The program can potentially dereference a null pointer, thereby causing a segmentation fault.
Null pointer exceptions usually occur when one or more of the programmer's assumptions is violated. A dereference-after-store error occurs when a program explicitly sets a pointer to null and dereferences it later. This error is often the result of a programmer initializing a variable to null when it is declared.
Most null pointer issues result in general software reliability problems, but if an attacker can intentionally trigger a null pointer dereference, the attacker might be able to use the resulting exception to bypass security logic or to cause the application to reveal debugging information that will be valuable in planning subsequent attacks.
Example: In the following code, the programmer explicitly sets the variable ptr
to NULL
. Later, the programmer dereferences ptr
before checking the object for a null value.
*ptr = NULL;
...
ptr->field = val;
...
}
[1] Standards Mapping - OWASP Top 10 2004 - (OWASP 2004) A9 Application Denial of Service
[2] Standards Mapping - Security Technical Implementation Guide Version 3 - (STIG 3) APP6080 CAT II
[3] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 476
[4] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 - (PCI 1.1) Requirement 6.5.9