How can null reference result in SEH exception with code 0xc0000005?

Question

I'm writing some test code using the Google C++ Test Framework and forgot to initialize a certain object myObj. This results in the following error.

unknown file: error: SEH exception with code 0xc0000005 thrown in the test body

Stepping through the corresponding code it appears that a method call of the form

myObj->method()

is executed, while myObj is not initialized, i.e. its value is 0x00000000. Then somewhere deep in a third party library this error is thrown.

How can this even happen? Why doesn't it throw a null reference exception as soon as the method is called?

Answer 1

As it was rightfully pointed out in comments, calling a method from the uninitialized class pointer is an undefined behavior, so anything could happen, depending on the compiler implementation. However, it is easy to predict why in your case execution was semi-successful. The only difference between class (__thiscall) members and ordinal functions, is that they receive additional hidden argument, containing a pointer to the class instance (this). Microsoft C++ compiler passes this argument through ecx/rcx register, other compilers may use a different approach. However if your class method is not trying to dereference invalid this pointer, no exception will be thrown, and, depending on the method logic, your program could even continue execution without error. Things would be much different, if you try to call a virtual method. In this case, your program would try to calculate correct method address, using class vtable, dereference an invalid pointer and fail with access violation even if method itself is not using this pointer.