Absolutely, yes. The larger the allocated size, the more important. Linux kernel, by default, only protects a small area against NULL accesses; depending on distro, 4KB or 64 (?) KB. And the JVM, at various places, allocates in low-area ranges. So accessing NULL+<large offset> can actually land you at a valid unrelated address instead of faulting.
/Thomas On Fri, Jul 11, 2025 at 2:57 PM Baesken, Matthias <matthias.baes...@sap.com> wrote: > Hi, when playing around with the GCC static analyzer ( > https://developers.redhat.com/articles/2022/04/12/state-static-analysis-gcc-12-compiler > ) I noticed > > a lot of complaints about missing NULL checks of malloc/calloc return > values in the code base. > > > > While we check these return values for NULL at a lot of places in the > codebase, it is not done always. > > Should we do it always (except 3rd party code probably where we do not > want to have large diffs to upstream) ? > > > > Or is it considered not important enough to do it always? > > > > Best regards, Matthias >
