ISO/IEC 9899:1999 defines null pointers as "An integer constant expression with the value 0." In practice, attempting to dereference a null pointer causes a program to behave in an unpredictable manner or crashresults in undefined program behavior, typically abnormally program termination. Given this, null pointers should not be dereferenced.
Non-compliant Example
This example shows a function that negates an integer. If n is a null pointer, then when n is dereferenced the program may behave in an unexpected manner.
| Code Block |
|---|
void negate(int *n) {
*n = *n * -1;
}
|
Compliant Solution
To correct this error, ensure that n is not a null pointer before attempting to dereference it.
| Code Block |
|---|
void negate(int *n) {
if(n == NULL) {
/* Handle Error */
}
*n = *n * -1;
}
|
Priority and Level
Dereferencing null pointers typically results in a denial of service condition.
Component | Value |
|---|---|
Severity |
|
Likelihood |
|
Remediation cost |
|
Priority |
|
Level |
|