...
To correct this error, ensure the pointer returned by malloc() is not null. This also ensures compliance with guideline rule MEM32-C. Detect and handle memory allocation errors.
...
The vulnerability occurs because sk is initialized to tun->sk before checking if tun is equal to NULL. Of course, this should be done first because the GCC compiler (in this case) optimize optimizes it and completely remove removes the if (!tun) check because it is performed after the assignment. As a result, the above vulnerability can result in a null pointer dereference exploit.
...
| Wiki Markup |
|---|
Dereferencing a null pointer results in undefined behavior, typically abnormal program termination. In some situations, however, dereferencing a null pointer can lead to the execution of arbitrary code \[[Jack 2007|AA. Bibliography#Jack 07], [van Sprundel 2006|AA. Bibliography#van Sprundel 06]\]. The indicated severity is for this more severe case; on platforms where it is not possible to exploit a null pointer dereference to execute arbitrary code, the actual severity is low. |
...
Tool | Version | Checker | Description |
|---|
| | | |
| | | |
| | | |
| | | | Section |
|---|
can detect violations of this rule. In particular, Rose ensures that any pointer returned by malloc(), calloc(), or realloc() is first checked for NULL before being used (otherwise it is free()-d). Rose does not handle cases where an allocation is assigned to an lvalue that is not a variable (such as a struct member or C++ function call returning a reference.) |
|
| | | | Section |
|---|
finds instances where a pointer is checked against NULL and then later dereferenced. |
|
| | | | Section |
|---|
identifies functions that can return a null pointer but are not checked. |
|
| | | | Section |
|---|
identifies code that dereferences a pointer and then checks the pointer against NULL. |
|
| | | | Section |
|---|
can find the instances where NULL is explicitly dereferenced or a pointer is checked against null but then dereferenced anyway.
Coverity Prevent cannot discover all violations of this rule, so further verification is necessary. |
|
| | | |
Coverity Prevent cannot discover all violations of this rule, so further verification is necessary.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
Related Guidelines
CERT C++ Secure Coding Standard: EXP34-CPP. Ensure a null pointer is not dereferenced.
Bibliography
unmigrated-wiki-markup
\[[Goodin 2009|AA. Bibliography#Goodin 2009]\]
\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 6.3.2.3, "Pointers"
\[[
ISO/IEC PDTR 24772|AA. Bibliography#ISO/IEC PDTR 24772]\] TR 24772 "HFC Pointer casting and pointer type changes" and "XYH Null Pointer Dereference"
MITRE CWE: CWE-476, "NULL Pointer Dereference"
Bibliography
| Wiki Markup |
|---|
Null Pointer Dereference"
\[[JackGoodin 20072009|AA. Bibliography#JackBibliography#Goodin 072009]\]
\[[LiuJack 20092007|AA. Bibliography#LiuBibliography#Jack 200907]\]
\[[MITRELiu 20072009|AA. Bibliography#MITREBibliography#Liu 072009]\] [CWE ID 476|http://cwe.mitre.org/data/definitions/476.html], "NULL Pointer Dereference"
\[[van Sprundel 2006|AA. Bibliography#van Sprundel 06]\]
\[[Viega 2005|AA. Bibliography#Viega 05]\] Section 5.2.18, "Null-pointer dereference" |
...
