CWE-244

Improper Clearing of Heap Memory Before Release (‘Heap Inspection’). [Improper-Control-Of-A-Resource-Through-Its-Lifetime]

Required inputs: IR

Using realloc() to resize buffers that store sensitive information can leave the sensitive information exposed to attack, because it is not removed from memory. When sensitive data such as a password or an encryption key is not removed from memory, it could be exposed to an attacker using a "heap inspection" attack that reads the sensitive data using memory dumps or other methods. The realloc() function is commonly used to increase the size of a block of allocated memory. This operation often requires copying the contents of the old memory block into a new and larger block. This operation leaves the contents of the original block intact but inaccessible to the program, preventing the program from being able to scrub sensitive data from memory. If an attacker can later examine the contents of a memory dump, the sensitive data could be exposed.
Demonstrative Examples
Example 1

The following code calls realloc() on a buffer containing sensitive data:

Example Language:C
    cleartext_buffer = get_secret();...
    cleartext_buffer = realloc(cleartext_buffer, 1024);
    ...
    scrub_memory(cleartext_buffer, 1024);

There is an attempt to scrub the sensitive data from memory, but realloc() is used, so it could return a pointer to a different part of memory. The memory that was originally allocated for cleartext_buffer could still contain an uncleared copy of the data.

Excerpts from CWE [https://cwe.mitre.org], Copyright (C) 2006-2026, the MITRE Corporation. See section 9.4. "3rd-Party Licenses" in the documentation for full details.

Possible Messages

Key

Text

Severity

Disabled

clear_heap_before_release

Memory with possible sensitive data not cleared before release.

None

False

Options

clearing_functions

clearing_functions : list[str] = ['memset', 'std::memset']

Functions that overwrite memory pointed to by the first argument.