I was going through some debugging and found that the compiler allocate memory more than what is required. In my case I declared an integer followed by a string 'name [10]'. I was able to insert more than 10 alphabets even though I just mentioned 10. Also I am able to print all those characters. And I noticed that the limit was not 10 but it was 28. The characters inserted after 28 were not displayed. Can someone explain it to me why it happens so?
Asked
Active
Viewed 248 times
2
-
9You're invoking undefined behaviour — which is bad. The compiler allocates padding space to ensure that the data (the integer) is properly aligned in memory (probably on an address which is a multiple of 4 bytes), so that access to it is efficient. The chances are that if you write more than 11 characters plus terminal null, you are writing outside the structure. That's bad! It's a source of buffer overflows (even writing outside the 10 bytes allocated is a buffer overflow), and to be avoided at all costs. C is not a nanny language. It lets you shoot yourself in the foot. Try not to limp. – Jonathan Leffler Jun 03 '14 at 17:27
-
"I noticed that the limit was not 10 but it was 28" how did you make this measurement? – Matteo Italia Jun 03 '14 at 17:39
-
3Just because you can write into memory that was not allocated to you doesn't mean the compiler is doing something unexpected. When you fail to honor the contracts you negotiate with the compiler/library/runtime/etc., the system may or may not decide to do something about it, but there are no guarantees of any sort... – twalberg Jun 03 '14 at 17:43
-
@JonathanLeffler Alignment padding before the block doesn't explain the ability to write past the end (if anything, it is likely to decrease the ability to write past the end by putting the end of the block closer to the end of the page). – nobody Jun 03 '14 at 17:53
-
1@DDR Showing the actual code you are using if you would like a more specific explanation. – nobody Jun 03 '14 at 17:55
-
@MatteoItalia I looked up the address of the integer and the the string and found the difference to be 28.Also I was able to insert 28 characters. – Nithin Jose Jun 03 '14 at 17:57
-
2@AndrewMedico: Alignment padding cannot occur at the beginning of a structure; it occurs between elements or at the end of of the structure. If the structure is `struct { int i; char s[10]; };` then there'll often be 2 bytes of padding after the structure. There usually won't be 28 bytes as part of the structure. But as I pointed out, C doesn't stop you writing out of bounds of your variables — and when you run into trouble while writing out of bounds depends on a lot of factors. And invoking undefined behaviour by writing out of bounds means anything can happen (including 'it almost works'!) – Jonathan Leffler Jun 03 '14 at 17:58
-
@JonathanLeffler My mistake. I was only thinking of a single heap address getting rounded up, and forgetting about stacks growing down or inter-member padding. – nobody Jun 03 '14 at 18:11
3 Answers
4
It is not allocating more memory to that variable, you just happen to be able to write to some part of memory that is next to it, but by doing that you are possibly overwriting other variables, even variables you don't control, like the call stack, or control variables created by the memory manager itself.
Writing where you are not supposed to will invoke undefined behaviour, which means it may or may not work and may or may not have consequences.
One of those consequences is know as stack buffer overflow, a security vulnerability that allows arbitrary code to be run and is widely used by worms and exploits to hack into computer systems.
Havenard
- 27,022
- 5
- 36
- 62
1
C doesn't do bounds checking on array accesses, so it won't automatically raise an exception when you access something outside the array bounds. If you don't clobber anything "important" (such as the return address) your code won't immediately crash, and may appear to run normally.
C assumes you know how big your arrays are, and that you're smart enough not to wander outside of them.
John Bode
- 119,563
- 19
- 122
- 198
0
Most systems (CPU architecture / operating system / compiler combination) allocate memory to processes at a resolution no smaller than a single page, which is typically at least 4KB. If your allocation of 10 bytes ends up at the beginning of a page, you may be able to read and write up to 4,086 bytes past the end of it without causing a page fault (slightly more or less depending on padding, metadata, etc).
