The null character (also null terminator or null byte), abbreviated NUL, is a control character with the value zero. It is present in many character sets, including ISO/IEC 646 (or ASCII), the C0 control code, the Universal Coded Character Set (or Unicode), and EBCDIC. It is available in nearly all mainstream programming languages.
The original meaning of this character was like NOP--when sent to a printer or a terminal, it does nothing (some terminals, however, incorrectly display it as space). When electromechanical teleprinters were used as computer output devices, one or more null characters were sent at the end of each printed line to allow time for the mechanism to return to the first printing position on the next line. On punched tape, the character is represented with no holes at all, so a new unpunched tape is initially filled with null characters, and often text could be "inserted" at a reserved space of null characters by punching the new characters into the tape over the nulls.
Today the character has much more significance in C and its derivatives and in many data formats, where it serves as a reserved character used to signify the end of a string, often called a null-terminated string. This allows the string to be any length with only the overhead of one byte; the alternative of storing a count requires either a string length limit of 255 or an overhead of more than one byte (there are other advantages/disadvantages described under null-terminated string).
Video Null character
Representation
The null character is often represented as the escape sequence \0
in source code string literals or character constants. In many languages (such as C, which introduced this notation), this is not a separate escape sequence, but an octal escape sequence with a single octal digit 0; as a consequence, \0
must not be followed by any of the digits 0
through 7
; otherwise it is interpreted as the start of a longer octal escape sequence. Other escape sequences that are found in use in various languages are \000
, \x00
, \z
, or the Unicode representation \u0000
. A null character can be placed in a URL with the percent code %00
.
The ability to represent a null character does not always mean the resulting string will be correctly interpreted, as many programs will consider the null to be the end of the string. Thus the ability to type it (in case of unchecked user input) creates a vulnerability known as null byte injection and can lead to security exploits.
In caret notation the null character is ^@
. On some keyboards, one can enter a null character by holding down Ctrl and pressing @ (which usually requires also holding ? Shift and pressing another key such as 2 or P).
In documentation, the null character is sometimes represented as a single-em-width symbol containing the letters "NUL". In Unicode, there is a character with a corresponding glyph for visual representation of the null character, "symbol for null", U+2400 (NUL)--not to be confused with the actual null character, U+0000.
Maps Null character
Encoding
In all modern character sets the null character has a code point value of zero. In most encodings, this is translated to a single code unit with a zero value. For instance, in UTF-8 it is a single zero byte. However, in Modified UTF-8 the null character is encoded as two bytes: 0xC0, 0x80. This allows the byte with the value of zero, which is now not used for any character, to be used as a string terminator.
See also
- Control characters
References
External links
- Null Byte Injection WASC Threat Classification Null Byte Attack section
- Poison Null Byte Introduction Introduction to Nullify 9
- Byte Attack
Source of article : Wikipedia