pointer to pointer malloc and manipulation

#include <stdio.h>
#include <stdlib.h>


int main(int开发者_StackOverflow中文版 argc, char * argv[])
{
    char *p[2];
    char **pp = calloc(2, 4);

    p[0] = "ab";
    p[1] = "cd";
//  p[2] = "ef";

    pp[0] = "ab";
    pp[1] = "cd";
    pp[2] = "ef";

    printf("pp: %s, %s, %s\n", pp[0], pp[1], pp[2]);
    printf("size_p: %d\nsize_pp: %d\n", sizeof p, sizeof pp);
}

if 'p[2]' is defined and assigned a value - the resulting behavior is a segfault. if 'pp[2]' is assigned - the output is the following: "ab, cd, ef". 'sizeof' returns 8 (2x4 bytes per pointer) for 'p' and only 4 bytes for 'pp'. why am i being able to assign 'pp[2]', even though it should only be in possession of 8 bytes of allocated memory (that should be able to store only 2 pointer addresses)? also, how does 'sizeof' determine the actual memory size in both of the cases?

p is declared to have two elements, so p[2] does not exist - hence the segfault. Since p is a local array (of pointers), sizeof(p) gives the size of the element type (and the element type is char *, whose size is 4) multiplied by the number of elements (2). pp, on the other hand, is a pointer (to a pointer), not an array, so sizeof(p) is simply the size of a char **, which is the same as the size of any other pointer on a 32-bit machine, namely 4. That the assignment to pp[2] seems to succeed is pure chance - you're writing outside the allocated memory (which only contains space for two char * elements).

By the way, pointers to string literals should be const char *.

With char *p[2]; you allocate 2 char* on the stack. When accessing p[2], you have a buffer overflow and might access any other fings belonging to the stack frame of the current method (some compilers check this in debug mode).

With calloc, you allocate memory in the heap. Accessing pp[2] is (probabely) free memory, you no segfault here. But this memory could also be used by other objects, so this is absolutely not ok!

For size calculation: sizeof(char**) is 4, as is for every 32-bit pointer. sizeof(char*[2]) is 8, because it is 2x4 bytes.

As Aasmund Eldhuset said, p[2] does not exist. p[0] and p[1] are the two elements of the array.

The reason it segfaults for p[2] and not pp[2] is, as I understand it, because p is stored on the stack and pp is stored on the heap. So although you don't own the memory at pp[2], it doesn't seg fault. Instead, it just overwrites god-knows-what and will probably cause your program to misbehave in unpredictable ways.

In general, dynamically allocated memory (such as pp in your example) will not always segfault if you overstep their bounds, whereas statically allocated memory (eg. p) will segfault.