dereferencing null pointer c warning

What does "C6011 dereferencing null pointer" mean in my program?

stackoverflow.com › questions › 69916418 › what-does-c6011-dereferencing-null-pointer-mean-in-my-program

First of all, note that the warning is generated by your compiler (or static analyzer, or linter), not by your debugger, as you initially wrote.

The warning is telling you that your program possibly might dereference a null pointer. The reason for this warning is that you perform a malloc() and then use the result (the pointer) without checking for NULL values. In this specific code example, malloc() will most likely just return the requested block of memory. On any desktop computer or laptop, there's generally no reason why it would fail to allocate 12 bytes. That's why your application just runs fine and exits successfully. However, if this would be part of a larger application and/or run on a memory-limited system such as an embedded system, malloc() could fail and return NULL. Note that malloc() does not only fail if there is not enough memory available, it could also fail if there is no large enough consecutive block of memory available, due to fragmentation.

According to the C standard, dereferencing a NULL pointer is undefined behavior, meaning that anything could happen. On modern computers it would likely get your application killed (which could lead to data loss or corruption, depending on what the application does). On older computers or embedded systems the problem might be undetected and your application would read from or (worse) write to the address NULL (which is most likely 0, but even that isn't guaranteed by the C standard). This could lead to data corruption, crashes or other unexpected behavior at an arbitrary time after this happened.

Note that the compiler/analyzer/linter doesn't know anything about your application or the platform you will be running it on, and it doesn't make any assumptions about it. It just warns you about this possible problem. It's up to you to determine if this specific warning is relevant for your situation and how to deal with it.

Generally speaking, there are three things you can do about it:

If you know for sure that malloc() would never fail (for example, in such a toy example that you would only run on a modern computer with gigabytes of memory) or if you don't care about the results (because the application will be killed by your OS and you don't mind), then there's no need for this warning. Just disable it in your compiler, or ignore the warning message.
If you don't expect malloc() to fail, but do want to be informed when it happens, the quick-and-dirty solution is to add assert(v != NULL); after the malloc. Note that this will also exit your application when it happens, but in a slightly more controlled way, and you'll get an error message stating where the problem occurred. I would recommend this for simple hobby projects, where you do not want to spend much time on error handling and corner cases but just want to have some fun programming :-)
When there is a realistic change that malloc() would fail and you want a well-defined behavior of your application, you should definitely add code to handle that situation (check for NULL values). If this is the case, you would generally have to do more than just add an if-statement. You would have to think about how the application can continue to work or gracefully shutdown without requiring more memory allocations. And on an embedded system, you would also have to think about things such as memory fragmentation.

The easiest fix for the example code in question is add the NULL-check. This would make the warning go away, and (assuming malloc() would not fail) your program would run still the same.

int main(void) {
    uint32_t *v = malloc(3 * sizeof(uint32_t));
    if (v != NULL) {
        v[0] = 12;
        v[1] = 59; 
        v[2] = 83; 
        twice_three(v); 
        free(v); 
    }
    return 0; 
}

Answer from wovano on Stack Overflow

Microsoft Learn

learn.microsoft.com › en-us › answers › questions › 433166 › dereferencing-null-pointer-in-c-visual-studio-2019

Dereferencing NULL pointer in C - Visual Studio 2019 - Microsoft Q&A

June 11, 2021 - As the doc also suggests, if you add code to verify that calloc has not failed then the compiler will suppress that warning. For example: int n; scanf_s("%d", &n); int** dArray = calloc(n, sizeof(int*)); if(!dArray) { return -1; } for (int r = 0; r < n; r++) { *(dArray + r) = calloc((r + 1), sizeof(int)); } ... int n; scanf_s("%d", &n); int** dArray = calloc(n, sizeof(int*)); if(dArray) { for (int r = 0; r < n; r++) { *(dArray + r) = calloc((r + 1), sizeof(int)); } } ... I suggest you read the guidance about validating a pointer before you use it in the documentation for the warning message.

SEI CERT

wiki.sei.cmu.edu › confluence › display › c › EXP34-C.+Do+not+dereference+null+pointers

EXP34-C. Do not dereference null pointers | CERT Secure Coding

If malloc() fails, it returns a null pointer that is assigned to c_str . When c_str is dereferenced in memcpy() , the program exhibits undefined behavior . Additionally, if input_str is a null pointer, the call to strlen() dereferences a null pointer, also resulting in undefined behavior.

Discussions

Dereferencing NULL pointer in C - Visual Studio 2019

Hello, How can I remove the warning? Severity Code Description Project File Line Suppression State Warning C6011 Dereferencing NULL pointer 'dArray+r'. C_Project02 C:\Users\My\source\repos\C_Project02\C_Project02\C_Project0e2.c 20 int n;… More on docs.microsoft.com

docs.microsoft.com

2

0

June 11, 2021

c - What does "C6011 dereferencing null pointer" mean in my program? - Stack Overflow

The program takes a vector with three components and double each component. The IDE showed me this warning (green squiggle): C6011 dereferencing null pointer v. in this line: v[0] = 12;. I think it's a bug because in the debugger I read the program exited with code 0. More on stackoverflow.com

stackoverflow.com

Solving C warning - dereferencing a null pointer - Stack Overflow

This is the bug report from facebook infer. error: NULL_DEREFERENCE pointer `stack` last assigned on line 24 could be null and is dereferenced at line 25, column 5. 22. struct string_stack* More on stackoverflow.com

stackoverflow.com

Dereferencing null pointers - what does the standard say?

https://eel.is/c++draft/class.mfct.non-static If a non-static member function of a class X is called for an object that is not of type X, or of a type derived from X, the behavior is undefined. More on reddit.com

r/cpp_questions

40

14

April 20, 2021

Quora

quora.com › How-do-I-avoid-dereferencing-null-pointers-in-C

How to avoid dereferencing null pointers in C - Quora

Answer (1 of 4): This is like asking “How do I avoid getting run over when I cross a street?” The answer? You check for cars before crossing. To avoid dereferencing a NULL pointer, check to make sure it’s not NULL before dereferencing it. That’s it. No fancy tricks.

Stack Overflow

stackoverflow.com › questions › 69916418 › what-does-c6011-dereferencing-null-pointer-mean-in-my-program

c - What does "C6011 dereferencing null pointer" mean in my program? - Stack Overflow

Top answer

1 of 3

4

First of all, note that the warning is generated by your compiler (or static analyzer, or linter), not by your debugger, as you initially wrote.

The warning is telling you that your program possibly might dereference a null pointer. The reason for this warning is that you perform a malloc() and then use the result (the pointer) without checking for NULL values. In this specific code example, malloc() will most likely just return the requested block of memory. On any desktop computer or laptop, there's generally no reason why it would fail to allocate 12 bytes. That's why your application just runs fine and exits successfully. However, if this would be part of a larger application and/or run on a memory-limited system such as an embedded system, malloc() could fail and return NULL. Note that malloc() does not only fail if there is not enough memory available, it could also fail if there is no large enough consecutive block of memory available, due to fragmentation.

According to the C standard, dereferencing a NULL pointer is undefined behavior, meaning that anything could happen. On modern computers it would likely get your application killed (which could lead to data loss or corruption, depending on what the application does). On older computers or embedded systems the problem might be undetected and your application would read from or (worse) write to the address NULL (which is most likely 0, but even that isn't guaranteed by the C standard). This could lead to data corruption, crashes or other unexpected behavior at an arbitrary time after this happened.

Note that the compiler/analyzer/linter doesn't know anything about your application or the platform you will be running it on, and it doesn't make any assumptions about it. It just warns you about this possible problem. It's up to you to determine if this specific warning is relevant for your situation and how to deal with it.

Generally speaking, there are three things you can do about it:

If you know for sure that malloc() would never fail (for example, in such a toy example that you would only run on a modern computer with gigabytes of memory) or if you don't care about the results (because the application will be killed by your OS and you don't mind), then there's no need for this warning. Just disable it in your compiler, or ignore the warning message.
If you don't expect malloc() to fail, but do want to be informed when it happens, the quick-and-dirty solution is to add assert(v != NULL); after the malloc. Note that this will also exit your application when it happens, but in a slightly more controlled way, and you'll get an error message stating where the problem occurred. I would recommend this for simple hobby projects, where you do not want to spend much time on error handling and corner cases but just want to have some fun programming :-)
When there is a realistic change that malloc() would fail and you want a well-defined behavior of your application, you should definitely add code to handle that situation (check for NULL values). If this is the case, you would generally have to do more than just add an if-statement. You would have to think about how the application can continue to work or gracefully shutdown without requiring more memory allocations. And on an embedded system, you would also have to think about things such as memory fragmentation.

The easiest fix for the example code in question is add the NULL-check. This would make the warning go away, and (assuming malloc() would not fail) your program would run still the same.

int main(void) {
    uint32_t *v = malloc(3 * sizeof(uint32_t));
    if (v != NULL) {
        v[0] = 12;
        v[1] = 59; 
        v[2] = 83; 
        twice_three(v); 
        free(v); 
    }
    return 0; 
}

2 of 3

2

I believe your IDE is warning you that you didn't make sure that malloc returned something other than NULL. malloc can return NULL when you run out of memory to allocate.

It's debatable whether such a check is needed. In the unlikely event malloc returned NULL, your program would end up getting killed (on modern computers with virtualized memory).^[1] So the question is whether you want a clean message or not on exit in the very very rare situation that you run out of memory.

If you do add a check, don't use assert. That's useless. For starters, it only works in dev builds (not production builts) where malloc returning NULL is unlikely, and where it's already super easy to find memory leaks (e.g. by using valgrind). Use a proper check (if (!v) { perror(NULL); exit(1) }).

Since people are trying to debate the issue in the comments despite the rules, it looks like I'll have to go into my claim in more detail.

A couple of people suggested in the comments that "anything could happen" if you ones doesn't check for NULL, but that's simply not true on modern computers with virtualized memory.

When the C spec doesn't define the behaviour of something (what is called "undefined behaviour"), it doesn't mean anything can happen; it just means the C language doesn't care what the compiler/machine does in such situations. And a NULL dereference is very well defined on such systems. Catching such situations is a raison d'être of memory virtualization!

Just like you can rely on other compiler-specific features such as gcc's field packing attributes, one can argue it's fine to rely on memory virtualization to detect a failure by malloc.

MITRE

cwe.mitre.org › data › definitions › 476.html

CWE - CWE-476: NULL Pointer Dereference (4.20)

A community-developed list of SW & HW weaknesses that can become vulnerabilities

Stack Overflow

stackoverflow.com › questions › 65231574 › solving-c-warning-dereferencing-a-null-pointer

Solving C warning - dereferencing a null pointer - Stack Overflow

I believe the problem is at struct char_stack* stack = calloc(1,sizeof(struct char_stack));. If you just simply say struct char_stack* stack= malloc(sizeof(struct char_stack); as you want only 1 item to save space and then I believe that it probably solve it. If it does not then I would suggest checking if you correctly pronounce sizeof(struct char_stack).In the end, you always must check if (stack==NULL) because the program might not find a space to allocate space for the pointer.

reddit.com › r/cpp_questions › dereferencing null pointers - what does the standard say?

r/cpp_questions on Reddit: Dereferencing null pointers - what does the standard say?

April 20, 2021 -

01: #include <iostream>
02: 
03: class greeter
04: {
05: public:
06:     void hello()
07:     {
08:     std::cout << "Hello world";
09:     }
10: };
11: 
12: int main()
13: {
14:     ((greeter*)nullptr)->hello();
15: }

runs with no warnings on -Weveryting -Wall on gcc, no warnings on MSVC /W4 either.

https://godbolt.org/z/779Y4Ejzz

I'm sitting with the standard open but I must admit this is taking me forever to find. Do any of you know where to look?

EDIT: So far in my own research, I've got this from 21 years ago:

http://www.open-std.org/jtc1/sc22/wg21/docs/cwg_active.html#232

At one point we agreed that dereferencing a null pointer was not undefined; only using the resulting value had undefined behavior.

Top answer

1 of 10

17

https://eel.is/c++draft/class.mfct.non-static If a non-static member function of a class X is called for an object that is not of type X, or of a type derived from X, the behavior is undefined.

2 of 10

9

I assume this is inspired by this discussion ? As already stated there, the compiler is not required to check your code for logic errors and is allowed to assume that your code is UB free. As far as i can tell, what you do here is UB, because you are invoking a member function without a valid object: https://eel.is/c++draft/class.mem#class.mfct.non-static-2 https://eel.is/c++draft/expr.prim.id.general#3.1 Though we can of course now argue that you arent invoking it with any object at all, so its questionable whether this applies.

Stack Overflow

stackoverflow.com › questions › 66110509 › visual-studio-dereferencing-null-pointer-warning

c - Visual studio "Dereferencing NULL pointer" warning - Stack Overflow

Top answer

1 of 1

1

Yes, that warning is there because malloc could return NULL if allocation failed.

It's actually a warning from SAL annotations applied to the library headers, not Visual Studio itself. You should always check malloc return value for NULL and handle it, because malloc could return NULL if it fails. My usual method is:

   space = malloc(SIZE);
   if(NULL == space)
   {
       // If desired, output an error message to `stderr` here  
       goto cleanup;
   }

   use(space);

cleanup:
   free(space);
   space = NULL;

Find elsewhere

Google Bing Mojeek

Microsoft Learn

learn.microsoft.com › en-us › cpp › code-quality › c6011

Warning C6011 | Microsoft Learn

The following code generates warning C6011 because an attempt is made to dereference a null pointer (pc) inside the function without first allocating memory:

Stack Overflow

stackoverflow.com › questions › 33112451 › getting-warning-dereferencing-before-possibly-being-null-in-c-code

pointers - Getting warning - Dereferencing before possibly being null in C code - Stack Overflow

Top answer

1 of 1

8

Coverity is giving you a warning because you are in fact doing a NULL check:

if (a_ptr && a_ptr->ptr) {

Here, a_ptr is evaluated in a boolean context. It evaluates to true if a_ptr is not NULL.

This warning thrown by Coverity if you dereference a pointer and then later on do a NULL check on it. This means one of two things:

The pointer could in fact be NULL and any dereference prior to that NULL check could result in a NULL pointer dereference, so you need to either do the NULL check sooner or don't deereference at that point.
The NULL check is unnecessary because the pointer can't be NULL, so the NULL check should be removed.

In this particular case, you're explicitly setting a_ptr to the address of a variable, so it can't possibly be NULL at that point. If you don't set it again before the above if statement, that means that the NULL check is unnecessary and should be removed.

Stack Overflow

stackoverflow.com › questions › 76848355 › c-dereferencing-null-pointer-warning

C++ : dereferencing NULL pointer warning - Stack Overflow

Top answer

1 of 1

2

You aren't aborting early from the function if dest is nullptr. That's why you get a compiler warning. You'd surely crash if strCat(nullptr, "foo") was invoked. Although as others have said, actual strcat may not check either pointer parameter for null.

More pro-tips:

You don't need to invoke strLen. Especially not for src. You can exit the copy loop as soon as src points to a null char.
strcat is expected to return dest

Quite simply we can do this:

char* strCat(char* dest, const char* src) {
        char* result = dest;

        // validate parameters
        if ((dest == nullptr) || (src == nullptr)) {
            return result;
        }

        // advance dest to the existing null char
        while (*dest != '\0') {
            dest++;
        }

        // copy loop
        while (*src != '\0') {
            *dest = *src;
            dest++;
            src++;
        }

        // make dest null terminated
        *dest = '\0';
        return result;
}

Secure Coding Blog

blog.bytehackr.in › understanding-and-preventing-null-pointer-dereference

Top 5 Way to Prevent NULL Pointer Dereference

May 8, 2025 - To detect NULL pointer dereference issues in your code, consider using the following techniques: Compiler Warnings: Enable compiler warnings and pay attention to warnings related to pointer usage.

PVS-Studio

pvs-studio.com › en › blog › posts › cpp › 0306

Null Pointer Dereferencing Causes Undefined Behavior

February 16, 2015 - The pointer must be checked before being dereferenced. When considering the idiomatic implementation of the 'offsetof()' operator, one must take into account that a compiler implementation is permitted to use what would be non-portable techniques to implement its functionality. The fact that a compiler's library implementation uses the null pointer constant in its implementation of 'offsetof()' doesn't make it OK for user code to use '&podhd->line6' when 'podhd' is a null pointer.

Microsoft Learn

learn.microsoft.com › en-us › cpp › code-quality › c26823

Warning C26823 | Microsoft Learn

October 3, 2025 - void invalidate(int **pp); void ... 5; // warning: C26823 } To solve this warning, make sure there's no null pointer dereference in the code, potentially by adding null checks....

Wikipedia

en.wikipedia.org › wiki › Null_pointer

Null pointer - Wikipedia

2 weeks ago - In practice, dereferencing a null pointer may result in an attempted read or write from memory that is not mapped, triggering a segmentation fault or memory access violation. This may manifest itself as a program crash, or be transformed into a software exception that can be caught by program code.

C C++Other languages Null dereferencing Mitigation History

SonarSource

rules.sonarsource.com › cpp › RSPEC-2259

C++ static code analysis: Null pointers should not be ...

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C++ code

reddit.com › r/cpp_questions › what happens when dereferencing a nullptr?

r/cpp_questions on Reddit: What happens when dereferencing a nullptr?

August 18, 2022 -

I saw this code in A Tour of C++, but with a bit modify for illustration:

#include <iostream>

int main() {
  char s = 'a';
  char *p = &s;
  while (*p) {
    std::cout << *p;
    p++;
  }
  p = nullptr;
  //std::cout << (*p == true);
  *p == true;
}

I do not know how does while (*p) { end while I do not know what happens when p is nullptr. And std::cout << (*p == true) will induce segment fault but *p == true does not.

Top answer

1 of 7

27

Dereferencing a null pointer is undefined behavior. In practice, trying to dereference null usually results in a seg-fault, but sometimes the compiler can optimize out the operation entirely. In your example, *p == true; doesn't actually change any of the program state, so the compiler is being smart and removing the extra computation. In the cout line, your program is actually using the result of the computation so it can't be removed. Note: In some cases an aggressive optimizer may recognize that dereferencing a null pointer would be undefined behavior and assume that the pointer therefore cannot be null. This can lead to some unintuitive and hard to find bugs.

2 of 7

6

What happens when dereferencing a nullptr? Dereferencing a null point is very dangerous. Any modern operating system will detect a read from a page of memory marked as off-limits, and thrown an exception. This exception is usually uncaught, and results in your program being killed with a "segmentation violation (core dumped)" error message. After that, Bret The Hitman Hart - the greatest that is, that was, and ever will be, will put you into the Sharpshooter. He's very serious about code reviews: https://www.youtube.com/watch?v=bLHL75H_VEM

Qnx

qnx.com › developers › docs › qnxcar2 › topic › com.qnx.doc.ide.userguide › topic › memory_Null_pointderef_.html

NULL pointer dereference

Running a program that contains a NULL pointer dereference generates an immediate segmentation fault error.

Developer Community

developercommunity.visualstudio.com › t › warning-C6011:-Dereferencing-NULL-pointe › 10583605

warning C6011: Dereferencing NULL pointer & assert()

Skip to main content · Visual Studio · Guidelines Problems Suggestions Code of Conduct · Downloads · Visual Studio IDE Visual Studio Code Azure DevOps Team Foundation Server Accounts and Subscriptions · Subscriber Access · Microsoft Security Azure Dynamics 365 Microsoft 365 Microsoft ...