Ronn Ronn - 2 months ago 9
C Question

Understanding concept of array

main()
{
char buffer[6]="hello";
char *ptr3 = buffer +8;
char *str;
for(str=buffer;str <ptr3;str++)
printf("%d \n",str);
}


Here,
ptr3
is pointing out of array bounds. However, if I run this program, I am getting consecutive memory locations (for ex.1000.....1007). So, according to the C standard, a pointer pointing more than one past the array bound is explicitly undefined behavior.

My question is how the above code results in undefined behavior?

Answer

There are multiple occurrences of undefined behavior in your program.

For starters you're calling printf without the required #include <stdio.h>, and main() should be int main(void). That's not what you're asking about, but you should fix it.

char buffer[6]="hello";

This is ok.

char *ptr3 = buffer +8; 

Evaluating the expression buffer +8 has undefined behavior. N1570 6.5.6 specifies the behavior of the + addition operator, and paragraph 8 says:

If both the pointer operand and the result point to elements of the same array object, or one past the last element of the array object, the evaluation shall not produce an overflow; otherwise, the behavior is undefined.

Computing the pointer value by itself has undefined behavior, even if you never dereference it or access its value.

char *str;   
for(str=buffer;str <ptr3;str++)
    printf("%d \n",str);

You're passing a char* value to printf, but %d requires an argument of type int. Passing a value of the wrong type to printf also has undefined behavior.

If you want to print the pointer value, you need to write:

printf("%p\n", (void*)str);

which will likely print the pointer value in hexadecimal, depending on the implementation. (I've removed the unnecessary trailing space.)

When str points to buffer[5], str++ is valid; it causes str to point just past the end of buffer. (Dereferencing str after that would have undefined behavior, but you don't do that.) Incrementing str again after that has undefined behavior. The comparison str < ptr3 also has undefined behavior, since ptr3 has an invalid value -- but you already triggered undefined behavior when you initialized ptr3. so this is just icing on the proverbial cake.

Keep in mind that "undefined behavior" means that the C standard does not define the behavior. It doesn't mean that the program will crash or print an error message. In fact the worst possible consequence of undefined behavior is that the code seems to "work"; it means that you have a bug, but it's going to be difficult to diagnose and fix it.

Comments