Usage of memset to eradicate string content

Arnaud Versini arnaud.versini at
Thu Aug 23 12:00:53 PDT 2012

Hi everyone,

I noticed in the code some annihilation of O[U]String content by using
memset or rtl_zeroMemory directly on the content as a password security. It
breaks encapsulation and the string immutability, not so good. I think
there is four possibilities, in order of my personal preference ;-) :

   1. Don't eradicate the string content, the content remain in RAM until
   the string deletion and a new allocation of the area
   2. Add a O[U]String eradicator for the password annihilation, better
   encapsulation of the String
   3. Use a modifiable StringBuffer or a char array like in Java for
   JPasswordField and eradicate its content
   4. Keep memset in the code

Thanks in advance for the clarification, I will do this after removing
rtl/memory.h internal usage task.
Arnaud Versini
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the LibreOffice mailing list