c - pointer arithmetic, unexpected results

Question

Here is an example code:

int* arr = (int*)malloc(2 * sizeof(int));

arr = arr + 1;
*arr = 11;
arr[-1] = 22;

int x = arr[0]; // x = 11
int y = arr[1]; // y = 194759710

After a memory allocation arr pointer is incremented. I have expected to get the following results:

x == 22
y == 11

Could you explain how it works ?

Does this answer your question? [Are negative array indexes allowed in C?](https://stackoverflow.com/questions/3473675/are-negative-array-indexes-allowed-in-c) — Morten Jensen, Oct 05 '21 at 09:17
@MortenJensen It's not the problem in this case, it's a simple array out of bounds bug hidden by obfuscated code. — Lundin, Oct 05 '21 at 09:21

score 5 · Answer 1 · answered Oct 05 '21 at 09:21

5

The y assignment is incorrect. You only have 2 allocated items so you cannot first increment the pointer by one, then de-reference that pointer with [1], because that gives a 3rd element which doesn't exist.

answered Oct 05 '21 at 09:21

Lundin

195,001
40
254
396

Mathieu · Accepted Answer · 2021-10-05T09:23:28.417

5

When you set x and y, you forgot that arr no longer points on allocated memory.

This code do what you want:

#include <stdio.h>
#include <stdlib.h>

int main(void) {

    int* arr = (int*)malloc(2 * sizeof(int));
    int *original = arr;

    arr = arr + 1;

    *arr = 11;
    arr[-1] = 22;

    int x = original [0]; // x = arr[-1]
    int y = original [1]; // y = arr[0]

    printf("%d, %d\n", x, y);
}

edited Oct 05 '21 at 09:23

answered Oct 05 '21 at 09:21

Mathieu

8,840
7
32
45

1

BTW: `int* arr = (int*)malloc(2 * sizeof(int))` should be `int* arr = malloc(2 * sizeof(int))`. The `(int*)` cast is not wrong but it's useless. – Jabberwocky Oct 05 '21 at 09:25

c - pointer arithmetic, unexpected results

2 Answers2