What happens if I try to access memory beyond a malloc()’d region?

by

What is keeping me from writing into the memory location beyond 81 units?

Nothing. However, doing this results in undefined behaviour. This means anything can happen, and you shouldn’t depend on it doing the same thing twice. 99.999% of the time this is a bug.

What can I do to prevent that?

Always check that your pointers are within bounds before accessing (reading from or writing to) them. Always make sure strings end with \0 when passing to string functions.

You can use debugging tools such as valgrind to assist you in locating bugs related to out-of-bounds pointer and array access.

stdlib’s approach

For your code, you can have utstrncat which acts like utstrcat but takes a maximum size (i.e. the size of the buffer).

stdc++’s approach

You can also create an array struct/class or use std::string in C++. For example:

typedef struct UtString {
    size_t buffer_size;
    char *buffer;
} UtString;

Then have your functions operate on that instead. You can even have dynamic reallocation using this technique (but that doesn’t seem to be what you want).

End-of-buffer marker approach

Another approach is to have an end of buffer marker, similar to the end of string marker. When you encounter the marker, don’t write to that place or one before it (for the end of string marker) (or you can reallocate the buffer so there’s more room).

For example, if you have "hello world\0xxxxxx\1" as a string (where \0 is the end of string marker, \1 is the end of buffer marker, and the x are random data). appending " this is fun" would look like the following:

hello world\0xxxxxx\1
hello world \0xxxxx\1
hello world t\0xxxx\1
hello world th\0xxx\1
hello world thi\0xx\1
hello world this\0x\1
hello world this \0\1
*STOP WRITING* (next bytes are end of string then end of buffer)

Your problem

The problem with your code is here:

  if ((i+j-1) == 20)
   return s;

Although you are stopping before overrunning the buffer, you are not marking the end of the string.

Instead of returning, you can use break to end the for loop prematurely. This will cause the code after the for loop to run. This sets the end of string marker and returns the string, which is what you want.

In addition, I fear there may be a bug in your allocation. You have + 1 to allocate the size before the string, correct? There’s a problem: unsigned is usually not 1 character; you will need + sizeof(unsigned) for that. I would also write utget_buffer_size and utset_buffer_size so you can make changes more easily.

More Related Contents:

  1. How can I get the size of an array from a pointer in C?
  2. Why is malloc not “using up” the memory on my computer?
  3. How to dynamically allocate memory space for a string and get that string from user?
  4. Create a wrapper function for malloc and free in C
  5. Maximum memory which malloc can allocate
  6. Explain this implementation of malloc from the K&R book
  7. malloc implementation?
  8. Why do I get different results when I dereference a pointer after freeing it?
  9. How do I free memory in C?
  10. Why do you specify the size when using malloc in C?
  11. C: Correctly freeing memory of a multi-dimensional array
  12. Is freeing allocated memory needed when exiting a program in C
  13. Why exactly should I not call free() on variables not allocated by malloc()?
  14. convert malloc to new c++ for struct
  15. What’s the difference between a VLA and dynamic memory allocation via malloc?
  16. Should I free memory before exit?
  17. Freaky way of allocating two-dimensional array?
  18. Function to dynamically allocate matrix
  19. Include source code of malloc.c in gdb?
  20. Can I rely on malloc returning NULL?
  21. How to initialize const in a struct in C (with malloc)
  22. Is it good practice to free a NULL pointer in C? [duplicate]
  23. If free() knows the length of my array, why can’t I ask for it in my own code?
  24. C: pointer to array of pointers to structures (allocation/deallocation issues)
  25. Is calloc(4, 6) the same as calloc(6, 4)?
  26. How are we able to access the pointer after deallocating the memory?
  27. Minimizing the amount of malloc() calls improves performance?
  28. new, delete ,malloc & free
  29. functions returning char pointer
  30. zero size malloc [duplicate]

Leave a Comment