…and Go! (null pointer dereference)

Hello World…

Since this is my first On-Air blog, and the name of it is ‘Null Pointer’ I think it would be appropriate to actually write about it, and explain what’s lying behind the name:

The name nu11p0inter was taken from the vulnerability – Null Pointer Dereference:

A null pointer dereference occurs when a pointer with a value of NULL is used when the program attempts to read/write to a valid memory area, causing an immediate segmentation fault error.

Some call it a crash, some a security bug…

You ask why?

One could say that if a program attempts to dereference a NULL pointer, the program will always terminate with a segmentation fault error and a crash of the process.
Another will say- unless exception handling is invoked…

But even then, a little can be done to salvage the process, so i guess its only a matter of the security policy where it found.

Of course, i will not leave you without a code sample of a null pointer dereference:

int main(int argc, char ** argv) {  

 char buf[255]; char *ptr = NULL; // NULL is assigned 

 if ( argc>1 ) {

 ptr = argv[1]; } strcpy(str,ptr); // pointer is dereferenced 

 return 0;
}

How to avoid it? it is very simple:

1. Before using a pointer, ensure that it is not equal to NULL:

if ( ptr != NULL ) {
 /* use pointer... */
 /* ... */
}

2. When freeing pointers, ensure they are not set to NULL, and be sure to set them to NULL once they are freed:

if ( ptr != NULL ) {
 free(ptr);
 ptr = NULL;
}

…and now you know what’s behind the mind!

Advertisements

One Response to “…and Go! (null pointer dereference)”

  1. Nice!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: