Explicit Versus Implicit Pointers

• The variable on the right is implicitly referenced to the equation on the left.Comstock/Comstock/Getty Images
  
  Explicit pointer conversions change one pointer type to another pointer type. Changing an integer or byte to a pointer is also an explicit conversion. C++ allows for the implicit conversion from a pointer type to type void*. Null literals can have an implicit conversion to any pointer type. Variables on the right side of an assignment statement are implicitly dereferenced as they take on the value of the values on the left side of the assignment statement. All dereferencing is implicit in Java.
  
  

Dereferencing Operators

• In C++, pointers to class members must be dereferenced in the context of a class object. A .* operator dereferences a pointer to a member with a class object. An arrow followed by an asterisk dereferences a pointer to a member with a pointer to a class object. Using the “*” indirection operator in the C programming language is called dereferencing a pointer. A pointer is defined using the expression ptr = variable or value. A dereferenced pointer is defined using the expression *ptr = variable or value.
  
  

Errors

• Dereferencing a pointer can result in invalid values if the address is referenced after the end of its lifetime. When a pointer is dereferenced, the program calls the value referenced by the pointer. Null pointers have a default 0x0 value if static and uninitialized. According to “A Guide to Kernel Exploitation” by Enrico Perla, “If a kernel path attempts to dereference a NULL pointer, it will simply try to use the memory address 0x0, which likely will result in a panic condition, since nothing is mapped there.” The pointer must be defined using the *ptr command before the dereferenced pointer can be used elsewhere in a C program.
  
  If the *ptr is not assigned a value before being referenced, the program can crash. Pointers to data members can result in a bad dereference. If the pointer is not looking up values from an array of class objects and cannot determine the value of the variable, an error will occur. “C++ Gotchas” by Stephen C. Dewhurst states that “a pointer to member refers to a specific member of an unspecified object.” The referenced object must be supplied as well for the pointer to work correctly.
  
  

Vulnerabilities

• Implicit dereferencing of an uninitialized pointer creates a vulnerability within software code. Memory corruption corrupts a pointer that becomes dereferenced. Dereferencing an uninitialized pointer causes the software to reference a memory location that is not validated. Without checks on the source or destination of the dereferenced pointer, hackers can use this vulnerability to pass a kernel address to the software kernel and modify its memory with their own desired values in place of the user’s data.