C/C++ Pointer Question

Question

tl;dr - Could you please expand on the 4 comments in the first code snippet below? Specifically what is meant be deref

I'm a long time Java developer looking to learn C++. I came across this website aimed at developers in my situation.

   int x, *p, *q;
   p = new int;
   cin >> x;
   if (x > 0) q = &x;
   *q = 3;                 // 1. deref of possibly uninitialized ptr q
   q = p;
   p = new int;            // 2. potential storage leak (if x != 0 this
                           //     memory will not be returned to free storage)
   *p = 5;
   delete q;
   *q = 1;                 // 3. deref of deleted ptr q
   q = p;
   if (x == 0) delete q;
   (*p)++;                 // 4. deref of possibly dangling ptr p (if x is zero)

Although I thought I understood how pointers work, I am finding the comments difficult to understand.

My take;

1. We are either assigning x (& *q of course) to be 3 OR if q != &x then q has a just value as it was uninitialized and we have just assigned a random piece of memory to the value 3. I'm not sure how you can dereference something that isn't initialized?
2. This is fine
3. What's wrong with dereferencing a deleted pointer? After 'delete q' is *q meaningless?
4. What's wrong with dangling pointers? Is the memory viable for reallocation now that we have deleted it even though we still have a pointer to it?

I think my basic misunderstanding is about just declaring an int pointer, does this allocate memory too? Is it on the stack or the heap?

Also does dereference just mean 'read the value at the address of the pointer'? I think my confusion is that I interpret it as loosing a reference to some data as in;

int *x;
x = new int;
*x = 5;
x = new int; // Dereferencing the first bit of memory allocated.

Thanks for you patience I hope that this makes some sense as a question,

Gav

Answer 1

Simply put: A pointer is an address of a variable whose values you may be interested in.

Dereferencing is the act of accessing that value -- by prepending the * (dereferencing operator) to the pointer variable. The access may be for reading, writing or both.

1. If you do not initialize a pointer to a valid address (or the special value NULL) -- you do not know what that variable contains. Dereferencing will try to take whatever is there and treat it as an address. This is undefined behavior -- all bets are off, anything might happen, though if you are lucky you'll end up with a trap/hardware exception.

2. Exactly. Because, p was holding the address of some memory you allocated. Not freeing up system resources causes a leak. Dereferencing a deleted pointer is the same as dereferencing an uninitialized pointer -- you don't know what value it may contain.

3. Again, UB.

4. True. You have UB for x == 0. Dangling pointers are dangerous because they creep up at the most inopportune time, format your hard disk and are never seen again. It becomes impossible to reasonably justify how your program will behave.

Answer 2

Added more comments in-line below:

   int x, *p, *q;
   p = new int;
   cin >> x;
   if (x > 0) q = &x;
   *q = 3;                 // <--- 1. deref of possibly uninitialized ptr q
                           // 
                           // q has never been set or is set to point at a non
                           // allocated memory location (if x > 0)
                           //
                           // If x is zero q is uninitialized (has random value).
                           // Therefore de-referencing it to set what it points at 
                           // to 3 has undefined behavior.

   q = p;
   p = new int;            // <--- 2. potential storage leak (if x != 0 this
                           //     memory will not be returned to free storage)
                           // 
                           // This comment is not true. The value pointed at by p
                           // was transferred to q before p was re-assigned. Thus 
                           // there is no potential memory leak. Both p and q are 
                           // now valid pointers.
   *p = 5;
   delete q;
   *q = 1;                 // <--- 3. deref of deleted ptr q
                           // 
                           // In the line above you returned the memory pointed at 
                           // by q back to memory management routines (via delete). 
                           // Technically q still points at the memory but you no 
                           // longer own that memory and thus writing to it has
                           // undefined behavior (because the memory management 
                           // system could have unloaded that chunk from virtual 
                           // memory or re-used it some other way).
   q = p;
   if (x == 0) delete q;
   (*p)++;                 // <--- 4. deref of possibly dangling ptr p (if x is zero)
                           // 
                           // q is reassinged to have the same pointer value as p.
                           // Then If x is zero we delete the pointer q (thus 
                           // returning it to the memory management pool). Since p 
                           // and q are the same pointer they both become invalid at
                           // point. Thus de-referencing p is undefined behavior if
                           // x is zero (because the memory was returned (via delete)

1 We are either assigning x (& *q of course) to be 3 OR if q != &x then q has a just value as it was uninitialized and we have just assigned a random piece of memory to the value 3. I'm not sure how you can dereference something that isn't initialized?

See below:

3 What's wrong with dereferencing a deleted pointer? After 'delete q' is *q meaningless?

The memory belongs to somebody else (memory management (or in a threaded application it may already have been reallocated to another thread). Writing to memory that does not belong to you has undefined behavior.

4 What's wrong with dangling pointers? Is the memory viable for reallocation now that we have deleted it even though we still have a pointer to it?

Same comment as 3. (just because you retain an invalid pointer does not mean anything)

Also does dereference just mean 'read the value at the address of the pointer'? I think my confusion is that I interpret it as loosing a reference to some data as in;

Yes: That is all it means.
But if you do not own that memory nasty things can happen.

• If a pointer points at a location in memory that is not mapped to physical memory then you will get some form of segmentation fault.
• If the memory belongs to the memory management routines and you start writing random values (like 3 above) into it then you can corrupt the memory management structures thus causing the program to crash when any memory management happens.
• If the memory belongs to the stack and you start writing random values (like 3 above) then you can potentially overwrite another random variable or the return address used when a function exits.

Answer 3

At:

1. You assign a value to q pointer by dereferencing it from address to concrete memory see Pointer dereference doc.. However due to an if condition setting it to address of x it can point to a random memory cell (is uninitialized) if x <= 0.
2. In line above you set q to point to the same memory address as p. Then for p you allocate new memory. And then you allocate new memory that p points to.
3. Line above you removed allocation for memory pointed by q. This memory address is now available for system to use. And after that you assign a value to memory that does not "belong" to you.
4. If x == 0 then you return back to the system memory pointed by both q and p. And again trying to use memory that does not "belong" to you. Also there's no delete p if x != 0 - thus memory is not returned to system.