Null pointer dereferencing occurs when a variable bound to the null value is treated as if it were a valid object reference and used without checking its state. This condition results in a NullPointerException, which can in turn result in a denial of service. The denial of service is caused by the exception interrupting the program or thread, and probably causing it to terminate. Termination is likely because catching NullPointerExceptions is generally discouraged (see forbidden by ERR08-J. Do not catch NullPointerException or any of its ancestors).
Consequently, code must never dereference null pointers. That is, there must not exist some selection of inputs to a unit of code such that the code will dereference a null pointer. Note that the context in which code is defined can impact the determination of conformance to this rule, as shown in the second Noncompliant Code Example and (corresponding) second Compliant Solution.
...
This compliant solution demonstrates that the context in which code appears can impact its compliance. The This example once again includes the same isName method as above, but this time as part of a more general method that tests string arguments.
...
In this example, we have made isName() a private method with only one caller in its containing class. The calling method, testString(), is written so as to guarantee that isName() is always called with a valid string reference. Therefore, the class as whole conforms with this rule, even though isName() in isolation does not. In general, inter-procedural reasoning of this sort is an acceptable approach to avoiding null pointer dereferences.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="4637415e107f9c6a-c8503360-4b5e4351-b437a41c-4021cd8f1d1713d94b63af2a"><ac:plain-text-body><![CDATA[ | [ISO/IEC TR 24772:2010 | http://www.aitcnet.org/isai/] | Null Pointer Dereference [XYH] | ]]></ac:plain-text-body></ac:structured-macro> |
CWE-476. NULL pointer dereference |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="19f66e6d785c0295-4a1d9b65-4ae740dc-9aafbc4f-905f3558609d5312f06095f1"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. References#API 06]] | [Method | http://java.sun.com/javase/6/docs/api/java/security/AccessController.html#doPrivileged(java.security.PrivilegedAction)] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1f8bafa242981e49-e69b6e6d-4d214cb5-83ed81bd-bae9cb3772dd12d537b088ee"><ac:plain-text-body><![CDATA[ | [[Hovemeyer 2007 | AA. References#Hovemeyer 07]] |
| ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="666bf991cb7e04ce-170aa716-4a4e49c1-9c948350-a43dfd1a081480e7ada76893"><ac:plain-text-body><![CDATA[ | [[Reasoning 2003 | AA. References#Reasoning 03]] | Defect ID 00-0001 | ]]></ac:plain-text-body></ac:structured-macro> | |
| Null Pointer Dereference | ||||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="2ed3757cd8c2ee54-899f87c2-49ca4013-8878909d-29aecb0e7e0ecdcece2d52e0"><ac:plain-text-body><![CDATA[ | [[SDN 2008 | AA. References#SDN 08]] | [Bug ID 6514454 | http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6514454] | ]]></ac:plain-text-body></ac:structured-macro> |
...