ISO/IEC 9899-1999 defines null pointers as "An integer constant expression with the value 0." Attempting to dereference a null pointer results in undefined program behavior, typically abnormal program termination. Given this, null pointers should not be dereferenced.
Non-compliant Example
This example shows a function that negates an integer. If n is a null pointer, then when n is dereferenced the program may behave in an unexpected manner.
void negate(int *n) {
*n = *n * -1;
}
Compliant Solution
To correct this error, ensure that n is not a null pointer before attempting to dereference it.
void negate(int *n) {
if(n == NULL) {
/* Handle Error */
}
*n = *n * -1;
}
Priority and Level
Dereferencing null pointers typically results in a denial of service condition.
Component |
Value |
|---|---|
Severity |
|
Likelihood |
|
Remediation cost |
|
Priority |
|
Level |
|
References
- ISO/IEC 9899-1999 6.3.2.3 Pointers