CXX.REALLOC

Use of realloc() should be avoided

The standard realloc() function moves memory into a new block of memory without cleaning existing data or taking into account alignment.

Vulnerability and risk

Once realloc() is used, the existing data is not removed from memory and is no longer accessible within the program. This can lead to potential security vulnerabilities. Additionally, if any alignment was used in the original memory allocation it will not be reflected in the newly assigned memory location.

Mitigation and prevention

For sensitive data, ensure a process is in place to clean the existing data when moving to new memory.

If alignment is used on the original memory allocation, then ensure that the alignment is reflected in the new memory allocation. This cannot be achieved with realloc() and another tool, potentially the one used in the original assignment, should be used.