Need help with malloc in C programming. It is allocating more space than expected

Let me preface this by saying that i am a newbie, and im in a entry level C class at school.

Im writing a program that required me to use malloc and malloc is allocating 8x the space i expect it to in all cases. Even when just to malloc(1), it is allocation 8 bytes instead of 1, and i am confused as to why.

Here is my code I tested with. This should only allow one character to be entered plus the esca开发者_运维技巧pe character. Instead I can enter 8, so it is allocating 8 bytes instead of 1, this is the case even if I just use a integer in malloc(). Please ignore the x variable, it is used in the actual program, but not in this test. :

#include <stdio.h>
#include <string.h>
#include <stdlib.h>


int main (int argc ,char* argv[]){

    int x = 0;
    char *A = NULL;
    A=(char*)malloc(sizeof(char)+1);
    scanf("%s",A);
    printf("%s", A);
    free(A);
    return 0;
}

 A=(char*)malloc(sizeof(char)+1);

is going to allocate at least 2 bytes (sizeof(char) is always 1). I don't understand how you are determining that it is allocating 8 bytes, however malloc is allowed to allocate more memory than you ask for, just never less.

The fact that you can use scanf to write a longer string to the memory pointed to by A does not mean that you have that memory allocated. It will overwrite whatever is there, which may result in your program crashing or producing unexpected results.

malloc is allocating as much memory as you asked for.

If you can read more than the allocated bytes (using scanf) it's because scanf is reading also over the memory you own: it's a buffer overflow.

You should limit the data scanf can read this way:

scanf( "%10s", ... ); // scanf will read a string no longer than 10

Im writing a program that required me to use malloc and malloc is allocating 8x the space i expect it to in all cases. Even when just to malloc(1), it is allocation 8 bytes instead of 1, and i am confused as to why.

Theoretically speaking, the way you do things in the program, is not allocating 8 bytes.

You can still type in 8 bytes (or any number of bytes) because in C there is no check, that you are still using a valid place to write.

What you see is Undefined Behaviour, and the reason for that is that you write in memory that you shouldn't. There is nothing in your code that stops the program after n byte(s) you allocated have been used.

You might get Seg Fault now, or later, or never. This is Undefined Behaviour. Just because it appears to work, does not mean it is right.

Now, Your program could indeed allocate 8 bytes instead of 1.

The reason for that is because of Alignment

The same program might allocate a different size in a different machine and/or a different Operating System.

Also, since you are using C you don't really need to cast. See this for a start.

In your code, there is no limit on how much data you can load in with scanf, leading to a buffer overflow (security flaw/crash). You should use a format string that limits the amount of data read in to the one or two bytes that you allocate. The malloc function will probably allocate some extra space to round the size up, but you should not rely on that.

malloc is allowed to allocate more memory than you ask for. It's only required to provide at least as much as you ask for, or fail if it can't.

using malloc or creating a buffer on the stack will allocate memory in words.

On a 32-bit system the word size is 4 bytes, so when you ask for

A=(char*)malloc(sizeof(char)+1);

(which is essentially A=(char*)malloc(2);

the system will actually give you 4 bytes. On a 64-bit machine you should get 8 bytes.

The way you use scanf there is dangerous as it will overflow the buffer if a string greater than the allocated size leaving a heap overflow vulnerability in your program. scanf in this case will attempt to stuff a string of any length in to that memory so using it to count the allocated size will not work.

What system are you running on? If it's 64 bit, it is possible that the system is allocating the smallest possible unit that it can. 64 bits being 8 bytes.

EDIT: Just a note of interest:

char *s = malloc (1);

Causes 16 bytes to be allocated on iOS 4.2 (Xcode 3.2.5).

If you enter 8 if will just allocate 2 bytes sizeof(char) == 1 (unless you are on some obscure platform) and you will write you number to that char. Then on printf it will output the number you stored in there. So if you store the number 8 it'll display 8 on the command line. It has nothing to do with the count of chars allocated. Unless of course you looked up in a debugger or somewhere else that it is really allocating 8 bytes.

scanf has no idea how big the target buffer actually is. All it knows is the starting address of the buffer. C does no bounds checking, so if you pass it the address of a buffer sized to hold 2 characters, and you enter a string that's 10 characters long, scanf will write those extra 8 characters to the memory following the end of the buffer. This is called a buffer overrun, which is a common malware exploit. For whatever reason, the six bytes immediately following your buffer aren't "important", so you can enter up to 8 characters with no apparent ill effects.

You can limit the number of characters read in a scanf call by including an explicit field width in the conversion specifier:

scanf("%2s", A);

but it's still up to you to make sure that target buffer is large enough to accomodate that width. Unfortunately, there's no way to specify the field width dynamically as there is with printf:

printf("%*s", fieldWidth, string);

because %*s means something completely different in scanf (basically, skip over the next string).

You could use sprintf to build your format string:

sprintf(format, "%%%ds", max_bytes_in_A);
scanf(format, A);

but you have to make sure the buffer format is wide enough to hold the result, etc., etc., etc.

This is why I usually recommend fgets() for interactive input.