Attempting to dereference a NULL an invalid pointer results in undefined behavior, typically abnormal program termination. Given this, pointers should be checked to make sure they are valid before they are dereferenced.
Non-Compliant Code Example
In this example, input_str is copied into dynamically allocated memory referenced by str. If malloc() fails, it returns a an invalid (NULL) pointer that is assigned to str. When str is dereferenced in strcpy(), the program behaves in an unpredictable manner.
...
Note that in accordance with rule MEM35-C. Ensure that size arguments to memory allocation functions are correct the argument supplied to malloc() is checked to ensure a numeric overflow does not occur.
Compliant Solution
| Wiki Markup |
|---|
To correct this error, ensure the pointer returned by {{malloc()}} is not NULL. In addition to this rule, this should be done in accordance with rule \[[MEM32-C|MEM32-C. Detect and handle critical memory allocation errors]\]. |
| Code Block | ||
|---|---|---|
| ||
...
size_t size = strlen(input_str);
if (size == SIZE_MAX) { /* test for limit of size_t */
/* Handle Error */
}
str = malloc(size+1);
if (str == NULL) {
/* Handle Allocation Error */
}
strcpy(str, input_str);
...
|
Risk Assessment
Dereferencing a NULL an invalid pointer results in undefined behavior, typically abnormal program termination.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
EXP34-C | 3 (high) | 3 (likely) | 1 (high) | P9 | L2 |
References
| Wiki Markup |
|---|
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] 6.3.2.3 Pointers \[[Viega 05|AA. C References#Viega 05]\] Section 5.2.18 Null-pointer dereference |