pub unsafe fn zeroize_flat_type<F: Sized>(data: *mut F)
Expand description
Zeroizes a flat type/struct. Only zeroizes the values that it owns, and it does not work on
dynamically sized values or trait objects. It would be inefficient to use this function on a
type that already implements ZeroizeOnDrop
.
§Safety
- The type must not contain references to outside data or dynamically sized data, such as
Vec<T>
orString
. - Values stored in the type must not have
Drop
impls. - This function can invalidate the type if it is used after this function is called on it.
It is advisable to call this function only in
impl Drop
. - The bit pattern of all zeroes must be valid for the data being zeroized. This may not be true for enums and pointers.
§Incompatible data types
Some data types that cannot be safely zeroized using zeroize_flat_type
include,
but are not limited to:
- References:
&T
and&mut T
- Non-nullable types:
NonNull<T>
,NonZeroU32
, etc. - Enums with explicit non-zero tags.
- Smart pointers and collections:
Arc<T>
,Box<T>
,Vec<T>
,HashMap<K, V>
,String
, etc.
§Examples
Safe usage for a struct containing strictly flat data:
use zeroize::{ZeroizeOnDrop, zeroize_flat_type};
struct DataToZeroize {
flat_data_1: [u8; 32],
flat_data_2: SomeMoreFlatData,
}
struct SomeMoreFlatData(u64);
impl Drop for DataToZeroize {
fn drop(&mut self) {
unsafe { zeroize_flat_type(self as *mut Self) }
}
}
impl ZeroizeOnDrop for DataToZeroize {}
let mut data = DataToZeroize {
flat_data_1: [3u8; 32],
flat_data_2: SomeMoreFlatData(123u64)
};
// data gets zeroized when dropped