https://www.secdev.uk/blog/tags/cwe-476/ Recent content in CWE-476 on guy@secdev.uk Hugo en-gb Guy Dixon | guy@secdev.uk Sat, 14 Mar 2026 00:00:00 +0000 https://www.secdev.uk/blog/technology/2026-03-14-memory-safety-without-rust/ Sat, 14 Mar 2026 00:00:00 +0000 https://www.secdev.uk/blog/technology/2026-03-14-memory-safety-without-rust/ <p>I hear &ldquo;just rewrite it in Rust&rdquo; a lot these days, and while Rust&rsquo;s ownership model genuinely does eliminate entire classes of memory safety bugs at compile time, that advice ignores reality. The vast majority of systems code &ndash; operating systems, embedded firmware, database engines, network stacks &ndash; is written in C and C++ and will remain so for decades. Rewriting is not always an option. So I wanted to dig into the defensive patterns, compiler features, and runtime tools that bring memory safety closer to C and C++ codebases without a language migration. What I found is that while none of these approaches match Rust&rsquo;s compile-time guarantees, the combination of them makes a real difference.</p> https://www.secdev.uk/blog/technology/2025-11-08-cpp-security-smart-pointers/ Sat, 08 Nov 2025 00:00:00 +0000 https://www.secdev.uk/blog/technology/2025-11-08-cpp-security-smart-pointers/ <p>The more I dug into C++ codebases, the more I noticed a recurring assumption: developers who think that switching to smart pointers and STL containers means they&rsquo;re safe from memory bugs. C++ adds RAII, smart pointers, containers, and type-safe abstractions on top of C&rsquo;s manual memory model, and these features genuinely eliminate many of C&rsquo;s most common vulnerabilities, <code>std::string</code> prevents buffer overflows, <code>std::unique_ptr</code> prevents memory leaks, and <code>std::vector</code> provides bounds-checked access via <code>.at()</code>. But C++ also introduces new attack surfaces that turn out to be even trickier to spot: dangling references from moved-from objects, iterator invalidation, implicit conversions in template code, and the false sense of security that comes from using &ldquo;safe&rdquo; abstractions incorrectly. In this post, I want to cover the C++-specific anti-patterns that survive code review because they look correct to developers who trust the standard library.</p> https://www.secdev.uk/blog/technology/2025-07-19-null-pointer-dereference/ Sat, 19 Jul 2025 00:00:00 +0000 https://www.secdev.uk/blog/technology/2025-07-19-null-pointer-dereference/ <p>Null pointer dereference (CWE-476) is one of those bugs that shows up across every language, and the more I researched it for this post, the more I was struck by how much damage it can do depending on context. The consequences vary dramatically: C programs crash with a segfault (or worse, the kernel maps page zero and an attacker gets code execution), C++ invokes undefined behaviour that the compiler may optimise into literally anything, Go panics with a nil pointer dereference that kills the goroutine or the whole program, and Java throws a <code>NullPointerException</code> that can crash the app or leak stack traces to an attacker. MITRE ranks CWE-476 consistently in the top 25 most dangerous software weaknesses, and digging into the CVE data, that ranking is well deserved. I want to walk through C, C++, Go, and Java here, from the obvious unchecked <code>malloc</code> return to the subtle nil interface trap in Go and the conditional path where null silently propagates through multiple function calls.</p>