CS.NRE.CHECK.CALL.MUST

An object reference value that is positively checked for null will be dereferenced either explicitly, or through a call to a function that can dereference it, without checking for null.

Vulnerability and risk

Dereferencing a null object reference is a critical runtime problem that will crash the application on some operating systems and throw a runtime exception on others.

Example 1

Copy

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
  public class A {
    public void abc() {}
     public void foo(A a) {
      if (flag2)
        return;
      a.abc();
     }
  
    public A boo() {
     if (flag3)
       return new A();
     return null;
   }
 
    public void var() {
     A a = new A();
     if (a != null) {
       DoSomething();
     }
     foo(a);
    }

    private void DoSomething() {}
 
    private bool flag;
    private bool flag2;
    private bool flag3;
 }

Klocwork produces an issue report (CS.NRE.CHECK.CALL.MUST) at line 20 for variable 'a'. Variable 'a' is compared with null value at line 17, and therefore can be expected to be null when it is passed as argument 1 to function 'foo' at line 20, which may dereference it.

External guidance

CWE-476: NULL Pointer Dereference

Security training

Application security training materials provided by Secure Code Warrior.

Null Dereference Training Video - Test your skills with a training example