Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > C Programming > malloced union member

Reply
Thread Tools

malloced union member

 
 
rohit
Guest
Posts: n/a
 
      05-19-2004
Hi,

Iam confused as to when is the memory freed in this program.

#include <stdlib.h>
#include <stdio.h>
#include <string.h>

union test{
char *i;
char *ch;
};

int main()
{
union test test;
test.ch = malloc(6);
strcpy(test.ch,"hello");
printf("test.i == %s test.ch == %s test.i == [%p] test.ch ==
[%p]\n",test.i,test.ch,test.i,test.ch);
free(test.i);
printf("test.i == %s test.ch == %s test.i == [%p] test.ch ==
[%p]\n",test.i,test.ch,test.i,test.ch);
free(test.ch);
printf("test.i == %s test.ch == %s test.i == [%p] test.ch ==
[%p]\n",test.i,test.ch,test.i,test.ch);

return 0;
}

And the output I get from my solaris box is :
test.i == hello test.ch == hello test.i == [209b8] test.ch == [209b8]
test.i == hello test.ch == hello test.i == [209b8] test.ch == [209b8]
test.i == hello test.ch == hello test.i == [209b8] test.ch == [209b8]

regards
rohitash
 
Reply With Quote
 
 
 
 
Richard Bos
Guest
Posts: n/a
 
      05-19-2004
http://www.velocityreviews.com/forums/(E-Mail Removed) (rohit) wrote:

> Iam confused as to when is the memory freed in this program.
>
> union test{
> char *i;
> char *ch;
> };
>
> int main()
> {
> union test test;
> test.ch = malloc(6);
> strcpy(test.ch,"hello");
> printf("test.i == %s test.ch == %s test.i == [%p] test.ch ==
> [%p]\n",test.i,test.ch,test.i,test.ch);
> free(test.i);


It is free()d here...

> printf("test.i == %s test.ch == %s test.i == [%p] test.ch ==
> [%p]\n",test.i,test.ch,test.i,test.ch);


....so this statement invokes undefined behaviour.

> test.i == hello test.ch == hello test.i == [209b8] test.ch == [209b8]
> test.i == hello test.ch == hello test.i == [209b8] test.ch == [209b8]
> test.i == hello test.ch == hello test.i == [209b8] test.ch == [209b8]


Yes, appearing to work as "normal" is one of the legal results of
undefined behaviour. Should you now be tempted to abuse this feature,
beware! Appearing to work as normal on your testing machines but
crashing spectacularly on your customer's network is _also_ a legal
result of UB...

Richard
 
Reply With Quote
 
 
 
 
Stephen L.
Guest
Posts: n/a
 
      05-19-2004
rohit wrote:
>
> Hi,
>
> Iam confused as to when is the memory freed in this program.
>
> #include <stdlib.h>
> #include <stdio.h>
> #include <string.h>
>
> union test{
> char *i;
> char *ch;
> };
>
> int main()
> {
> union test test;
> test.ch = malloc(6);
> strcpy(test.ch,"hello");
> printf("test.i == %s test.ch == %s test.i == [%p] test.ch ==
> [%p]\n",test.i,test.ch,test.i,test.ch);
> free(test.i);


Why are you `free()'ing "test.i" here?
You allocated the memory to "test.ch"
(even though both elements of the union
happen to contain the same pointer value,
that's a very bad practice).

> printf("test.i == %s test.ch == %s test.i == [%p] test.ch ==
> [%p]\n",test.i,test.ch,test.i,test.ch);
> free(test.ch);


You got lucky here. You've `free()'d the same
pointer value _twice_. You've corrupted your heap.

> printf("test.i == %s test.ch == %s test.i == [%p] test.ch ==
> [%p]\n",test.i,test.ch,test.i,test.ch);
>
> return 0;
> }
>
> And the output I get from my solaris box is :
> test.i == hello test.ch == hello test.i == [209b8] test.ch == [209b8]
> test.i == hello test.ch == hello test.i == [209b8] test.ch == [209b8]
> test.i == hello test.ch == hello test.i == [209b8] test.ch == [209b8]
>
> regards
> rohitash


It looks like you're expecting the call to `free()'
to somehow change the contents of the object the
pointer was pointing to, or even the pointer itself.
The value of a pointer after a call to `free()'
is indeterminate.

In this particular case, you were able to dereference
the pointer and it still contained your original
value. This is dumb luck.

To answer your question, the memory obtained by
a call to `malloc()' is "free" at the point of entry
into the call to `free()'. "free" is a non-specific
term, however, and should be taken to mean that it
is not "free" for your program to access any longer.
Some architectues may generate an error accessing
the memory through that pointer, some may do nothing,
and some may give the _appearence_ that the memory
is still valid and contains valid data (as on your
Solaris box).


HTH,

Stephen
 
Reply With Quote
 
Richard Bos
Guest
Posts: n/a
 
      05-19-2004
"Stephen L." <(E-Mail Removed)> wrote:

> rohit wrote:
> > printf("test.i == %s test.ch == %s test.i == [%p] test.ch ==
> > [%p]\n",test.i,test.ch,test.i,test.ch);
> > free(test.ch);

>
> You got lucky here. You've `free()'d the same
> pointer value _twice_. You've corrupted your heap.


You don't know this. It invokes undefined behaviour; this _may_ mean
corrupting his heap, but it may also mean ignoring the statement,
crashing with a segmentation fault, or mailing his resume to
(E-Mail Removed).

Richard
 
Reply With Quote
 
Stephen L.
Guest
Posts: n/a
 
      05-19-2004
Richard Bos wrote:
>
> "Stephen L." <(E-Mail Removed)> wrote:
>
> > rohit wrote:
> > > printf("test.i == %s test.ch == %s test.i == [%p] test.ch ==
> > > [%p]\n",test.i,test.ch,test.i,test.ch);
> > > free(test.ch);

> >
> > You got lucky here. You've `free()'d the same
> > pointer value _twice_. You've corrupted your heap.

>
> You don't know this. It invokes undefined behaviour; this _may_ mean
> corrupting his heap, but it may also mean ignoring the statement,
> crashing with a segmentation fault, or mailing his resume to ...
>
> Richard


man malloc(3c) for details.

Posters who have identified this behavioral
aspect of `free()' have usually noted it by stating
that their (next) `malloc()'/`free()' core dumps.

The second call to `free()' with the same pointer
value as before qualifies as a "random" value.

"Undefined results will occur if the space assigned by
malloc() is overrun or if some random number is
passed to free()."

-Solaris 8 man page

It _doesn't_ say, "and BTW, the heap is fine."
A reasonable and valid conclusion based on the facts
as presented in the man page (along with other sources)
is that the heap, after a `free()'ing the same
pointer twice, is not usable, even if `free()'
seemed to return okay. I see nothing in the man
page(s) which would bring me to any of the
conclusions you've arrived at - why are posters
trying to DEFINE undefined behavior?

I think it's important to try to answer the OP's
question at the level (not in a condescending manner)
that it is asked. The OP didn't say he was using
any special implementation of `malloc()' (there
are versions out there that perform allocation
using much more sophisticated rules and memory models),
so it was reasonable to assume he was using the
"standard malloc-from-the-heap implementation".
If I was wrong, I'd expect the OP to repost
with a clarification - that's how the dialog
should continue.

But providing garbage answers like "mailing his
resume to ..." really hurt the credibility of
the group as a whole, IMHO.


Stephen
 
Reply With Quote
 
Dan Pop
Guest
Posts: n/a
 
      05-19-2004
In <(E-Mail Removed)> (E-Mail Removed) (Richard Bos) writes:

>(E-Mail Removed) (rohit) wrote:
>
>> Iam confused as to when is the memory freed in this program.
>>
>> union test{
>> char *i;
>> char *ch;
>> };
>>
>> int main()
>> {
>> union test test;
>> test.ch = malloc(6);
>> strcpy(test.ch,"hello");
>> printf("test.i == %s test.ch == %s test.i == [%p] test.ch ==
>> [%p]\n",test.i,test.ch,test.i,test.ch);
>> free(test.i);

>
>It is free()d here...


Nope, this call merely invokes undefined behaviour.

Dan
--
Dan Pop
DESY Zeuthen, RZ group
Email: (E-Mail Removed)
 
Reply With Quote
 
Dan Pop
Guest
Posts: n/a
 
      05-19-2004
In <(E-Mail Removed) > (E-Mail Removed) (rohit) writes:

>Iam confused as to when is the memory freed in this program.


What else could you expect from a bogus program?

>#include <stdlib.h>
>#include <stdio.h>
>#include <string.h>
>
>union test{
> char *i;
> char *ch;
>};


What is the point of this union?

>int main()
>{
> union test test;
> test.ch = malloc(6);
> strcpy(test.ch,"hello");
> printf("test.i == %s test.ch == %s test.i == [%p] test.ch ==
>[%p]\n",test.i,test.ch,test.i,test.ch);


Undefined behaviour: you can't evaluate test.i after initialising test.ch
as they have incompatible types that can't be aliased.

> free(test.i);


Undefined behaviour, for the same reason as above.

> printf("test.i == %s test.ch == %s test.i == [%p] test.ch ==
>[%p]\n",test.i,test.ch,test.i,test.ch);


Undefined behaviour.

> free(test.ch);


Undefined behaviour. This call would have been correct as the *first*
free call. Now, it is too late...

> printf("test.i == %s test.ch == %s test.i == [%p] test.ch ==
>[%p]\n",test.i,test.ch,test.i,test.ch);


Undefined behaviour.

> return 0;
>}
>
>And the output I get from my solaris box is :
>test.i == hello test.ch == hello test.i == [209b8] test.ch == [209b8]
>test.i == hello test.ch == hello test.i == [209b8] test.ch == [209b8]
>test.i == hello test.ch == hello test.i == [209b8] test.ch == [209b8]


There is no way to get any enlightment from the output of a meaningless
program. Instead of wasting your time writing and executing junk code,
read the FAQ!

Dan
--
Dan Pop
DESY Zeuthen, RZ group
Email: (E-Mail Removed)
 
Reply With Quote
 
Lew Pitcher
Guest
Posts: n/a
 
      05-20-2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dan Pop wrote:
| In <(E-Mail Removed) > (E-Mail Removed)
(rohit) writes:
|
|
|>Iam confused as to when is the memory freed in this program.
|
|
| What else could you expect from a bogus program?
|
|
|>#include <stdlib.h>
|>#include <stdio.h>
|>#include <string.h>
|>
|>union test{
|> char *i;
|> char *ch;
|>};
|
|
| What is the point of this union?
|
|
|>int main()
|>{
|> union test test;
|> test.ch = malloc(6);
|> strcpy(test.ch,"hello");
|> printf("test.i == %s test.ch == %s test.i == [%p] test.ch ==
|>[%p]\n",test.i,test.ch,test.i,test.ch);
|
|
| Undefined behaviour: you can't evaluate test.i after initialising test.ch
| as they have incompatible types that can't be aliased.

Dan, I'm confused.

Given the OP's union, I don't understand how test.i and test.ch can have
"incompatable types that can't be aliased".

AFAICT, test.i is a pointer to char, and test.ch is a pointer to char. To me,
those don't look like "incompatable types".

Did I read something wrong? Could you clear up my misunderstanding?



[snip]

- --
Lew Pitcher

Master Codewright & JOAT-in-training | GPG public key available on request
Registered Linux User #112576 (http://counter.li.org/)
Slackware - Because I know what I'm doing.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFArBfkagVFX4UWr64RAsM8AJ4gHH989fW30y+lOcUSGE JEULytjgCeNOQ8
8O8w2bmyTSUPcpD6qVJYaAk=
=u+rD
-----END PGP SIGNATURE-----
 
Reply With Quote
 
Neil Kurzman
Guest
Posts: n/a
 
      05-20-2004


rohit wrote:

> Hi,
>
> Iam confused as to when is the memory freed in this program.
>
> #include <stdlib.h>
> #include <stdio.h>
> #include <string.h>
>
> union test{
> char *i;
> char *ch;
> };
>
> int main()
> {
> union test test;
> test.ch = malloc(6);
> strcpy(test.ch,"hello");
> printf("test.i == %s test.ch == %s test.i == [%p] test.ch ==
> [%p]\n",test.i,test.ch,test.i,test.ch);
> free(test.i);
> printf("test.i == %s test.ch == %s test.i == [%p] test.ch ==
> [%p]\n",test.i,test.ch,test.i,test.ch);
> free(test.ch);
> printf("test.i == %s test.ch == %s test.i == [%p] test.ch ==
> [%p]\n",test.i,test.ch,test.i,test.ch);
>
> return 0;
> }
>
> And the output I get from my solaris box is :
> test.i == hello test.ch == hello test.i == [209b8] test.ch == [209b8]
> test.i == hello test.ch == hello test.i == [209b8] test.ch == [209b8]
> test.i == hello test.ch == hello test.i == [209b8] test.ch == [209b8]
>
> regards
> rohitash


The memory is "freed" when you call free(). free() lets the system know
that the memory is not used. It does not have to erase it. So you can
still look at it (on you system). But other systems may not let you look
at memory you do not own. freeing memory you do not own is never good.
it is a good idea to set you pointers to NULL after free() you can then
check them for NULL to insure you do not use pointers that no loner
pointing to memory you own.


 
Reply With Quote
 
Dan Pop
Guest
Posts: n/a
 
      05-21-2004
In <lJUqc.30066$(E-Mail Removed)> Lew Pitcher <(E-Mail Removed)> writes:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Dan Pop wrote:
>| In <(E-Mail Removed) > (E-Mail Removed)
>(rohit) writes:
>|
>|
>|>Iam confused as to when is the memory freed in this program.
>|
>|
>| What else could you expect from a bogus program?
>|
>|
>|>#include <stdlib.h>
>|>#include <stdio.h>
>|>#include <string.h>
>|>
>|>union test{
>|> char *i;
>|> char *ch;
>|>};
>|
>|
>| What is the point of this union?
>|
>|
>|>int main()
>|>{
>|> union test test;
>|> test.ch = malloc(6);
>|> strcpy(test.ch,"hello");
>|> printf("test.i == %s test.ch == %s test.i == [%p] test.ch ==
>|>[%p]\n",test.i,test.ch,test.i,test.ch);
>|
>|
>| Undefined behaviour: you can't evaluate test.i after initialising test.ch
>| as they have incompatible types that can't be aliased.
>
>Dan, I'm confused.
>
>Given the OP's union, I don't understand how test.i and test.ch can have
>"incompatable types that can't be aliased".
>
>AFAICT, test.i is a pointer to char, and test.ch is a pointer to char. To me,
>those don't look like "incompatable types".
>
>Did I read something wrong? Could you clear up my misunderstanding?


My mistake, I interpreted test.ch as having the type pointer to char and
test.i pointer to int, despite the fact that I have actually looked at the
union definition....

Dan
--
Dan Pop
DESY Zeuthen, RZ group
Email: (E-Mail Removed)
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Dynamic multidimensional array, deallocation of pointer not malloced.. welch.ryan@gmail.com C++ 18 05-13-2007 11:51 PM
Deallocation of a pointer not malloced, any tips? Kumar McMillan Python 0 04-19-2007 09:20 PM
Do I need to free all memory that is malloced? karthik.nar@gmail.com C Programming 21 09-29-2005 10:03 PM
union in struct without union name Peter Dunker C Programming 2 04-26-2004 07:23 PM
map XML union to C union (and vice-versa) Matt Garman XML 1 04-25-2004 12:40 AM



Advertisments