malloc question

malloc question

[Randi Botse]

Hi All,

I want to ask malloc() behaviour, consider these codes;

...
char *ptr = malloc(1);
strcpy(ptr, "what");
puts(ptr);
....

Confusingly, the strcpy() copied all bytes to ptr, but I just manage
to allocate ptr only for 1 byte, I guess I will have segfault here,
why this happen? why the string successfully copied into ptr? , is
those code legal?

Randi,

Re: malloc question

[Daniel Baluta]

On Tue, Apr 26, 2011 at 1:33 PM, Randi Botse <nightdecoder@gmail.com> wrote:
> Hi All,
>
> I want to ask malloc() behaviour, consider these codes;
>
> ...
> char *ptr = malloc(1);
> strcpy(ptr, "what");
> puts(ptr);
> ....
>
> Confusingly, the strcpy() copied all bytes to ptr, but I just manage
> to allocate ptr only for 1 byte, I guess I will have segfault here,
> why this happen? why the string successfully copied into ptr? , is
> those code legal?

You didn't get segfault because you were lucky.

Memory is allocated in multiples of page size (usually 4K).
The memory after your allocated byte is valid in your case.

thanks,
Daniel.

Re: malloc question

[ratheesh kannoth]

On Tue, Apr 26, 2011 at 4:10 PM, Daniel Baluta <daniel.baluta@gmail.com> wrote:
> On Tue, Apr 26, 2011 at 1:33 PM, Randi Botse <nightdecoder@gmail.com> wrote:
>> Hi All,
>>
>> I want to ask malloc() behaviour, consider these codes;
>>
>> ...
>> char *ptr = malloc(1);
>> strcpy(ptr, "what");
>> puts(ptr);
>> ....
>>
>> Confusingly, the strcpy() copied all bytes to ptr, but I just manage
>> to allocate ptr only for 1 byte, I guess I will have segfault here,
>> why this happen? why the string successfully copied into ptr? , is
>> those code legal?
>
> You didn't get segfault because you were lucky.
>
> Memory is allocated in multiples of page size (usually 4K).
> The memory after your allocated byte is valid in your case.
>
> thanks,
> Daniel.
> --

U could read a little more about vm_page_struct. ( virtual address
space to  physical page ).  Try below code also for more
clarification.....

    char *ptr = malloc(1);
    strcpy(ptr, "what");
    free(ptr);
    strcpy(ptr, "hell");





> To unsubscribe from this list: send the line "unsubscribe linux-c-programming" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
--
To unsubscribe from this list: send the line "unsubscribe linux-c-programming" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: malloc question

[Daniel Baluta]

On Tue, Apr 26, 2011 at 1:54 PM, ratheesh kannoth
<ratheesh.ksz@gmail.com> wrote:
> On Tue, Apr 26, 2011 at 4:10 PM, Daniel Baluta <daniel.baluta@gmail.com> wrote:
>> On Tue, Apr 26, 2011 at 1:33 PM, Randi Botse <nightdecoder@gmail.com> wrote:
>>> Hi All,
>>>
>>> I want to ask malloc() behaviour, consider these codes;
>>>
>>> ...
>>> char *ptr = malloc(1);
>>> strcpy(ptr, "what");
>>> puts(ptr);
>>> ....
>>>
>>> Confusingly, the strcpy() copied all bytes to ptr, but I just manage
>>> to allocate ptr only for 1 byte, I guess I will have segfault here,
>>> why this happen? why the string successfully copied into ptr? , is
>>> those code legal?
>>
>> You didn't get segfault because you were lucky.
>>
>> Memory is allocated in multiples of page size (usually 4K).
>> The memory after your allocated byte is valid in your case.
>>
>> thanks,
>> Daniel.
>> --
>
> U could read a little more about vm_page_struct. ( virtual address
> space to  physical page ).

Can you elaborate on this?

Daniel.
--
To unsubscribe from this list: send the line "unsubscribe linux-c-programming" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: malloc question

[ratheesh kannoth]

On Tue, Apr 26, 2011 at 4:27 PM, Daniel Baluta <daniel.baluta@gmail.com> wrote:
> On Tue, Apr 26, 2011 at 1:54 PM, ratheesh kannoth
> <ratheesh.ksz@gmail.com> wrote:
>> On Tue, Apr 26, 2011 at 4:10 PM, Daniel Baluta <daniel.baluta@gmail.com> wrote:
>>> On Tue, Apr 26, 2011 at 1:33 PM, Randi Botse <nightdecoder@gmail.com> wrote:
>>>> Hi All,
>>>>
>>>> I want to ask malloc() behaviour, consider these codes;
>>>>
>>>> ...
>>>> char *ptr = malloc(1);
>>>> strcpy(ptr, "what");
>>>> puts(ptr);
>>>> ....
>>>>
>>>> Confusingly, the strcpy() copied all bytes to ptr, but I just manage
>>>> to allocate ptr only for 1 byte, I guess I will have segfault here,
>>>> why this happen? why the string successfully copied into ptr? , is
>>>> those code legal?
>>>
>>> You didn't get segfault because you were lucky.
>>>
>>> Memory is allocated in multiples of page size (usually 4K).
>>> The memory after your allocated byte is valid in your case.
>>>
>>> thanks,
>>> Daniel.
>>> --
>>
>> U could read a little more about vm_page_struct. ( virtual address
>> space to  physical page ).
>
> Can you elaborate on this?
>
> Daniel.
>

Daniel,

Note: Pls read Linux Kernel internals 2.6.


malloc() and free() works on virtual address space.

malloc(1)           - this allotes a virtual address space of 4k.

strcpy(ptr, "what" ) -    the 4k virtual address is mapped to a 4k
page frame thru page fault exception. Now you have a valid virtual
address of 4k.

free(ptr)              - tells OS that  this virtual address space (
4k )  can be reallotted if there is a need . But  each program has a
virtual address space of 3GB ( 32 bit
                                   ,4GB minus 1GB (kernel) ).  SO ptr
is a valid pointer unless
                                                   1) vitual address
space is realloted.
                                                   2) page frame is
realloted for some other page ( LRU algorithm )
so if ptr is valid , you could do  following

 *(ptr ++ ), *ptr ... etc .


-ratheesh
--
To unsubscribe from this list: send the line "unsubscribe linux-c-programming" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: malloc question

[Glynn Clements]

Randi Botse wrote:

> I want to ask malloc() behaviour, consider these codes;
> 
> ...
> char *ptr = malloc(1);
> strcpy(ptr, "what");
> puts(ptr);
> ....
> 
> Confusingly, the strcpy() copied all bytes to ptr, but I just manage
> to allocate ptr only for 1 byte, I guess I will have segfault here,
> why this happen? why the string successfully copied into ptr? ,

libc typically requests memory from the kernel in large chunks, then
uses portions of this memory to satisfy malloc() requests. The memory
following the allocated block is likely to be valid (i.e. accessing it
won't cause a segfault), but it may have been allocated to something
else, or it may be allocated to something else in the future.

> is those code legal?

No. Any memory following the one byte block which you requested will
be deemed available for use by other parts of the code.

If you modify memory immediately beyond the end of a malloc()d block,
the most common result is corruption of the heap's internal data,
resulting in a subsequent malloc(), realloc(), free() etc call
crashing.

For such a small string, you'll typically get away with it, as any
practical malloc() implementation will align blocks to at least a word
boundary and probably more (e.g. GNU libc uses 16-byte boundaries to
ensure that a "long double" won't straddle a page boundary), so there
will be some padding between the end of the allocated block and any
following block.

-- 
Glynn Clements <glynn@gclements.plus.com>