Attempting to dereference an invalid pointer results in undefined program behavior, typically abnormal program termination. Given this, invalid pointers should not be dereferenced.
...
In this example, input_str is copied into dynamically allocated memory referenced by str. If malloc() fails, it returns an invalid (null) pointer that is assigned to str. When str is dereferenced in strcpy(), the program behave behaves in an unpredictable manner.
...
Note that in accordance with rule MEM35-C. Ensure that size arguments to memory allocation functions are valid the argument supplied to malloc() is checked to ensure an a numeric overflow does not occur.
...
| Code Block | ||
|---|---|---|
| ||
...
size_t size = strlen(input_str);
if (size == SIZE_MAX) {
/* Handle Error */
}
str = malloc(size+1);
if (str == NULL) {
/* Handle Allocation Error */
}
strcpy(str, input_str);
...
|
...
Risk Assessment
Dereferencing null pointers typically results in a denial of service condition.an invalid pointer results in undefined behavior, which could result in an attacker being able to run arbitrary code.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
??? | 3 (high) | 3 (likely) | 1 (high) | P9 | L2 |
Component | Value | ||||
Severity |
| ||||
Likelihood |
| ||||
Remediation cost |
| ||||
Priority |
| ||||
Level |
|
References
- ISO/IEC 9899-1999 6.3.2.3 Pointers
- Viega 05 Section 5.2.18 Null-pointer dereference