The program can potentially dereference a null pointer, thereby causing a segmentation fault.
Null pointer exceptions usually occur when one or more of the programmer's assumptions is violated. Specifically, dereference-after-check errors occur when a program makes an explicit check for null, but proceeds to dereference the pointer when it is known to be null. Errors of this type are often the result of a typo or programmer oversight.
Most null pointer issues result in general software reliability problems, but if an attacker can intentionally trigger a null pointer dereference, the attacker might be able to use the resulting exception to mount a denial of service attack or to cause the application to reveal debugging information that will be valuable in planning subsequent attacks.
Example 1: In the following code, the programmer confirms that the variable ptr
is NULL
and subsequently dereferences it erroneously. If ptr
is NULL
when it is checked in the if
statement, then a null dereference will occur, thereby causing a segmentation fault.
if (ptr == null) {
ptr->field = val;
...
}
NULL
, thereby dereferencing a null pointer and causing a segmentation fault.
if (ptr == '\0') {
*ptr = val;
...
}
[1] Standards Mapping - OWASP Top 10 2004 - (OWASP 2004) A9 Application Denial of Service
[2] Standards Mapping - Security Technical Implementation Guide Version 3 - (STIG 3) APP6080 CAT II
[3] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 476
[4] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 - (PCI 1.1) Requirement 6.5.9