should we have a rtl_secureZeroMemory ?

Stephan Bergmann sbergman at
Tue Mar 10 03:14:03 PDT 2015

On 03/10/2015 10:43 AM, Caolán McNamara wrote:
> This is in the context of the
> section and these memset calls
> Or should we just use c++11's memset_s in these places ?
> (And persumably either way, have rtl_freeZeroMemory call that instead of
> memset ?)

memset_s is a bit hairy, as it is C11 but not C++11, and conditional in 
C11 on __STDC_LIB_EXT1__, effectively requiring every include of any 
standard library header in the compilation unit to see 
__STDC_WANT_LIB_EXT1__ defined to 1.  So it looks like wrapping it in 
some rtl_secureZeroMemory abstraction looks like a good idea.

A nice approach would be to restrict this to rtl_freeZeroMemory, but at 
least some of the places in LibreOffice-V597.txt use memset on e.g. 
stack-allocated memory, so making rtl_secureZeroMemory available in 
addition to rtl_freeZeroMemory seems to be needed.

More information about the LibreOffice mailing list