I’d like to use STL containers (plus std::basic_string) to temporarily store keys or passwords in memory, and I’d like to zero the memory when done.
I was initially planning to use STL containers parameterized on a custom allocator that zeroes memory in allocator::deallocate, but I’m presuming that containers are allowed to use memory that doesn’t come from the specified allocator. For example, it seems reasonable for a std::vector or a std::string to contain a fixed-size array member meant for small allocations.
Am I rightly concerned, and should I (sigh) write my own container?
I would use
std::vectorwith a custom allocator that does the zero’ing out. According to the answer at May std::vector make use of small buffer optimization?, it cannot use the small buffer optimization, and hence, with a custom allocator, you should be safe.If you take it a step further, and use that allocator to allocate the vector, and then use a smart pointer to ensure it’s proper release (or do it manually), even the internal contents of the vector (such as the size) will be wiped out.