I read some code recently where someone wrote their own function called secureMemset where they used a temporary volatile pointer to the memory block and executed the write operation an extra time to ensure that the data was actually assigned to the new sanitization value. The reasoning for that was that supposedly the library function memset could be completely optimized away by the compiler, depending on how you configure a compiler and whether the compiler decides that the operation was necessary. This was news to me, as I had never heard of that before. Is this also true for the std::fill and std::fill_n algorithms? I tend to prefer the C++ algorithms anyway when I write code, but I wonder if they are also vulnerable to this security problem. Would any C++ security experts out there care to answer this question and provide some more insight. If so, please advise. I read some other forums but I did not see any place where std::fill was discussed as an alternative to memset.
http://stackoverflow.com/questions/2...memory-when-se
https://www.securecoding.cert.org/co...sensitive+data