Sunday 24 December 2017

Clearing a memory in java heap space from JNI

If the native code is in standard C, then
free() has never guaranteed that it clears memory. And, is it
legitimate to deallocate JVM-allocated data into the C malloc pool? Seems dangerous to
me, but I don't use JNI. Note that the Java layer still has at least one reference
(data) to the memory you've just deallocated.


I think what you want to do is to overwrite the byte array
with zeroes, but you can do that in Java anyway. Once you've overwritten it,
obliterating the secrets, you don't care when the garbage collector finally gets round
to collecting it.


 for (int k;
            k data[k] =
            0;

Maybe you're getting confused
about the differences between a String, which is immutable (so you can't overwrite it)
and a byte array which is mutable (so you can overwrite it).

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

php - file_get_contents shows unexpected output while reading a file

I want to output an inline jpg image as a base64 encoded string, however when I do this : $contents = file_get_contents($filename); print &q...