V3146. Possible null dereference. A method can return default null value.


The analyzer has detected a case of unsafe use of the value returned by one of the methods of the System.Enumerable library that can return a 'default' value. 'FirstOrDefault', 'LastOrDefault', 'SingleOrDefault', and 'ElementAtOrDefault' are examples of such methods. They return a default value if the array they are called on does not contain any object satisfying the search predicate parameter. An empty (null) reference is the default value for reference types.

Therefore, a reference returned by such a method should be checked for null before it can be used.

Example of unsafe dereferencing:

public void TestMemberAccess(List<string> t)
{
    t.FirstOrDefault(x => x == "Test message").ToString(); 
}

This code requires a null check for the element returned by the method:

public void TestMemberAccess(List<string> t)
{
    t.FirstOrDefault(x => x == "Test message")?.ToString(); 
}

Methods returning default values are especially dangerous when used in call chains. This is an example from one open-source project:

public IViewCompiler GetCompiler()
{
  ....
  _compiler = _services
    .GetServices<IViewCompilerProvider>()
    .FirstOrDefault()
    .GetCompiler();
  }
  ....
  return _compiler;
}

If you are sure that the array contains the required element, we recommend using a method that does not return a default value:

public IViewCompiler GetCompiler()
{
  ....
  _compiler = _services
    .GetServices<IViewCompilerProvider>()
    .First()
    .GetCompiler();
  }
  ....
  return _compiler;
}

With this fix, if an error occurs, the program will throw an 'InvalidOperationException' with a more intelligible message "Sequence contains no elements" rather than a 'NullReferenceException'.


Bugs Found

Checked Projects
364
Collected Errors
13 504