BulkData structure is this:

#define MAXSIZE 64
typedef struct bulk_data
{
        char data[MAXSIZE];
        struct bulk_data * next;
}BulkData;

In my program, I'm mallocing a pointer in 16 bytes:

BulkData * bdWaitingToBeCopied = malloc(16);
bdWaitingToBeCopied->next = NULL;

So, is this a overflow?
And another question: if it is, could this kind of overflows make inconsistencies further in the program, like returning out of bounds addresses?

Recommended Answers

All 9 Replies

For sure it is an overflow waiting to happen.
You can't just invent sizes and hope that it will all work out, it won't.

If you want to be sure that all your allocs are correct, then use this form. p = malloc ( num * sizeof *p ); where
p is your pointer
num is how many of them you want.
It might look like you're dereferencing an uninitialised pointer, but you're not. This is a compile-time dereference through the types by the compiler, not a run-time dereference through memory by the running program.

Also, since you don't mention the name of the type, there's no chance of screwing up the sizeof by doing something like this int *bad = malloc ( 10 * sizeof(char) ); which would result in a buffer overflow, and no chance of detecting the problem at compile time.


So in this case BulkData * bdWaitingToBeCopied = malloc( sizeof *bdWaitingToBeCopied ); would be a good call.

> if it is, could this kind of overflows make inconsistencies further in the program
Absolutely. Since your p->next = NULL; isn't in the memory you allocated, then it's likely to be in someone else's memory, and you've just trashed it.

For sure it is an overflow waiting to happen.
You can't just invent sizes and hope that it will all work out, it won't.

If you want to be sure that all your allocs are correct, then use this form. p = malloc ( num * sizeof *p ); where
p is your pointer
num is how many of them you want.
It might look like you're dereferencing an uninitialised pointer, but you're not. This is a compile-time dereference through the types by the compiler, not a run-time dereference through memory by the running program.

Also, since you don't mention the name of the type, there's no chance of screwing up the sizeof by doing something like this int *bad = malloc ( 10 * sizeof(char) ); which would result in a buffer overflow, and no chance of detecting the problem at compile time.


So in this case BulkData * bdWaitingToBeCopied = malloc( sizeof *bdWaitingToBeCopied ); would be a good call.

> if it is, could this kind of overflows make inconsistencies further in the program
Absolutely. Since your p->next = NULL; isn't in the memory you allocated, then it's likely to be in someone else's memory, and you've just trashed it.

In the structure BulkData there is a char array called data of 64 elements(64 bytes). Or there can also be let's say a long variable in the structure. If I malloc BulkData like you say:

BulkData * p = malloc( sizeof * p);

I think malloc allocates 8 bytes of unused space with this, beacuse size of *p is 8 bytes in my system(64 bit processor), right? won't there be any problem of addressing, overflow or something to make me fall in segmentation faults or addressing inconsistencies later when I assign values to the BulkData address spaces? Because BulkData structure can have variables which are bigger than 8 bytes in total.

why did u example num there? What does it represent? I need only one pointer for the BulkData structure.

thanx.

>>I think malloc allocates 8 bytes of unused space with this, beacuse size of *p is 8 bytes in my system

No it isn't. The asterisk tells sizeof operator to evaluate the size of the object to which the pointer points and not the size of a pointer itself. In your example it will get sizeof(BulkData)

In the linux kernel codingstyle it's written that "It's a _mistake_ to use typedef for structures and pointers". Using typedef for structures is always unnecessary, even in case of structures which refer to each other, but would make the code unnecessarily less clear. Write instead:

#define MAXSIZE 64
struct BulkData {
        char data [MAXSIZE];
        struct BulkData *next;
};

struct BulkData *bdWaitingToBeCopied;

It's OK to use the reference to the structure itself in the structure definition there.

> I think malloc allocates 8 bytes of unused space with this, beacuse size of *p is 8 bytes in my system
No, sizeof p != sizeof *p in this example.
You could just print them out and find out to be sure of this fact.

> In the structure BulkData there is a char array called data of 64 elements(64 bytes)
True, but irrelevant to the problem. The only thing you care about is the size of the whole structure, not the content of the structure, nor the sum of the sizes of the members of the structure.

But since you knew that there were 64 elements in your array, how did you come up with the 16 in your first question?
It wasn't something like this was it?
- Well arrays are just pointers, so the first member is 8 bytes, because pointers on my machine are 8 bytes
- the second member is also a pointer, so that is another 8 bytes
- therefore, the grand total is 16 bytes.
If that was your thinking, then you really need to stop programming and learn the language from scratch again.
http://c-faq.com/aryptr/index.html
Then read the rest of the FAQ as well.

> why did u example num there? What does it represent? I need only one pointer for the BulkData structure.
If you wanted say 10 integers, it would be
int *p = malloc ( 10 * sizeof *p );
Which gets you p[0] to p[9]

If you wanted 1000 chars, it would be
char *p = malloc ( 1000 * sizeof *p );
which gets you p[0] to p[999]

num is simply how many of the thing you want. If you only want one of them, then you can omit it (as per examples).

>>I think malloc allocates 8 bytes of unused space with this, beacuse size of *p is 8 bytes in my system

No it isn't. The asterisk tells sizeof operator to evaluate the size of the object to which the pointer points and not the size of a pointer itself. In your example it will get sizeof(BulkData)

If you look at BulkData structure, how many bytes does it allocate you can say? Is it 72?

if so, what is the difference between :

BulkData * p = malloc(sizeof * p);

and

BulkData * p = malloc(sizeof(BulkData));

don't they do the same thing?

They both allocate the same amount of bytes. The difference is that the first method is safer because at some future time you can change what p points to without having to change that malloc() line of code. Its just a way of making a programmer's life a little easier and causes fewer bugs to get introduced into the program.

They both allocate the same amount of bytes. The difference is that the first method is safer because at some future time you can change what p points to without having to change that malloc() line of code. Its just a way of making a programmer's life a little easier and causes fewer bugs to get introduced into the program.

Could u plz give a little example code of this kind of bug?

Could u plz give a little example code of this kind of bug?

change p from this BulkData * p = malloc(sizeof(BulkData)); to this AnotherStruct * p = malloc(sizeof(BulkData)); Notice the bug that is now introduced in the above line.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.