Bug Spotlight : Null Dereference, A Tricky Little Bug that’s Easy to Miss

This crafty little bug is a NULL DEREFERENCE, (CWE-476) and to show you what we’re looking for, here’s one Musebot caught in the wild. These bugs are simple in concept but hard to find in practice as they often require reasoning about code across different functions, files, or even packages.

Null dereferences are both a reliability problem because they can cause an application to crash, and a security risk because an attacker could exploit it to cause outages, bypass security logic or otherwise exploit the crash. And that’s why returning null values is so dangerous. But don’t worry, Musebot can find null dereferences in your code and report them in code review.

Have a nasty bug you want us to look into? Send a tip to hello@muse.dev and our bug catchers will write up a report.