Unchecked Return Value to NULL Pointer Dereference
|ID: 690||Date: (C)2012-05-14 (M)2012-11-08|
|Type: compound element||Status: DRAFT|
|Abstraction Type: Base|
The product does not check for an error after calling a
function that can return with a NULL pointer if the function fails, which leads
to a resultant NULL pointer dereference.
Applicable PlatformsLanguage: CLanguage: C++
|Availability ||DoS: crash / exit /
restart || |
|Black Box ||This typically occurs in rarely-triggered error conditions, reducing
the chances of detection during black box testing. || || |
|White Box ||Code analysis can require knowledge of API behaviors for library
functions that might return NULL, reducing the chances of detection when
unknown libraries are used. || || |
|CWE-690 ChildOf CWE-876 ||Category ||CWE-868 || |
Demonstrative Examples (Details)
- The code below makes a call to the getUserName() function but
doesn't check the return value before dereferencing (which may cause a
- This example takes an IP address from a user, verifies that it is
well formed and then looks up the hostname and copies it into a
buffer. (Demonstrative Example Id DX-1)
- CVE-2008-1052 : Large Content-Length value leads to NULL pointer dereference when malloc fails.
- CVE-2006-6227 : Large message length field leads to NULL pointer dereference when malloc fails.
- CVE-2006-2555 : Parsing routine encounters NULL dereference when input is missing a colon separator.
- CVE-2003-1054 : URI parsing API sets argument to NULL when a parsing failure occurs, such as when the Referer header is missing a hostname, leading to NULL dereference.
- CVE-2008-5183 : chain: unchecked return value can lead to NULL dereference
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None
|CERT Java Secure Coding ||ERR08-J ||Do not catch NullPointerException or any of its
ancestors || |
|CERT C++ Secure Coding ||MEM32-CPP ||Detect and handle memory allocation errors || |