Null Pointer Dereference

From Guidance Share

Jump to: navigation, search

Contents

Description

A null-pointer dereference takes place when a pointer with a value of NULL is used as though it pointed to a valid memory area.

Applies To

  • Languages: C, C++, Assembly
  • Platforms: All

Example

The following code shows a simple example of a null pointer dereference:

char *Pointer = NULL;
*Pointer = 'a';

Since Pointer is NULL, the application will crash when it is derefenced in the second line of code above.

Impact

  • Availability: Null-pointer dereferences invariably result in the failure of the process.

Vulnerabilities

  • Failure to check for NULL before dereferencing a pointer value

Countermeasures

  • Requirements specification: The choice could be made to use a language that is not susceptible to these issues.
  • Implementation: Check all pointers for NULL before use. Set pointers to NULL after freeing.

Vulnerability Patterns

How Tos

Personal tools