Comments (2)
Enkelmann
commented on June 19, 2024
1
The CWE-416 check works by checking whether a return value from a library function call (like malloc) was checked for being a Null pointer before it gets dereferenced. In particular, it only considers the return values of such calls as sources for Null pointers. Variables, that are explicitly set to Null, like in your example, are not checked (to prevent generating a large number of false positives) and such Null dereferences thus cannot be found by the check.
The Memory analysis of the cwe_checker also generates Null Pointer Dereference warnings, but only for variables explicitly set to Null. Unfortunately, it has a high false positive rate. It cannot detect your example for a different reason: Namely, it does not propagate any information from the function call to testDereference to its function body, so the information that the parameter to testDereference is a Null pointer does not reach the site where it is dereferenced.
While we could change the behavior of the Memory analysis to also emit a warning when testDereference is called with a Null pointer as parameter, I am reluctant to do so, because it would generate even more false positives and we currently have no easy solution for preventing that.
from cwe_checker.
kajaaz
commented on June 19, 2024
Thank you for the feedback!
from cwe_checker.
Related Issues (20)
- Speed up the analysis with new cwe_checker:stable docker image HOT 2
- cwe_checker docker -o option fails HOT 4
- What is CWE119 specifically and the difference with its variants HOT 7
- Infinity Loop Problem HOT 2
- Execution of Ghidra plugin failed HOT 8
- Project Normalization consumes too much RAM HOT 2
- Support for new P-Code operation in Ghidra 10.3 HOT 1
- Windows failed to compile HOT 1
- cwe_checker docker container hang on HOT 4
- New CWE support ? HOT 1
- Binary Ninja Plugin HOT 1
- Docker build is failed locally HOT 1
- Error: unknown variant `LZCOUNT`, expected one of `COPY`...... when running the test sample HOT 7
- Option to enable CWE78 scan HOT 4
- panic in graph.rs because unwrap() of None HOT 4
- Activate clippy for `test` target
- Explicitly use wrapping arithmetic operations when overflow may occur
- skip libc code for statically compiled binaries HOT 3
- panic in Result::unwrap() due to "InvalidShiftAmount" when analyzing STM32 Firmware HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cwe_checker.