Segmentation fault location differs because of printf

Question

Below is my program

#include <iostream>
#include <stdio.h>
#include <stdlib.h>

using namespace std;

int main() {
  int i;
  int* mix_buffer = &i;
  int k = 0;

  while(1) {

  mix_buffer[k]=1;
  printf("\n k = %d", k); // 1st printf
  printf("\n mix_buffer[%d] = %d k = %d", k, mix_buffer[k], k); //2nd printf  
  k++;
}

}

When this is compiled with g++ (version 5.4) and run output is

 k = 0
 mix_buffer[0] = 1 k = 0
Segmentation fault (core dumped)

i.e. segfault occurs after once going through both the printf statements.

However, if I comment the first printf statement in program and recompile, the output is

Segmentation fault (core dumped)

Why does commenting

printf("\n k = %d", k); // 1st printf

cause the program to segfault earlier?

Your program invokes *undefined behavior*. You can stop trying to make sense of it and concentrate on fixing it instead. `mix_buffer[k]` for any `k` greater than zero sends you off the cliff. If you really want to see what is happening on *your* implementation with *your* compiled code and *your* running environment an assembly-level debugger is always a great tool. — WhozCraig, Jan 22 '17 at 10:35
Why are you using `printf` with C++ code? Also `using std;` is bad - see [here](http://stackoverflow.com/questions/1452721/why-is-using-namespace-std-considered-bad-practice) — Ed Heal, Jan 22 '17 at 10:37
@EdHeal thanks for suggestion. using std::cout gives the same behaviour. — user13107, Jan 22 '17 at 11:05
@WhozCraig thanks for suggestion. My question is, once I point to `i` using `mix_buffer`, it already has address of `i`. so when i do mix_buffer[1]=1, it should write 1 in the next address. segfault should occur only if mix_buffer[1] address is outside accessible memory. but why should it always give segfault at mix_buffer[1] and not mix_buffer[$randomInteger]? — user13107, Jan 22 '17 at 11:20
@user13107 And when you compile the code with optimizations turned on, the program may behave differently due to the compiler moving and eliminating code. So are you going to spend even more time trying to figure out why optimized code may or may not crash at a certain point, or would you rather write correct code? — PaulMcKenzie, Jan 22 '17 at 12:01

Gabriel · Answer 1 · 2017-01-22T11:49:04.087

1

mix_buffer[k]=1

You are writing into an array but you did not allocate it. This triggers the Segfault

To allocate it, you can do:

int mix_buffer[100];//alocates it, with index 0..99

edited Jan 22 '17 at 11:49

answered Jan 22 '17 at 10:50

Gabriel

3,564
1
27
49

i thought i did allocate it when i do `int *mix_buffer = &i` please see my comment below @artm answer. – user13107 Jan 22 '17 at 11:23

score 1 · Answer 2 · answered Jan 22 '17 at 11:14

1

int i;
int* mix_buffer = &i;

I think you should first fix the name of your variable mix_buffer, which is misleading. It's just a pointer to int, and a pointer itself cannot be any buffer - it has to point to some buffer, and you have to allocate that buffer first.

In this case, as pointed out in the comment, it's UB (segfault) because you just access mix_buffer as a real buffer using array index without allocating it. Anytime you k is greater or equal than 1 your program is undefined.

To fix that you should properly allocate the int buffer first. Something like

int buffer[100] = {0};

It's then ok to use the while(1) loop, but you have to watch out for out-of-bound access and terminate according by checking the k value, such as

while( 1 )
{
    ...
    if( k++ >= 100 )
    {
         break;
    }
}

answered Jan 22 '17 at 11:14

artm

17,291
6
38
54

Thanks for suggestions for fixing the problem. I want to understand why the problem is occurring in original program. Once I point to `i` using `mix_buffer`, it already has address of `i`. so when i do `mix_buffer[1]=1`, it should write 1 in the next address. segfault should occur only if mix_buffer[1] address is outside accessible memory. but why should it always give segfault at mix_buffer[1] and not mix_buffer[$randomInteger] – user13107 Jan 22 '17 at 11:22
"but why should it always give segfault at mix_buffer[1] and not mix_buffer[$randomInteger]" - any of these mix_buffer[k>=1] are UB. When UB you can't say anything specific. However, you can just try some more `mix_buffer[$randomInteger]` and see how it segfaults to prove your conclusion is incorrect – artm Jan 22 '17 at 11:36

Segmentation fault location differs because of printf

2 Answers2