Message-ID: From: "faviansamatha (@faviansamatha)" To: "postgresql-interfaces/psqlodbc" Date: Wed, 09 Apr 2025 23:50:28 +0000 Subject: [postgresql-interfaces/psqlodbc] PR #105: chore: change memset to memset_s/SecureZeroMemory List-Id: X-GitHub-Author-Id: 60306813 X-GitHub-Author-Login: faviansamatha X-GitHub-Issue: 105 X-GitHub-Repo: postgresql-interfaces/psqlodbc X-GitHub-State: merged X-GitHub-Type: pull_request X-GitHub-Url: https://github.com/postgresql-interfaces/psqlodbc/pull/105 Content-Type: text/plain; charset=utf-8 `memset` can be declared as "unsafe" because compiler optimizations could remove it from the program. This is especially problematic when we rely on it to clear out data containing sensitive information such as password. This PR changes the calls against for `memset` to `pg_memset` and it does this differently depending on UNIX and Windows. UNIX: Change `memset` to use `memset_s`. `memset_s` is guaranteed to not be optimized away by the compiler. Windows: Windows cannot use `memset_s` because it is an optional function in C11 and MSVC does not provide an implementation for it. In order to mitigate this, we can use SecureZeroMemory instead.