CS.NRE.FUNC.MIGHT

An object reference value from a call to a function that might return null might be dereferenced either explicitly or through a call to a function that can dereference it, without checking for null.

Vulnerability and risk

Dereferencing a null object reference is a critical runtime problem that will crash the application on some operating systems and throw a runtime exception on others.

Example 1

Copy

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
namespace CS.NRE.FUNC.MIGHT
{
    class Program
    {
        public Program foo()
        {
            if (flag)
                return null;
            
            return new Program();
        }


        public void var(bool b)
        {            
            Program a = foo();
            if (b)
                a.foo();
        }
        private bool flag;
    }
}

Klocwork produces an issue report (CS.NRE.FUNC.MIGHT) at line 18 for variable 'a'. If Variable 'a' is assigned to a value which might be null and which comes from a call to function 'foo' at line 16, it may still be null when it is dereferenced at line 18.

External guidance

CWE-476: NULL Pointer Dereference

Security training

Application security training materials provided by Secure Code Warrior.

Null Dereference Training Video - Test your skills with a training example