Page History

This noncompliant code example can be found in {{drivers/net/tun.c}} and affects Linux kernel 2.6.30 \[[Goodin 2009|AA. C References#Goodin 2009]\].

Normally, null pointer dereference results in access violation and abnormal program termination. However, it is possible to permit null pointer dereferencing on several operating systems, for example, using {{mmap(2)}} with the {{MAP_FIXED}} flag on Linux and Mac OS X or using {{shmat(2)}} with the {{SHM_RND}} flag on Linux \[[Liu 2009|AA. C References#Liu 2009]\].

Dereferencing a null pointer results in undefined behavior, typically abnormal program termination.  In some situations, however, dereferencing a null pointer can lead to the execution of arbitrary code \[[Jack 07|AA. C References#Jack 07], [van Sprundel 06|AA. C References#van Sprundel 06]\].  The indicated severity is for this more severe case; on platforms where it is not possible to exploit a null pointer dereference to execute arbitrary code, the actual severity is low.

\[[Goodin 2009|AA. C References#Goodin 2009]\]
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.3.2.3, "Pointers"
\[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\] "HFC Pointer casting and pointer type changes" and "XYH Null Pointer Dereference"
\[[Jack 07|AA. C References#Jack 07]\]
\[[Liu 2009|AA. C References#Liu 2009]\]
\[[MITRE 07|AA. C References#MITRE 07]\] [CWE ID 476|http://cwe.mitre.org/data/definitions/476.html], "NULL Pointer Dereference"
\[[van Sprundel 06|AA. C References#van Sprundel 06]\]
\[[Viega 05|AA. C References#Viega 05]\] Section 5.2.18, "Null-pointer dereference"