Thank you for the description (comments).It Cleared my doubts. I'm getting a warning while doing a Static Analysis (SA) on my code. Event var_deref_model: | Passing null pointer "master_uri_env" to "operator =", which dereferences it. Coverity Scan - Static Analysis Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc. Why is this claimed dereferencing type-punned pointer warning compiler-specific? Hence the error. Browse other questions tagged, Where developers & technologists share private knowledge with coworkers, Reach developers & technologists worldwide. Server allows remote attackers to cause a denial of service (crash) via malformed requests that trigger a null dereference. FORWARD_NULL: A program will normally crash when a NULL pointer is dereferenced. This compliant solution ensures that the pointer returned by png_malloc() is not null. which bolsters my assertion that x->member dereferences x (or at least an offset of x). It's even called out explicitly in C17 7.24.1p2: Where an argument declared as size_t n specifies the length of the array for a function, n can have the value zero on a call to that function. On many platforms, dereferencing a null pointer results inabnormal program termination, but this is not required by the standard. "Signpost" puzzle from Tatham's collection. Markus:AFAICT the respponses to this StackOverflow question agree with my previous assertions. New feature implementation got stuck for days because old code had obscure implementation which caused debuging nightmare. SIZE_MAX is the largest possible value that a size_t could take, so it is not possible to have anything larger than SIZE_MAX. Off by one error: It is the third example. I guess you could write a proposal to modify the C Standard, but our coding standard is meant to provide guidance for the existing language. The return value from strchr() is often NULL, but the dev might know that a specific strchr() function call will not return NULL. But the problem also exists in the compliant version, so I'm not so sure that it's really compliant. By clicking Accept all cookies, you agree Stack Exchange can store cookies on your device and disclose information in accordance with our Cookie Policy. Wikipedia. Asking for help, clarification, or responding to other answers. It looks like a logic bug, which can cause a memory leaking. ImmuniWeb. In some situations, however, dereferencing a null pointer can lead to the execution of arbitrary code [Jack 2007,van Sprundel 2006].