Attempting to dereference an invalid pointer results in undefined behavior, typically abnormal program termination. Given this, invalid pointers should not be dereferenced.
Non-Compliant Code Example
In this example, input_str
is copied into dynamically allocated memory referenced by str
. If malloc()
fails, it returns an invalid (null) pointer that is assigned to str
. When str
is dereferenced in strcpy()
, the program behaves in an unpredictable manner.
...
Note that in accordance with rule MEM35-C. Ensure that size arguments to memory allocation functions are valid the argument supplied to malloc()
is checked to ensure a numeric overflow does not occur.
Compliant Solution
Wiki Markup |
---|
To correct this error, ensure the pointer returned by {{malloc()}} is not invalid (null). In addition to this rule, this should be done in accordance with rule \[[MEM32-C|MEM32-C. Detect and handle critical memory allocation errors]\]. |
Code Block | ||
---|---|---|
| ||
... size_t size = strlen(input_str); if (size == SIZE_MAX) { /* test for limit of size_t */ /* Handle Error */ } str = malloc(size+1); if (str == NULL) { /* Handle Allocation Error */ } strcpy(str, input_str); ... |
Risk Assessment
Dereferencing an invalid pointer results in undefined behavior, which could result in an attacker being able to run arbitrary code.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
??? EXP34-C | 3 (high) | 3 (likely) | 1 (high) | P9 | L2 |
References
Wiki Markup |
---|
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] 6.3.2.3 Pointers \[[Viega 05|AA. C References#Viega 05]\] Section 5.2.18 Null-pointer dereference |