NULL Pointer Dereference
Dereferencing a pointer that may be NULL, causing a crash or worse. C/C++/Java NullPointerException class.
GateTest coverage
Not directly covered today. GateTest focuses on web-stack languages and infrastructure-as-code. For this class of bug, pair GateTest with a C/C++-aware analyzer.
Example
User *u = find_user(name); printf('%s', u->email); — if find_user returns NULL on miss, this crashes.How to fix it
Check for null before dereferencing. Use Option / Maybe / Result types in languages that support them. GateTest does not currently scan for this class.
Frequently asked questions
What is CWE-476 (NULL Pointer Dereference)?
Dereferencing a pointer that may be NULL, causing a crash or worse. C/C++/Java NullPointerException class.
How do I fix null pointer dereference?
Check for null before dereferencing. Use Option / Maybe / Result types in languages that support them. GateTest does not currently scan for this class.
Does GateTest detect CWE-476?
Not directly today. GateTest focuses on web-stack languages (JavaScript, TypeScript, Python, Go, Java, Ruby, PHP) and infrastructure-as-code. NULL Pointer Dereference is most relevant to C / C++ code. For full coverage of this class, pair GateTest with CodeQL or a memory-safety analyzer.
What rank is NULL Pointer Dereference in the CWE Top 25?
NULL Pointer Dereference is ranked #12 in the MITRE 2023 CWE Top 25 Most Dangerous Software Weaknesses list. The ranking reflects both prevalence (how often it appears in real CVEs) and severity (the typical impact when it's exploited).