Categories
c pointers segmentation-fault

Crash or “segmentation fault” when data is copied/scanned/read to an uninitialized pointer

63

This question is meant to be used as reference for all frequently asked questions of the nature:

Why do I get a mysterious crash or “segmentation fault” when I copy/scan data to the address where an uninitialised pointer points to?

For example:

char* ptr;
strcpy(ptr, "hello world"); // crash here!

or

char* ptr;
scanf("%s", ptr); // crash here!

6

  • 6

    The problem is more that OPs don’t even know the pointer is uninitialised, but that there magically appears an object once you declare/define (they confuse this, too) pointer.

    May 31, 2016 at 15:21

  • 2

    You should probably change the title if you’re aiming for this question to be read by those who experience this problem before they post it here.

    May 31, 2016 at 15:22

  • 1

    @Olaf Indeed, so then you close-vote their segmentation questions as duplicates with a link to this one. I’ve been missing a FAQ question like this forever; finally got around to write one down.

    – Lundin

    May 31, 2016 at 15:22

  • 1

    @barakmanos The intention is to use this post as a “canonical duplicate” for frequently asked questions. I don’t really expect newbies to find it by themselves.

    – Lundin

    May 31, 2016 at 15:23

  • 2

    @Lundin: I appreciate your effort. If that is meant as a dup-CV, I’m with you. But actually I’d prefer they would find it themself before they post. But then this likely is wishful thinking anyway, as beginners tend to think their problem is unique. So, have +1 and I’ll keep than in mind – thanks!

    May 31, 2016 at 15:25


48

A pointer is a special type of variable, which can only contain an address of another variable. It cannot contain any data. You cannot “copy/store data into a pointer” – that doesn’t make any sense. You can only set a pointer to point at data allocated elsewhere.

This means that in order for a pointer to be meaningful, it must always point at a valid memory location. For example it could point at memory allocated on the stack:

{
  int data = 0;
  int* ptr = &data;
  ...
}

Or memory allocated dynamically on the heap:

int* ptr = malloc(sizeof(int));

It is always a bug to use a pointer before it has been initialized. It does not yet point at valid memory.

These examples could all lead to program crashes or other kinds of unexpected behavior, such as “segmentation faults”:

/*** examples of incorrect use of pointers ***/

// 1.
int* bad;
*bad = 42;

// 2.
char* bad;
strcpy(bad, "hello");

Instead, you must ensure that the pointer points at (enough) allocated memory:

/*** examples of correct use of pointers ***/

// 1.
int var;
int* good = &var;
*good = 42;

// 2.
char* good = malloc(5 + 1); // allocates memory for 5 characters *and*  the null terminator
strcpy(good, "hello");

Note that you can also set a pointer to point at a well-defined “nowhere”, by letting it point to NULL. This makes it a null pointer, which is a pointer that is guaranteed not to point at any valid memory. This is different from leaving the pointer completely uninitialized.

int* p1 = NULL; // pointer to nowhere
int* p2;        // uninitialized pointer, pointer to "anywhere", cannot be used yet

Yet, should you attempt to access the memory pointed at by a null pointer, you can get similar problems as when using an uninitialized pointer: crashes or segmentation faults. In the best case, your system notices that you are trying to access the address null and then throws a “null pointer exception”.

The solution for null pointer exception bugs is the same: you must set the pointer to point at valid memory before using it.


Further reading:

Pointers pointing at invalid data
How to access a local variable from a different function using pointers?
Can a local variable’s memory be accessed outside its scope?

Segmentation fault and causes
What is a segmentation fault?
Why do I get a segmentation fault when writing to a string initialized with “char *s” but not “char s[]”?
What is the difference between char s[] and char *s?
Definitive List of Common Reasons for Segmentation Faults
What is a bus error?

9

  • These kind of bugs are very commonly written both by beginners who have yet not grasped what pointers are or how they work. So please note that the intention of this community wiki is therefore to keep explanations on a basic level. If you wish to leave more advanced answers with references to the C standard etc, kindly post a different answer to the question.

    – Lundin

    May 31, 2016 at 15:18

  • 4

    “It cannot contain any data.” – Hmm, actually the address is its data.

    May 31, 2016 at 15:22

  • 1

    @Olaf Keep things basic here, please 🙂 This is intended for beginners. Though… if an address is data, then why does a CPU have both an address bus and a data bus?

    – Lundin

    May 31, 2016 at 15:25

  • Does it read the contents of a pointer variable from the address bus? 😉 (And e.g. PCIe uses a packet/command format, no classical address/data bus mechanism). There also were RAM designs that way (remember RAMBUS?) Anyway, I’m fine with the answer, should suffice for beginners. Just leave the comments if they are interested to get deeper into it.

    May 31, 2016 at 15:26


  • 4

    Note on the last example: one doesn’t need to dereference the pointer to exhibit undefined behavior. Like anything else, indeterminate content (the case of value for p2) by its very nature invokes undefined behavior when even evaluated, much-less furthering the madness by dereferencing. Yes it is a different problem, but tightly related. In summary, the statement “It is always a bug to use a pointer before it has been initialized.” is true, but “use” is not limited to only dereferencing.

    – WhozCraig

    May 31, 2016 at 15:43


4

  1. Pointers only point to a memory location. You created a pointer but you did not bind to a memory location yet. strcpy wants you to pass two pointers (first one mustn’t be constant) that point to two character arrays like this signature:

    char * strcpy ( char * destination, const char * source );
    

    sample usage:

    char* ptr = malloc(32);  
    strcpy(ptr, "hello world");
    
    char str[32];  
    strcpy(str, "hello world");
    
  2. You can try the following code snippet to read string until reaching newline character (*you can also add other whitespace characters like "%[^\t\n]s"(tab, newline) or "%[^ \t\n]s" (space, tab, newline)).

    char *ptr = malloc(32);
    scanf("%31[^\n]", ptr);
    

    (In real life, don’t forget to check the return value from scanf()!)

1

  • In real life, don’t forget to check the return value from malloc()!

    – S.S. Anne

    Mar 1, 2020 at 4:02

2

One situation that frequently occurs while learning C is trying to use single quotes to denote a string literal:

char ptr[5];
strcpy(ptr, 'hello'); // crash here!
//            ^     ^   because of ' instead of "

In C, 'h' is a single character literal, while "h" is a string literal containing an 'h' and a null terminator \0 (that is, a 2 char array). Also, in C, the type of a character literal is int, that is, sizeof('h') is equivalent to sizeof(int), while sizeof(char) is 1.

char h="h";
printf("Size: %zu\n", sizeof(h));     // Size: 1
printf("Size: %zu\n", sizeof('h'));   // likely output: Size: 4