C++ Allocate and free memory in function

Question

Consider the following code (building with g++):

#include <stdlib.h>
#include <stdio.h>

typedef struct {
    int a;
    int b;
    char c;
} memstr_t;

memstr_t *ptt_backup;

void mmm(memstr_t*& ptt)
{
    ptt = (memstr_t *)calloc(15, sizeof(memstr_t));
    ptt[0].a = 1;
    ptt[0].b = 2;
    ptt[0].c = 'c';
    ptt_backup = ptt;
}

void fff()
{
    free(ptt_backup);
}

int main(int argc, char *argv[])
{
    memstr_t *ptt;

    mmm(ptt);
    printf("%d %d %c\n", ptt[0].a, ptt[0].b, ptt[0].c);
    getchar();
    //fff();
    free(ptt); // same as fff()?
    printf("%d %d %c\n", ptt[0].a, ptt[0].b, ptt[0].c); //why works?
    getchar();
    return 0;
}

I don't understand:

1) Why I'm not getting segfault on the second print since I free the memory? I'm still getting the values which I assigned in mmm()

2) Are free() and fff() doing the same thing?

It is undefined behaviour. A segfault is not required (but might happen). — juanchopanza, Jun 14 '13 at 13:00
You should decide whether you do C or C++. Your code looks like C, yet you compile it with g++. — undur_gongor, Jun 14 '13 at 13:26

score 2 · Answer 1 · answered Jun 14 '13 at 13:01

2

1) Dereferencing free'd memory can do anything. It may be there, it may not, it is undefined behaviour and could do anything, including faxing your cat.

2) Yes, free() and fff() are doing the same thing as they both point to the same memory location.

answered Jun 14 '13 at 13:01

Salgar

7,687
1
25
39

score 1 · Answer 2 · answered Jun 14 '13 at 13:02

Second print uses pointer that is no longer valid, that makes behavior undefined. Whatever can happen, including what makes you believe it "works", and any other time it could be something completely else. DON'T DO THAT!

2: in this code fragment they have the same effect.

score 0 · Answer 3 · edited May 23 '17 at 12:21

calloc allocates memory and returns a pointer to the allocated memory.

In mmm you assign ptt to ptt_backup. Now both of them point to the same place. (Just because I have a name and a nickname , that doesn't make two copies of me. I am a single person accessible via two different names)

In fff you are freeing ptt_backup (read that as freeing the memory pointed by ptt_backup) which is also the one pointed by ptt.It means the memory is not available for you to use now. It can still retain values but its undefined to rely on it. See this nice answer, Can a local variable's memory be accessed outside its scope?

printf("%d %d %c\n", ptt[0].a, ptt[0].b, ptt[0].c); may not always work.

Then when you do free(ptt) (read that as freeing the memory pointed by ptt) which is already deleted by fff, it is undefined behaviour as stated,

The free() function shall cause the space pointed to by ptr to be deallocated; that is, made available for further allocation. If ptr is a null pointer, no action shall occur. Otherwise, if the argument does not match a pointer earlier returned by the calloc(), malloc(), [ADV] posix_memalign(), realloc(), or [XSI] strdup() function, or if the space has been deallocated by a call to free() or realloc(), the behavior is undefined.

user2448027 · Answer 4 · 2013-06-14T13:29:27.137

0

Using a memory pointer that points to freed memory leads to undefined behavior. This means that a segfault doesn't necessarily happen, but is possible. Therefore, you never should dereference freed memory.
They (fff and free) are the same thing in this context, because they point to the same address.

edited Jun 14 '13 at 13:29

answered Jun 14 '13 at 13:21

user2448027

1,628
10
11

score -1 · Answer 5 · answered Jun 14 '13 at 12:59

-1

You never allocate memory for ptt_backup! You're in undefined behaviour land; anything could happen in fff()

answered Jun 14 '13 at 12:59

Bathsheba

231,907
34
361
483

Umm, yes he is `ptt_backup = ptt;` – Salgar Jun 14 '13 at 13:02
Wrong: mmm() parameter is by reference and the pointer is assigned there. – Ernest Friedman-Hill Jun 14 '13 at 13:02

C++ Allocate and free memory in function

5 Answers5