Null pointer dereferencing occurs when a null variable is treated as if it were a valid object or field reference and is used without checking its state. This condition results in a NullPointerException, which could result in denial of service. For additional information, see the related rule "void ERR15-J. Do not catch NullPointerException."Programs are forbidden to dereference null pointers.
Noncompliant Code Example
| Wiki Markup |
|---|
This noncompliant example shows a bug in Tomcat version 4.1.24, initially discovered by Reasoning \[[Reasoning 2003|AA. Bibliography#Reasoning 03]\]. The {{cardinality}} method was designed to return the number of occurrences of object {{obj}} in collection {{col}}. One valid use of the {{cardinality}} method is to determine how many objects in the collection are {{null}}. However, because membership in the collection is checked withusing the expression {{obj.equals(elt)}}, a null pointer dereference is guaranteed whenever {{obj}} is {{null}}. |
...
| Code Block | ||
|---|---|---|
| ||
public static int cardinality(Object obj, final Collection col) {
int count = 0;
Iterator it = col.iterator();
while (it.hasNext()) {
Object elt = it.next();
if ((null == obj && null == elt) ||
(null != obj && obj.equals(elt))) {
count++;
}
}
return count;
}
|
Note that explicit null checks as shown here are one acceptable approach to eliminating null pointer dereferences;
Risk Assessment
| Wiki Markup |
|---|
Dereferencing a {{null}} pointer can lead to a denial of service. For example, Java Web Start applications and applets particular to JDK version 1.6, prior to update 4, were affected by a bug that had some noteworthy security consequences. A {{NullPointerException}} was generated inIn some isolated cases when, the application or applet's attemptedattempt to establish an HTTPS connection with a server generated a {{NullPointerException}} \[[SDN 2008|AA. Bibliography#SDN 08]\]. The resulting failure to establish a secure HTTPS connection with the server caused a denial of service: clients were temporarily forced to use an insecure http channel for data exchange. In multithreaded programs, null pointer dereferences can violate cache coherency policies and can cause resource leaks. |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="3a8451c827fa9575-5cc872b1-42b244cc-a94fbcbd-515a99edbf5479622c703d32"><ac:plain-text-body><![CDATA[ | [ISO/IEC TR 24772:2010 | http://www.aitcnet.org/isai/] | "Null Pointer Dereference [XYH]" | ]]></ac:plain-text-body></ac:structured-macro> |
CWE ID 476, "NULL Pointer Dereference" |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b66cc58b4a021edd-ffaeb5ce-45ef450d-b088bf8a-9edc9c1bbb8057eb49742684"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | [method doPrivileged() | http://java.sun.com/javase/6/docs/api/java/security/AccessController.html#doPrivileged(java.security.PrivilegedAction)] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1eb2cfc305c77ee1-01f3f13e-43244681-8c34891e-bfa0e16819c919d33929dc67"><ac:plain-text-body><![CDATA[ | [[Hovemeyer 2007 | AA. Bibliography#Hovemeyer 07]] |
| ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="3f95b62bd844e42b-4b3821b8-4cfe4d05-b026bd33-c5142dfbcb1dbfcd66bc1c8b"><ac:plain-text-body><![CDATA[ | [[Reasoning 2003 | AA. Bibliography#Reasoning 03]] | Defect ID 00-0001 | ]]></ac:plain-text-body></ac:structured-macro> | |
| Null Pointer Dereference | ||||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="4935160680678013-ee8fa271-410e4a0e-bf89b116-60ed5c6d997f664b13f089d1"><ac:plain-text-body><![CDATA[ | [[SDN 2008 | AA. Bibliography#SDN 08]] | [Bug ID 6514454 | http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6514454] | ]]></ac:plain-text-body></ac:structured-macro> |
...