I am getting a strange result in the following C code.
int main()
{
int *p = (int *) malloc(100);
p[120] = 5;
printf("\n %d", p[120]);
}
Since I have allocated only 100 bytes, this code should give cause a segmentation fault. However, it prints '5' and does not give any runtime error. Can anyone please explain the reason?
The malloc subsystem manages a logical memory object called a heap. The heap is a region of memory that resides in the application's address space between the last byte of data allocated by the compiler and the end of the data region.
“Heap” memory, also known as “dynamic” memory, is an alternative to local stack memory. Local memory is quite automatic. Local variables are allocated automatically when a function is called, and they are deallocated automatically when the function exits. Heap memory is different in every way.
The major difference between Stack memory and heap memory is that the stack is used to store the order of method execution and local variables while the heap memory stores the objects and it uses dynamic memory allocation and deallocation.
clearly, malloc made only two calls to brk to increase the allocated space on the heap. And the second call is using a higher memory address argument ( 0x201a000 > 0x1ff9000 ). The second syscall was triggered when the space on the heap was too small to host all the malloc calls.
No, the code should not (necessarily) give a segfault. A segfault occurs when you attempt to access a virtual memory page that is not allocated to your process.
The "heap" or "free store" is a region of virtual memory pages owned by your process. The malloc()
API sub-divides this region into blocks and returns a pointer to the block.
If you address beyond the end of the block to which you have a pointer, you will usually access memory that is part of the heap, but not part of your allocated block. In this way, you can corrupt other heap blocks or even the data structures which malloc()
uses to define the heap.
For more information on heap corruption, and methods to detect it in the debug version of your code, this is a great book:
Writing Solid Code: Microsoft's Techniques for Developing Bug-Free C Programs by Steve Maguire
An addendum for the pedantic: In rare cases, by accessing memory beyond the end of a heap block, you may access memory that is not part of the heap. In these cases, you may get the segmentation fault you expected. You might also corrupt some other data structure than the heap. It's really a matter of chance. However, the heap itself is very large compared to typical heap blocks, so 99% of the time code such as your example will corrupt the heap. The example you provide falls into that 99% case.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With