1
#include <stdio.h>
#include <stdlib.h>

int main(){

    int * ptr = (int*)malloc(sizeof(int)*100); // Allocated space for 100 integers

    // Some code

    free(ptr); // Calling free with ptr as argument

    return 0;
}

  1. How does this free all 400 bytes (in my case)? ptr only contains address of one byte in the memory and also I have not passed any other argument specifying the size of the dynamic array so that it may run a loop and frees all the bytes

  2. What will happen if I do this:

    ptr++;
free(ptr);

  3. Since we cannot retrieve the size of the array in heap by giving the pointer then it means malloc() has no clue how many bytes were reserved along with ptr then why does it not allocate another heap memory starting from the middle of previous array?

user16217248
  • 3,119
  • 19
  • 19
  • 37
Adi bhai
  • 23
  • 4
  • 1
    I removed the C++ this is a strict C question. C++ and C are different languages. When malloc allocates memory it allocates a bit more then you need. Your memory + some header data containing information on the block of memory you allocated. Ssay that information needs 8 bytes then 408 bytes are allocateds and the pointer you get will point to the 8th position in that memory. free can then lookup the extra data and know what to do. (http://tharikasblogs.blogspot.com/p/how-to-write-your-own-malloc-and-free.html) – Pepijn Kramer Apr 12 '23 at 03:17
  • Think about this: If the code calls `malloc()` twice, on the second invocation, how does the function _know_ that there's already a certain sized block allocated... There are machinations that are understood by both `malloc()` and `free()`. At the level of a program's code, all that's needed is to `free()` the same pointer (dynamic memory address) as was returned by `malloc()` (and don't step out of bounds, either!) – Fe2O3 Apr 12 '23 at 03:51
  • A couple of style points. * Since the question has moved to C-only, do not cast the result of malloc(). https://stackoverflow.com/questions/605845/do-i-cast-the-result-of-malloc * The sizeof operator is not a function. It does not need parenthesis after it. If you must use parenthesis, (sizeof int) * 100 works. – hellork Apr 12 '23 at 05:37

1 Answers1

5

  1. Part of the malloc/free routines includes storing metadata such as how big the block of memory is so free(). Typically this data is stored at the bytes immediately before the pointer returned by malloc(). Read more here.

  2. Since the incremented value of the pointer was not one previously returned by malloc(), calloc(), or realloc(), the code ptr++; free(ptr); where ptr is returned by malloc() invokes undefined behavior. free() might try to access bookkeeping data which is assumed to be at a fixed offset from the start of the allocated block, but find garbage instead and crash violently. Or maybe something completely different happens. You cannot reliably predict what happens when undefined behavior is invoked.

user16217248
  • 3,119
  • 19
  • 19
  • 37
  • 3
    @user16217248: Experts can reliably predict so-called “undefined” behavior in many circumstances. The thing that makes “undefined” behavior undefined is that the C standard does not specify it, and therefore it is permitted to vary between C implementations or different circumstances. That is its key characteristic, that it is unspecified and is permitted to vary, not that it is unpredictable. – Eric Postpischil Apr 12 '23 at 07:34