R8 is 0x9c in that example, which is somewhat typical for null+offset, but in the twitter thread it's 0xffff9c8e0000008a.
So the actual bug is further back. It's not a null pointer dereference, but it somehow results in the mov r8, [rax+r11*8] instruction reading random data (could be anything) into r8, which then gets used as a pointer.
As an example to illustrate the sibling comments’ explanations:
int *array = NULL
int position = 0x9C
int a = *(array[pos]) //equivalent to *(array + 0x9C) - dereferencing NULL+0x9C, which is just 0x9C
This will segfault (or equivalent) due to reading invalid memory at address 0x9C. Most people would call array[pos] a null pointer dereference casually, even though it’s actually a 0x9C pointer dereference, because there’s very little effective difference between them.
Now, whether this case was actually something like this (dereferencing some element of a null array pointer) or something like type confusion (value 0x9C was supposed to be loaded into an int, or char, or some other non-pointer type) isn’t clear to me. But I haven’t dug into it really, someone smarter than me could probably figure out which it is.
What we are witnessing quite starkly in this thread is that the majority of HN commenters are the kinds of people exposed to anti-woke/DEI culture warriors on Twitter.
0x9c (156 dec) is still a very small number, all things considered. To me that sounds like attempting to access an offset from null - for instance, using a null pointer to a struct type, and trying to access one of its member fields.
It is pretty common for null pointers to structures to have members dereferenced at small offsets, and people usually consider those null dereferences despite not literally being 0. (However, the assembly generated in this case does not match that access pattern, and in fact there was an explicit null check before the dereference.)
Such an invalid access of a very small address probably does result from a nullptr error:
struct BigObject {
char stuff[0x9c]; // random fields
int field;
}
BigObject* object = nullptr;
printf("%d", object->field);
That will result in "Attempt to read from address 0x9c". Just because it's not trying to read from literal address 0x0 doesn't mean it's not nullptr error.
In every real world implementation anyone cares about, it's zero. Also I believe it is defined to compare equal to zero in the standard, but don't quote me on that.
> Also I believe it is defined to compare equal to zero in the standard, but don't quote me on that.
That's true for the literal constant 0. For 0 in a variable it is not necessarily true. Basically when a literal 0 is assigned to a pointer or compared to a pointer the compiler takes that 0 to mean whatever bit pattern represents the null pointer on the target system.
What? If you have a null pointer to a class, and try to reference the member that starts 156 bytes from the start of the class, you’ll deference 0x9c (0 + 156)