2

Is the following code legal?

char* randomMethod1() {
    char* ret = "hello";
    return ret;
}

And this one?

char* randomMethod2() {
    char* ret = new char[10];

    for (int i = 0; i < 9; ++i) {
        ret[i] = (char)(65 + i);
    }

    ret[9] = '\0';

    return ret;
}

I'd say the first one is legal, as you are actually returning a pointer to a string literal that I think is loaded from the string table of the program. However, I'd say the second is not. I'd say in the second method you are allocating memory on the stack, which as soon as you leave the function, might be used by another method, turning to trash the pointer you are returning. Is it how that it really works?

Here is the disassembled code. How can I see it is being allocated on the heap?

char* randomMethod2() {
000536E0  push        ebp
000536E1  mov         ebp,esp
000536E3  sub         esp,0E4h
000536E9  push        ebx
000536EA  push        esi
000536EB  push        edi
000536EC  lea         edi,[ebp-0E4h]
000536F2  mov         ecx,39h
000536F7  mov         eax,0CCCCCCCCh
000536FC  rep stos    dword ptr es:[edi]
    char* ret = new char[10];
000536FE  push        0Ah
00053700  call        operator new (511E0h)
00053705  add         esp,4
00053708  mov         dword ptr [ebp-0E0h],eax
0005370E  mov         eax,dword ptr [ebp-0E0h]
00053714  mov         dword ptr [ret],eax

    for (int i = 0; i < 9; ++i) {
00053717  mov         dword ptr [i],0
0005371E  jmp         randomMethod2+49h (53729h)
00053720  mov         eax,dword ptr [i]
00053723  add         eax,1
00053726  mov         dword ptr [i],eax
00053729  cmp         dword ptr [i],9
0005372D  jge         randomMethod2+5Fh (5373Fh)
        ret[i] = (char)(65 + i);
0005372F  mov         eax,dword ptr [i]
00053732  add         eax,41h
00053735  mov         ecx,dword ptr [ret]
00053738  add         ecx,dword ptr [i]
0005373B  mov         byte ptr [ecx],al
    }
0005373D  jmp         randomMethod2+40h (53720h)

    ret[9] = '\0';
0005373F  mov         eax,dword ptr [ret]
00053742  mov         byte ptr [eax+9],0

    return ret;
00053746  mov         eax,dword ptr [ret]
}
00053749  pop         edi
0005374A  pop         esi
0005374B  pop         ebx
0005374C  add         esp,0E4h
00053752  cmp         ebp,esp
00053754  call        @ILT+320(__RTC_CheckEsp) (51145h)
00053759  mov         esp,ebp
0005375B  pop         ebp
0005375C  ret
Improve this question
2
  • 3
    In the first method, ret really should be const char * and the function should return a const char * too. Commented Sep 14, 2009 at 8:59
  • For some answers: Why is there a difference in syntax highlighting between C and C++ for "char someVariable[10];"? Is it the new weird syntax highlighter? Or is there a real difference? Commented Oct 24, 2022 at 14:09

5 Answers 5

Reset to default
17

Both are legal. In the second one, you are not allocating memory from the stack. You are using new, and it allocates memory from the heap. If you don't free the pointer returned from the second method using delete, you'll have a memory leak.

By the way, stack-allocated arrays are declared like this:

char x[10]; // Note that there isn't any `new`.

This line calls operator new which allocates memory from the heap and initializes the object.

00053700  call        operator new (511E0h)
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Every call to operator new allocates data on the heap?
devoured: Yes. It is possible to overload operator new to control allocation, but in normal circumstances, it will.
are you shure aboust first one? Pointers on arrays should be decared as const if returned from "stack". How can you be assured that "hello" is not copied on stack. I allways hate this kind of code.
"hello" is a pointer to a string in some data section of the executable. It's not copied to stack by any means. Only its address is copied to the stack.
8

In fact, both are legal. In the second case, you allocate memory on the heap, not on the stack. This line:

00053700  call        operator new (511E0h)

is a call to operator new which is responsible for memory allocation.

Allocation on the stack, like

char* randomMethod2() {
    char ret[10];

    // ....

    return ret;
}

would indeed lead to undefined behaviour.

However, don't forget that in the first case an attempt to modify memory through the returned pointer would also cause undefined behaviour. And in the second case the caller is responsible for freeing memory (calling delete[]).

Improve this answer

Comments

3

I think both are legal! Memory allocated by new is valid till we call delete explicitly or the program itself dies!

Improve this answer

Comments

3

With quite a modern compiler, the first should not compile (or at least give a warning). A fixed version would be:

const char* randomMethod1() {
    const char* ret = "hello";
    return ret;
}

As "hello" is a constant (in static init space), its address is fine to use (but as read-only). The second example is perfectly legal: you can pass around (and use!) a pointer allocated with new until delete is called on it. In this case, I think that you have to use delete [] (with bracket operators as you allocated an array).

Improve this answer

Comments

-1

Both are allocating variables on the heap, so when you return control from the function, both pointers will be alive.

In the second function,

00053700  call        operator new (511E0h)

is calling new to allocate the memory space.

The second would be illegal if you will free ret using delete[] ret before returning the control.

To allocate a variable on the heap you have to write like:

int ret[10];

Now you can't return pointer ret, because it will be destroyed at the end of the function.

Improve this answer

1 Comment

You seem a little confused. In the first example, there is no heap storage involved. The string will be placed wherever the compiler puts string literals, and the "ret" variable is on the stack. Something like "char ret[10]" puts ret on the stack, not the heap, and while I believe you technically can return the pointer value you'd better not use it for anything whatsoever.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.