Pointer Issues

A category in the Common Weakness Enumeration published by The MITRE Corporation.


Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

Weaknesses in this category are related to improper handling of pointers.


Access of Uninitialized Pointer

The program accesses or uses a pointer that has not been initialized.

Assignment of a Fixed Address to a Pointer

The software sets a pointer to a specific address other than NULL or 0.

Attempt to Access Child of a Non-structure Pointer

Casting a non-structure type to a structure type and accessing a field can lead to memory access errors or data corruption.

Expired Pointer Dereference

The program dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid.

Incorrect Pointer Scaling

In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled.

NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Release of Invalid Pointer or Reference

The application attempts to return a memory resource to the system, but calls the wrong release function or calls the appropriate release function incorrectly.

Return of Pointer Value Outside of Expected Range

A function can return a pointer to memory that is outside of the buffer that the pointer is expected to reference.

Untrusted Pointer Dereference

The program obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.

Use of Out-of-range Pointer Offset

The program performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the result...

Use of Pointer Subtraction to Determine Size

The application subtracts one pointer from another in order to determine size, but this calculation can be incorrect if the pointers do not exist in the same memory ch...

Use of sizeof() on a Pointer Type

The code calls sizeof() on a malloced pointer type, which always returns the wordsize/8. This can produce an unexpected result if the programmer intended to determine ...


Software Development

This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development l...

Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.