array of pointers in c the code should not run

Question

//this code should give segmentation error....but it works fine ....how is it possible.....i just got this code by hit and trail whle i was trying out some code of topic ARRAY OF POINTERS....PLZ can anyone explain

int main()
{

    int i,size;
    printf("enter the no of names to be entered\n");
    scanf("%d",&size);

    char *name[size];

    for(i=0;i<size;i++)
    {
        scanf("%s",name[i]);
            }
    printf("the names in your array are\n");


    for(i=0;i<size;i++)
    {
        printf("%s\n",&name[i]);


    }

    return 0

Answer 1

The problem in your code (which is incomplete, BTW; you need #include <stdio.h> at the top and a closing } at the bottom) can be illustrated in a much shorter chunk of code:

char *name[10];       // make the size an arbitrary constant
scanf("%s", name[0]); // Read into memory pointed to by an uninitialized pointer

(name could be a single pointer rather than an array, but I wanted to preserve your program's structure for clarity.)

The pointer name[0] has not been initialized, so its value is garbage. You pass that garbage pointer value to scanf, which reads characters from stdin and stores them in whatever memory location that garbage pointer happens to point to.

The behavior is undefined.

That doesn't mean that the program will die with a segmentation fault. C does not require checking for invalid pointers (nor does it forbid it, but most implementations don't do that kind of checking). So the most likely behavior is that your program will take whatever input you provide and attempt to store it in some arbitrary memory location.

If the garbage value of name[0] happens to point to a detectably invalid memory location, your program might die with a segmentation fault. That's if you're luck. If you're not, it might happen to point to some writable memory location that your program is able to modify. Storing data in that location might be harmless, or it might clobber some critical internal data structure that your program depends on.

Again, your program's behavior is undefined. That means the C standard imposes no requirements on its behavior. It might appear to "work", it might blow up in your face, or it might do anything that it's physically possible for a program to do. Apparently to behave correctly is probably the worst consequence of undefined behavior, since it makes it difficult to diagnose the problem (which will probably appear during a critical demo).

Incidentally, using scanf with a %s format specifier is inherently unsafe, since there's no way to limit the amount of data it will attempt to read. Even with a properly initialized pointer, there's no way to guarantee that it points to enough memory to hold whatever input it receives.

You may be accustomed to languages that do run-time checking and can reliably detect (most) problems like this. C is not such a language.

Answer 2

The simple answer to your question is that a segmentation fault is:

A segmentation fault (aka segfault) are caused by a program trying to read or write an illegal memory location.

So it all depends upon what is classed as illegal. If the memory in question is a part of the valid address space, e.g. the stack, for the process the program is running, it may not cause a segfault.

When I run this code in a debugger the line:

scanf("%s, name[i]); 

over writes the content of the size variable, clearly not the intended behaviour, and the code essentially goes into an infinite loop.

But that is just what happens on my 64 bit Intel linux machine using gcc 5.4. Another environment will probably do something different.

If I put the missing & in front of name[i] it works OK. Whether that is luck, or expertly exploiting the intended behaviour of C99 variable length arrays, as suggested. I'm afraid I don't know.

So welcome to the world of subtle memory overwriting bugs.

Answer 3

I'm not sure what's your test case (No enough reputation to post a comment). I just try to input it with 0 and 1\n1\n2\n.

It's a little complex to explain the detail. However, Let's start it :-). There are two things you should know. First, main() is a function. Second, you use a C99 feature, variable-length array or gnu extension, zero-length array (supported by gcc), on char *name[size];.

main() is a function, so all the variable declared in this function is local variables. Local variables locate at stack section. You must know about it first.

If you input 1\n1\n2\n, the variable-length array is used. The implementation of it is also to allocate it on stack. Notice that value of each element in array is not initialized as 0. That is the possible answer for you to execute without segmentation fault. You cannot make sure that it'll point to the address which isn't writable (At least failed on me).

If the input is 0\n, you will use extension feature, zero-length array, supported by GNU. As you saw, it means no element in array. The value of name is equal to &size, because size is the last local variable you declared before you declared name[0] (Consider stack pointer). The value of name[0] is equal to dereference to &size, that's zero (='\0') , so it will work fine.