Why can I access the member variable of an object in a list after it has been erased?

Question

#include <list>
#include <iostream>

struct Foo
{
    Foo(int a):m_a(a)
    {}
    ~Foo()
    {
        std::cout << "Foo destructor" << std::endl;
    }
    int m_a;
};

int main( )
{
   std::list<Foo> a;
   Foo b(10);
   std::cout << &b << std::endl;
   a.push_back(b);
   Foo* c = &(*a.begin());
   std::cout << c << std::endl;
   a.erase(a.begin());
   std::cout << a.size() << std::endl;
   c->m_a = 20;
   std::cout << c->m_a << std::endl;
   std::cout << b.m_a << std::endl;
}

The result is:

0x7fff9920ee70
0x1036020
Foo destructor
0
20
10
Foo destructor

I usually think after i erase an object in a list i can't access member variable of thar object any more. But in the above I can still access c->m_a after I have erased the object what c points to,Why?

I'd imagine it's because the pointer still points to the memory, and knows the structure of the object, and really the destructor just allows the memory to be overwritten, but that hasn't happened yet — wrossmck, Feb 18 '14 at 13:02
Read [this answer](http://stackoverflow.com/a/6445794/1782465). — Angew is no longer proud of SO, Feb 18 '14 at 13:12
You wouldn't be able to call c if you would call `delete c`, just like you normally do when you don't need a pointer anymore :-) — XAMlMAX, Feb 18 '14 at 14:20

score 2 · Answer 1 · answered Feb 18 '14 at 13:03

with Foo* c = &(*a.begin()); you have created a pointer to an object which you intentionally destroy (via the erase()). However the memory for the object for is still there (since this is a very simple application, and the OS did not claim it for something else).

So you effectively use memory which is not yours anymore to use.

score 0 · Answer 2 · answered Feb 18 '14 at 13:08

Well, data integrity is only guaranteed as long as you have allocated that part of the memory (whether by it on the stack or on the heap using new/malloc).

What happens with your data once you have freed it, is undefined (meaning it is implementation dependent). The most efficient way of freeing memory is by simply marking the memory as being available, leaving your data there until another program claims that part of the memory using malloc and overwrites it. This is how most implementations will handle this.

C++ does not check whether the data you are reading or writing belongs to your program. That is why you get a segmentation fault when your program tries to write data to a place in the memory it does not have access to.

In your case you will free the memory and then you check for its value immediately. C++ will happily execute your code. Since you only freed it recently, the odds are very high that your data is still there (but certainly not guaranteed: sooner or later it will get overwritten).

score 0 · Answer 3 · answered Feb 18 '14 at 13:23

Welcome to the wild world of pointers. What exactly you got here is case of Dangling Pointer (Read up the wiki article, it explains it in detail).

Basically what happened here is that after removing the item from the list, the pointer c became dangling pointer (it is pointer to a memory location which is no more occupied by Foo object). But still C++ will allow you to read/write through this pointer, but the side affects will be totally non deterministic (means anything can happen). As the code is simple s during testing your code you just got lucky (or unlucky as these type of problems can become very difficult and dangerous as they get old).

and nearly impossible to find the source of your application crash in bigger projects — Zaiborg, Feb 18 '14 at 13:47

Why can I access the member variable of an object in a list after it has been erased?

3 Answers3