Checkers:RNPD.DEREF

From current

This warning is reported in situations where a pointer is dereferenced and then compared with NULL, and there are no pointer changes on the trace between dereferencing and checking. So, it is very likely that at dereferencing, the pointer might be NULL, or the NULL check is improper.

Vulnerability and risk

Identifies one of three things:

• A pointer that can be NULL by design was dereferenced without a proper check; this will lead to a runtime error
• A condition is written incorrectly; the code will not work as intended
• There is a redundant check; unnecessary code will be generated

Example 1

1  void rnpd_1(int* t, int v) {
2      *t = 0;  // t is dereferenced unconditionally
3      if (v < 0) v = -v;
4      if (t) *t = v;  // t is verified before dereference
5  }

This example dereferences 't' twice. The first dereference is done without any verification. The second dereference is guarded with a check, but it is an unnecessary check, because if 't' is NULL, the application will crash after the first dereference.

Security Guidelines

• CWE-476: NULL Pointer Dereference
• EXP34-C:Do not dereference null pointers