Attempting to dereference a NULL pointer results in undefined behavior, typically abnormal program termination. Given this, pointers should be checked to make sure they are valid before they are dereferenced.
In this example, input_str is copied into dynamically allocated memory referenced by str. If malloc() fails, it returns a NULL pointer that is assigned to str. When str is dereferenced in strcpy(), the program behaves in an unpredictable manner.
...
size_t size = strlen(input_str);
if (size == SIZE_MAX) { /* test for limit of size_t */
/* Handle Error */
}
str = malloc(size+1);
strcpy(str, input_str);
...
|
Note that in accordance with rule MEM35-C. Ensure that size arguments to memory allocation functions are correct the argument supplied to malloc() is checked to ensure a numeric overflow does not occur.
To correct this error, ensure the pointer returned by {{malloc()}} is not NULL. In addition to this rule, this should be done in accordance with rule \[[MEM32-C|MEM32-C. Detect and handle critical memory allocation errors]\]. |
...
size_t size = strlen(input_str);
if (size == SIZE_MAX) { /* test for limit of size_t */
/* Handle Error */
}
str = malloc(size+1);
if (str == NULL) {
/* Handle Allocation Error */
}
strcpy(str, input_str);
...
|
Dereferencing a NULL pointer results in undefined behavior, typically abnormal program termination.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
EXP34-C |
3 (high) |
3 (likely) |
1 (high) |
P9 |
L2 |
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] 6.3.2.3 Pointers \[[Viega 05|AA. C References#Viega 05]\] Section 5.2.18 Null-pointer dereference |