67

This question is meant to be used as reference for all frequently asked questions of the nature:

Why do I get a mysterious crash or "segmentation fault" when I copy/scan data to the address where an uninitialised pointer points to?

For example:

char* ptr;
strcpy(ptr, "hello world"); // crash here!

or

char* ptr;
scanf("%s", ptr); // crash here!
alk
  • 69,737
  • 10
  • 105
  • 255
Lundin
  • 195,001
  • 40
  • 254
  • 396
  • 6
    The problem is more that OPs don't even know the pointer is uninitialised, but that there magically appears an object once you declare/define (they confuse this, too) pointer. – too honest for this site May 31 '16 at 15:21
  • 2
    You should probably change the title if you're aiming for this question to be read by those who experience this problem **before** they post it here. – barak manos May 31 '16 at 15:22
  • 1
    @Olaf Indeed, so then you close-vote their segmentation questions as duplicates with a link to this one. I've been missing a FAQ question like this forever; finally got around to write one down. – Lundin May 31 '16 at 15:22
  • 1
    @barakmanos The intention is to use this post as a "canonical duplicate" for frequently asked questions. I don't really expect newbies to find it by themselves. – Lundin May 31 '16 at 15:23
  • Yeah, I just realized that after you posted that other comment above. – barak manos May 31 '16 at 15:24
  • 2
    @Lundin: I appreciate your effort. If that is meant as a dup-CV, I'm with you. But actually I'd prefer they would find it themself before they post. But then this likely is wishful thinking anyway, as beginners tend to think their problem is unique. So, have +1 and I'll keep than in mind - thanks! – too honest for this site May 31 '16 at 15:25

5 Answers5

50

A pointer is a special type of variable, which can only contain an address of another variable. It cannot contain any data. You cannot "copy/store data into a pointer" - that doesn't make any sense. You can only set a pointer to point at data allocated elsewhere.

This means that in order for a pointer to be meaningful, it must always point at a valid memory location. For example it could point at memory allocated on the stack:

{
  int data = 0;
  int* ptr = &data;
  ...
}

Or memory allocated dynamically on the heap:

int* ptr = malloc(sizeof(int));

It is always a bug to use a pointer before it has been initialized. It does not yet point at valid memory.

These examples could all lead to program crashes or other kinds of unexpected behavior, such as "segmentation faults":

/*** examples of incorrect use of pointers ***/

// 1.
int* bad;
*bad = 42;

// 2.
char* bad;
strcpy(bad, "hello");

Instead, you must ensure that the pointer points at (enough) allocated memory:

/*** examples of correct use of pointers ***/

// 1.
int var;
int* good = &var;
*good = 42;

// 2.
char* good = malloc(5 + 1); // allocates memory for 5 characters *and*  the null terminator
strcpy(good, "hello");

Note that you can also set a pointer to point at a well-defined "nowhere", by letting it point to NULL. This makes it a null pointer, which is a pointer that is guaranteed not to point at any valid memory. This is different from leaving the pointer completely uninitialized.

int* p1 = NULL; // pointer to nowhere
int* p2;        // uninitialized pointer, pointer to "anywhere", cannot be used yet

Yet, should you attempt to access the memory pointed at by a null pointer, you can get similar problems as when using an uninitialized pointer: crashes or segmentation faults. In the best case, your system notices that you are trying to access the address null and then throws a "null pointer exception".

The solution for null pointer exception bugs is the same: you must set the pointer to point at valid memory before using it.

Further reading:

Pointers pointing at invalid data
How to access a local variable from a different function using pointers?
Can a local variable's memory be accessed outside its scope?

Segmentation fault and causes
What is a segmentation fault?
Why do I get a segmentation fault when writing to a string initialized with "char *s" but not "char s[]"?
What is the difference between char s[] and char *s?
Definitive List of Common Reasons for Segmentation Faults
What is a bus error?

Antti Haapala -- Слава Україні
  • 129,958
  • 22
  • 279
  • 321
Lundin
  • 195,001
  • 40
  • 254
  • 396
  • These kind of bugs are very commonly written both by beginners who have yet not grasped what pointers are or how they work. So please note that the intention of this community wiki is therefore to keep explanations on a basic level. If you wish to leave more advanced answers with references to the C standard etc, kindly post a different answer to the question. – Lundin May 31 '16 at 15:18
  • 4
    "It cannot contain any data." - Hmm, actually the address **is** its data. – too honest for this site May 31 '16 at 15:22
  • 1
    @Olaf Keep things basic here, please :) This is intended for beginners. Though... if an address is data, then why does a CPU have both an address bus and a data bus? – Lundin May 31 '16 at 15:25
  • Does it read the contents of a pointer variable from the address bus? ;-) (And e.g. PCIe uses a packet/command format, no classical address/data bus mechanism). There also were RAM designs that way (remember RAMBUS?) Anyway, I'm fine with the answer, should suffice for beginners. Just leave the comments if they are interested to get deeper into it. – too honest for this site May 31 '16 at 15:26
  • 4
    Note on the last example: one doesn't need to dereference the pointer to exhibit undefined behavior. Like anything else, indeterminate content (the case of value for `p2`) by its very nature invokes undefined behavior when even *evaluated*, much-less furthering the madness by *dereferencing*. Yes it is a different problem, but tightly related. In summary, the statement "It is always a bug to use a pointer before it has been initialized." is true, but "use" is not limited to only dereferencing. – WhozCraig May 31 '16 at 15:43
  • @WhozCraig: I disagree partially. `int (*p)[10] = malloc(sizeof(*p));` is perfectly valid and a typical ideom. – too honest for this site May 31 '16 at 17:16
  • @Olaf honestly, not sure how that relates to my comment at all – WhozCraig May 31 '16 at 17:25
  • @WhozCraig: "It is **always a bug** to use a pointer before it has been initialized." is true, but "use" **is not limited to only dereferencing**." – too honest for this site May 31 '16 at 17:34
  • "These examples all lead to program crashes or other kinds of unexpected behavior" - sometimes it works "as expected", people post questions asking why their invalid pointer access *doesn't* crash when they thought it would – M.M Jun 01 '16 at 05:12
4

  1. Pointers only point to a memory location. You created a pointer but you did not bind to a memory location yet. strcpy wants you to pass two pointers (first one mustn't be constant) that point to two character arrays like this signature:

    char * strcpy ( char * destination, const char * source );

    sample usage:

    char* ptr = malloc(32);  
strcpy(ptr, "hello world");

    char str[32];  
strcpy(str, "hello world");

  2. You can try the following code snippet to read string until reaching newline character (*you can also add other whitespace characters like "%[^\t\n]s"(tab, newline) or "%[^ \t\n]s" (space, tab, newline)).

    char *ptr = malloc(32);
scanf("%31[^\n]", ptr);

    (In real life, don't forget to check the return value from scanf()!)

Toby Speight
  • 27,591
  • 48
  • 66
  • 103
lonesomecodeboy
  • 89
  • 1
  • 7
2

One situation that frequently occurs while learning C is trying to use single quotes to denote a string literal:

char ptr[5];
strcpy(ptr, 'hello'); // crash here!
//            ^     ^   because of ' instead of "

In C, 'h' is a single character literal, while "h" is a string literal containing an 'h' and a null terminator \0 (that is, a 2 char array). Also, in C, the type of a character literal is int, that is, sizeof('h') is equivalent to sizeof(int), while sizeof(char) is 1.

char h = 'h';
printf("Size: %zu\n", sizeof(h));     // Size: 1
printf("Size: %zu\n", sizeof('h'));   // likely output: Size: 4
S.S. Anne
  • 15,171
  • 8
  • 38
  • 76
Leonard Lepadatu
  • 606
  • 8
  • 14
0

This happens because you have not allocated memory for the pointer char* ptr . In this case you have to dynamically allocate memory for the pointer.

Two functions malloc() and calloc() can be used for dynamic memory allocation.

Try this code :-

char* ptr;
ptr = malloc(50); // allocate space for 50 characters.
strcpy(ptr, "hello world");

When the use of *ptr over don't forget to deallocate memory allocated for *ptr .This can be done using free() function.

free(ptr);  // deallocating memory.

Size of dynamically allocated memory can be changed by using realloc().

char *tmp = realloc(ptr, 100); // allocate space for 100 characters.
if (! tmp) {
    // reallocation failed, ptr not freed
    perror("Resize failed");
    exit(1);       
}
else {
    // reallocation succeeded, old ptr freed
    ptr = tmp;
}

In most cases "segmentation fault" happens due to error in memory allocation or array out of bound cases.

Antti Haapala -- Слава Україні
  • 129,958
  • 22
  • 279
  • 321
anoopknr
  • 3,177
  • 2
  • 23
  • 33
0

For making a modifiable copy of a string, instead of using malloc, strlen and strcpy, the POSIX C library has a handy function called strdup in <string.h> that will return a copy of the passed-in null-terminated string with allocated storage duration. After use the pointer should be released with free:

char* ptr;
ptr = strdup("hello world");
ptr[0] = 'H';
puts(ptr);
free(ptr);
Antti Haapala -- Слава Україні
  • 129,958
  • 22
  • 279
  • 321