SEC-NULL-literal-pos
In this section:
Synopsis
A literal pointer expression (e.g. NULL) is dereferenced by a function call.
Enabled by default
No
Severity/Certainty
High/Medium
Full description
A literal pointer expression (for example, NULL) is passed as an argument to a function that might dereference it. Pointer values are generally only useful if acquired at runtime; thus dereferencing a literal address will usually be an accident, resulting in corrupted memory or an application crash. Make sure that the function being called checks the argument it is given with NULL, before it dereferences it.
Coding standards
- CWE 476
NULL Pointer Dereference
Code examples
The following code example fails the check and will give a warning:
#define NULL ((void *) 0)
extern int sometimes;
int bar(int *x) {
if (sometimes)
*x = 3;
return 0;
}
int foo(int *x) {
bar(NULL);
}
The following code example passes the check and will not give a warning about this issue:
#define NULL ((void *) 0)
int bar(int *x){
if (x != NULL)
*x = 3;
return 0;
}
int foo(int *x) {
if (x != NULL) {
*x = 4;
}
bar(x);
}