Attempting to dereference an invalid pointer results in undefined program behavior, typically abnormal program termination. Given this, invalid pointers should not be dereferenced.
Non-compliant Example
In this example, input_str
is copied into dynamically allocated memory referenced by str
. If malloc() }} fails, it returns an invalid (null) pointer that is assigned to {{str
. When str
is dereferenced in strcpy()
, the program behave in an unpredictable manner.
... char *str = malloc(size_of_input_str); strcpy(str, input); ...
Compliant Solution
To correct this error, ensure the pointer returned by malloc()
is not invalid (null). In addition to this rule, this should be done in accordance with rule MEM32-C. Detect and handle critical memory allocation errors.
... char *str = malloc(size_of_input_str); if (str == NULL) { /* Handle Allocation Error */ } strcpy(str, input_str); ...
Priority and Level
Dereferencing null pointers typically results in a denial of service condition.
Component |
Value |
---|---|
Severity |
|
Likelihood |
|
Remediation cost |
|
Priority |
|
Level |
|
References
- ISO/IEC 9899-1999 6.3.2.3 Pointers