Zeroing memory used by STL containers

Question

I'd like to use STL containers (plus std::basic_string ) to temporarily store keys or passwords in memory, and I'd like to zero the memory when done.

I was initially planning to use STL containers parameterized on a custom allocator that zeroes memory in allocator::deallocate , but I'm presuming that containers are allowed to use memory that doesn't come from the specified allocator. For example, it seems reasonable for a std::vector or a std::string to contain a fixed-size array member meant for small allocations.

Am I rightly concerned, and should I (sigh) write my own container?

Answer 1

I would use std::vector with a custom allocator that does the zero'ing out. According to the answer at May std::vector make use of small buffer optimization? , it cannot use the small buffer optimization, and hence, with a custom allocator, you should be safe.

If you take it a step further, and use that allocator to allocate the vector, and then use a smart pointer to ensure it's proper release (or do it manually), even the internal contents of the vector (such as the size) will be wiped out.

Answer 2

您可以通过使用原始内存和placement new分配字符串/向量来完成此操作，当您完成它时，调用析构函数，零内存并释放原始内存。

Answer 3

Use a custom string class that zeros the memory buffer in its destructor.

class zeroed_string : public std::string
{
public:
    ~zeroed_string()
    {
        for (int i = 0; i < size(); ++i)
            (*this)[i] = 0;
    }
// ...
};