We allocate memory on the sensitive heap when the results of a malloc call are assigned to a pointer declared with the $sensitive qualifier. Recall that CQual assigns this qualifier to variables that could potentially contain sensitive information. Similarly, the absence of the $sensitive qualifier on a pointer indicates that the memory should be allocated on the insensitive heap. Thus, we change each of the allocation calls to use the Smalloc allocator, using the presence of the $sensitive attribute to denote which region the Smalloc allocator uses. We similarly replace calloc with scalloc.
In addition to replacing the allocation functions, we replace any instances of free and realloc with the Smalloc equivalents: sfree and srealloc. These functions have the same arguments and return types as the functions they replace, so we can perform a simple substitution.