The NULL Pointer (Data and Code) Analysis Patterns

The NULL pointer (data) pattern

Congratulations! We’ve completed our first exercise for identifying a pattern in our core dump analysis. However, you might wonder what exactly to look out for to recognize a NULL pointer problem arising from the data.

The NULL data pointer is a special version of the more general invalid pointer pattern like the NULL code pointer, which we’ll explore in the next exercise. Recall that the default inaccessible memory region for catching NULL pointers is by default from 0x0000 to 0xFFFF and can be configured via the /proc/sys/vm/mmap_min_addr file. The effective memory address in such cases is below 0xFFFF, and it is usually through a register with 0 value and a small offset. We have shown below what exactly we saw that helped us in diagnosing the problem: