More on in-memory zeroisation

Florian Weimer fw at
Mon Dec 10 11:50:07 EST 2007

* Thierry Moreau:

> Peter Gutmann wrote:
>> There was a discussion on this list a year or two back about problems in using
>> memset() to zeroise in-memory data, specifically the fact that optimising
>> compilers would remove a memset() on (apparently) dead data in the belief that
>> it wasn't serving any purpose.
> Then, s/memset(?,0,?)/(memset)(?,0,?)/ to get rid of compiler in-lining.
> Ref: ANSI X3.159-1989, section 4.1.6 (Use of C standard library functions)

This isn't true; inlining of standard library functions is always
permitted under the as-if rule.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list