Member Avatar for asilter

BulkData structure is this:

#define MAXSIZE 64
typedef struct bulk_data
{
        char data[MAXSIZE];
        struct bulk_data * next;
}BulkData;

In my program, I'm mallocing a pointer in 16 bytes:

BulkData * bdWaitingToBeCopied = malloc(16);
bdWaitingToBeCopied->next = NULL;

So, is this a overflow?
And another question: if it is, could this kind of overflows make inconsistencies further in the program, like returning out of bounds addresses?

  • 4 Contributors
  • 9 Replies
  • 122 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by Ancient Dragon
Member Avatar for Salem

For sure it is an overflow waiting to happen.
You can't just invent sizes and hope that it will all work out, it won't.

If you want to be sure that all your allocs are correct, then use this form. p = malloc ( num * sizeof *p ); where
p is your pointer
num is how many of them you want.
It might look like you're dereferencing an uninitialised pointer, but you're not. This is a compile-time dereference through the types by the compiler, not a run-time dereference through memory by the running program.

Also, since you don't mention the name of the type, there's no chance of screwing up the sizeof by doing something like this int *bad = malloc ( 10 * sizeof(char) ); which would result in a buffer overflow, and no chance of detecting the problem at compile time.


So in this case BulkData * bdWaitingToBeCopied = malloc( sizeof *bdWaitingToBeCopied ); would be a good call.

> if it is, could this kind of overflows make inconsistencies further in the program
Absolutely. Since your p->next = NULL; isn't in the memory you allocated, then it's likely to be in someone else's memory, and you've just trashed it.

Member Avatar for asilter

For sure it is an overflow waiting to happen.
You can't just invent sizes and hope that it will all work out, it won't.

If you want to be sure that all your allocs are correct, then use this form. p = malloc ( num * sizeof *p ); where
p is your pointer
num is how many of them you want.
It might look like you're dereferencing an uninitialised pointer, but you're not. This is a compile-time dereference through the types by the compiler, not a run-time dereference through memory by the running program.

Also, since you don't mention the name of the type, there's no chance of screwing up the sizeof by doing something like this int *bad = malloc ( 10 * sizeof(char) ); which would result in a buffer overflow, and no chance of detecting the problem at compile time.


So in this case BulkData * bdWaitingToBeCopied = malloc( sizeof *bdWaitingToBeCopied ); would be a good call.

> if it is, could this kind of overflows make inconsistencies further in the program
Absolutely. Since your p->next = NULL; isn't in the memory you allocated, then it's likely to be in someone else's memory, and you've just trashed it.

In the structure BulkData there is a char array called data of 64 elements(64 bytes). Or there can also be let's say a long variable in the structure. If I malloc BulkData like you say:

BulkData * p = malloc( sizeof * p);

I think malloc allocates 8 bytes of unused space with this, beacuse size of *p is 8 bytes in my system(64 bit processor), right? won't there be any problem of addressing, overflow or something to make me fall in segmentation faults or addressing inconsistencies later when I assign values to the BulkData address spaces? Because BulkData structure can have variables which are bigger than 8 bytes in total.

why did u example num there? What does it represent? I need only one pointer for the BulkData structure.

thanx.

Member Avatar for Ancient Dragon

>>I think malloc allocates 8 bytes of unused space with this, beacuse size of *p is 8 bytes in my system

No it isn't. The asterisk tells sizeof operator to evaluate the size of the object to which the pointer points and not the size of a pointer itself. In your example it will get sizeof(BulkData)

Member Avatar for TkTkorrovi

In the linux kernel codingstyle it's written that "It's a _mistake_ to use typedef for structures and pointers". Using typedef for structures is always unnecessary, even in case of structures which refer to each other, but would make the code unnecessarily less clear. Write instead:

#define MAXSIZE 64
struct BulkData {
        char data [MAXSIZE];
        struct BulkData *next;
};

struct BulkData *bdWaitingToBeCopied;

It's OK to use the reference to the structure itself in the structure definition there.

Member Avatar for Salem

> I think malloc allocates 8 bytes of unused space with this, beacuse size of *p is 8 bytes in my system
No, sizeof p != sizeof *p in this example.
You could just print them out and find out to be sure of this fact.

> In the structure BulkData there is a char array called data of 64 elements(64 bytes)
True, but irrelevant to the problem. The only thing you care about is the size of the whole structure, not the content of the structure, nor the sum of the sizes of the members of the structure.

But since you knew that there were 64 elements in your array, how did you come up with the 16 in your first question?
It wasn't something like this was it?
- Well arrays are just pointers, so the first member is 8 bytes, because pointers on my machine are 8 bytes
- the second member is also a pointer, so that is another 8 bytes
- therefore, the grand total is 16 bytes.
If that was your thinking, then you really need to stop programming and learn the language from scratch again.
http://c-faq.com/aryptr/index.html
Then read the rest of the FAQ as well.

> why did u example num there? What does it represent? I need only one pointer for the BulkData structure.
If you wanted say 10 integers, it would be
int *p = malloc ( 10 * sizeof *p );
Which gets you p[0] to p[9]

If you wanted 1000 chars, it would be
char *p = malloc ( 1000 * sizeof *p );
which gets you p[0] to p[999]

num is simply how many of the thing you want. If you only want one of them, then you can omit it (as per examples).

Member Avatar for asilter

>>I think malloc allocates 8 bytes of unused space with this, beacuse size of *p is 8 bytes in my system

No it isn't. The asterisk tells sizeof operator to evaluate the size of the object to which the pointer points and not the size of a pointer itself. In your example it will get sizeof(BulkData)

If you look at BulkData structure, how many bytes does it allocate you can say? Is it 72?

if so, what is the difference between :

BulkData * p = malloc(sizeof * p);

and

BulkData * p = malloc(sizeof(BulkData));

don't they do the same thing?

Member Avatar for Ancient Dragon

They both allocate the same amount of bytes. The difference is that the first method is safer because at some future time you can change what p points to without having to change that malloc() line of code. Its just a way of making a programmer's life a little easier and causes fewer bugs to get introduced into the program.

Member Avatar for asilter

They both allocate the same amount of bytes. The difference is that the first method is safer because at some future time you can change what p points to without having to change that malloc() line of code. Its just a way of making a programmer's life a little easier and causes fewer bugs to get introduced into the program.

Could u plz give a little example code of this kind of bug?

Member Avatar for Ancient Dragon

Could u plz give a little example code of this kind of bug?

change p from this BulkData * p = malloc(sizeof(BulkData)); to this AnotherStruct * p = malloc(sizeof(BulkData)); Notice the bug that is now introduced in the above line.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.