• CodeQL query help documentation »
• CodeQL query help for C# »

Dereferenced variable may be null

ID: cs/dereferenced-value-may-be-null Kind: problem Security severity: Severity: warning Precision: high Tags: - quality - reliability - correctness - exceptions - external/cwe/cwe-476 Query suites: - csharp-code-quality.qls - csharp-security-and-quality.qls 

Click to see the query in the CodeQL repository

If a variable is dereferenced, for example as the qualifier in a method call, and the variable may have a null value on some execution paths leading to the dereferencing, the dereferencing may result in a NullReferenceException.

Recommendation

Ensure that the variable does not have a null value when it is dereferenced.

Example

In the following example, the method DoPrint() dereferences its parameter o unconditionally, resulting in a NullReferenceException via the call DoPrint(null).

using System; class Bad {  void DoPrint(object o)  {  Console.WriteLine(o.ToString());  }  void M()  {  DoPrint("Hello");  DoPrint(null);  } } 

In the revised example, the method DoPrint() guards the dereferencing with a null check.

using System; class Good {  void DoPrint(object o)  {  if (o != null)  Console.WriteLine(o.ToString());  }  void M()  {  DoPrint("Hello");  DoPrint(null);  } } 

References

• Microsoft, NullReferenceException Class.

• Common Weakness Enumeration: CWE-476.

• © GitHub, Inc.
• Terms
• Privacy