Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarQube for IDE
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarQube Cloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube Server

Secrets
ABAP
Ansible
Apex
AzureResourceManager
C
C#
C++
CloudFormation
COBOL
CSS
Dart
Docker
Flex
GitHub Actions
Go
HTML
Java
JavaScript
JSON
JCL
Kotlin
Kubernetes
Objective C
PHP
PL/I
PL/SQL
Python
RPG
Ruby
Rust
Scala
Shell
Swift
Terraform
Text
TypeScript
T-SQL
VB.NET
VB6
XML
YAML

C static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C code

Tags

Impact

Clean code attribute

"abort", "exit", "getenv" and "system" from <stdlib.h> should not be used
Bug
"atof", "atoi" and "atol" from <stdlib.h> should not be used
Bug
"<signal.h>" should not be used
Bug
Dynamic heap memory allocation should not be used
Bug
Lines starting with "#" should contain valid preprocessing directives
Bug
Macros used in preprocessor directives should be defined before use
Bug
Function-like macros should not be invoked without all of their arguments
Bug
"#include" directives should be followed by either <filename> or "filename" sequences
Bug
Non-standard characters should not occur in header file names in "#include" directives
Bug
The address of an automatic object should not be assigned to another object that may persist after the first object has ceased to exist
Bug
Function exit paths should have appropriate return values
Bug
The number of arguments passed to a function should match the number of parameters
Bug
Evaluation of the operand to the sizeof operator shall not contain side effects
Bug
Non-empty statements should change control flow or have at least one side-effect
Bug
Unary minus should not be applied to an unsigned expression
Bug
Bitwise operators should not be applied to signed operands
Bug
Boolean operations should not have numeric operands, and vice versa
Bug
Objects with integer type should not be converted to objects with pointer type
Bug
Pointer conversions should be restricted to a safe subset
Bug
Function pointers should not be converted to any other type
Bug
Results of ~ and << operations on operands of underlying types unsigned char and unsigned short should immediately be cast to the operand's underlying type
Bug
Variables should be initialized before use
Bug
String literals with different prefixes should not be concatenated
Bug
Only escape sequences defined in the ISO C standard should be used
Bug
Macro arguments should not contain preprocessing directives
Bug
Variables should not be accessed outside of their scope
Bug
"volatile" should not be used to qualify objects for which the meaning is not defined
Bug
Relational and subtraction operators should not be used with pointers to different arrays
Bug
Arguments evaluation order should not be relied on
Bug
"#pragma pack" should be used correctly
Bug
Enums should be consistent with the bit fields they initialize
Bug
"pthread_mutex_t" should be unlocked in the reverse order they were locked
Bug
"pthread_mutex_t" should be properly initialized and destroyed
Bug
"pthread_mutex_t" should not be locked when already locked, or unlocked when already unlocked
Bug
User-defined types should not be passed as variadic arguments
Bug
Functions with "noreturn" attribute should not return
Bug
"memcmp" should only be called with pointers to trivially copyable types with no padding
Bug
Array values should not be replaced unconditionally
Bug
Integral operations should not overflow
Bug
"case" ranges should not be empty
Bug
All branches in a conditional structure should not have exactly the same implementation
Bug
Parameter values should be appropriate
Bug
Declaration specifiers should not be redundant
Bug
Stack allocated memory and non-owned memory should not be freed
Bug
Closed resources should not be accessed
Bug
Dynamically allocated memory should be released
Bug
Freed memory should not be used
Bug
Memory locations should not be released more than once
Bug
Memory access should be explicitly bounded to prevent buffer overflows
Bug
Zero should not be a possible denominator
Bug
"sizeof" should not be called on pointers
Bug
Unary prefix operators should not be repeated
Bug
Non-existent operators like "=+" should not be used
Bug
Values of different "enum" types should not be compared
Bug
The "sizeof" and "alignof" operator should not be used with operands of a "void" type
Bug
"nonnull" parameters and return values of "returns_nonnull" functions should not be null
Bug
Conditionally executed code should be reachable
Bug
The "<stdlib.h>" functions "bsearch" and "qsort" should not be used
Bug
Line-splicing should not be used in "//" comments
Bug
Printf-style format strings should not lead to unexpected behavior at runtime
Bug
Null pointers should not be dereferenced
Bug
Single-bit named bit fields should not be of a signed type
Bug
"for" loop counters should not have essentially floating type
Bug
Recursion should not be infinite
Bug
Values should not be uselessly incremented
Bug
Resources should be closed
Bug
Line continuation characters '\' should not be followed by trailing whitespace
Bug
"sizeof(sizeof(...))" should not be used
Bug
Related "if/else if" statements should not have the same condition
Bug
Pointers should not be cast to integral types
Bug
Identical expressions should not be used on both sides of a binary operator
Bug
All code should be reachable
Bug
Loops with at most one iteration should be refactored
Bug
Variables should not be self-assigned
Bug
Floating point numbers should not be tested for equality
Bug
Function parameters' initial values should not be ignored
Bug
A function call shall not violate the function's preconditions
Bug
Floating-point arithmetic should be used appropriately
Bug
There shall be no occurrence of "undefined" or "critical unspecified behaviour"
Bug
The "volatile" qualifier shall be used appropriately
Bug
The operands of "bitwise operators" and "shift operators" shall be appropriate
Bug
The pointers returned by the C++ Standard Library functions "localeconv", "getenv", "setlocale" or "strerror" must only be used as if they have pointer to const-qualified type
Bug
Reads and writes on the same file stream shall be separated by a positioning operation
Bug
Line-splicing shall not be used in "//" comments
Bug
The pointer returned by the C++ Standard Library functions "asctime", "ctime", "gmtime", "localtime", "localeconv", "getenv", "setlocale" or "strerror" must not be used following a subsequent call to the same function
Bug
The "#include" directive shall be followed by either a "<filename>" or ""filename"" sequence
Bug
The "'" or """ or "\" characters and the "/*" or "//" character sequences shall not occur in a "header file" name
Bug
The "defined" preprocessor operator shall be used appropriately
Bug
A named bit-field with "signed integer type" shall not have a length of one bit
Bug
The value of an object must not be read before it has been set
Bug
A function with non-"void" return type shall return a value on all paths
Bug
A function must not return a reference or a pointer to a local variable with automatic storage duration
Bug
An unsigned arithmetic operation with constant operands should not wrap
Bug
The right-hand operand of a logical "&&" or "||" operator should not contain "persistent side effects"
Bug
The built-in unary "-" operator should not be applied to an expression of unsigned type
Bug
Casts shall not be performed between a pointer to function and any other type
Bug
The built-in relational operators ">", ">=", "<" and "<=" shall not be applied to objects of pointer type, except where they point to elements of the same array
Bug
Subtraction between pointers shall only be applied to pointers that address elements of the same array
Bug
Pointer arithmetic shall not form an invalid pointer
Bug
Operations on a memory location shall be sequenced appropriately
Bug
The source code used to implement an "entity" shall appear only once
Bug
The "one-definition rule" shall not be violated
Bug
All "declarations" of a variable or function shall have the same type
Bug
A line whose first token is "#" shall be a valid preprocessing directive
Bug
All identifiers used in the controlling expression of "#if" or "#elif" preprocessing directives shall be defined prior to evaluation
Bug
Tokens that look like a preprocessing directive shall not occur within a macro argument
Bug
String literals with different encoding prefixes shall not be concatenated
Bug
Within character literals and non raw-string literals, "\" shall only be used to form a defined escape sequence or universal character name
Bug
An object or subobject must not be copied to an overlapping object
Bug
Controlling expressions should not be invariant
Bug
A function shall not contain "unreachable" statements
Bug

Parameter values should be appropriate

intentionality - logical

reliability

Bug

symbolic-execution

Passing NULL to a C library function that requires non-null pointer arguments results in undefined behavior.

Why is this an issue?

How can I fix it?

More Info

The standard C library includes a variety of functions for string and general memory manipulations. Many of these functions require valid parameters and when given values outside a function’s domain, the behavior is undefined. Functions like strlen, memset, memcpy, qsort, fread, etc., for instance, require non-NULL parameters, and passing a NULL value introduces undefined behavior. In that case, the application may crash or, even worse, silently lose data or produce incorrect results.

Consider the following code. If the pointer-typed variable buf is NULL due to a failed memory allocation, for instance, the call to memset() will cause undefined behavior.

#include <string.h>

void process_buffer(char *buf, size_t size) {
  // Call to `memset()` may lead to undefined behavior, if `buf` is NULL.
  memset(buf, 0, size);
}

Similarly, if for some reason a NULL pointer slips through and reaches the string manipulation code shown in the following, the application’s behavior is undefined.

#include <string.h>

int compare_strings(const char *str_a, const char *str_b) {
  // Both functions `strlen()` and `strncmp()` may not receive a `NULL` pointer.
  size_t len_a = strlen(str_a);
  size_t len_b = strlen(str_b);
  size_t min = (len_a <= len_b) ? len_a : len_b;
  return strncmp(str_a, str_b, min);
}

Hence, users have to ensure that the C standard library functions' preconditions are met and valid parameters are passed.

The C library functions that are considered by this rule and that require non-NULL pointer parameters are listed in this rule’s Resources section.

What is the potential impact?

If an argument to one of the C library functions mentioned by this rule is a NULL pointer, the behavior of the application is undefined.

When a program comprises undefined behavior, the compiler no longer needs to adhere to the language standard, and the program has no meaning assigned to it.

Due to the resulting NULL pointer dereferences in the C library functions, the application might just crash, but in the worst case, the application may appear to execute correctly, while losing data or producing incorrect results.

Besides affecting the application’s availability, NULL pointer dereferences may lead to code execution, in rare circumstances. If NULL is equivalent to the 0x0 memory address that can be accessed by privileged code, writing and reading memory is possible, which compromises the integrity and confidentiality of the application.

Available In:

Catch issues on the fly,
in your IDE

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Analyze code in your
on-premise CI

Developer Edition
Available Since
9.1

In-IDE

SaaS

Self-Hosted