By Lundin


2016-05-31 15:17:37 8 Comments

This question is meant to be used as reference for all frequently asked questions of the nature:

Why do I get a mysterious crash or "segmentation fault" when I copy/scan data to the address where an uninitialised pointer points to?

For example:

char* ptr;
strcpy(ptr, "hello world"); // crash here!

or

char* ptr;
scanf("%s", ptr); // crash here!

5 comments

@Antti Haapala 2019-08-08 09:27:04

For making a modifiable copy of a string, instead of using malloc, strlen and strcpy, the POSIX C library has a handy function called strdup in <string.h> that will return a copy of the passed-in null-terminated string with allocated storage duration. After use the pointer should be released with free:

char* ptr;
ptr = strdup("hello world");
ptr[0] = 'H';
puts(ptr);
free(ptr);

@Lundin 2019-08-08 09:37:13

Please note however that strdup isn't standard C and not necessarily portable.

@Antti Haapala 2019-08-08 09:47:20

@Lundin it is conforming to an ISO standard, but not the C standard yes. As for portability, that's what the P in POSIX stands for.

@Lundin 2019-08-08 13:06:13

Which doesn't matter the slightest when you aren't working in a PC environment.

@Lundin 2016-05-31 15:17:37

A pointer is a special type of variable, which can only contain an address of another variable. It cannot contain any data. You cannot "copy/store data into a pointer" - that doesn't make any sense. You can only set a pointer to point at data allocated elsewhere.

This means that in order for a pointer to be meaningful, it must always point at a valid memory location. For example it could point at memory allocated on the stack:

{
  int data = 0;
  int* ptr = &data;
  ...
}

Or memory allocated dynamically on the heap:

int* ptr = malloc(sizeof(int));

It is always a bug to use a pointer before it has been initialized. It does not yet point at valid memory.

These examples could all lead to program crashes or other kinds of unexpected behavior, such as "segmentation faults":

/*** examples of incorrect use of pointers ***/

// 1.
int* bad;
*bad = 42;

// 2.
char* bad;
strcpy(bad, "hello");

Instead, you must ensure that the pointer points at (enough) allocated memory:

/*** examples of correct use of pointers ***/

// 1.
int var;
int* good = &var;
*good = 42;

// 2.
char* good = malloc(5 + 1); // allocates memory for 5 characters *and*  the null terminator
strcpy(good, "hello");

Note that you can also set a pointer to point at a well-defined "nowhere", by letting it point to NULL. This makes it a null pointer, which is a pointer that is guaranteed not to point at any valid memory. This is different from leaving the pointer completely uninitialized.

int* p1 = NULL; // pointer to nowhere
int* p2;        // uninitialized pointer, pointer to "anywhere", cannot be used yet

Yet, should you attempt to access the memory pointed at by a null pointer, you can get similar problems as when using an uninitialized pointer: crashes or segmentation faults. In the best case, your system notices that you are trying to access the address null and then throws a "null pointer exception".

The solution for null pointer exception bugs is the same: you must set the pointer to point at valid memory before using it.


Further reading:

Pointers pointing at invalid data
How to access a local variable from a different function using pointers?
Can a local variable's memory be accessed outside its scope?

Segmentation fault and causes
What is a segmentation fault?
Why do I get a segmentation fault when writing to a string initialized with "char *s" but not "char s[]"?
What is the difference between char s[] and char *s?
Definitive List of Common Reasons for Segmentation Faults
What is a bus error?

@Lundin 2016-05-31 15:18:56

These kind of bugs are very commonly written both by beginners who have yet not grasped what pointers are or how they work. So please note that the intention of this community wiki is therefore to keep explanations on a basic level. If you wish to leave more advanced answers with references to the C standard etc, kindly post a different answer to the question.

@too honest for this site 2016-05-31 15:22:55

"It cannot contain any data." - Hmm, actually the address is its data.

@Lundin 2016-05-31 15:25:10

@Olaf Keep things basic here, please :) This is intended for beginners. Though... if an address is data, then why does a CPU have both an address bus and a data bus?

@too honest for this site 2016-05-31 15:26:42

Does it read the contents of a pointer variable from the address bus? ;-) (And e.g. PCIe uses a packet/command format, no classical address/data bus mechanism). There also were RAM designs that way (remember RAMBUS?) Anyway, I'm fine with the answer, should suffice for beginners. Just leave the comments if they are interested to get deeper into it.

@WhozCraig 2016-05-31 15:43:08

Note on the last example: one doesn't need to dereference the pointer to exhibit undefined behavior. Like anything else, indeterminate content (the case of value for p2) by its very nature invokes undefined behavior when even evaluated, much-less furthering the madness by dereferencing. Yes it is a different problem, but tightly related. In summary, the statement "It is always a bug to use a pointer before it has been initialized." is true, but "use" is not limited to only dereferencing.

@too honest for this site 2016-05-31 17:16:48

@WhozCraig: I disagree partially. int (*p)[10] = malloc(sizeof(*p)); is perfectly valid and a typical ideom.

@WhozCraig 2016-05-31 17:25:47

@Olaf honestly, not sure how that relates to my comment at all

@too honest for this site 2016-05-31 17:34:04

@WhozCraig: "It is always a bug to use a pointer before it has been initialized." is true, but "use" is not limited to only dereferencing."

@M.M 2016-06-01 05:12:48

"These examples all lead to program crashes or other kinds of unexpected behavior" - sometimes it works "as expected", people post questions asking why their invalid pointer access doesn't crash when they thought it would

@anoopknr 2018-07-17 17:42:53

This happens because you have not allocated memory for the pointer char* ptr . In this case you have to dynamically allocate memory for the pointer.

Two functions malloc() and calloc() can be used for dynamic memory allocation.

Try this code :-

char* ptr;
ptr = malloc(50); // allocate space for 50 characters.
strcpy(ptr, "hello world");

When the use of *ptr over don't forget to deallocate memory allocated for *ptr .This can be done using free() function.

free(ptr);  // deallocating memory.

Size of dynamically allocated memory can be changed by using realloc().

char *tmp = realloc(ptr, 100); // allocate space for 100 characters.
if (! tmp) {
    // reallocation failed, ptr not freed
    perror("Resize failed");
    exit(1);       
}
else {
    // reallocation succeeded, old ptr freed
    ptr = tmp;
}

In most cases "segmentation fault" happens due to error in memory allocation or array out of bound cases.

@Leonard Lepadatu 2019-01-19 16:28:51

Is not this case, but one situation that frequently occur in the beginning is when using single quotes and try to define a string literal like:

char ptr[5];
strcpy(ptr, 'hello'); // crash here!
            ^     ^   // because of ' instead "

In C 'h' is a single character literal, while "h" is a string literal containing an 'h' and a null terminator /0 (that is a 2 char array). Also, in C, the type of a character literal is , that is sizeof 'h' is 4 (on 32bit), while sizeof(char) is 1.

char h = 'h';
printf("Size: %d\n",sizeof(h));     //Size: 1
printf("Size: %d\n",sizeof('h'));   //Size: 4

@lonesomecodeboy 2017-01-20 11:42:18

  1. Pointers only point to a memory location. You created a pointer but you did not bind to a memory location yet. strcpy wants you to pass two pointers (first one mustn't be constant) that point to two character arrays like this signature:

    char * strcpy ( char * destination, const char * source );
    

    sample usage:

    char* ptr = malloc(32);  
    strcpy(ptr, "hello world");
    
    char str[32];  
    strcpy(str, "hello world");
    
  2. You can try the following code snippet to read string until reaching newline character (*you can also add other whitespace characters like "%[^\t\n]s"(tab, newline) or "%[^ \t\n]s" (space, tab, newline)).

    char *ptr = malloc(32);
    scanf("%31[^\n]", ptr);
    

    (In real life, don't forget to check the return value from scanf()!)

Related Questions

Sponsored Content

3 Answered Questions

[SOLVED] Segmentation Fault in C dereferencing pointers

2 Answered Questions

[SOLVED] Arrays and pointer : segmentation fault

1 Answered Questions

1 Answered Questions

Copying data between two struct pointers giving segmentation fault

4 Answered Questions

[SOLVED] Segmentation fault - char pointer

3 Answered Questions

[SOLVED] Segmentation fault when pointer is local

Sponsored Content