Not getting Segmentation Fault in C

Question

here is the c code:

char **s;
s[334]=strdup("test");
printf("%s\n",s[334]);`

i know that strdup does the allocation of "test", but the case s[334] where we will put the pointer to the string "test" is not allocated,however,this code works like a charm

Answer 1

Your code exhibits undefined behavior. That does not mean it will crash. All it means is that you can't predict anything about what will happen.

A crash is rather likely, but not guaranteed at all, in this case.

Answer 2

1. You don't always get segmentation fault if you access uninitialized memory.

2. You do access uninitialized memory here.

Answer 3

"Undefined behaviour" doesn't mean you'll get a segfault, it means you might get a segfault. A conforming implementation might also decide to display ASCII art of a puppy.

You might like to check this code with a tool like Valgrind .

Answer 4

I get a segfault without optimisations, but when compiled with optimisations, gcc doesn't bother with the s at all, it's eliminated as dead code.

gcc -Os -S:

.cfi_startproc
subq    $8, %rsp
.cfi_def_cfa_offset 16
movl    $.LC0, %edi     # .LC0 is where "test" is at
call    strdup
addq    $8, %rsp
.cfi_def_cfa_offset 8
movq    %rax, %rdi
jmp     puts
.cfi_endproc

gcc -S -O (same for -O2, -O3):

.LFB23:
    .cfi_startproc
    subq    $8, %rsp
    .cfi_def_cfa_offset 16
    movl    $5, %edi
    call    malloc
    movq    %rax, %rdi
    testq   %rax, %rax
    je      .L2
    movl    $1953719668, (%rax)
    movb    $0, 4(%rax)
.L2:
    call    puts
    addq    $8, %rsp
    .cfi_def_cfa_offset 8
    ret
    .cfi_endproc

Answer 5

The compiler is too smart for us! It knows that printf("%s\\n", some_string) is exactly the same as puts(some_string) , so it can simplify

char **s;
s[334]=strdup("test");
printf("%s\n",s[334]);

into

char **s;
s[334]=strdup("test");
puts(s[334]);

and then (assuming no UB) that is again equivalent to

puts(strdup("test"));

So, by chance the segment fault didn't happen (this time).