Page History

LANG.MEM.NPD

LANG.STRUCT.NTAD

LANG.STRUCT.UPD

Null pointer dereference

Null test after dereference

Unchecked parameter dereference

Can detect violations of this rule. In particular, ROSE ensures that any pointer returned by malloc(), calloc(), or realloc() is first checked for NULL before being used (otherwise, it is free()-ed). ROSE does not handle cases where an allocation is assigned to an lvalue that is not a variable (such as a struct member or C++ function call returning a reference)

Coverity

CHECKED_RETURN

NULL_RETURNS

REVERSE_INULL

FORWARD_NULL

Finds instances where a pointer is checked against NULL and then later dereferenced

Identifies functions that can return a null pointer but are not checked

Identifies code that dereferences a pointer and then checks the pointer against NULL

Can find the instances where NULL is explicitly dereferenced or a pointer is checked against NULL but then dereferenced anyway. Coverity Prevent cannot discover all violations of this rule, so further verification is necessary

Fortify SCA

5.0

Klocwork

NPD.* *RNPD.*

LDRA tool suite

45 D

2810, 2811, 2812, 2813, 2814, 2820, 2821, 2822, 2823, 2824 

Splint

Context sensitive analysis.

Detects when NULL is dereferenced. Array of pointers is not checked. Pointer members in struct is not checked.

Finds instances where a pointer is checked against NULL and then later dereferenced.

Identifies code that dereferences a pointer and then checks the pointer against NULL.

Cppcheck does not guess that return values from malloc(), strchr(), etc can be NULL. The return value from malloc() is only NULL if there is OOM and the dev might not care to handle that. The return value from strchr() is often NULL but the dev might know that a specific strchr() function call will not return NULL.