cgccmemoryprintfglibc

Why C is fine with overwriting memory sometimes? Fatal glibc error: malloc assertion failure in sysmalloc

Why code A works fine, but code B gives an error? The only difference is a printf. Also note that I'm accessing out of range memory. And GCC is fine with that. I even overwritten RAM memory easily in example A.

Compiler error:

Fatal glibc error: malloc assertion failure in sysmalloc: (old_top == initial_top (av) && old_size == 0) || ((unsigned long) (old_size) >= MINSIZE && prev_inuse (old_top) && ((unsigned long) old_end & (pagesize - 1)) == 0)

My code peace:

#include <stdio.h>
#include <stdlib.h>

int main()
{
#if 1
    // A
    int *items = malloc(10 * sizeof(int));
    printf("allocated: %lu bytes\n", 10 * sizeof(int));
    items = items;
    items[0] = 5;
    items[9] = 5;
    items[10] = 5;
    printf("[");
    for (size_t i = 0; i <= 10; i++)
    {
        printf(" %d", items[i]);
    }
    printf(" ]\n");
#else
    // B
    int *items = malloc(10 * sizeof(int));
    items = items;
    items[0] = 5;
    items[9] = 5;
    items[10] = 5;
    printf("[");
    for (size_t i = 0; i <= 10; i++)
    {
        printf(" %d", items[i]);
    }
    printf(" ]\n");
#endif
    return 0;
}

I tried to ask chatgpt why it works, it says it's because my RAM is not enough, which is nosense. I would expect segfaults in both examples.

Solution

  • I would expect segfaults in both examples.

    Nothing in the C standard says that a C implementation should give you a memory access violation when you overrun allocated memory. Nor does any proper tutorial or textbook. Some learning material may have mentioned that a segmentation fault may happen, but it is not a certainty.

    Generally, it is impossible to guarantee a memory access violation because hardware typically handles memory in blocks called pages, commonly 4096 or 8192 bytes, but malloc allocates memory in smaller units, often blocks of 16 bytes. (Even if you request a smaller amount or an amount that is not a multiple of 16 bytes, malloc may still do its work in units of 16-byte blocks.) So, if you allocate 40 bytes for ten int, there is no way to mark the memory immediately after those 40 bytes as inaccessible. The hardware provides a 4096-byte page, and it has no way to say that 40 of those bytes can be accessed and the rest cannot.

    The standard C memory management routines are not specified to prevent incorrect access. C generally is not designed to prevent your program from doing improper things. It is to help you write low-overhead programs. As part of that, it avoids the overhead of checking everything your program does. It is your job as a programmer to ensure your program is correct.

    As for the difference between your two code sequences, one of them, in overrunning the array, happened to alter data that the memory management routines use for their record keeping. When they detected this, they reported an error. The difference is likely that things happened to be arranged in memory differently between the two code sequences.