You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

ISO/IEC 9899:1999 defines null pointers as "An integer constant expression with the value 0." In practice, attempting to dereference a null pointer results in undefined program behavior, typically abnormally program termination. Given this, null pointers should not be dereferenced.

Non-compliant Example

This example shows a function that negates an integer. If n is a null pointer, then when n is dereferenced the program may behave in an unexpected manner.

void negate(int *n) {
   *n = *n * -1;
}

Compliant Solution

To correct this error, ensure that n is not a null pointer before attempting to dereference it.

void negate(int *n) {
  if(n == NULL) {
    /* Handle Error */
  }
  *n = *n * -1;
}

Priority and Level

Dereferencing null pointers typically results in a denial of service condition.

Component

Value

Severity

 

Likelihood

 

Remediation cost

 

Priority

 

Level

 

References

  • No labels