JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.
If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.
If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.
| CodeSonar® 9.2p0 | CONFIDENTIAL | CodeSecure Inc |
An attempt to dereference a pointer to any address below the specified null pointer threshold.
By default, warnings of this class will be issued for dereferences of any pointer to the zero page (that is, any address in the range 0..4096). Use configuration file parameter NULL_POINTER_THRESHOLD to specify a different threshold.
| Class Name | Null Pointer Dereference | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Significance | reliability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Mnemonic | LANG.MEM.NPD | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Categories |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Availability | Available for C and C++. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Enabling | Checks for this warning class are enabled by
default. To disable them, add the following WARNING_FILTER rule to the
project configuration file.
WARNING_FILTER += discard class="Null Pointer Dereference" |
| CWE:400 | Uncontrolled Resource Consumption |
|---|
Japanese (ja)
#include <stddef.h>
#include <stdlib.h>
char lang_mem_npd_simple(void){
char *p = NULL;
return p[0]; /* 'Null Pointer Dereference' warning issued here */
}
char lang_mem_npd_with_aliasing(int x){
char *p1 = NULL;
char *p2;
char c;
if (x < 0){
p2 = "012345678";
}
else {
p2 = p1; /* 'Unused Value' warning issued here
* - this value of p2 is only used in a statement
* that causes a program crash (via Null Pointer Dereference),
* so CodeSonar considers it unused.
*/
}
c = p2[0];
return c; /* 'Null Pointer Dereference' warning issued here */
}
char * lang_mem_npd_with_malloc(void){
char *p = malloc(10);
p[0] = 'X'; /* 'Null Pointer Dereference' warning issued here
* only when MALLOC_FAILURE_BEHAVIOR=RETURN_NULL (factory setting)
*/
return p;
}
By default, CodeSonar will issue a Null Pointer Dereference warning in cases like the following.
char *q = malloc(10); /* malloc() can fail and return NULL */ q[0] = 'a'; /* in which case a Null Pointer Dereference occurs here */
The possibility of malloc() and related allocators failing and returning NULL is a very real one. However, some users prefer not to check this case because the probability of failure is considered low enough to ignore. If you want CodeSonar to treat these allocators as if they can never fail, set MALLOC_FAILURE_BEHAVIOR=DOESNT_FAIL in your general configuration file template.
Note that the setting of MALLOC_FAILURE_BEHAVIOR will affect your entire analysis. For example, if the following code is analyzed with MALLOC_FAILURE_BEHAVIOR=DOESNT_FAIL, the code in the else block will be considered unreachable.
char *q = malloc(10);
if (q){
/* do something */
}
else {
/* do something different */
}
The following configuration file parameters affect checks for this warning class.
To report problems with this documentation, please visit https://support.codesecure.com/.