0

Let's say there are 20 blocks of memory and a pointer p is pointing to the first block. Now, when I do: 

p++;
free(p);

How many blocks of memory would be freed and why?

Yu Hao
  • 119,891
  • 44
  • 235
  • 294
Ashish Patil
  • 337
  • 3
  • 4
  • 15

3 Answers3

25

Un-deterministic. Cannot say. You need to supply the exact pointer which was returned by malloc().

Passing a pointer to free() which is not returned by malloc() [and family] is undefined behaviour.

As per your question, if the malloc()-ed pointer is stored in p, and you do p++ and call free(p);, then there p is not anymore a pointer returned by the calloc, malloc, or realloc function.

As per Chapter 7.20.3.2, c99 standard, 2nd paragraph

The free function causes the space pointed to by ptr to be deallocated, that is, made available for further allocation. If ptr is a null pointer, no action occurs. Otherwise, if the argument does not match a pointer earlier returned by the calloc, malloc, or realloc function, or if the space has been deallocated by a call to free or realloc, the behavior is undefined.

Sourav Ghosh
  • 133,132
  • 16
  • 183
  • 261
4

Once the memory is allocated on heap using malloc() calloc() or realloc() there is a record maintained about the amount of memory that is being allocated during any of these calls.

So if some x bytes is allocated then this information is maintained separately by the OS.

Like

----------------------------
| Pointer | Memory allocated|
----------------------------

Now let your pointer which was used during dynamic memory allocation point to any location i.e some location other than the memory location which it was being pointed to during initial allocation.

But when you call free it doesn't care where the pointer is pointing to it just looks up the record where it gets the information how much memory was allocated dynamically on heap .

So free() uses this record and frees the allocated memory so you always need to pass the pointer used during malloc() , calloc() and realloc()

Gopi
  • 19,784
  • 4
  • 24
  • 36
  • What you describe is not at all required by the standard and not always true, though. There are malloc implementation that stored alloc records separately. I wrote one. – tux3 Jan 10 '15 at 15:11
  • @tux3 My point is the answer which has been upvoted here never talks about the actual question in hand which is how many bytes gets freed and also what if the pointer is pointing to some memory location after allocation so my answer is in sync with it. Yes I know that this is not a standard but I wanted to convey that free() doesn't depend on where the pointer is pointing and because that info is got from some other place – Gopi Jan 10 '15 at 16:56
3

It depends. Your question does not provide sufficient information.

If p++ causes p to reference a block that was also allocated by malloc(), then that block will be returned to the heap (whatever size was allocated). If however it was not a pointer to a dynamically allocated block, you would corrupt the heap, and the result is non-deterministic, but never good!

So for example if you were to do:

struct sBlock* p = malloc( 20 * sizeof(struct sBlock) ) ;
p++ ;        // point to second block
free( p ) ;  //  Heap corruption or runtime error

The C runtime is not required to trap such errors, but some implementations or debug environments may do so. More often, the error will go unnoticed until you attempt to allocate or free further memory after you have corrupted the structures the heap uses to keep track of memory. The actual failure mode will be unpredictable, and often occurs some distance both in code proximity and time from the actual error - making debugging difficult.

Clifford
  • 88,407
  • 13
  • 85
  • 165