memset(pwd, 0, sizeof(pwd));
*(volatile char*)buffer = *(volatile char*)buffer;
}
|
...