 
                            Wiki Markup 
One way to eliminate invalid pointers is to define a function that accepts a pointer argument and indicates if the whether or not the pointer is valid or not, for some definition of valid. For example, the following function declares any pointer to be valid except NULL.:
| Code Block | 
|---|
| 
int valid(void *ptr) {
  return (ptr != NULL);
}
 | 
...
The following code relies on the _etext address, defined by the loader as the first address following the program text on many platforms, including AIX, Linux, QNX, IRIX, and Solaris. It is not POSIX-compliant, nor is it available on Windows.
| Code Block | 
|---|
| #include <stdio.h> #include <stdlib.h> int valid(void *p) { extern char _etext; return (p != NULL) && ((char*) p <=> &_etext); } int global; int main(void) { int local; int *p; printf("pointer to local var valid? %d\n", valid(&local)); printf("pointer to static var valid? %d\n", valid(&global)); printf("pointer to function valid? %d\n", valid((void *)main)); int *p = (int *) malloc(sizeof(int)); printf("pointer to heap valid? %d\n", valid(p)); printf("pointer to end of allocated heap valid? %d\n", valid(++p)); free(--p); printf("pointer to freed heap valid? %d\n", valid(p)); printf("null pointer valid? %d\n", valid(NULL)); return 0; } | 
On a Linux platform, this program produces the following output:
| Code Block | 
|---|
| pointer to local var invalidvalid? 1 pointer to static var invalidvalid? 1 pointer to function invalidvalid? 0 pointer to heap invalidvalid? 1 pointer to end of allocated heap invalidvalid? 1 pointer to freed heap invalidvalid? 1 null pointer invalidvalid? 0 | 
The valid() function does not guarantee validity (; it only identifies null pointers and pointers to functions as invalid). However, but it can be used to catch a substantial number of problems that might otherwise go undetected.
...
Noncompliant Code Example
This In this noncompliant code example, the incr() function increments the value pointed to referenced by its argument. It also ensures that its argument is not a null pointer. But the pointer can could still be invalid, causing the function to corrupt memory or terminate abnormally.
| Code Block | ||||
|---|---|---|---|---|
| 
 | ||||
| void incr(int *intptr) { if (intptr == NULL) { /* handleHandle error */ } (*intptr)++; } | 
Compliant Solution
By This incr() function can be improved by using the valid() function defined above, the function . The resulting implementation is less likely to dereference an invalid pointer or write to memory that is outside the bounds of a valid object.
| Code Block | ||||
|---|---|---|---|---|
| 
 | ||||
| void incr(int *intptr) { if (!valid(intptr)) { /* handleHandle error */ } (*intptr)++; } | 
...
The valid(
...
Because invalid pointers are often indicative of a bug defect in the program, the assert() macro can be used to terminate immediately if an invalid pointer is discovered (see MSC11-A. Incorporate diagnostic tests using assertions).
...
| bgColor | #ccccff | 
|---|
...
) function can be implementation dependent and perform additional, platform-dependent checks when possible. In the worst case, the valid() function may only perform the same null-pointer check as the noncompliant code example. However, on platforms where additional pointer validation is possible, the use of a valid() function can provide checks.
Risk Assessment
A pointer validation library function can be used to identify detect and so prevent the execution of vulnerable code.
Failure to clear memory can result in leaked information. Occasionally, it can also lead to buffer overflows if the program falsely assumes that a null-termination byte is present.
prevent operations from being performed on some invalid pointers.
| Rule | Severity | Likelihood | 
|---|
| Detectable | Repairable | Priority | Level | 
|---|---|---|---|
| MEM10- | 
| C | High | 
| Unlikely | 
| No | 
| No | P3 | L3 | 
Automated Detection
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| LDRA tool suite | 
 | 159 S | Enhanced enforcement | ||||||
| Security Reviewer - Static Reviewer | 
 | CPP_11 | Fully implemented | 
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup | 
|---|
| \[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.3.2.3, "Pointers"
\[[Jack 07|AA. C References#Jack 07]\]
\[[van Sprundel 06|AA. C References#van Sprundel 06]\] | 
Related Guidelines
| SEI CERT C++ Coding Standard | VOID MEM10-CPP. Define and use a pointer validation function | 
| MITRE CWE | CWE-20, Improper Input Validation | 
Bibliography
...
MEM09-A. Do not assume memory allocation routines initialize memory 08. Memory Management (MEM)