0 
#include<stdio.h>
#include<malloc.h>
#include<string.h>

void foo( char ** ptr)
{
   *ptr = malloc(0); // allocate some memory**
   strcpy( *ptr, "Hello World");
}

int main()
{
   char *ptr = 0;
   // call function with a pointer to pointer
   foo( &ptr );
   printf("%s\n", ptr);
   // free up the memory
   free(ptr);

   return 0;
}

and it is also running

#include<stdio.h>
#include<malloc.h>
#include<string.h>

void foo( char ** ptr)
{
   *ptr = malloc(11); // allocate some memory
   strcpy( *ptr, "Hello World");
}

int main()
{
   char *ptr = 0;
   // call function with a pointer to pointer
   foo( &ptr );
   printf("%s\n", ptr);
   // free up the memory
   free(ptr);

   return 0;
}

change malloc by any number...it is always running.how it is possible???? Hello World has 12 character so hows that possible to run in 0,12,8,any number.

Improve this question
4
  • 2
    Undefined behavior by definition will do things in an "unexpected" way. Commented Mar 3, 2011 at 5:52
  • Strcpy doesn't check the buffer length. You are writing into memory that is not yours. This is how the language works. Its not safe. You have to be careful. Commented Mar 3, 2011 at 5:53
  • If the memory wasn't the programs' "own", wouldn't it crash right away? It's probably corrupting something else used by the program (call stacks and such), I've had to debug software in the past that behaved very erratically (random crashes etc), turns out it was a part of code writing over a buffer and corrupting other parts of the memory used by the program Commented Mar 3, 2011 at 6:04
  • @esaj The memory allocator doesn't ask the kernel for individual bytes of memory. It requests kilobytes at a time, all of which technically belongs to your program. It's very possible to have a buffer overrun for an array without running into the end of the heap that has been allocated for your program. Commented Feb 5, 2024 at 2:09

4 Answers 4

Reset to default
4

You are encountering the fact that C does not do any bounds checking. So your copy to the malloc'd memory is over-running the allocation and "scribbling" on whatever memory follows. The results are undefined. It may work, it may crash, it may make you a cup of coffee. You don't know.

Incidentally, this is the kind of mistake which leads to buffer-overrun attacks.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

The code has bugs in it, clearly.

There are two possibilities:

  1. You're getting "lucky" that strcpy() isn't hitting anything of consequence, so the program runs.

  2. malloc() often allocates a few more bytes than requested to better keep memory aligned. It's entirely possible that it allocates in chunks of 16 physical bytes, for example.

Improve this answer

Comments

0

C doesn't care how much you actually allocate (except for 0; things can get ugly if you do so); as long as you don't overstep various arbitrary artificial bounds your program will (appear to) work. You just didn't hit one of them.

Improve this answer

Comments

0

It is a common misconception that mistakes like this must cause the program to crash. In fact, the C standard explicitly says that, for undefined behavior like this, there are "this International Standard imposes no requirements."

So the program might crash right away, it might corrupt random data, or it might seem to work. It's just unsafe, like Ed said.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.