CS.NRE.FUNC.CALL.MIGHT

An object reference value from a call to a function that might return null might be passed to a function that might dereference it, without checking for null.

Vulnerability and risk

Dereferencing a null object reference is a critical runtime problem that will crash the application on some operating systems and throw a runtime exception on others.

Example 1

1                  public class A {
2                      public void abc() {}
3                      public void foo(A a) {
4                          if (flag2)
5                              return;
6                          a.abc();
7                      }
8  
9                      public A boo() {
10                         if (flag3)
11                             return new A();
12                         return null;
13                     }
14 
15                     public void var() {
16                         A a = boo();
17                         if (flag)
18                             foo(a);
19                     }
20 
21                     private bool flag;
22                     private bool flag2;
23                     private bool flag3;
24                 }

Klocwork produces an issue report (CS.NRE.FUNC.CALL.MIGHT) at line 18 for variable 'a'. Variable 'a' is assigned to a value which might be null, and which comes from a call to function 'boo' at line 16. This variable may still be null when it is passed as argument 1 to function 'foo' at line 18, which may dereference it.

Security training

Application security training materials provided by Secure Code Warrior.