An object reference value from a path where it is positively checked for null might be dereferenced either explicitly, or through a call to a function that can dereference it, without checking for null.

Vulnerability and risk

Dereferencing a null object reference is a critical runtime problem that will crash the application on some operating systems and throw a runtime exception on others.

Example 1

1                  public class A {
2                      public void foo() {
3                          A a = new A();
4                          if (a == null)
5                              if (flag)
6                                  a.foo();
7                      }
8                      private bool flag;
9                  }

Klocwork produces an issue report (CS.NRE.CHECK.MIGHT) at line 6 for variable 'a'. Variable 'a' is compared with 0 value at line 4, and therefore may still be expected to be null when it is dereferenced at line 6 after flag check at line 5.