3

I'm confused on the behavior of below code snippet,

I have declared a char pointer and pointed it to a memory location of allocated size (1 * sizeof(char)) . 

char *src ;
src = (char*)malloc(1 * sizeof(char));
strcpy(src,"Copy text");

Even though I have only allocated memory of 1*sizeof(char) I can succesfully copy the entire string and also I'm getting read and write permission on the entire memory area where "Copy text" is present .

i.e the below code prints the modified value.ie, it prints "Copy RRxt".

src[5] = 'R';
src[6] = 'R';
printf("%s \n" , src);

So I'm confused why I didn't get "Segmentation fault" error on the above snippet.

Note: I'm using GCC compiler v4.6.3

Valentin Mercier
  • 5,256
  • 3
  • 26
  • 50
davidvarghese
  • 637
  • 2
  • 10
  • 18
  • Concerning the lack of a segfault, you have to consider that it signals that your process (!) stepped on anything it didn't own. However, you only stepped on something that the code in question doesn't directly own, but it may well be something used and owned by the process, like e.g. bookkeeping data used by malloc()/realloc(). In other words, there are two boundaries but you only crossed one of them, not the other. The two boundaries could coincide though, like e.g. when the last byte coincides with the last byte of a page, an overflow can be trapped with a segfault. – Ulrich Eckhardt Jul 19 '14 at 10:11

1 Answers1

15

This is because malloc works by chunks of 16 or 32 bytes because this strategy makes memory accesses more efficient. Therefore when you allocate 1 byte the next 15 bytes may probably be yours.

However I would not recommend cheating knowing this trick but correctly allocating the right amount of bytes.

Valentin Mercier
  • 5,256
  • 3
  • 26
  • 50
  • 4
    I'd like to point out, that malloc is not actually doing the memory allocation; it's a managing frontend to whatever API is provided by the operating system kernel to allocate address space. (sbrk and mmap on *nix, VirtualAlloc on Windows). An important caveat of those is, that address space must be allocated in chunks the size of a "page", usually 4kiB. – datenwolf Jul 19 '14 at 09:13
  • Thanks..So is there any other ways,where I can allocate small amount of memory (maybe <16 or 32 bytes) without wastage. – davidvarghese Jul 19 '14 at 09:14
  • @user3665376: If you need dynamic allocation of small amounts of memory: Stick with malloc! Modern implementations of malloc maintain a whole set of memory pools from which small allocations are supplied (i.e. a since 4kiB page, split into chunks of 16, 32 and 64 bytes) to efficiently (performance and resource saving) hand out memory. – datenwolf Jul 19 '14 at 10:39
  • @user3665376: Also keep in mind that you don't need malloc in every situation that calls for dynamic allocation: If the amount of memory is relatively small (<= 1kiB) and *is not* required outside the scope of where its allocated (i.e. return the pointer to the memory to the caller of the function) you might want to allocate on the stack using `alloca` or C99 variadic arrays. *But keep in mind that should the stack be exhausted your program will crash*, so if you need reliable memory allocation that allows for an error recovery code path, you must use `malloc`. – datenwolf Jul 19 '14 at 10:41
  • Clear and concise answer, +1 :) – zx81 Jul 22 '14 at 12:33