Dereferencing null pointers - what does the standard say?
What happens when dereferencing a nullptr?
c - What does "C6011 dereferencing null pointer" mean in my program? - Stack Overflow
C++ : dereferencing NULL pointer warning - Stack Overflow
01: #include <iostream>
02:
03: class greeter
04: {
05: public:
06: void hello()
07: {
08: std::cout << "Hello world";
09: }
10: };
11:
12: int main()
13: {
14: ((greeter*)nullptr)->hello();
15: }runs with no warnings on -Weveryting -Wall on gcc, no warnings on MSVC /W4 either.
https://godbolt.org/z/779Y4Ejzz
I'm sitting with the standard open but I must admit this is taking me forever to find. Do any of you know where to look?
EDIT: So far in my own research, I've got this from 21 years ago:
http://www.open-std.org/jtc1/sc22/wg21/docs/cwg_active.html#232
At one point we agreed that dereferencing a null pointer was not undefined; only using the resulting value had undefined behavior.
I saw this code in A Tour of C++, but with a bit modify for illustration:
#include <iostream>
int main() {
char s = 'a';
char *p = &s;
while (*p) {
std::cout << *p;
p++;
}
p = nullptr;
//std::cout << (*p == true);
*p == true;
}
I do not know how does while (*p) { end while I do not know what happens when p is nullptr. And std::cout << (*p == true) will induce segment fault but *p == true does not.
First of all, note that the warning is generated by your compiler (or static analyzer, or linter), not by your debugger, as you initially wrote.
The warning is telling you that your program possibly might dereference a null pointer. The reason for this warning is that you perform a malloc() and then use the result (the pointer) without checking for NULL values. In this specific code example, malloc() will most likely just return the requested block of memory. On any desktop computer or laptop, there's generally no reason why it would fail to allocate 12 bytes. That's why your application just runs fine and exits successfully. However, if this would be part of a larger application and/or run on a memory-limited system such as an embedded system, malloc() could fail and return NULL. Note that malloc() does not only fail if there is not enough memory available, it could also fail if there is no large enough consecutive block of memory available, due to fragmentation.
According to the C standard, dereferencing a NULL pointer is undefined behavior, meaning that anything could happen. On modern computers it would likely get your application killed (which could lead to data loss or corruption, depending on what the application does). On older computers or embedded systems the problem might be undetected and your application would read from or (worse) write to the address NULL (which is most likely 0, but even that isn't guaranteed by the C standard). This could lead to data corruption, crashes or other unexpected behavior at an arbitrary time after this happened.
Note that the compiler/analyzer/linter doesn't know anything about your application or the platform you will be running it on, and it doesn't make any assumptions about it. It just warns you about this possible problem. It's up to you to determine if this specific warning is relevant for your situation and how to deal with it.
Generally speaking, there are three things you can do about it:
If you know for sure that
malloc()would never fail (for example, in such a toy example that you would only run on a modern computer with gigabytes of memory) or if you don't care about the results (because the application will be killed by your OS and you don't mind), then there's no need for this warning. Just disable it in your compiler, or ignore the warning message.If you don't expect
malloc()to fail, but do want to be informed when it happens, the quick-and-dirty solution is to addassert(v != NULL);after the malloc. Note that this will also exit your application when it happens, but in a slightly more controlled way, and you'll get an error message stating where the problem occurred. I would recommend this for simple hobby projects, where you do not want to spend much time on error handling and corner cases but just want to have some fun programming :-)When there is a realistic change that
malloc()would fail and you want a well-defined behavior of your application, you should definitely add code to handle that situation (check for NULL values). If this is the case, you would generally have to do more than just add anif-statement. You would have to think about how the application can continue to work or gracefully shutdown without requiring more memory allocations. And on an embedded system, you would also have to think about things such as memory fragmentation.
The easiest fix for the example code in question is add the NULL-check. This would make the warning go away, and (assuming malloc() would not fail) your program would run still the same.
int main(void) {
uint32_t *v = malloc(3 * sizeof(uint32_t));
if (v != NULL) {
v[0] = 12;
v[1] = 59;
v[2] = 83;
twice_three(v);
free(v);
}
return 0;
}
I believe your IDE is warning you that you didn't make sure that malloc returned something other than NULL. malloc can return NULL when you run out of memory to allocate.
It's debatable whether such a check is needed. In the unlikely event malloc returned NULL, your program would end up getting killed (on modern computers with virtualized memory).[1] So the question is whether you want a clean message or not on exit in the very very rare situation that you run out of memory.
If you do add a check, don't use assert. That's useless. For starters, it only works in dev builds (not production builts) where malloc returning NULL is unlikely, and where it's already super easy to find memory leaks (e.g. by using valgrind). Use a proper check (if (!v) { perror(NULL); exit(1) }).
Since people are trying to debate the issue in the comments despite the rules, it looks like I'll have to go into my claim in more detail.
A couple of people suggested in the comments that "anything could happen" if you ones doesn't check for NULL, but that's simply not true on modern computers with virtualized memory.
When the C spec doesn't define the behaviour of something (what is called "undefined behaviour"), it doesn't mean anything can happen; it just means the C language doesn't care what the compiler/machine does in such situations. And a NULL dereference is very well defined on such systems. Catching such situations is a raison d'être of memory virtualization!
Just like you can rely on other compiler-specific features such as gcc's field packing attributes, one can argue it's fine to rely on memory virtualization to detect a failure by malloc.
You are doing something like
if (p != nullptr || *p)
i.e. you are dereferencing only if the pointer is nullptr. This means you do nothing if the pointer is valid, or you dereference if it's invalid (which is UB).
You need to do a logical and instead, like this
if (p != nullptr && *p)
i.e. only dereference if the pointer is not nullptr.
Your question states that you want to execute the if block if either pointer is NULL or points to '\0', so you really want this:
// mplate is a reference to a class
if (mplate.m_plate == nullptr || mplate.m_plate[0] == '\0' || plate == nullptr || plate[0] == '\0') {
// Do something (Block entered on the FIRST true test...)
}
else {
// do something else ( Block entered ONLY if all four tests are false...)
}
In this code, the tests in the if statement will 'short-circuit' as soon as any one of the tests is true, so you will never dereference a nullptr.
sessionTarget = jsch.getSession(backupUser, backupHost, backupPort); Here in this line, getSession() method can throw an Exception, and hence the variables sessionTarget and channelTarget will be null, and in the finally block, you are accessing those variables, which may cause null pointer exception.
To avoid this, in the finally block check for null before accessing the variable.
Copyfinally {
if (channelTarget != null) {
channelTarget.exit();
channelTarget.disconnect();
}
if (sessionTarget != null ) {
sessionTarget.disconnect();
}
}
That means: what if your channelTarget and sessionTarget are null in your finally block? Check them for null to avoid the warning.