Name n3619, alx-0027r1 - add [w]memzero(), [w]memzero_explicit() Principles - Codify existing practice to address evident deficiencies. - Enable secure programming Category Standardize common string APIs Author Alejandro Colomar History r0 (2025-06-14): - Initial draft. r1 (2025-06-26; n3619): - s/Description/Rationale/ Rationale It is a common operation to zero an object. This operation is significantly more common than memsetting any other value. Thus, it is useful and common to use an API that sets to zero, without accepting a parameter with the value to set. It's easy to accidentally swap the order of the parameters to memset(3), resulting in bugs. Design decisions It is interesting to return the input pointer. This allows chaining calls: free(memzero_explicit(s, strlen(s))). bzero(3) already exists in POSIX systems (even though it was removed by POSIX). However, it returns void, which is unfortunate. For consistency with the rest of the ISO C string library, and for being able to return a pointer, let's use the name memzero(), which gives us some freedom. Proposed wording Based on N3550. 7.28.6 String handling :: Miscellaneous functions ## New section after 7.28.6.1 ("The memset function") +7.28.6.1+1 The memzero function + +Synopsis +1 #include + void *memzero(const void *p, size_t n); + +Description +2 The memzero function + is equivalent to memset + with its second argument set to 0. ## New section after 7.28.6.2 ("The memset_explicit function") +7.28.6.2+1 The memzero_explicit function + +Synopsis +1 #include + void *memzero_explicit(const void *p, size_t n); + +Description +2 The memzero_explicit function + is equivalent to memset_explicit + with its second argument set to 0. 7.33.4.7 General wide string utilities :: Miscellaneous functions ## New sections after 7.33.4.7.3 ("The wmemset function") +7.33.4.7.3+1 The wmemzero function + +Synopsis +1 #include + wchar_t *wmemzero(const wchar_t *p, size_t n); + +Description +2 The wmemzero function + is equivalent to memzero + except that it handles wide characters. + +7.33.4.7.3+2 The wmemzero_explicit function + +Synopsis +1 #include + wchar_t *wmemzero_explicit(const wchar_t *p, size_t n); + +Description +2 The wmemzero_explicit function + is equivalent to memzero_explicit + except that it handles wide characters. ## We should probably also add wmemset_explicit(), for ## consistency.