-6

I use a 64 bit linux machine so the size of my pointers are 8 bytes, So looking at the code below , I wrote the program below to segfault right after the H in my string(in the strcpy()). But does not seem to happen . with the program below I thought it would overrun and corrupt the memory in x. This below program runs fine on my system but if I add another letter in the strcpy() it segfaults. So such a problem is obviously system dependent but how is this string not crashing the program? I did search for such a problem , if some links are present you could re direct me as well. Thanks in advance.

int main()
{

int x;
char* c ;

x = 0xF0000000;

strcpy(&c,"ABCDEFGHFFFFFF");
x++;
printf("%X\n",x);

printf("%s\n",&c);

}

ajax_velu
  • 286
  • 3
  • 16
  • 4
    I see you've declared a pointer... but what is it pointing to? – Jeff Mercado Sep 22 '14 at 20:48
  • Of course its going to compile with warnings but it does give me an output as the following `F0000001 ABCDEFGHFFFFFF` I now this is definitely how you write conventional programs I am just trying to see how the strings are copied and you guys definitely don't have an answer. – ajax_velu Sep 22 '14 at 20:52
  • Your program is simply UB, there's nothing useful to argue about. If you want to know what exactly heppens in your case in a particular run, break the debugger out and single-step it. Be aware that using the debugger may change the programs behavior. – Deduplicator Sep 22 '14 at 20:54
  • you are messing with memory... `char* c;` declares a pointer which contains 8 bytes on 64bit arch but they are not initialized, then you overwrite this pointer with some more garbage by `strcpy(&c` (it should corrupt the memory by the 9th character, but your program might be lucky to survive due to memory alignment). I see that you are trying to also play with `x` in parallel, but it is not guaranteed that they are allocated somehow next to each other. If you want this kind of messing around, try `union` type. – mariusm Sep 22 '14 at 20:56
  • @mariusm I get what you are saying w.r.t x , it totally depends on the memory alignment , but the pointer being 8bytes wide how can it hold a string so big and not compliant during runtime? you can also see the entire string also being reproduced. – ajax_velu Sep 22 '14 at 20:59
  • 1
    The problem is that your intentions are not clear. Usually the compiler or memory manager allocates a little bit more memory (e.g. byte-alignment, internal allocation book-keeping) and thus small overflows like this do not trigger a segfault at OS level because your program just messed up some of its internal memory (managed by libraries). That's why your program is "lucky". You'll get your segfault at some later point -- when you least expect ;-) If you want to debug your program memory try valgrind tool. – mariusm Sep 22 '14 at 21:06

1 Answers1

0

As to pointers and memory management in C:

  • you have to create the pointer manually
  • you have to allocate memory manually
  • you have to initialize the pointer to point to the allocated memory manually

The expression

char *c;

only creates the pointer, but neither does it allocate any memory for characters, nor does it initialize the pointer to the allocated memory.

You're much better off with:

char c[20];

c will behave like a pointer, but at the same time you've allocated a 20-byte buffer (in main's stack frame) and c is pointing to its beginning.

When using a string (a character pointer), you don't strcpy to the pointer's address, but to the address held by the pointer:

strcpy(c, "ABCDEFGHFFFFFF");

Just as a side note: the expression "ABCDEFGHFFFFFF" allocates a constant character buffer with the literal text and the terminating zero in memory and returns its address. That's why such usage is legitimate.

SzG
  • 12,333
  • 4
  • 28
  • 41