stackoom
  简体   繁体   中英

Allocating less memory than the specified size of a pointer-to-array

 原文  2021-10-31 15:06:43       c/ malloc/ language-lawyer/ pointer-to-array

Question

In C, is it "legal" to under-allocate memory to a pointer-to-array if we then only access elements that fall within the allocated memory? Or does this invoke undefined behavior?

int (*foo)[ 10 ]; //Pointer to array of 10 ints
foo = malloc( sizeof( int ) * 5 ); //Under-allocation! Only enough memory for 5 ints
//Now we only ever access (*foo)[ 0 - 4 ]

If this, in and of itself, is not undefined behavior, then could accessing another, unrelated object whose memory address happens to fall within the address space of unallocated part of the array cause a strict-aliasing violation?

2 answers

solution1
 0  2021-10-31 15:36:08

This is undefined behavior .

foo is supposed to point to an object (or the first of an array of objects) of type int[10] . You don't allocate that much space, so the expression *foo which has type int[10] accesses an object of that type, but doing so reads past the end of an allocated memory segment.

solution2
 0  2021-10-31 18:49:08

As @dbush describes in his answer , an array is defined to be a contiguously allocated non-empty set of objects of the element type (C17 6.2.5/20). Clearly, then, malloc( sizeof( int ) * 5 ) does not allocate enough space for an int[10] .

But I found it difficult to formally support the last part of that answer, claiming that the size differential makes (for example) (*foo)[4] have undefined behavior. That conclusion seems plausible, but where does the standard actually say so?

One of the main problems here is that (dynamically) allocated objects have no declared type, only, under some circumstances, an effective type determined by how they are and have been accessed. (C17 6.5/6 and footnote 88). We do know that on success, malloc(n) returns a pointer to an object of size n (C17 7.22.3.4/2), but how do we attribute undefined behavior specifically to the association with that object of an effective type describing objects of size larger than n ?

I ultimately decided that the best way to connect the dots is as follows. Suppose that o is an allocated object of size n , T is a complete type having sizeof(T) > n , and o is read or written via an lvalue of type T . Then paragraph 6.5/6 attributes effective type T to object o , but because o 's size is insuficient we must conclude that its representation constitutes a trap representation of type T (C17 3.19.4). Paragraph 6.2.6.1/5 then reiterates the definition of "trap representation" and gets us to where we want to go:

Certain object representations need not represent a value of the object type. If the stored value of an object has such a representation and is read by an lvalue expression that does not have character type, the behavior is undefined. If such a representation is produced by a side effect that modifies all or any part of the object by an lvalue expression that does not have character type, the behavior is undefined. Such a representation is called a trap representation.

(Emphasis added.)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Array filling with malloc supposedly allocating less memory than needed Allocating memory for a array to char pointer allocating memory to a pointer of an array of structures C: Pointer-to-array and array of characters Pointer-to-array overlapping end of array Why is array of chars printing one less char than needed after dynamically allocating memory with malloc()? Error on dynamically allocating memory to function pointer array Mechanism of allocating memory for variable size array SDCC and malloc() - allocating much less memory than is available Allocating memory for structured pointer
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM