https://www.secdev.uk/blog/tags/null-pointer-dereference/ Recent content in Null Pointer Dereference on guy@secdev.uk Hugo en-gb Guy Dixon | guy@secdev.uk Sat, 19 Jul 2025 00:00:00 +0000 https://www.secdev.uk/blog/technology/2025-07-19-null-pointer-dereference/ Sat, 19 Jul 2025 00:00:00 +0000 https://www.secdev.uk/blog/technology/2025-07-19-null-pointer-dereference/ <p>Null pointer dereference (CWE-476) is one of those bugs that shows up across every language, and the more I researched it for this post, the more I was struck by how much damage it can do depending on context. The consequences vary dramatically: C programs crash with a segfault (or worse, the kernel maps page zero and an attacker gets code execution), C++ invokes undefined behaviour that the compiler may optimise into literally anything, Go panics with a nil pointer dereference that kills the goroutine or the whole program, and Java throws a <code>NullPointerException</code> that can crash the app or leak stack traces to an attacker. MITRE ranks CWE-476 consistently in the top 25 most dangerous software weaknesses, and digging into the CVE data, that ranking is well deserved. I want to walk through C, C++, Go, and Java here, from the obvious unchecked <code>malloc</code> return to the subtle nil interface trap in Go and the conditional path where null silently propagates through multiple function calls.</p>