Confused about malloc and arrays

**mc61** · 01-15-2008

Hello,

I just discovered something that left me wondering what I had actually understood about dynamic allocation of memory. Let's say I have the following trivial example:

Code:

int **array, i, j, nrows=10, ncolumns=20;

array = malloc ( nrows * sizeof(int *) );
for ( i = 0; i < nrows; i++ ) array[i] = malloc ( ncolumns * sizeof(int) );
  
for ( i = 0; i < nrows; i++ )
{
     for ( j = 0; j < ncolumns;  j++ ) 
     {
            array[i][j] = i*j;
            printf("%d %d %d\n",i,j,array[i][j]);
      }
}

This, of course, compiles and runs as expected.

If I now change the last part to

Code:

for ( i = 0; i < nrows+1; i++ )
{
     for ( j = 0; j < ncolumns; j++ ) 
     {
            array[i][j] = i*j;
            printf("%d %d %d\n",i,j,array[i][j]);
      }
}

I get a bus error when I run it, at the expected place (i=nrows+1). Good (I think?)

If instead I do

Code:

for ( i = 0; i < nrows; i++ )
{
     for ( j = 0; j < ncolumns+1; j++ ) 
     {
            array[i][j] = i*j;
            printf("%d %d %d\n",i,j,array[i][j]);
      }
}

The code compiles and runs happily. Indeed, I can go up to 10000*ncolumns or so, and the thing does not complain?!?!?!?!? (after some big number there is a segmentation fault)

What am I actually doing with malloc? I am using gcc on OSX (Leopard)

Thanks for any enlightenment,

mc61

**anon** · 01-15-2008

I believe what you are seeing is undefined behaviour. The nasty thing is that appearing to work is one acceptable behaviour.

If you step over the array bounds anything can happen.

**matsp** · 01-15-2008

The reason you don't get a "bus error" or similar when going "a little bit" outside your array is simply that the granularity for the memory management is not small enough to catch the fault. In most processor architectures, the page-size is 4KB, so that's the smallest size that an allocation will "fault at".

Since, in your second example, you are only going 4 bytes "over the edge", you may not go over a 4KB limit, so the application doesn't get "faulted". You may, depending on how lucky you are, find that you've overwritten the admin structures of the heap, meaning that when you later on free your memory, the application crashes.

If you were using x86 in protected & segmented mode, it would be possible to make allocations up to 1MB with 1 byte granularity, and that would give a fault immediately you got over the edge of the memory. Unfortunately, I'm not aware of any "available" OS that uses segmented mode in 32-bit memory model.

--
Mats

**cs32** · 01-15-2008

Originally Posted by matsp

If you were using x86 in protected & segmented mode

Forgive my ignorance, but what is protected/segmented mode?

**matsp** · 01-15-2008

x86 has several modes:
1. Real-mode - what original DOS uses. Uses segments, but segments are "unprotected".
2. Protected mode. Segments are "protected", meaning that a segment has a "limit" above which the processor can not write.
This has several sub-modes:
- 16-bit. Must use segments to get above 64KB memory limits. Segment size limit is max 64KB/
- 32-bit. Segements can be used, limit can be 4GB. Most often used in Flat Memory model, where segments are set to 4GB limit.
- 64-bit. Segments and limits are ignored [but still present].

--
Mats

**dwks** · 01-15-2008

Note: you can use tools like Valgrind (Linux-only) etc to catch out-of-bounds access of dynamically allocated memory. You don't get page faults, but you can still catch almost all errors. (Valgrind can theoretically catch all errors, which is why I like to use it -- the only trouble is, it really slows down your program when you use it. Not in the finished product, just during testing.)

Thread: Confused about malloc and arrays

Thread Tools

Search Thread

Display

Confused about malloc and arrays

Similar Threads

Structures, arrays, pointers, malloc.

Large arrays, malloc, and strcmp

malloc for structs and arrays

malloc ing array's or structures

arrays with malloc