Category

Null Pointer Dereference

Security vulnerabilities and automated fixes for null pointer dereference issues

4 posts found

critical8 min

How NULL pointer dereference happens in C gotcha_malloc() and how to fix it

A critical NULL pointer dereference vulnerability was discovered in `src/gotcha_utils.c` at line 84, where the `add_library()` function called `gotcha_malloc()` without checking whether the allocation succeeded before dereferencing the returned pointer. Because `gotcha_malloc` uses `mmap` internally, it can return `NULL` or `MAP_FAILED` under memory pressure, causing a segmentation fault that crashes the host application. The fix adds a single, targeted null check that returns early if allocatio

#c#null-pointer-dereference#memory-safety+4 more
O
orbisai0security
Jun 9, 2026
critical7 min

How unsafe realloc() and memcpy() causes buffer overflow in C email parsing and how to fix it

A critical vulnerability in `email/receive.cpp` allowed attackers to trigger a buffer overflow by sending crafted emails with large payloads. The `writefunc()` callback failed to validate that `realloc()` succeeded before writing to the reallocated pointer, risking NULL pointer dereference and potential code execution. The fix adds a simple bounds check that validates the realloc result before use.

#buffer-overflow#c-security#memory-safety+4 more
O
orbisai0security
Jun 3, 2026
high6 min

NULL Pointer Dereference in ESP8266 user_interface.c wifi_station_set_default_hostname()

A critical NULL pointer dereference vulnerability in the ESP8266 firmware's `user_interface.c` allowed attackers to crash devices by exhausting the limited 80KB heap memory. The `wifi_station_set_default_hostname()` function's `os_malloc` call lacked a proper NULL guard, causing `ets_sprintf` to write to address 0 when allocation failed. The fix corrected a logic inversion in the NULL check condition.

#security#null-pointer-dereference#esp8266+4 more
O
orbisai0security
Jun 3, 2026
medium8 min

Fixing NULL Pointer Dereference in eMMC Memory Allocation

A high-severity NULL pointer dereference vulnerability was discovered and fixed in embedded eMMC storage handling code, where unchecked `malloc` and `calloc` return values could allow an attacker with a crafted eMMC image to crash the host process. The fix adds proper NULL checks after every memory allocation, preventing exploitation through maliciously oversized partition size fields. This type of vulnerability is surprisingly common in systems-level C code and serves as a reminder that defensi

#c#memory-safety#null-pointer-dereference+4 more
O
orbisai0security
May 10, 2026