Overwritting null character in C array

Question

Consider the case:

char s1[] = "abc";
s1[3] = 'x';
printf("%s", s1);

As I know, printf prints characters until it finds the null character and then stops.

When I overwrite the null character by 'x', why does printf print the s1 array correctly? How does it find the null character?

Be careful to distinguish between an *array* (where each element can hold any value) and a C-string (which, per definition, ends at the first `0` code). Your code transforms an array which happens to form a valid C string into a not-a-valid C string. — Jongware, Jun 27 '15 at 15:41

score 5 · Answer 1 · answered Jun 27 '15 at 15:34

Your printf call invokes undefined behaviour because s1 doesn't have zero (aka null byte) terminator. s1 is an array of 4 characters and over writing the null byte is not an issue. After

s1[3] = 'x';

s1 will become:

[a][b][c][x]

But you can't print it as a string. A string in C is, by definition, a sequence of bytes terminated with a null byte. It just happens to work this time but you should never rely on that.

score 2 · Answer 2 · answered Jun 27 '15 at 15:26

2

It means only that after this array there is by accident a null character in the memory.:)

You can try the following example

char s0[] = "xxx";
char s1[] = "abc";
char s2[] = "yyy";
s1[3] = 'x';
printf("%s",s1);

and see the result.

answered Jun 27 '15 at 15:26

Vlad from Moscow

301,070
26
186
335

I compiled your code and I got more confused. I got: "abcxxxx" I thought 'y' would be the last characters. – Higgs Jun 27 '15 at 15:47
2

@Higgs It is unspecified in what order the compiler places local variables. – Vlad from Moscow Jun 27 '15 at 15:57
1

@Higgs Take into account that usually when a new local variable is added to the stack the stack address is decreased. So s0 has a higher address in the stack. – Vlad from Moscow Jun 27 '15 at 16:00
Hah. yes you are right I forgot about stack addresses, I remember it now. Thanks. – Higgs Jun 27 '15 at 16:07

score 2 · Answer 3 · edited Jun 27 '15 at 15:42

2

The printf function will print all the characters untill it encounters a nul character.

In your case, you have started accessing beyond the memory that was allocated and accessing memory beyond what is allocated is undefined behavior

In this case it accidently happen to be nul.

edited Jun 27 '15 at 15:42

Iharob Al Asimi

52,653
6
59
97

answered Jun 27 '15 at 15:28

Pradheep

3,553
1
27
35

score 0 · Answer 4 · edited May 23 '17 at 11:58

0

If it printed "abcx". It means that there was already a null in s1[4]. The value on the stack depends on previous operations. So it may always be a zero in that position but what is more likely to happen is that there is a zero while you are debugging the code and nothing goes wrong, but then in release a zero is not put in that position and you end up with a difficult bug to debug.

Undefined by the language definition does not mean undefined in an implementation. eg MS Visual Studio when compiling in Debug mode will set memory to predictable values to aid debugging. When and why will an OS initialise memory to 0xCD, 0xDD, etc. on malloc/free/new/delete?

edited May 23 '17 at 11:58

Community

1
1

answered Jun 27 '15 at 15:36

QuentinUK

2,997
21
20

This is correct, but the truth is that the code invokes undefined behavior, so [this](http://stackoverflow.com/a/31090416/1983495) a more concrete answer because when undefined behavior happens one of the possible things is that it works without problems, I don't say as expected because you can't expect a given behavior. – Iharob Al Asimi Jun 27 '15 at 15:42
It is undefined by the language definition but it can be defined in an implementation, it can also be predictable in an implementation, or in a particular compiled program when running with the same data repeatedly. – QuentinUK Jun 28 '15 at 00:45

Overwritting null character in C array

4 Answers4