Re: malloc question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Randi Botse wrote:

> I want to ask malloc() behaviour, consider these codes;
> ...
> char *ptr = malloc(1);
> strcpy(ptr, "what");
> puts(ptr);
> ....
> Confusingly, the strcpy() copied all bytes to ptr, but I just manage
> to allocate ptr only for 1 byte, I guess I will have segfault here,
> why this happen? why the string successfully copied into ptr? ,

libc typically requests memory from the kernel in large chunks, then
uses portions of this memory to satisfy malloc() requests. The memory
following the allocated block is likely to be valid (i.e. accessing it
won't cause a segfault), but it may have been allocated to something
else, or it may be allocated to something else in the future.

> is those code legal?

No. Any memory following the one byte block which you requested will
be deemed available for use by other parts of the code.

If you modify memory immediately beyond the end of a malloc()d block,
the most common result is corruption of the heap's internal data,
resulting in a subsequent malloc(), realloc(), free() etc call

For such a small string, you'll typically get away with it, as any
practical malloc() implementation will align blocks to at least a word
boundary and probably more (e.g. GNU libc uses 16-byte boundaries to
ensure that a "long double" won't straddle a page boundary), so there
will be some padding between the end of the allocated block and any
following block.

Glynn Clements <glynn@xxxxxxxxxxxxxxxxxx>
To unsubscribe from this list: send the line "unsubscribe linux-c-programming" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at

[Linux Assembler]     [Git]     [Kernel List]     [Fedora Development]     [Fedora Announce]     [Autoconf]     [Yosemite Campsites]     [Yosemite News]     [GCC Help]

Add to Google Powered by Linux