
Null Pointer Assignment

1. What is a Null Pointer Assignment error?
-------------------------------------------
The Null Pointer Assignment error is generated in programs that 
corrupt the bottom of the data segment in such a fashion as to 
indicate a high probability that an improperly-initialized pointer has 
been used.  The error can only be generated in the small and medium 
memory models.

2. What causes a Null Pointer Assignment error?
-----------------------------------------------
Borland places four zero bytes at the bottom of the data segment, 
followed by the Borland copyright notice.  In the small and medium 
memory models, a null pointer points to DS:0000.  Thus assigning a 
value to the memory referenced by this pointer will overwrite the 
first zero byte in the data segment.  At program termination, the four 
zeroes and the copyright banner are checked.  If either has been 
modified, then the Null Pointer Assignment error is generated.  Note 
that the pointer may not truely be null, but may be a wild pointer 
that references these key areas in the data segment.

3. How can I debug a Null Pointer Assignment error?
---------------------------------------------------
In either the Integrated Development Environment (except BCX) or in 
Turbo Debugger, set two watches on these key memory locations.  These 
watches, and what they should display in the watch window, are:

    *(char*)0,4m    "Borland C++ - Copyright 1991 Borland Intl.
    (char *)0       00 00 00 00

Of course, the copyright banner will vary depending on your version of 
the Borland C/C++ compiler.

Caution:  the first of these watches - *(char *)0,4m - cannot be used 
in BCX or a general protection fault will be generated; however, the 
second watch - (char *)0 - will perform properly.

Step through your program and monitor theses values in the watch 
window.  At the point where one of them changes, you have just 
executed a statement that uses a pointer that has not been properly 
initialized.

The most common cause of this error is probably declaring a pointer 
and then using it before allocating memory for it.  For example, 
compile this program in the small memory model and execute it:

#include <dos.h>
#include <stdio.h>
#include <string.h>

int main(void)
{
    char *ptr, *banner;
    banner = (char *) MK_FP(_DS, 4);
    printf("banner: %s\n", banner);
    strcpy(ptr, "Where will this text be copied?!?");
    printf("&ptr = %Fp\n", (void far*) &ptr[0]);
    printf("banner: %s\n", banner); return 0;
}

One of the best debugging techniques is to turn on all warning compiler
messages.  If the above program is compiled with warnings turned off, 
no warning messages will be generated.  However, if all warnings are 
turned on, both the strcpy() and printf() calls using the buffer 
variable will generate warnings.  Be particularyly suspicious of any 
warnings that a variable might be used before being initialized, or of 
a suspicious pointer assignment.  With the command-line compiler, just 
include the -w switch. In the IDE, select the appropriate menu option 
for compiler messages and work through all the menu windows, ensuring 
all items are checked.  In Turbo C++ and Borland C++, some of the 
option windows have sub-menus indicated by a 'more' selection box in 
the lower left corner of the menu box.

4. Why is a Null Pointer Assignment error not generated in all models?
----------------------------------------------------------------------
In the compact, large and huge memory models, far pointers are used 
for data.  Therefore, a null pointer will reference 0000:0000, or the 
base of system memory, and using it will not cause a corruption of the 
key values at the base of the data segment.  Modifying the base of
system memory usually causes a system crash, however.  Although it
would be possible that a wild pointer would overwrite the key values,
it would not indicate a null pointer.

In the tiny memory model, DS = CS = SS.  Therefore, using a null 
pointer will overwrite the beginning of the code segment.

5.  Can anything else generate a Null Pointer Assignment error?
---------------------------------------------------------------
Using a wild pointer that happens to reference the base area of the 
data segment - thus causing a corruption of the zeroes or the 
copyright banner - will generate this error.  Since data corruption or 
stack corruption could cause an otherwise-valid pointer to be
corrupted and point to the base of the data segment, any memory 
corruption could result in this error being generated.  If the pointer 
used in the program statement which corrupts the key values appears to 
have been properly initialized, place a watch on that pointer.  Step 
through your program again and watch for its value (address) to 
change.
