Page History

...

Dereferencing a null pointer is undefined behavior, typically abnormal program termination. In some situations, however, dereferencing a null pointer can lead to the execution of arbitrary code [Jack 2007, van Sprundel 2006]. The indicated severity is for this more severe case; on platforms where it is not possible to exploit a null pointer dereference to execute arbitrary code, the actual severity is low.

Rule	Severity	Likelihood	Detectable	RepairableRemediation Cost	Priority	Level
STR51-CPP	High	Likely	No	MediumYes	P18	L1

Automated Detection

C++4770, C++4771, C++4772, C++4773, C++4774

Tool

Version

Checker

Description

Astrée

Include Page

	Astrée_V
	Astrée_V

assert_failure

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

LANG.MEM.NPD

Null Pointer Dereference

Helix QAC

Include Page

	Helix QAC_V
	Helix QAC_V

DF4770, DF4771, DF4772, DF4773, DF4774

Klocwork

Include Page

	Klocwork_V
	Klocwork_V

NPD.CHECK.CALL.MIGHT
NPD.CHECK.CALL.MUST
NPD.CHECK.MIGHT
NPD.CHECK.MUST
NPD.CONST.CALL
NPD.CONST.DEREF
NPD.FUNC.CALL.MIGHT
NPD.FUNC.CALL.MUST
NPD.FUNC.MIGHT
NPD.FUNC.MUST
NPD.GEN.CALL.MIGHT
NPD.GEN.CALL.MUST
NPD.GEN.MIGHT
NPD.GEN.MUST
RNPD.CALL
RNPD.DEREF

Parasoft C/C++test

Include Page

	Parasoft_V
	Parasoft_V

CERT_CPP-STR51-a

Avoid null pointer dereferencing

Polyspace Bug Finder

Include Page

	Polyspace Bug Finder_V
	Polyspace Bug Finder_V

CERT C++: STR51-CPP

Checks for string operations on null pointer (rule partially covered).

Security Reviewer - Static Reviewer

Include Page

	Security Reviewer - Static Reviewer_V
	Security Reviewer - Static Reviewer_V

shiftTooManyBits

Fully implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

Space shortcuts

Page tree

Versions Compared

Old Version 28

New Version Current

Key

Automated Detection

Related Vulnerabilities