Examples of errors detected by the V597 diagnostic.


V597. The compiler could delete the 'memset' function call, which is used to flush 'Foo' buffer. The RtlSecureZeroMemory() function should be used to erase the private data.


eMule Plus

V597 The compiler could delete the 'memset' function call, which is used to flush 'x' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. emule md5sum.cpp 263


static void MD5Transform(UINT4 state[4],
                         unsigned char block[64])
{
  UINT4 a = state[0], b = state[1], c = state[2],
        d = state[3], x[16];
  ...
  /* Zeroize sensitive information */
  memset(x, 0, sizeof(x));
}

Crypto++

V597 The compiler could delete the 'memset' function call, which is used to flush 'kappa' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. cryptlib cast.cpp 293


void CAST256::Base::UncheckedSetKey(const byte *userKey,
  unsigned int keylength, const NameValuePairs &)
{
  AssertValidKeyLength(keylength);
  word32 kappa[8];
  ...
  memset(kappa, 0, sizeof(kappa));
}

Dolphin Emulator

V597 The compiler could delete the 'memset' function call, which is used to flush 'sum' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. Common md5.cpp 353


void md5_hmac_starts( md5_context *ctx, unsigned char *key,
                      int keylen )
{
  ...
  memset( sum, 0, sizeof( sum ) );
}

Similar errors can be found in some other places:

  • V597 The compiler could delete the 'memset' function call, which is used to flush 'tmpbuf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. Common md5.cpp 377
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'sum' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. Common sha1.cpp 387
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'tmpbuf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. Common sha1.cpp 411

UCSniff

V597 The compiler could delete the 'memset' function call, which is used to flush 'send_msg' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. http_handler.c 84


int request_http_corporate_url(char *directory_buf,
                               int message_id)
{
  char send_msg[2048] = {'\0'};
  ...
  memset(send_msg,'\0',sizeof(send_msg));
  ...
}

Similar errors can be found in some other places:

  • V597 The compiler could delete the 'memset' function call, which is used to flush 'name_start_tag' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. directory_parser.c 941

Trans-Proteomic Pipeline

V597 The compiler could delete the 'memset' function call, which is used to flush 'finalcount' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. pwiz sha1.cpp 205


void CSHA1::Final()
{
  UINT_8 finalcount[8];
  ...
  memset(finalcount, 0, 8);
  Transform(m_state, m_buffer);
}

Similar errors can be found in some other places:

  • V597 The compiler could delete the 'memset' function call, which is used to flush 'finalcount' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. dta2mzXML sha1.cpp 252
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'finalcount' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. indexmzXML indexmzxmlsha1.cpp 225

CamStudio

V597 The compiler could delete the 'memset' function call, which is used to flush 'final' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. md5.c 342


char* crypt_md5(const char* pw, const char* salt)
{
  unsigned char final[MD5_SIZE];
  ....
  /* Don't leave anything around in vm they could use. */
  memset(final,0,sizeof final);
  return passwd;
}

Samba

V597 The compiler could delete the 'memset' function call, which is used to flush 'x' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. md2.c 91


static void
calc(struct md2 *m, const void *v)
{
  unsigned char x[48], L;
  ....
  memset(x, 0, sizeof(x));
}

Similar errors can be found in some other places:

  • V597 The compiler could delete the 'memset' function call, which is used to flush 'buf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. rand-fortuna.c 291
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'hash' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. rand-fortuna.c 341
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'buf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. rand-fortuna.c 378
  • And 1 additional diagnostic messages.

Tor

V597 The compiler could delete the 'memset' function call, which is used to flush 'digest' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. crypto.c 1015


int
crypto_pk_private_sign_digest(....)
{
  char digest[DIGEST_LEN];
  ....
  memset(digest, 0, sizeof(digest));
  return r;
}

Similar errors can be found in some other places:

  • V597 The compiler could delete the 'memset' function call, which is used to flush 'r' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. crypto.c 1605
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'digest' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. crypto.c 2233
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'buf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. crypto.c 2323
  • And 35 additional diagnostic messages.

NetXMS

V597 The compiler could delete the 'memset' function call, which is used to flush 'finalcount' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. sha1.cpp 233


void I_SHA1Final(....)
{
  unsigned char finalcount[8];
  ....
  memset(finalcount, 0, 8);
  SHA1Transform(context->state, context->buffer);
}

TortoiseSVN

V597 The compiler could delete the 'memset' function call, which is used to flush 'lenbuf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. sshdss.c 23


static void sha_mpint(SHA_State * s, Bignum b)
{
  unsigned char lenbuf[4];
  ....
  memset(lenbuf, 0, sizeof(lenbuf));
}

Similar errors can be found in some other places:

  • V597 The compiler could delete the 'memset' function call, which is used to flush 'lenbuf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. sshdss.c 37
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'digest512' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. sshdss.c 587
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'ourkeys' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. sshdes.c 861
  • And 9 additional diagnostic messages.

Network Security Services (NSS)

V597 The compiler could delete the 'memset' function call, which is used to flush 'keyData' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. sslcon.c 2151


#define PORT_Memset   memset

static SECStatus ssl2_ClientSetupSessionCypher(....)
{
  ....
  PRUint8 keyData[SSL_MAX_MASTER_KEY_BYTES];
  ....
  loser2:
  done:
    PORT_Memset(keyData, 0, sizeof(keyData));
    PORT_ZFree(ekbuf, modulusLen);
    PORT_ZFree(eblock, modulusLen);
    SECKEY_DestroyPublicKey(serverKey);
    return rv;
}

Network Security Services (NSS)

V597 The compiler could delete the 'memset' function call, which is used to flush 'ctx' object. The RtlSecureZeroMemory() function should be used to erase the private data. sha512.c 1423


SECStatus
SHA384_HashBuf(unsigned char *dest, const unsigned char *src,
               PRUint32 src_length)
{
  SHA512Context ctx;
  unsigned int outLen;

  SHA384_Begin(&ctx;);
  SHA512_Update(&ctx, src, src_length);
  SHA512_End(&ctx, dest, &outLen, SHA384_LENGTH);
  memset(&ctx, 0, sizeof ctx);

  return SECSuccess;
}

Network Security Services (NSS)

V597 The compiler could delete the 'memset' function call, which is used to flush 'hashed_secret' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. alghmac.c 87


SECStatus HMAC_Init(....)
{
  unsigned char hashed_secret[HASH_LENGTH_MAX];
  ....
loser:
  PORT_Memset(hashed_secret, 0, sizeof hashed_secret);
  if (cx->hash != NULL)
    cx->hashobj->destroy(cx->hash, PR_TRUE);
  return SECFailure;
}

Similar errors can be found in some other places:

  • V597 The compiler could delete the 'memset' function call, which is used to flush 'localDigestData' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. dsa.c 417
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'data' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. drbg.c 300
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'inputhash' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. drbg.c 450
  • And 11 additional diagnostic messages.

Apache HTTP Server

V597 The compiler could delete the 'memset' function call, which is used to flush 'x' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. apr apr_md4.c 362


static void MD4Transform(
  apr_uint32_t state[4], const unsigned char block[64])
{
  apr_uint32_t a = state[0], b = state[1],
               c = state[2], d = state[3],
               x[APR_MD4_DIGESTSIZE];
  ....
  /* Zeroize sensitive information. */
  memset(x, 0, sizeof(x));
}

Similar errors can be found in some other places:

  • V597 The compiler could delete the 'memset' function call, which is used to flush 'tmpbuf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. apr apr_md5.c 436
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'final' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. apr apr_md5.c 662
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'tmpbuf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. aprutil apr_md5.c 436
  • And 3 additional diagnostic messages.

POCO C++ Libraries

V597 The compiler could delete the 'memset' function call, which is used to flush 'x' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. Foundation md4engine.cpp 272


void MD4Engine::transform (UInt32 state[4],
                           const unsigned char block[64])
{
  UInt32 a = state[0], b = state[1],
         c = state[2], d = state[3], x[16];
  decode(x, block, 64);
  ....
  /* Zeroize sensitive information. */
  std::memset(x, 0, sizeof(x));
}

Similar errors can be found in some other places:

  • V597 The compiler could delete the 'memset' function call, which is used to flush 'x' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. Foundation md5engine.cpp 303

PostgreSQL Database Management System

V597 The compiler could delete the 'memset' function call, which is used to flush 'final' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. pgcrypto crypt-md5.c 157


char *
px_crypt_md5(const char *pw, const char *salt,
             char *passwd, unsigned dstlen)
{
  ....
  unsigned char final[MD5_SIZE];
  ....
  /* Don't leave anything around in vm they could use. */
  memset(final, 0, sizeof final);
  ....
}

Similar errors can be found in some other places:

  • V597 The compiler could delete the 'memset' function call, which is used to flush 'buf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. pgcrypto fortuna.c 294
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'hash' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. pgcrypto fortuna.c 344
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'buf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. pgcrypto fortuna.c 381
  • And 16 additional diagnostic messages.

GNU C Library

V597 The compiler could delete the 'memset' function call, which is used to flush 'temp_result' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. sha256-crypt.c 385


char *
__sha256_crypt_r (key, salt, buffer, buflen)
     const char *key;
     const char *salt;
     char *buffer;
     int buflen;
{
  ....
  unsigned char temp_result[32]
  ....
  memset (temp_result, '\0', sizeof (temp_result));
  ....
}

Similar errors can be found in some other places:

  • V597 The compiler could delete the 'memset' function call, which is used to flush 'temp_result' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. sha512-crypt.c 396

Qt

V597 The compiler could delete the 'memset' function call, which is used to flush 'chunkBuffer' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. sha1.cpp 191


static inline void sha1ProcessChunk(
  Sha1State *state, const unsigned char *buffer)
{
  ....
  quint8 chunkBuffer[64];
  ....
  #ifdef SHA1_WIPE_VARIABLES
    a = b = c = d = e = 0;
    memset(chunkBuffer, 0, 64);
  #endif
}

Similar errors can be found in some other places:

  • V597 The compiler could delete the 'memset' function call, which is used to flush 'zero' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. sha1.cpp 249

APR

V597 The compiler could delete the 'memset' function call, which is used to flush 'tmpbuf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. libaprutil apr_md5.c 436


static void MD5Transform(....)
{
  apr_uint32_t a = state[0], b = state[1],
               c = state[2], d = state[3],
               tmpbuf[APR_MD5_DIGESTSIZE];
  ....
  if (x == tmpbuf)
  {
     /* Zeroize sensitive information. */
     memset(tmpbuf, 0, sizeof(tmpbuf));
  }
}

Similar errors can be found in some other places:

  • V597 The compiler could delete the 'memset' function call, which is used to flush 'final' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. libaprutil apr_md5.c 662
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'x' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. libaprutil apr_md4.c 362

Asterisk

V597 The compiler could delete the 'memset' function call, which is used to flush 'buf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. channel.c 7742


static int silence_generator_generate(....)
{
  short buf[samples];

  struct ast_frame frame = {
    .frametype = AST_FRAME_VOICE,
    .data.ptr = buf,
    .samples = samples,
    .datalen = sizeof(buf),
  };
  frame.subclass.format = ast_format_slin;

  memset(buf, 0, sizeof(buf));      // <=
  ....
}

PHP:Hypertext Preprocessor

V597 The compiler could delete the 'memset' function call, which is used to flush 'final' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. php_crypt_r.c 421


/*
 * MD5 password encryption.
 */
char* php_md5_crypt_r(const char *pw,const char *salt, char *out)
{
  static char passwd[MD5_HASH_MAX_LEN], *p;
  unsigned char final[16];
  ....
  /* Don't leave anything around in vm they could use. */
  memset(final, 0, sizeof(final));  // <=
  return (passwd);
}

Similar errors can be found in some other places:

  • V597 The compiler could delete the 'memset' function call, which is used to flush 'final' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. php_crypt_r.c 421
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'output' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. crypt.c 214
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'temp_result' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. crypt_sha512.c 622
  • And 5 additional diagnostic messages.

Miranda NG

V597 The compiler could delete the 'memset' function call, which is used to flush 'kappa' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. Cryptlib cast.cpp 293


void CAST256::Base::UncheckedSetKey(....)
{
  AssertValidKeyLength(keylength);
  word32 kappa[8];
  ....
  memset(kappa, 0, sizeof(kappa));
}

Similar errors can be found in some other places:

  • V597 The compiler could delete the 'memset' function call, which is used to flush 'job' object. The RtlSecureZeroMemory() function should be used to erase the private data. TabSRMM sendqueue.cpp 449
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'ctx' object. The RtlSecureZeroMemory() function should be used to erase the private data. Yahoo crypt.cpp 201
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'alt_ctx' object. The RtlSecureZeroMemory() function should be used to erase the private data. Yahoo crypt.cpp 202
  • And 3 additional diagnostic messages.

Linux Kernel

V597 The compiler could delete the 'memset' function call, which is used to flush 'buf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. dm-crypt.c 708


static int crypt_iv_tcw_whitening(....)
{
  ....
  u8 buf[TCW_WHITENING_SIZE];
  ....
  out:
  memset(buf, 0, sizeof(buf));
  return r;
}

Linux Kernel

V597 The compiler could delete the 'memset' function call, which is used to flush 'D' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. sha512_ssse3_glue.c 222


static int sha384_ssse3_final(struct shash_desc *desc, u8 *hash)
{
  u8 D[SHA512_DIGEST_SIZE];

  sha512_ssse3_final(desc, D);

  memcpy(hash, D, SHA384_DIGEST_SIZE);
  memset(D, 0, SHA512_DIGEST_SIZE);

  return 0;
}

Linux Kernel

V597 The compiler could delete the 'memset' function call, which is used to flush 'keydvt_out' object. The RtlSecureZeroMemory() function should be used to erase the private data. security.c 525


int wusb_dev_4way_handshake(....)
{
  ....
  struct aes_ccm_nonce ccm_n;
  u8 mic[8];
  struct wusb_keydvt_in keydvt_in;
  struct wusb_keydvt_out keydvt_out;
  ....
error_dev_update_address:
error_wusbhc_set_gtk:
error_wusbhc_set_ptk:
error_hs3:
error_hs2:
error_hs1:
  memset(hs, 0, 3*sizeof(hs[0]));
  memset(&keydvt_out, 0, sizeof(keydvt_out));
  memset(&keydvt_in, 0, sizeof(keydvt_in));
  memset(&ccm_n, 0, sizeof(ccm_n));
  memset(mic, 0, sizeof(mic));
  if (result < 0)
    wusb_dev_set_encryption(usb_dev, 0);
error_dev_set_encryption:
  kfree(hs);
error_kzalloc:
  return result;
  ....
}

Similar errors can be found in some other places:

  • V597 The compiler could delete the 'memset' function call, which is used to flush 'keydvt_in' object. The RtlSecureZeroMemory() function should be used to erase the private data. security.c 526
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'ccm_n' object. The RtlSecureZeroMemory() function should be used to erase the private data. security.c 527
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'mic' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. security.c 528

Linux Kernel

V597 The compiler could delete the 'memset' function call, which is used to flush 'wpwd' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. smbencrypt.c 224


int
E_md4hash(const unsigned char *passwd, unsigned char *p16,
  const struct nls_table *codepage)
{
  int rc;
  int len;
  __le16 wpwd[129];

  /* Password cannot be longer than 128 characters */
  if (passwd) /* Password must be converted to NT unicode */
    len = cifs_strtoUTF16(wpwd, passwd, 128, codepage);
  else {
    len = 0;
    *wpwd = 0; /* Ensure string is null terminated */
  }

  rc = mdfour(p16, (unsigned char *) wpwd, len * sizeof(__le16));
  memset(wpwd, 0, 129 * sizeof(__le16));

  return rc;
}

Similar errors can be found in some other places:

  • V597 The compiler could delete the 'memset' function call, which is used to flush 'D' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. sha256_ssse3_glue.c 214
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'ck' object. The RtlSecureZeroMemory() function should be used to erase the private data. dev-sysfs.c 104
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'dout' object. The RtlSecureZeroMemory() function should be used to erase the private data. qp.c 143

LibreOffice

V597 The compiler could delete the 'memset' function call, which is used to flush 'state' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. digest.cxx 337


static void __rtl_digest_updateMD2 (DigestContextMD2 *ctx)
{
  ....
  sal_uInt32 state[48];
  ....
  memset (state, 0, 48 * sizeof(sal_uInt32));
}

Similar errors can be found in some other places:

  • V597 The compiler could delete the 'memset' function call, which is used to flush 'U' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. digest.cxx 2074
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'T' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. digest.cxx 2127
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'pKeyData' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. docpasswordhelper.cxx 344
  • And 10 additional diagnostic messages.

Haiku Operation System

V597 The compiler could delete the 'memset' function call, which is used to flush 'password' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. login.cpp 126


static status_t
login(const char* user, struct passwd** _passwd)
{
  ....
  bool ok = verify_password(passwd, spwd, password);
  memset(password, 0, sizeof(password));

  if (!ok)
    return B_PERMISSION_DENIED;

  *_passwd = passwd;
  return B_OK;
}

Similar errors can be found in some other places:

  • V597 The compiler could delete the 'memset' function call, which is used to flush 'finalcount' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. sha1.c 228
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'encoded_block' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. dst_api.c 446
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'in_buff' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. dst_api.c 916
  • And 1 additional diagnostic messages.

FreeSWITCH

V597 The compiler could delete the 'memset' function call, which is used to flush 'corrSurfBuff' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. pitch_estimator.c 158


void WebRtcIsac_InitializePitch(const double *in,
                                const double old_lag,
                                const double old_gain,
                                PitchAnalysisStruct *State,
                                double *lags)
{
  ....
  for(k = 0; k < 2*PITCH_BW+3; k++)
  {
    CorrSurf[k] = &corrSurfBuff[10 + k * (PITCH_LAG_SPAN2+4)];
  }
  /* reset CorrSurf matrix */
  memset(corrSurfBuff, 0, sizeof(double) * (10 + (2*PITCH_BW+3)
    * (PITCH_LAG_SPAN2+4)));
  ....
}

Mozilla Thunderbird

V597 The compiler could delete the 'memset' function call, which is used to flush 'ctx' object. The RtlSecureZeroMemory() function should be used to erase the private data. gmploader.cpp 166


bool GMPLoaderImpl::Load(....)
{
  SHA256Context ctx;
  ....
  // Overwrite all data involved in calculation as it could
  //potentially identify the user, so there's no chance a GMP
  //can read it and use it for identity tracking.
  memset(&ctx, 0, sizeof(ctx));
  ....
}

GNU GRUB

V597 The compiler could delete the 'memset' function call, which is used to flush 'karr' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. arcfour.c 108


static gcry_err_code_t do_arcfour_setkey (....)
{
  byte karr[256];
  ....
  for (i=0; i < 256; i++ )
    karr[i] = key[i%keylen];
  ....
  memset( karr, 0, 256 ); //<=

  return GPG_ERR_NO_ERROR;
}

Similar errors can be found in some other places:

  • V597 The compiler could delete the 'memset' function call, which is used to flush 'buf' object. The RtlSecureZeroMemory() function should be used to erase the private data. grub-mkpasswd-pbkdf2.c 209
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'bufhex' object. The RtlSecureZeroMemory() function should be used to erase the private data. grub-mkpasswd-pbkdf2.c 210
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'salt' object. The RtlSecureZeroMemory() function should be used to erase the private data. grub-mkpasswd-pbkdf2.c 213
  • And 7 additional diagnostic messages.

Linux Kernel

V597 The compiler could delete the 'memset' function call, which is used to flush 'ps' buffer. The memset_s() function should be used to erase the private data. atom.c 1383


int amdgpu_atom_asic_init(struct atom_context *ctx)
{
  int hwi = CU16(ctx->data_table + ATOM_DATA_FWI_PTR);
  uint32_t ps[16];
  int ret;

  memset(ps, 0, 64);

  ps[0] = cpu_to_le32(CU32(hwi + ATOM_FWI_DEFSCLK_PTR));
  ps[1] = cpu_to_le32(CU32(hwi + ATOM_FWI_DEFMCLK_PTR));
  if (!ps[0] || !ps[1])
    return 1;

  if (!CU16(ctx->cmd_table + 4 + 2 * ATOM_CMD_INIT))
    return 1;
  ret = amdgpu_atom_execute_table(ctx, ATOM_CMD_INIT, ps);
  if (ret)
    return ret;

  memset(ps, 0, 64); // <=

  return ret;
}

FreeBSD Kernel

V597 The compiler could delete the 'memset' function call, which is used to flush 'dout' object. The memset_s() function should be used to erase the private data. mlx5_qp.c 159


int mlx5_core_create_qp(struct mlx5_core_dev *dev,
      struct mlx5_core_qp *qp,
      struct mlx5_create_qp_mbox_in *in,
      int inlen)
{
  ....
  struct mlx5_destroy_qp_mbox_out dout;
  ....
err_cmd:
  memset(&din, 0, sizeof(din));
  memset(&dout, 0, sizeof(dout));
  din.hdr.opcode = cpu_to_be16(MLX5_CMD_OP_DESTROY_QP);
  din.qpn = cpu_to_be32(qp->qpn);
  mlx5_cmd_exec(dev, &din, sizeof(din), &out, sizeof(dout));

  return err;
}

Similar errors can be found in some other places:

  • V597 The compiler could delete the 'memset' function call, which is used to flush 'dout' object. The memset_s() function should be used to erase the private data. mlx5_qp.c 323

Valgrind

V597 The compiler could delete the 'memset' function call, which is used to flush 'cts' object. The memset_s() function should be used to erase the private data. cg_merge.c 324


static void sdel_Counts ( Counts* cts )
{
   memset(cts, 0, sizeof(Counts));
   free(cts);
}

Similar errors can be found in some other places:

  • V597 The compiler could delete the 'memset' function call, which is used to flush 'ffn' object. The memset_s() function should be used to erase the private data. cg_merge.c 263
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'cts' object. The memset_s() function should be used to erase the private data. cg_merge.c 332
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'cpf' object. The memset_s() function should be used to erase the private data. cg_merge.c 394

Bind

V597 The compiler could delete the 'memset' function call, which is used to flush 'newdigest' buffer. The memset_s() function should be used to erase the private data. hmacsha.c 1140


void
isc_hmacsha1_sign(isc_hmacsha1_t *ctx, unsigned char *digest,
                  size_t len)
{
  unsigned char opad[ISC_SHA1_BLOCK_LENGTH];
  unsigned char newdigest[ISC_SHA1_DIGESTLENGTH];          // <=
  unsigned int i;

  ....

  memmove(digest, newdigest, len);
  memset(newdigest, 0, sizeof(newdigest));                 // <=
}

Similar errors can be found in some other places:

  • V597 The compiler could delete the 'memset' function call, which is used to flush 'digest' buffer. The memset_s() function should be used to erase the private data. entropy.c 646
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'newdigest' buffer. The memset_s() function should be used to erase the private data. hmacsha.c 1206
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'newdigest' buffer. The memset_s() function should be used to erase the private data. hmacsha.c 1272
  • And 29 additional diagnostic messages.

Enlightenment

V597 The compiler could delete the 'memset' function call, which is used to flush 'sd' object. The memset_s() function should be used to erase the private data. e_icon.c 838


static void
_e_icon_smart_del(Evas_Object *obj)
{
  E_Smart_Data *sd;

  if (!(sd = evas_object_smart_data_get(obj))) return;
  evas_object_del(sd->obj);
  evas_object_del(sd->eventarea);
  ....
  evas_object_smart_data_set(obj, NULL);
  memset(sd, 0, sizeof(*sd));                              // <=
  free(sd);
}

Similar errors can be found in some other places:

  • V597 The compiler could delete the 'memset' function call, which is used to flush 'tzpol' object. The memset_s() function should be used to erase the private data. e_policy_wl.c 350
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'tzsh' object. The memset_s() function should be used to erase the private data. e_policy_wl.c 462
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'tzsh_srv' object. The memset_s() function should be used to erase the private data. e_policy_wl.c 639
  • And 8 additional diagnostic messages.

Tizen

V597 The compiler could delete the 'memset' function call, which is used to flush 'finalcount' buffer. The memset_s() function should be used to erase the private data. wifi_generate_pin.c 185


static void SHA1Final(unsigned char digest[20],
                      SHA1_CTX* context)
{
  u32 i;
  unsigned char finalcount[8];

  ....

  memset(context->buffer, 0, 64);
  memset(context->state, 0, 20);
  memset(context->count, 0, 8);
  memset(finalcount, 0, 8);                  // <=
}

EFL Core Libraries

V597 The compiler could delete the 'memset' function call, which is used to flush 'iv' buffer. The memset_s() function should be used to erase the private data. emile_cipher_openssl.c 264

V597 The compiler could delete the 'memset' function call, which is used to flush 'ik' buffer. The memset_s() function should be used to erase the private data. emile_cipher_openssl.c 265


EAPI Eina_Binbuf *
emile_binbuf_decipher(Emile_Cipher_Algorithm algo,
                      const Eina_Binbuf *data,
                      const char *key,
                      unsigned int length)
{
   Eina_Binbuf *result = NULL;
   unsigned int *over;
   EVP_CIPHER_CTX ctx;
   unsigned char ik[MAX_KEY_LEN];
   unsigned char iv[MAX_IV_LEN];
   ....
on_error:
   memset(iv, 0, sizeof (iv));
   memset(ik, 0, sizeof (ik));

   if (opened)
     EVP_CIPHER_CTX_cleanup(&ctx;);

   eina_binbuf_free(result);

   return NULL;
}

Similar errors can be found in some other places:

  • V597 The compiler could delete the 'memset' function call, which is used to flush 'key_material' buffer. The memset_s() function should be used to erase the private data. emile_cipher_openssl.c 115
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'iv' buffer. The memset_s() function should be used to erase the private data. emile_cipher_openssl.c 165
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'ik' buffer. The memset_s() function should be used to erase the private data. emile_cipher_openssl.c 166
  • And 2 additional diagnostic messages.


Do you make errors in the code?

Check your code
with PVS-Studio

Static code analysis
for C, C++ and C#

goto PVS-Studio;