Most of my technical primers are…well, technical. This one won’t be because the problem is confusion rather than complexity.
I’ve been in software security for over a decade, and nearly every tester or developer I’ve asked about this topic thinks Null Pointer Dereference Vulnerabilities mean one of two things:
- Someone tried to delete (dereference) a pointer while it pointed to NULL, or…
- Failure to clean up (dereference) NULL pointers.
In both cases, the mistake is made because they think dereference means to delete something, which it does not. In programming parlance, dereferencing means getting the value for something—a.k.a., reading it.
In other words, a Null Pointer Dereference Vulnerability just means reading a NULL pointer.
That’s it.
It’s not about deleting references, or leaving references lying around, or cleaning up NULL pointers, or any of that stuff. Computers just hate trying to extract the value of things that don’t exist. And I can’t say I blame them.
Hope this helps someone.
Notes
- This is a fantastic explanation of pointers on Stack Overflow.
- Another interesting piece of trivia: Null Pointer Dereference and Null Pointer Exceptions (NPEs) are the same vulnerability with different names.
- Thanks to Jason Powell for talking through this, championing the cause, and reminding me that this primer still needed to be written.