A dangling pointer is a programming flaw that occurs in object-oriented coding when a pointer object points to another object that no longer exists. In this instance, a pointer is not a mouse pointer but a pointer object that is intended to send the user to another object. This flaw creates subtle bugs that can become worse with time and also presents a security problem that skilled hackers can attack. A dangling pointer happens when a programmer erases the object being pointed to but does not erase the pointer itself.
In object-oriented coding, in which coding is separated into objects, there is an instance called a pointer. The pointer instance is placed somewhere in the program, typically in a menu, and leads the user to another object. For example, if the user highlights a section of a menu, another menu — a drop-down — appears. This allows the programmer to set up several objects in one section without crowding the section.
The dangling pointer error manifests when a programmer erases the object being pointed to. If the programmer also erases the pointer instance, there will be no problem. If the programmer forgets and keeps the pointer in the coding, this creates a dangling pointer and presents both quality and safety issues.
In terms of quality, a dangling pointer looks sloppy and creates subtle bugs. This is because the program does not know how to act, because it is being told to do something but cannot because the object is gone. This act creates random code or deteriorates code in small, subtle ways that are difficult to detect. These bugs can be as small as to make the program move a little slower but may eventually make the program — and even the computer — non-functioning.
Most programs with dangling pointers will work initially and may continue working for months or even years before the errors become obvious. Even programs that make computations, meaning the dangling pointer is in the formula, may still be able to make simple computations. This is one of the reasons why finding dangling pointers can be so difficult.
Until 2007, the dangling pointer only created safety issues in theory. The Watchfire® software company then made a program that showed how dangling pointers can be exploited, making the security risk a reality. Hackers are able to infiltrate a program via this bug and can inject their own code into the flawed program.