Attempting to dereference an invalid pointer results in undefined behavior, typically abnormal program termination. Given this, invalid pointers should not be be checked to make sure they are valid before they are dereferenced.
Non-Compliant Code Example
In this example, input_str is copied into dynamically allocated memory referenced by str. If malloc() fails, it returns an invalid (null) pointer that is assigned to str. When str is dereferenced in strcpy(), the program behaves in an unpredictable manner.
...
Note that in accordance with rule MEM35-C. Ensure that size arguments to memory allocation functions are valid the argument supplied to malloc() is checked to ensure a numeric overflow does not occur.
Compliant Solution
| Wiki Markup |
|---|
To correct this error, ensure the pointer returned by {{malloc()}} is not invalid (null). In addition to this rule, this should be done in accordance with rule \[[MEM32-C|MEM32-C. Detect and handle critical memory allocation errors]\]. |
| Code Block | ||
|---|---|---|
| ||
...
size_t size = strlen(input_str);
if (size == SIZE_MAX) { /* test for limit of size_t */
/* Handle Error */
}
str = malloc(size+1);
if (str == NULL) {
/* Handle Allocation Error */
}
strcpy(str, input_str);
...
|
Risk Assessment
Dereferencing an invalid pointer results in undefined behavior, which could result in an attacker being able to run arbitrary code.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
EXP34-C | 3 (high) | 3 (likely) | 1 (high) | P9 | L2 |
References
| Wiki Markup |
|---|
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] 6.3.2.3 Pointers \[[Viega 05|AA. C References#Viega 05]\] Section 5.2.18 Null-pointer dereference |