The lifetime of pointer that point to c_str function in std::string

Question

Firstly the code listed as follow.

#include<string>
#include<stdio.h>

int main(){

    const char *cs;
    {
        std::string s("123456");
        cs = s.c_str();
        printf("cs = %s\n",cs);
    }
    printf("cs = %s\n",cs);
    return 0;
}

run it, and result as follow. (Linux gcc )

cs = 123456
cs = 123456

So, I don't know why the cs pointer is valid after the s is destroyed. in other words, the lifetime of pointer that point to c_str function in std::string.

Answer 1

This is a typical use-after-free problem, the piece of memory cs points to is freed, but luckily, it have not yet been returned to kernel or reused by your program. The behavior of use-after-free is undefined, and you should not do so. It is one of the most difficult problem to deal with. Google open sourced a tool to help you to detect use-after-free in your code: https://github.com/google/sanitizers/wiki/AddressSanitizer

Answer 2

The code has undefined behavior.

In the second printf(), the cs pointer is still pointing at memory that has been freed. The fact that you get the same output simply means the content of that memory has not been overwritten yet. But it is still invalid to access freed memory.

Answer 3

Just guessing, but:

• Your operating system allows a weaker policy when it comes to memory allocation. It happened to me when I worked on Windows sometimes, code that would end with sigsegv on linux worked well on win.
• Also, it may depend on your compiler, c++ version and so on. It may only consume a reference and copy on demand. See here Will std::string.assign(const char*) or op= ( with const char *) create a copy of the char*?