In my C application I attempt to take in a single char from a user (no need to sanitize it) for commands. Functions such as getchar(), fgetc(stdin), and scanf(...) all give me the following error when used with coverity: Event dereference: Dereferencing "_stdin()", which is known to be "NULL". I use aggressiveness-level set to medium for the coverity-analyze command.
For example, I have tried checking cAck against NULL, stdin against NULL, ferror(stdin), against EOF, and feof(stdin) before using the cAck variable (Edit: I had tried without any of these checks and coverity still complained). How would I make something like the following run without coverity complaints?
char cAck;
if( (cAck = fgetc(stdin)) != NULL)
{
// do something with cAck
}
Since (evidently, for your compiler) fgetc is a macro that dereferences stdin
As Scott noted, this was basically the issue I was running into. I only tried checking stdin==NULL and returning after in hopes that it would see that stdin is not NULL for the rest of the code, but coverity complained with and without that check. As an aside, I believe coverity would additionally flag that as a FORWARD_NULL error if I checked that stdin was NULL and continued to use it.
Checking against EOF did not solve it. Fortunately, using the scanf("%c", &cAck) function removed the coverity stdin dereference error which is the main issue. I check the return value and the bounds of the char input as well, the latter being for the coverity tainted variable issue.