1

Here is the code that i want to understand:

#include <stdio.h> #include <stdlib.h> #define MAX 100 int main() { int *ptr = (int *)malloc(5 * sizeof(int)),i; for(i=0;i<MAX;i++) { ptr[i] = i; } for(i=0;i<MAX;i++) { printf("%d\n",ptr[i]); } return 0; }

My question: I allocated 5 * int size of memory but why it takes more than 5 ineteger? Thnx

Improve this question

5 Answers 5

Reset to default
4

You reserved space for 5 integers. For the other 95 integers, you're writing into space that is reserved for other purposes. Your program may or may not crash, but you should expect that it will fail one way or another.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

You're using space that's reserved for other purposes. That memory may or may not be written into by anything that you call during the life of your program. If nothing else uses that memory, then you'll get back what you put into it. But you shouldn't think that this program is "working". For example: suppose printf made some calls to malloc as it executes. If that were to happen, you might get different results. On the other hand, it's possible that printf does call malloc as it executes, and it just happens not to use the memory that you're overwriting. You just don't know.
2

It doesn't "take" more than 5 integers; you are just invoking undefined behavior. You can't expect the code to "succeed" even if you are seeing it work on your implementation.

Improve this answer

Comments

2

It's not 'taking' more than 5 integers : you allocated 5 * sizeof(int) and invoke undefined behavior by accessing memory beyond this size.

There's no question as whether you should set MAX to 10, 1024 or 100000 : the code is fundamentally wrong, and the fact that it didn't fail when you ran it doesn't make it less wrong. Tools like valgrind may help you detect such mistakes.

Improve this answer

Comments

1
  • You are allocating 5 integers, anything you write or read more than this is incorrect
  • OS protection boundaries are 1 page, which generally means 4k.

  • Even if you have allocated only 5 integers, you still have the rest of the page unprotected. That is how buffer overflows and many program misbehaviors happen

  • I am betting if your MAX is set to 1025, you will have seg fault (assuming this is your program)

Improve this answer

3 Comments

OS protection boundaries have nothing to do with it. There's no requirement that malloc will return a block that's aligned to a page. It may well return a block that shares a page with other blocks, and/or crosses page boundaries.
Dan, I am not stating it as a requirement. But if that was at the beginning of a page boundary, that would be the most leeway someone would get. In fact, in the above app, I can reasonably argue this is the only thing in the heap, and hence starts at the page boundary.
It's unlikely that OS pages have a direct bearing on which blocks of memory are parceled out by malloc. It's more likely to be correct if you simply say that malloc returned a block from an otherwise-unused chunk of memory.
1

C doesn't perform bounds checking on arrays. If you have a 5-element array, C will happily let you assign to arr[5], arr[100], or even arr[-1].

If you're lucky, this will merely overwrite unused memory and your program will work anyway.

If you're unlucky, you'll overwrite other variables in your program, the metadata for malloc, or the OS, and Bad Things will happen. Get used to seeing the phrase "segmentation fault".

Improve this answer

1 Comment

+1 for guessing the OP's unstated assumption that somehow the compiler or executed code should visibly complain about running past the end of an array (or memory block).

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.