Thread: Quesion about realloc()

Consider this snippet:

Code:

int main()
{
    int *pInt;
    int i;

    pInt = malloc(200 * sizeof(int));

    for (i = 0; i < 300; i++)
        *(pInt + i) = 1;

    pInt = realloc (pInt, 400 * sizeof(int));

    return 0;
}

The program is quite happy to give me the benefit of the doubt in writing ints past the 200th place of the memory I allocated with malloc(). However, the realloc() causes this error:

Heap block at 00301B40 modified at 00301E8C past requested size of 344

I know this is probably a dumb question, but what does realloc() care that I assigned to out of bounds memory in the for-loop? Why doesn't it just reallocate the block I originally asked for and have done with it?

realloc needs to examine the pointer you pass it in order to determine how it's going to reallocate the memory. It may end up moving it or simply expanding the block. It is possible that malloc keeps some of this data past the end of the allocated block. As such, over-writing whatever information it had stored causes the crash.

Do you meant that malloc() stores information about the block in an extra hunk of memory on the end of what I asked for, and I'm over-writing this block information in the for-loop? I presume then that this must be the extra 36 bytes it's telling me was requested in the error message?

this is also a good example why you should not automatically assign the return of realloc() to your original pointer.

good practice is to first assign the return of realloc to a temporary pointer. once this checks out okay, copy it to the original pointer

Originally Posted by Sebastiani

AFAIK, if the call fails then the original pointer is useless anyway (or, at least the standard doesn't make any guarantees about it, so you'd be relying on undefined behaviour).

I don't have my copy of the standard on me, but I believe it guarantees that if the call fails the original block remains.