0

As per my understanding below program could have been crashed as freeing already freed memory but its not. Running on my Linux machine.

#include <stdio.h>
#include <malloc.h>
int main(void) {
      int *ptr1 = NULL;
      ptr1 = malloc(100);
      free(ptr1);
      free(ptr1);
      printf("%d\n", *ptr1);
      return 0;
}
Jens
  • 69,818
  • 15
  • 125
  • 179
Kaushal Billore
  • 115
  • 10
  • 10
    Where does it say that a program *must* crash? – Weather Vane Jun 03 '17 at 17:34
  • 3
    A better question is why this would ever *compile*. – EOF Jun 03 '17 at 17:34
  • 2
    Undefined behavior is undefined. – melpomene Jun 03 '17 at 17:35
  • Possible duplicate of [How are we able to access the pointer after deallocating the memory?](https://stackoverflow.com/questions/22033822/how-are-we-able-to-access-the-pointer-after-deallocating-the-memory) – Martin R Jun 03 '17 at 17:37
  • Include the proper headers (`` and `` respectively for the prototypes of `printf()` and `malloc()`), turn on **all** your compiler warnings and **mind them**. – pmg Jun 03 '17 at 17:40
  • @EOF Whats wrong in compilation. its run time thing btw. – Kaushal Billore Jun 03 '17 at 17:41
  • 3
    `ptr1 = malloc("100");`You are using a string literal as an argument to malloc(). This *might* be treated as a very large integer value, causing malloc() to return NULL. And double freeing NULL is not a sin. But at least your compiler should complain. And you should `#include ` EXTRA: `malloc.h` is a non-standard headerfile. – wildplasser Jun 03 '17 at 17:41
  • Do you mean "crash because I called `free` twice", or do you mean "crash because I am dereferencing a pointer to memory I do not own", or do you mean "crash because I am printing an uninitialised value"? – Weather Vane Jun 03 '17 at 17:42
  • @KaushalBillore I believe there is no implicit conversion from `char[]` to `size_t`. – EOF Jun 03 '17 at 17:42
  • @KaushalBillore you ask "Whats wrong in compilation". The original `malloc`line generated 2 compiler warnings in MSVC. – Weather Vane Jun 03 '17 at 17:44
  • 1
    Obviously, you either never compiled/tested it at all, or you did not copy/paste in the code you are actually using :(( – ThingyWotsit Jun 03 '17 at 17:45
  • Causing undefined behavior twice. "Undefined" means... "NOT DEFINED". So crash/no crash is not defined in this case – Pushan Gupta Jun 03 '17 at 17:45
  • If your C library is built with double free detection you may enable it. `glibc` has one, for example. – 0andriy Jun 03 '17 at 17:46
  • 1
    @wildplasser '"100"' was typo error. – Kaushal Billore Jun 03 '17 at 17:46
  • 5
    Don't post typo errors. – wildplasser Jun 03 '17 at 17:48

1 Answers1

2

According to the definition of free, a double free achieves undefined behaviour:

7.20.3.2 The free function

The free function causes the space pointed to by ptr to be deallocated, that is, made available for further allocation. If ptr is a null pointer, no action occurs. Otherwise, if the argument does not match a pointer earlier returned by the calloc, malloc, or realloc function, or if the space has been deallocated by a call to free or realloc, the behavior is undefined.

And undefined behaviour itself is defined in the same standard as follows:

3.4.3 (1) undefined behavior

behavior, upon use of a nonportable or erroneous program construct or of erroneous data, for which this International Standard imposes no requirements NOTE Possible undefined behavior ranges from ignoring the situation completely with unpredictable results, to behaving during translation or program execution in a documented manner characteristic of the environment (with or without the issuance of a diagnostic message), to terminating a translation or execution (with the issuance of a diagnostic message)

So a program with undefined behaviour may "crash", but it also may not. It's undefined...

Stephan Lechner
  • 34,891
  • 4
  • 35
  • 58