SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 68

changes.mady.by.user Alex Volkovitsky

Saved on

compared with

New Version 69

changes.mady.by.user Justin Pincar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by sciSpider v2.1 (sch jbop) (X_X)@==(Q_Q)@

Attempting to dereference a NULL null pointer results in undefined behavior, typically abnormal program termination.

...

In this example, input_str is copied into dynamically allocated memory referenced by str. If malloc() fails, it returns a NULL null pointer that is assigned to str. When str is dereferenced in memcpy(), the program behaves in an unpredictable manner.

...

Wiki Markup
Dereferencing a NULLnull pointer results in undefined behavior, typically abnormal program termination.  In some situations, however, dereferencing a NULLnull pointer can lead to the execution of arbitrary code \[[Jack 07|AA. C References#Jack 07], [van Sprundel 06|AA. C References#van Sprundel 06]\].  The indicated severity is for this more severe case; on platforms where it is not possible to exploit a NULLnull pointer dereference to execute arbitrary code, the actual severity is low.

...

Fortify SCA Version 5.0 is able to detect violations of this rule.

The tool Compass Rose /ROSE is able to detect violations of this rule. In particular, Rose ensures that any pointer returned by malloc(), calloc(), or realloc() is first checked for NULL before being used (otherwise it is free()-d). Rose doesn't handle cases where an allocation is assigned to an lvalue that is not a variable (such as a struct member or C++ function call returning a reference.)

The Coverity Prevent CHECKED_RETURN, NULL_RETURNS, and REVERSE_INULL checkers can all find violations of this rule. The CHECKED_RETURN finds instances where a pointer is checked against NULL and then later dereferenced. The NULL_RETURNS checker identifies functions that can return a NULL null pointer but are not checked. The REVERSE_INULL identifies code that dereferences a pointer and then checks the pointer against NULL. Coverity Prevent cannot discover all violations of this rule, so further verification is necessary.

...

Wiki Markup
\[[ISO/IEC 9899-:1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.3.2.3, "Pointers"
\[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\] "HFC Pointer casting and pointer type changes" and "XYH Null Pointer Dereference"
\[[Jack 07|AA. C References#Jack 07]\]
\[[MITRE 07|AA. C References#MITRE 07]\] [CWE ID 476|http://cwe.mitre.org/data/definitions/476.html], "NULL Pointer Dereference"
\[[van Sprundel 06|AA. C References#van Sprundel 06]\]
\[[Viega 05|AA. C References#Viega 05]\] Section 5.2.18, "Null-pointer dereference"

...