CS.NRE.CONST.DEREF

A null object reference constant is dereferenced either explicitly or through a call to a function that can dereference it.

Vulnerability and risk

Dereferencing a null object reference is a critical runtime problem that will crash the application on some operating systems and throw a runtime exception on others.

Example 1

Copy

1
2
3
4
5
6
7
8
9
10
11
12
13
                  class Param {
                      public int par1() {
                          return 0;
                      }
                  }
                  class NPD3 {
                      public void foo() {
                          foo2(null);
                      }
                     public void foo2(Param param) {
                         param.par1();
                     }
                 }

Klocwork produces an issue report (CS.NRE.CONST.DEREF) at line 8. Constant null pointer is dereferenced by passing argument 1 to function 'foo2' at line 8.

External guidance

CWE-476: NULL Pointer Dereference

Security training

Application security training materials provided by Secure Code Warrior.

Null Dereference Training Video - Test your skills with a training example