CS.NRE.CONST.DEREF

A null object reference constant is dereferenced either explicitly or through a call to a function that can dereference it.

Vulnerability and risk

Dereferencing a null object reference is a critical runtime problem that will crash the application on some operating systems and throw a runtime exception on others.

Example 1

1                  class Param {
2                      public int par1() {
3                          return 0;
4                      }
5                  }
6                  class NPD3 {
7                      public void foo() {
8                          foo2(null);
9                      }
10                     public void foo2(Param param) {
11                         param.par1();
12                     }
13                 }

Klocwork produces an issue report (CS.NRE.CONST.DEREF) at line 8. Constant null pointer is dereferenced by passing argument 1 to function 'foo2' at line 8.

Security training

Application security training materials provided by Secure Code Warrior.