mutated × unstructured — blows up live on input you didn't expect
Null / Undefined Dereference
A function that sometimes returns nothing, used as if it always returns a value.
01the recipe
In the wild
compound ofImproper InitializationCWE-457 Uninit VariableMissing & Undefined ReturnsCWE-252 Unchecked ReturncompoundCWE-476 NULL DerefCWE-690 Unchecked Return to NULL Deref
example.js
// SMELL: a function that sometimes returns nothing, dereferenced anyway.
// (improper-initialization x missing/undefined returns)
function findUser(id) {
for (const u of users) if (u.id === id) return u;
// no match -> falls off the end -> returns undefined
}
const name = findUser(42).name; // TypeError, but only for unknown ids
// RIGHT: make 'not found' explicit and handle it.
const user = findUser(42);
const name = user ? user.name : "(unknown)";The missing return path yields undefined; the caller assumes an object. The crash waits for an id that isn't there -- often a production-only input.
// observed
bad input: Cannot read properties of undefined (reading 'name') guarded: '(unknown)'
02weakness catalog
Mapped weaknesses (CWE)
On its own, this defect is catalogued by MITRE as one or more of these weaknesses. The exploitable vulnerability usually appears only when it chains or combines with another.