Suppose I have an array in which I store some sensitive data. Overwriting each element of the array ensures the data is wiped from its current location in physical memory.
However, could there be any stale copies of the data elsewhere in physical memory? Or is the virtual to physical memory mapping fixed for the lifetime of the array?
I'm particularly interested to know about the behaviour in C, Java and WebAssembly.
In all languages - the array was populated from some other memory location, so you'd need to make sure that other memory location is also overwritten.
In a garbage-collected language such as Java and WebAssembly, it's quite conceivable that an implementation of a garbage collector would move an object (e.g. array) around, possibly without overwriting the previous memory location.
You should also note that if the data came from outside the process (e.g. network), and was decrypted before getting to the process (or not encrypted at all), then it could also exist in an OS buffer.
In most cases, the better practice would be to not allow your process to share memory with an untrusted party if it deals with sensitive information, rather than chasing down possible sensitive data leaks.
