In this section:
This error is generated whenever an attempt is made to dereference a NULL pointer.
|
This code attempts to use a pointer which has not been explicitly assigned. Because the variable a is global, it is initialized to zero by default, which results in dereferencing a NULL pointer in line 8.
/*
* File: writnull.c
*/
int *a;
main()
{
*a = 123;
return (0);
} |
[writnull.c:8] **WRITE_NULL** >> *a = 123; Writing to a null pointer: a ---- Associated Common Weakness Enumerations ---- CWE-476: Null pointer dereference Stack trace where the error occurred: main() writnull.c, 8 **Memory corrupted. Program may crash!!** |
A common cause of this problem is the one shown in the example–use of a pointer that has not been explicitly assigned and which is initialized to zero. This is usually due to the omission of an assignment or allocation statement which would give the pointer a reasonable value.
The example code might, for example, be corrected as follows:
/*
* File: writnull.c (Modified)
*/
int *a;
main()
{
int b;
a = &b;
*a = 123;
return (0);
} |
A second common source of this error is code which dynamically allocates memory but then zeroes pointers as blocks are freed. In this case, the error would indicate reuse of a freed block.
A final common problem is caused when one of the dynamic memory allocation routines, malloc, calloc, or realloc, fails and returns a NULL pointer. This can happen either because your program passes bad arguments or simply because it asks for too much memory. A simple way of finding this problem with Insure++ is to enable the RETURN_FAILURE error code and run the program again. It will then issue diagnostic messages every time a system call fails, including the memory allocation routines.
The table below shows Common Weakness Enumerations associated with this error.
| CWE | Description |
|---|---|
| CWE-476 | Null pointer dereference |
