SEC-NULL-cmp-bef-fun
Synopsis
A pointer is compared with NULL, then dereferenced by a function.
Enabled by default
Yes
Severity/Certainty
High/Low
Full description
A pointer is compared with NULL, then passed as an argument to a function that might dereference it. This might be caused by an accidental use of the wrong comparison operator, for example == instead of !=, or by accidentally swapping the then- and else- clauses of an if-statement. If the function does dereference the pointer, the application will crash. If it does not, the argument is not needed. Check comparison operators to make sure they test the correct condition, and make sure that branches have not been accidentally swapped.
Coding standards
- CERT EXP34-C
Do not dereference null pointers
- CWE 476
NULL Pointer Dereference
Code examples
The following code example fails the check and will give a warning:
#define NULL ((void *) 0)
int bar(int *x) {
*x = 3;
return 0;
}
int foo(int *x) {
if (x != NULL) {
*x = 4;
}
bar(x);
}
The following code example passes the check and will not give a warning about this issue:
#define NULL ((void *) 0)
int bar(int *x) {
if (x != NULL)
*x = 3;
return 0;
}
int foo(int *x) {
if (x != NULL) {
*x = 4;
}
bar(x);
}