Why might it appear that two memory locations are altered after using malloc() & free()?

Question

In the following code, I am allocating memory for a few int pointers, setting their data, printing the data information, and freeing them. Then, I allocate data for a new int pointer and print all of the data again.

What I am observing is that the same data is written to new location in memory as well as one of the previously freed locations. I would expect it write to one of the previously free'd locations, but why would it also write to a new location?

By the way, I am working in MS Visual C++ 2010.

Here is the code:

#include <stdio.h>
#include <stdlib.h>

int main(int argc, char *argv)
{
    int *ip;
    int *jp;
    int *xp;

    printf("\n   Memory Allocation Test Bench\n")
    printf("----------------------------------\n");

    ip = malloc(sizeof(*ip));
    jp = malloc(sizeof(void *));

    *ip = 10;
    *jp = 20;

    printf("ip Data: %d, Location: %p\n", *ip, &ip);
    printf("jp Data: %d, Location: %p\n", *jp, &jp);

    free(ip);
    free(jp);

    xp = malloc(sizeof(*xp));

    *xp = 40;

    printf("\nAfter freeing all and setting *xp = 40...\n");
    printf("ip Data: %d, Location: %p\n", *ip, &ip);
    printf("jp Data: %d, Location: %p\n", *jp, &jp);
    printf("xp Data: %d, Location: %p\n", *xp, &xp);

    free(xp);

    printf("\nAfter freeing xp...\n");
    printf("ip Data: %d, Location: %p\n", *ip, &ip);
    printf("jp Data: %d, Location: %p\n", *jp, &jp);
    printf("xp Data: %d, Location: %p\n", *xp, &xp);

    printf("\nPress any key to continue... \n");
    getchar();

    return EXIT_SUCCESS;
} // End of Main

And here is the output I am getting, marked to show what I am talking about:

You can see that when *xp is set to 40, two locations in memory seem to be altered. What might be causing this to happen?

---

UPDATED

After learning that trying to use a freed pointer was undefined behavior, I understand that the output doesn't necessarily have to be explained, given that the actions leading to it are undefined. With that in mind, and based on the answers to this question: What happens to memory after free()? , the freed pointers are still pointing to a location in memory, they just should not be used to access it. Which brings in the debate about Setting variable to NULL after free()? to prevent this issue in the first place.

---

Mystery Solved

A big thanks to Matt McNabb for pointing out that the printf statements were not printing the address in memory pointed to by the pointers, but were printing the stack address of the pointers themselves. Replacing the printf lines like this:

printf("xp Data: %d, Location: %p\n", *xp, &xp);

with lines like this:

printf("xp Data: %d, Location: %p\n", *xp, xp);

generated this new output which clearly shows everything is working properly. The last malloc() statement recycled the memory previously freed. And since the freed pointer still technically pointed to a valid location in memory, it looked like 2 locations were being altered at the same time:

Undefined behavior aside, this explanation at least gives reasoning to what was going on - a very simple (and amateur) coding error. Moral of the story: Take note of the address you are talking about (heap vs stack) and do not try to access memory using a freed pointer.

Answer 1

There are not "two memory locations altered". I guess you are talking about the output lines:

ip Data: 40, Location: 0012FF60
xp Data: 40, Location: 0012FF3C

However, your "Location" is not where the 40 is stored; it's the location (on the stack) of the pointers ip and xp. To see location where the 40 is stored, output xp, not &xp.

Also, you should cast to (void *) the argument matching a %p format specifier.

It is undefined behaviour to try and print the value of a pointer that has been freed, let alone dereference it (ip or *ip in this case). To print ip reliably, do it before you free it.