Warning C26823

Dereferencing a possibly null pointer 'variable' (lifetime.1)

Remarks

Dereferencing a null pointer is frequent problem in C and C++. We have several checks to deal with such problems. See this blog post for a comparison. When the analysis engine deduces that the value of a pointer might be null and sees that pointer get dereferenced, it will emit a C26823 warning. You can enable C26822 only for a more permissive analysis. This check also supports SAL annotations and gsl::not_null to describe invariants of the code.

Example

void invalidate(int **pp);
void condition_null_dereference_invalidated(int* p)
{
    if (p)
        return;

    invalidate(&p);
    // The call above could reset the value of `p`, thus the low confidence warning.
    *p = 5; // warning: C26823
}

To solve this warning, make sure there's no null pointer dereference in the code, potentially by adding null checks. In case the code was found to be correct, false positive findings can often be fixed by using gsl::not_null or SAL annotations. There are some examples how to use some of those annotations below:

_Notnull_ int *get_my_ptr(); 
gsl::not_null<int *> get_my_ptr2(); 

void local_analysis(int *p) { 
    _Analysis_assume_(p != nullptr); 
    *p = 42; 
} 

void local_analysis2(_In_ int *p) { 
    int a = *p; 
}