Why does malloc allow me to create large sized arrays?

Question

I'm coming from Python. So, I'm trying to understand malloc in C

This code works fine as expected:

#include <stdio.h>
#include <stdlib.h>
int main() {
    int *arr;
    arr = (int *)malloc(2 * sizeof(int));
    arr[0] = 123123123;
    arr[1] = 456456456;
    printf("%d\n", arr[1]);
    return 0;
}

I suppose I should not be able to create arr[3]. I even able to create arr[5], this works fine as well:

#include <stdio.h>
#include <stdlib.h>
int main() {

    int *arr;

    arr = (int *)malloc(2 * sizeof(int));
    arr[0] = 111111111;
    arr[1] = 222222222;
    arr[2] = 333333333;
    arr[3] = 444444444;
    arr[4] = 555555555;
    arr[5] = 666666666;
    printf("%d\n", arr[1]);
    printf("%d\n", arr[5]);
    return 0;
}

Result:

x@main:~$ gcc example.c
x@main:~$ ./a.out
222222222
666666666

Why does it work? I created arr with 2 * sizeof ...

When I create arr[6], it crashes:

#include <stdio.h>
#include <stdlib.h>
int main() {
    int *arr;
    arr = (int *)malloc(2 * sizeof(int));
    arr[0] = 111111111;
    arr[1] = 222222222;
    arr[2] = 333333333;
    arr[3] = 444444444;
    arr[4] = 555555555;
    arr[5] = 666666666;
    arr[6] = 777777777;
    printf("%d\n", arr[1]);
    printf("%d\n", arr[5]);
    return 0;
}

Result:

x@main:~$ gcc example.c
x@main:~$ ./a.out
malloc(): corrupted top size
Aborted (core dumped)

Why doesn't it work? arr[5] works. But arr[6] doesn't work.

I increase memory space from 2 to 3 and it still doesn't work:

#include <stdio.h>
#include <stdlib.h>
int main() {
    int *arr;
    arr = (int *)malloc(3 * sizeof(int));
    arr[0] = 111111111;
    arr[1] = 222222222;
    arr[2] = 333333333;
    arr[3] = 444444444;
    arr[4] = 555555555;
    arr[5] = 666666666;
    arr[6] = 777777777;
    printf("%d\n", arr[1]);
    printf("%d\n", arr[5]);
    return 0;
}

Result:

x@main:~$ gcc example.c
x@main:~$ ./a.out
malloc(): corrupted top size
Aborted (core dumped)

Going out-of-bounds of the allocated memory causes [_undefined behavior_](https://stackoverflow.com/questions/2397984/undefined-unspecified-and-implementation-defined-behavior). Coming from Python this will be completely foreign concept to you. Python always gives you an error message if some operation is not allowed. But undefined behavior in C means that there simply is no guarantee at all how the program will behave. It might seem to work sometimes, but crash, give you errors or produce wrong output other times. — user17732522, Jun 13 '22 at 10:00
C allows you to shoot yourself in the foot. You have to pay real close attention to your code (and develop safe coding practices) if you want to avoid that. — pmg, Jun 13 '22 at 10:02
[How dangerous is it to access an array out of bounds?](https://stackoverflow.com/q/15646973/4139593) — TruthSeeker, Jun 13 '22 at 10:08
With GCC you can use the `-fsanitize=undefined,address` option as a way of checking your code while testing (but it shouldn't be used for release). It will give you an error message for certain kinds of undefined behavior such as here. You should also compile with `-Wall -Wextra` and possibly more warning flags to get important warning messages which often indicate problems that could lead to undefined behavior. — user17732522, Jun 13 '22 at 10:11

confusedandsad · Answer 1 · 2022-06-13T10:45:23.843

The arr[n] notation just refers the value in memory at the address arr + n. There is no built in catch to check that n is within the bounds of arr so the code just keeps updating memory, overwriting whatever was there. All malloc does is allocate you a certain amount of space, and then gives you a reference to the beginning of it, in this case called arr.

An error only occurs if you access a part of memory your code does not have permission to access. What you have written has undefined behaviour, there is no clear reason why this happens at arr[6] rather than eg arr[5], other than arr[6] happens to be beyond the memory that was allocated to your program.

Why does malloc allow me to create large sized arrays?

1 Answers1