Memory location on stack is accessible even after function call has finished

Question

I have below program:

#include <stdio.h>
#include <stdlib.h>

int* testPointerReturnType();

int main(void)
{
    int x = 2;
    printf("Value of x is %d and its address is %p\n", x, &x);
    int* y = testPointerReturnType();
    printf("Value of y is %d and its address is %p\n", *y, y);    
}

int* testPointerReturnType()
{
    int x = 33;
    int r = 99;
    return &x;
}

Below is my overall o/p (I will discuss this in my questions coming below):

// This is with ** int r = 99; ** line commented
jharvard@appliance (~/psets/pset5/pset5_test): ./PointerAddresss 
Value of x is 2 and its address is 0xbfdba7c4
Value of y is 33 and its address is 0xbfdba794
jharvard@appliance (~/psets/pset5/pset5_test): size PointerAddresss
   text    data     bss     dec     hex filename
   1250     280       4    1534     5fe PointerAddresss


// This is with ** int r = 99; ** line un-commented
jharvard@appliance (~/psets/pset5/pset5_test): ./PointerAddresss 
Value of x is 2 and its address is 0xbf8a98e4
Value of y is 33 and its address is 0xbf8a98b4
jharvard@appliance (~/psets/pset5/pset5_test): size PointerAddresss
   text    data     bss     dec     hex filename
   1266     280       4    1550     60e PointerAddresss
jharvard@appliance (~/psets/pset5/pset5_test): 

Below are my question:

1. I am returning memory address of a local variable but still I am able to access that location later, after that function has finished execution. How? Is it possible that memory location still holds that value and has not been overridden. This means that if my program has called only one function and that function is returning a memory address then still I can access the local variables memory address and get same exact value because no other function has been called?
2. If I keep int r = 99; as commented then I get 1250 in text and dec. And if I uncomment then I get 1266, which basically means increase of 16 memory locations, but int of 4 bytes when why increase of 16 memory locations? Also, I know text/code segment then what is dec?

Answer 1

It is certainly possible that the memory location still holds the value unless the stack has again increased in size enough to overwrite the value, but you are operating based on undefined behavior. It might mean that no other function has been called, but it also might mean that no other function needed to allocate that much space on the stack in order to operate.

The reason that you are seeing more memory allocated than you expected is because of stack alignment. If you read the application binary interface documentation for your platform you will find this well described.

I hesitate to mention this, but if you mark the local variable in the function as static, you are still doing very bad things but you could reliably continue to access the value after the function call ends via a pointer because the value would no longer be allocated on the stack.

Finally, I just saw your last question. dec means decimal. If you convert 0x60e to decimal you will get 1550.

---

David's more information about stack alignment, putting into his answer from his comments - hagrawal.

Stack alignment is required for speed of access to elements and for consistency in calling. This way things are best aligned in memory for fast access and the called function doesn't have to "wonder" where things will be. This means that allocating one byte will often result in 2, 4, 8, 16 or even more bytes being allocated on the stack, all depending on the alignment requirements.