Thread: Checking if pointer is in-bounds

  1. #1
    Woof, woof! zacs7's Avatar
    Join Date
    Mar 2007
    Location
    Australia
    Posts
    3,459

    Checking if pointer is in-bounds

    Hello, I have a question.

    How can I check that a pointer is in bounds, as such:

    Code:
    #include <stdlib.h>
    
    int main(void)
    {
    	char * m = 0;
    	const unsigned short int s = 30000;
    	int i;
    	
    	m = malloc(s);
    	if(!m)
    		return 1;
    		
    	for(i = 0; i < 50; i++)
    	{
    		*m++;	// how can I ensure that I'm not going out of bounds (left or right?)
    	}
    		
    		
    	free(m);
    	m = 0;
    	return 0;
    }
    Thanks in advance!

  2. #2
    ATH0 quzah's Avatar
    Join Date
    Oct 2001
    Posts
    14,826
    Control your loop differently. It's your job to make sure you don't wander off where you're not supposed to.


    Quzah.
    Hope is the first step on the road to disappointment.

  3. #3
    Registered Abuser
    Join Date
    Jun 2006
    Location
    Toronto
    Posts
    591
    1) You could spare a byte or two as boundary markers
    So you could allocate two extra bytes, set the first and last bytes to some boundary value ((char)0 perhaps) and check if this value has been reached before each increment/decrement of m

    2) use upper and lower bound pointers to validate m's reference.

    Code:
    ...
    char *m, *lower, *upper;
    const unsigned short int s = 30000;
    int i;
    
    if((m = malloc(s)) == NULL)
         return 1;
    
    lower = m;
    upper = m+s-1;		
    for(i = 0; i < 50; i++)
    {
         if(m >= lower && m <= upper)
              *m++;
    }
    ...			
    free(m);
    m = NULL;
    ...
    Last edited by @nthony; 04-13-2007 at 10:09 PM.

  4. #4
    Registered User
    Join Date
    Oct 2006
    Location
    Canada
    Posts
    1,243
    Quote Originally Posted by Quzah
    Control your loop differently. It's your job to make sure you don't wander off where you're not supposed to.
    how should he change his for loop? only thing i can think of is:
    Code:
    for(i = 0; i < s; i++)
    Quote Originally Posted by @nthony
    1) You could spare a byte or two as boundary markers
    So you could allocate two extra bytes, set the first and last bytes to some boundary value ((char)0 perhaps) and check if this value is has been reached after each increment/decrement of m
    i have a doubt in this.. please correct me if im wrong. could it happen that the random values that are already in these memory spaces already have a character your using as your markers?
    Last edited by nadroj; 04-13-2007 at 10:07 PM.

  5. #5
    Woof, woof! zacs7's Avatar
    Join Date
    Mar 2007
    Location
    Australia
    Posts
    3,459
    Quote Originally Posted by nadroj View Post
    how should he change his for loop? only thing i can think of is:
    Code:
    for(i = 0; i < s; i++)
    i have a doubt in this.. please correct me if im wrong. could it happen that the random values that are already in these memory spaces already have a character your using as your markers?
    Just init them all to 0,
    Code:
    memset(m, '0', s);

  6. #6
    Registered Abuser
    Join Date
    Jun 2006
    Location
    Toronto
    Posts
    591
    Quote Originally Posted by nadroj View Post
    how should he change his for loop? only thing i can think of is:
    Code:
    for(i = 0; i < s; i++)
    Well, from the code snippet, it doesn't appear that the loop condition is much related to the incrememntation of m, so changing the loop control won't really help much in this situation
    i have a doubt in this.. please correct me if im wrong. could it happen that the random values that are already in these memory spaces already have a character your using as your markers?
    Sure, but remember, a false positive in this case is better than a false negative. Think of it like an unterminated string, the only reason why printing such a string usually doesn't result in 2^32 bytes of garbage is because, eventually, a random null byte is encountered. If its the case you forgot to initialize your data, then you'd be lucky if this happened, whereas if its the case some data you've initialized is read improperly as a boundary condition, then you need to rethink your boundary values to be more unique.

  7. #7
    Registered User
    Join Date
    Oct 2006
    Location
    Canada
    Posts
    1,243
    Well, from the code snippet, it doesn't appear that the loop condition is much related to the incrememntation of m, so changing the loop control won't really help much in this situation
    but m is only incremented as many times as i is, until it is less than the size of m ('s')

  8. #8
    Woof, woof! zacs7's Avatar
    Join Date
    Mar 2007
    Location
    Australia
    Posts
    3,459
    Quote Originally Posted by nadroj View Post
    but m is only incremented as many times as i is, until it is less than the size of m ('s')
    It just was an example, for instance I wanted to know how it could be done if i > s.

    Thanks for answering the question everyone

  9. #9
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    39,660
    > *m++;
    For a start, you should never modify a pointer which is holding the result of a malloc call, since how will you ever free it?

    You've got a loop variable, use it.
    m[ i ] = 0;
    say
    and making sure i is in the range 0 to s-1
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.

  10. #10
    Woof, woof! zacs7's Avatar
    Join Date
    Mar 2007
    Location
    Australia
    Posts
    3,459
    For a start, you should never modify a pointer which is holding the result of a malloc call, since how will you ever free it
    never thought of that, thanks!

  11. #11
    Registered User
    Join Date
    Oct 2006
    Posts
    250
    Another comment on your code. When you free(m), m is no longer the pointer returned by malloc(), but a pointer that points to a memory space that starts 50 bytes later. Anyone correct me if I'm wrong, but I don't think this is a good idea.

  12. #12
    Woof, woof! zacs7's Avatar
    Join Date
    Mar 2007
    Location
    Australia
    Posts
    3,459
    yes you'd have to drop m back before free'ing it, or as Salem said don't increment the pointer when it's malloc'd.

    It's also common practice to set the pointer to NULL after you've free'd it,

    Code:
    free(m);
    m = 0;

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. scope of a pointer?
    By Syneris in forum C++ Programming
    Replies: 6
    Last Post: 12-29-2005, 09:40 PM
  2. Checking unitialized class pointer
    By cunnus88 in forum C++ Programming
    Replies: 7
    Last Post: 11-16-2005, 05:36 PM
  3. Problems about gcc installation
    By kevin_cat in forum Linux Programming
    Replies: 4
    Last Post: 08-09-2005, 09:05 AM
  4. pointers
    By InvariantLoop in forum C Programming
    Replies: 13
    Last Post: 02-04-2005, 09:32 AM
  5. Struct *** initialization
    By Saravanan in forum C Programming
    Replies: 20
    Last Post: 10-09-2003, 12:04 PM