...
Dereferencing a null pointer is undefined behavior, typically abnormal program termination. In some situations, however, dereferencing a null pointer can lead to the execution of arbitrary code [Jack 2007, van Sprundel 2006]. The indicated severity is for this more severe case; on platforms where it is not possible to exploit a null pointer dereference to execute arbitrary code, the actual severity is low.
Rule | Severity | Likelihood | Detectable | RepairableRemediation Cost | Priority | Level |
|---|---|---|---|---|---|---|
STR51-CPP | High | Likely | No | MediumYes | P18 | L1 |
Automated Detection
Tool | Version | Checker | Description | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| assert_failure | |||||||||
| CodeSonar |
| LANG.MEM.NPD | Null Pointer Dereference | ||||||||
| Helix QAC |
| DF4770, DF4771, DF4772, DF4773, DF4774 | |||||||||
| Klocwork |
| NPD.CHECK.CALL.MIGHT | |||||||||
| Parasoft C/C++test |
| CERT_CPP-STR51-a | Avoid null pointer dereferencing | Helix QAC | |||||||
| Include Page | |||||||||||
| Polyspace Bug Finder |
| CERT C++: STR51-CPP | Checks for string operations on null pointer (rule partially covered). | ||||||||
| Security Reviewer - Static Reviewer |
| shiftTooManyBits | Fully implemented | Helix QAC_V | Helix QAC_V
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...