开发者

segfault with array

I have two questions regarding array:

First one is regarding following code:

int a[30];  //1
a[40]=1;   //2

why isn't the line 2 giving segfault, it should give because array has been allocated only 30 int space and any dereferencing outsi开发者_高级运维de its allocated space should give segfault.

Second: assuming that above code works is there any chance that a[40] will get over written, since it doesn't come is the reserved range of arrray.

Thanks in advance.


That's undefined behavior - it may crash, it may silently corrupt data, it may produce no observable results, anything. Don't do it.

In your example the likely explanation is that the array is stack-allocated and so there's a wide range of addresses around the array accessible for writing, so there're no immediate observable results. However depending on how (which direction - to larger addresses or to smaller addresses) the stack grows on your system this might overwrite the return address and temporaries of functions up the call stack and this will crash your program or make it misbehave when it tries to return from the function.


For performance reason, C will not check array size each time you access it. You could also access elements via direct pointers in which case there is no way to validate the access. SEGFAULT will happen only if you are out of the memory allocated to your process.

For 2nd question, yes it can be overwritten as this memory is allocated to your process and is possibly used by other variables.


It depends on where has the system allocated that array, if by casuality position 40 is in an operative system reserved memory then you will receive segfault.


Your application will crash only if you do something illegal for the rest of your system: if you try and access a virutal memory address that your program doesn't own, what happens is that your hardware will notice that, will inform your operating system, and it will kill your application with a segmentation fault: you accessed a memory segment you were not supposed to.

However if you access a random memory address (which is what you did: for sure a[40] is outside of your array a, but it could be wherever), you could access a valid memory cell (which is what happened to you).

This is an error: you'll likely overwrite some memory area your program owns, thus risking to break your program elsewhere, but the system cannot know if you accessed it by purpose or by mistake and won't kill you.

Programs written in managed languages (ie: programs that run in a protected environment checking anything) would notice your erroneous memory access, but C is not a managed language: you're free to do whatever you want (as soon as you don't create problems to the rest of the system).


The reason line 2 works and doesn't throw a segfault is because in C/C++, arrays are pointers. So your array variable a points to some memory address e.g. 1004. The array syntax tells your program how many bytes down from the location of a to look for an array element.

This means that

printf("%p", a);
// prints out "1004"

and

printf("%p", a[0]);
// prints out "1004"

should print the same value.

However,

printf("%p", a[40]);
// prints out "1164"

returns the memory address that is sizeof(int) * 40 down from the address of a.


Yes, it will eventually be overwritten.

If you malloc the space, you should get a segfault (or at least I believe so), but when using an array without allocating space, you'll be able to overwrite memory for a while. It will crash eventually, possibly when the program does an array size check or maybe when you hit a memory block reserved for something else (not sure what's going on under the hood).

Funny thing is that, IIRC, efence won't catch this either :D.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜