The std::basic_string type uses the traits design pattern to handle implementation details of the various string types, resulting in a series of string-like classes with a common, underlying implementation. Specifically, the std::basic_string class is paired with std::char_traits to create the std::string, std::wstring, std::u16string, and std::u32string classes. The std::char_traits class is explicitly specialized to provide policy-based implementation details to the std::basic_string type. One such implementation detail is the std::char_traits::length function, which is frequently used when dealing with null-terminated string data such as const char * or const wchar_t * values. According to the C++ Standard, [char.traits.require], Table 62 [ISO/IEC 14882-2014], passing a null pointer to this function results in leads to undefined behavior because it would result in dereferencing a null pointer.
...
basic_string operator+(const charT *, const basic_string&)basic_string operator+(const charT *, basic_string &&)basic_string operator+(const basic_string &, const charT *)basic_string operator+(basic_string &&, const charT *)bool operator==(const charT *, const basic_string &)bool operator==(const basic_string &, const charT *)bool operator!=(const charT *, const basic_string &)bool operator!=(const basic_string &, const charT *)bool operator<(const charT *, const basic_string &)bool operator<(const basic_string &, const charT *)bool operator>(const charT *, const basic_string &)bool operator>(const basic_string &, const charT *)bool operator<=(const charT *, const basic_string &)bool operator<=(const basic_string &, const charT *)bool operator>=(const charT *, const basic_string &)bool operator>=(const basic_string &, const charT *)
Do not call any of the above preceding functions with a null pointer as the const charT * argument. This rule is a specific instance of EXP34-C. Do not dereference null pointers.
...
Some standard library vendors, such as libstdc++, will throw a std::logic_error when a null pointer is used in these function calls. However, this it is not a requirement from the standardof the C++ Standard, and not all vendors implement this behavior, such as (libc++ and the Microsoft Visual Studio STL, for example) implement this behavior. For portability, you should not rely on this behavior.
...
In this noncompliant code example, a std::string object is created from the results of a call to std::getenv(). However, since because std::getenv() returns a null pointer on failure, this code can lead to undefined behavior when the environment variable does not exist (or some other error occurs).
...
In this compliant solution, the results from the call to std::getenv() are checked for null prior to constructing before the std::string object is constructed:
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <cstdlib>
#include <string>
void f() {
const char *tmpPtrVal = std::getenv("TMP");
std::string tmp(tmpPtrVal ? tmpPtrVal : "");
if (!tmp.empty()) {
// ...
}
} |
...
Dereferencing a null pointer is undefined is undefined behavior, typically abnormal program termination. In some situations, however, dereferencing a null pointer can lead to the execution of arbitrary code [Jack 2007], [van Sprundel 2006]. The indicated severity is for this more severe case; on platforms where it is not possible to exploit a null pointer dereference to execute arbitrary code, the actual severity is low.
...
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
...
| [ISO/IEC 14882-2014] | 21.2.1, "Character Trait Requirements" |
| [ISO/IEC 9899:2011] | Section 7.20.3, "Memory management functionsManagement Functions" |
| [Jack 2007] | |
| [van Sprundel 2006] |
...