This is actually tangentially related to heartbleed - if the memory had been zeroed when freed, the scope of the exploit would have been greatly reduced, as only currently allocated blocks would have been vulnerable
The blocks holding the certificate private key are always allocated, so always vulnerable.
This is completely incorrect. Until it is freed (or realloc'ed), the address returned by malloc will point to the same data, regardless of whether it is in the L1 cache, RAM, or paged to disk. Were this not the case, each program would need to implement its own MMU.
So virtual memory is completely useless, because paging to disk doesn't free up the physical RAM or other processes?
Perhaps you should have read the article linked in the article you linked. http://www.viva64.com/en/k/004...
There is SecureZeroMemory() function in the depths of Win32 API. Its description is rather concise and reads that this function overwrites a memory region with zeroes and is designed in such way that the compiler never eliminates a call of this function during code optimization.
So don't use memset to zero memory.
There is still the risk that another process reads data from RAM that another process was using, unless the OS zeros out the memory before allocating it.
That's something you can't get around in application code because you don't control the other applications.