By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
 454,132 Members | 1,265 Online
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 454,132 IT Pros & Developers. It's quick & easy.

# Malloc Doubt

 P: n/a main() { int *a=NULL; int *b; a = (int *) malloc(sizeof(int)); *a=10; b=a; free(a); printf("%d \t %x\n", *b, b); } In the above code, i thought the printf for *b 'll not be '10'. But after free the address in 'a' is retained in 'b'. So the malloc is having any reference count or something to count the number of variables having this address. Please clarify me. Dec 20 '06 #1
Share this Question
6 Replies

 P: n/a deepak wrote: main() { int *a=NULL; int *b; a = (int *) malloc(sizeof(int)); *a=10; b=a; free(a); printf("%d \t %x\n", *b, b); } In the above code, i thought the printf for *b 'll not be '10'. But after free the address in 'a' is retained in 'b'. So the malloc is having any reference count or something to count the number of variables having this address. Please clarify me. b is an danggling pointer... Dec 20 '06 #2

 P: n/a deepak said: main() { int *a=NULL; int *b; a = (int *) malloc(sizeof(int)); *a=10; b=a; free(a); printf("%d \t %x\n", *b, b); } In the above code, In the above code, the behaviour is undefined because you're missing prototypes for malloc and printf. You need . i thought the printf for *b 'll not be '10'. But after free the address in 'a' is retained in 'b'. Even if you fix the header problem, the behaviour is undefined because you're using the value of b - worse than that, you're *dereferencing* the value of b, when that value is rendered indeterminate by the call to free(). So all bets are off, and any result you might get from your program is as valid as any other. It could print "baloney" if it liked. -- Richard Heathfield "Usenet is a strange place" - dmr 29/7/1999 http://www.cpax.org.uk email: rjh at the above domain, - www. Dec 20 '06 #3

 P: n/a "deepak"

 P: n/a deepak wrote: main() `int main(void)` preferred. { int *a=NULL; int *b; a = (int *) malloc(sizeof(int)); You forgot to #include . This is a Bad Thing. It will, for example, mean that your code doesn't compile: and even if you (legally) replaced `NULL` with `0`, your code would /still/ be broken, since you haven't declared `malloc`. Also, you've pointlessly initialised `a` to NULL. You might as well have written either of int *a; int *b; a = nasty ikky expression see below; or int *a = nasty ikky expression ditto; int *b; I prefer the second one because I like to initialise variables with their intended values. The nasty ikky expression is better written malloc( sizeof (*a) ) because that way it's coupled to the pointer variable you're assigning it to (which appears nice and obviously in the same line) rather than some type or other (which doesn't): int *a = malloc( sizeof (*a) ); [If you introduced the `int*` cast because the compiler objected, you may be using a C++ compiler, not a C compiler. Don't Do That.] *a=10; [It's technically possible that `a` is null and this assignment provokes undefined behaviour like trashing your disc or giving you infinite lives in your next game of Doom: you should check /any/ return from `malloc` for non-null. Very few implementations will /actually/ deliver null from the one and only mallocate in a program when it's asking for an intsworth of space.] b=a; free(a); This invalidates the value of `b`. Yes, really. The object that `a`s value pointed to has officially Ceased To Be. It is an Ex-Object. Every copy of that pointer value no longer points anywhere legal: dereferencing it is undefined behaviour. printf("%d \t %x\n", *b, b); } In the above code, i thought the printf for *b 'll not be '10'. But after free the address in 'a' is retained in 'b'. It's retained in `a` as well, but you can't legally tell. Many implementations of malloc/free don't actually dispose of the freed memory: they keep it hanging around, perhaps for the next malloc call. If the implementation doesn't have hardware pointer protection, you may still be able to get at the memory and do things to it. But because you can't /legally/ do that, the implementation is also free to use that freed space for /whatever it likes/. Buffers for fprintf, for example. Bookkeeping for malloc. You may just have been unlucky that your error didn't /visibly/ break something. So the malloc is having any reference count or something to count the number of variables having this address. No. Please clarify me. But, er, surely you don't /really/ want to be melted slowly in a pan until you separate? http://www.ochef.com/69.htm -- Chris "HO. HO. HO." Dollin Meaning precedes definition. Dec 20 '06 #5

 P: n/a Chris Dollin wrote: deepak wrote: .... snip ... > >Please clarify me. But, er, surely you don't /really/ want to be melted slowly in a pan until you separate? It works better if there is a layer of water. That way the foreign material tends to separate and sink to the bottom of the pan, leaving the top clarified. Things subject to clarification are normally lighter than water, and this includes most human beings. -- Chuck F (cbfalconer at maineline dot net) Available for consulting/temporary embedded and systems. Dec 20 '06 #6

 P: n/a "deepak" #include main() Better: int main(void) { int *a=NULL; int *b; a = (int *) malloc(sizeof(int)); Better: a = malloc(sizeof *a); *a=10; You didn't check the result of malloc(). If it fails, the above assignment invokes undefined behavior. b=a; free(a); b now has an indeterminate value. Any attempt to refer to that value invokes undefined behavior. Don't do that. The allocated memory is marked as available for further allocation. It's likely that you can still get away with referring to its address, or even to its contents. But any attempt to do so invokes undefined behavior. Don't do that. printf("%d \t %x\n", *b, b); "%x" is not the correct format for printing a pointer value. If b were a valid pointer, you'd want to do this: printf("%d \t %p\n", *b, (void*)b); And add a "return 0;" here. It's not strictly required, but it's a good idea. } In the above code, i thought the printf for *b 'll not be '10'. But after free the address in 'a' is retained in 'b'. So the malloc is having any reference count or something to count the number of variables having this address. Please clarify me. You have to keep track of these things yourself. -- Keith Thompson (The_Other_Keith) ks***@mib.org San Diego Supercomputer Center <* We must do something. This is something. Therefore, we must do this. Dec 20 '06 #7

### This discussion thread is closed

Replies have been disabled for this discussion.