If I allocate only 4 bytes for single int, how then pointer can store second int?

Question

As I found on one site following code:

#include <stdio.h>   
#include <stdlib.h> 

int main(void) 
{
    int *p1 = malloc(4*sizeof(int));  // allocates enough for an array of 4 int
    int *p2 = malloc(sizeof(int[4])); // same, naming the type directly
    int *p3 = malloc(4*sizeof *p3);   // same, without repeating the type name

    if(p1) {
        for(int n=0; n<4; ++n) // populate the array
            p1[n] = n*n;
        for(int n=0; n<4; ++n) // print it back out
            printf("p1[%d] == %d\n", n, p1[n]);
    }

    free(p1);
    free(p2);
    free(p3);
}

Output:

p1[0] == 0

p1[1] == 1

p1[2] == 4

p1[3] == 9

Now following that code above I did this:

#include <stdio.h>
#include <stdlib.h>
#include "Header.h"

int main()

{

    int  *ip = (int*)malloc(1 * sizeof(int));

    ip[0] = 2;
    ip[1] = 9;

    printf("%d %d",ip[0],ip[1]);



    return 0;
}

Output: 2 9

So how then my pointer *ip can store more than one int when I only allocated bytes for single int?

Answer 1

You're writing into memory which is outside of the bounds of the array. Sadly, there is no compiler check for this, but it sometimes works.

Note: This is undefined behavior and should not be used under any circumstances.

Answer 2

Remember, ip[1] is equivalent to *(ip + 1), which is syntactically valid for any pointer, even if ip is pointing to single int and not an array of ints.

Dereferencing or writing to ip[1] is undefined behavior. Try adding free(ip) before the return 0 in your second program and observe the behavior then.