LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Null pointer dereference is a crash, not a security bug

Null pointer dereference is a crash, not a security bug

Posted Nov 5, 2007 15:26 UTC (Mon) by mheily (guest, #27123)
In reply to: Thanks for proving Bernstein right by man_ls
Parent article: Daniel Bernstein: ten years of qmail security 

> Ehm, my C is a little rusty, but no :D I rather meant null pointer dereference, double
dereference or whatever other strange things are allowed in C that lead to security problems.

If a program attempts to dereference a NULL pointer, the program will be terminated
immediately with a SIGSEGV signal. This does not allow arbitrary code to be executed. A double
dereference is a perfectly normal and desirable condition in many programs, and the compiler
will catch double-vs-single pointer mismatches at compile time.

> Of course not, but I much rather prefer a NullPointerException than an undesired intrusion. 

Again, there is no way for a NULL pointer dereference to facilitate an intrusion since the
program will segfault instead of executing arbitrary code.

(Log in to post comments)

Null pointer dereference is a crash, not a security bug

Posted Nov 5, 2007 17:51 UTC (Mon) by phiggins (subscriber, #5605) [Link] 

A lot of Java programmers have gotten so rusty on their C that they can't remember how Java
saves them from these kinds of mistakes. It's actually the ArrayIndexOutOfBoundsException that
saves your bacon from memory corruption. Of course, Java programmers are often way too smug
and think that memory corruption problems are the only kinds of security bugs. It's very hard
to write an arbitrary code execution vulnerability in Java, but an unexpected and improperly
handled ArrayIndexOutOfBoundsException or NullPointerException could still violate the
security of your program. It will be more difficult to get shell access that way than with
arbitrary code execution, though!

The bigger concern is with the JVM implementation, which has had some vulnerabilities, but it
hasn't been nearly as bad as I expected it to be. Java really has done well in the
memory-related security area.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds