blog post

Author: eligrubb

.gitignore

@@ -7,3 +7,4 @@ CLAUDE.md
 *.swp
 *.swo
 *~
+*.tar

README.md

@@ -386,6 +386,10 @@ Automatic memory protection for sensitive strings
 - **Functional programming**: Callback-based access patterns to contain scope
 of data access
 
+## Zecrecy Development Log
+
+- [Testing Secure Zeroization in Zig with Custom Memory Allocators](https://eligrubb.com/notes/2025/til-zig-custom-memory-allocator/).
+
 ## License
 
 MIT License - see [LICENSE](LICENSE) for details.

src/secret.zig

@@ -117,6 +117,7 @@ pub fn Secret(comptime T: type) type {
         pub fn deinit(secret: *SecretType) void {
             secureZero(T, secret.data);
             // use rawFree instead of free to support verification of memory zeroization in testing
+            if (secret.data.len == 0) return;
             secret.allocator.rawFree(secret.data, .fromByteUnits(@alignOf(T)), @returnAddress());
             secret.data = undefined;
             secret.allocator = undefined;
@@ -310,6 +311,7 @@ pub fn SecretUnmanaged(comptime T: type) type {
         pub fn deinit(secret: *SecretType, allocator: mem.Allocator) void {
             secureZero(T, secret.data);
             // use rawFree instead of free to support verification of memory zeroization in testing
+            if (secret.data.len == 0) return;
             allocator.rawFree(secret.data, .fromByteUnits(@alignOf(T)), @returnAddress());
             secret.data = undefined;
             secret.* = undefined;

src/testing/ZerosOnlyAllocator.zig

@@ -56,7 +56,7 @@ fn remap(ctx: *anyopaque, memory: []u8, alignment: mem.Alignment, new_len: usize
 fn free(ctx: *anyopaque, buf: []u8, alignment: mem.Alignment, ret_addr: usize) void {
     const self: *ZerosOnlyAllocator = @ptrCast(@alignCast(ctx));
     for (buf) |byte| {
-        if (byte != 0) unreachable;
+        if (byte != 0) @panic("memory not zeroed before freeing");
     }
     self.child_allocator.rawFree(buf, alignment, ret_addr);
 }