Communities

Writing
Writing
Codidact Meta
Codidact Meta
The Great Outdoors
The Great Outdoors
Photography & Video
Photography & Video
Scientific Speculation
Scientific Speculation
Cooking
Cooking
Electrical Engineering
Electrical Engineering
Judaism
Judaism
Languages & Linguistics
Languages & Linguistics
Software Development
Software Development
Mathematics
Mathematics
Christianity
Christianity
Code Golf
Code Golf
Music
Music
Physics
Physics
Linux Systems
Linux Systems
Power Users
Power Users
Tabletop RPGs
Tabletop RPGs
Community Proposals
Community Proposals
tag:snake search within a tag
answers:0 unanswered questions
user:xxxx search by author id
score:0.5 posts with 0.5+ score
"snake oil" exact phrase
votes:4 posts with 4+ votes
created:<1w created < 1 week ago
post_type:xxxx type of post
Search help
Notifications
Mark all as read See all your notifications »
Users Search
Help Dashboard Sign In Sign Up
Q&A Code Reviews Meta
Q&A
Posts Tags Edits
Ask Question

Welcome to Software Development on Codidact!

Will you help us build our independent community of developers helping developers? We're small and trying to grow. We welcome questions about all aspects of software development, from design to code to QA and more. Got questions? Got answers? Got code you'd like someone to review? Please join us.

Comments on When does it not work to dereference the pointer for sizeof during malloc?

Parent

When does it not work to dereference the pointer for sizeof during malloc?

+6
−0

Background

This is kind of a subquestion to How to properly use malloc?

When allocating, there are basically two common ways of using the sizeof operator:

int *p;
p = malloc(n * sizeof *p);   // Method 1: Dereference the pointer
p = malloc(n * sizeof(int)); // Method 2: Explicitly use the type

I personally prefer method 1, because it reduces code duplication.* And the rule is pretty simple. Take whatever you have on the left of the equal sign, and add an asterisk to get the argument for sizeof. It also works for 2D or 3D:

int ***p;
p = malloc(x * sizeof *p); // Add asterisk to p
for(int i=0; i<x; i++) {
    p[i] = malloc(y * sizeof *p[i]); // Add asterisk to p[i]
    for(int j=0; j<y; j++) {
        p[i][j] = malloc(z * sizeof *p[i][j]); // Add asterisk to p[i][j]
    }
}

* In the sense that if you have multiple malloc calls where you assign to the pointer p, then if you want to change the type of the pointer, you would need to find ALL malloc calls and change them.

Array parameters

I know of one instance where it "doesn't work", and that is when you have complex parameters to functions. Like this:

void foo(int n, int32_t p[5][5]) {

But in this case, I'd say that the problem is that when arrays are declared as function arguments like that, they are not arrays. Indeed, the C syntax here is a bit strange. The equivalent declaration int32_t (*p)[5] works as expected with this rule. Because the type of p is pointer to array 5 of int32_t. In other words, I expect sizeof *p to be 20, which it also is. The solution to the above problem is to - explicitly in code or mentally in your head - introduce a temporary variable:

void foo(int n, int32_t p[5][5]) {
    int32_t (*tmp)[5];
    tmp = malloc(n * sizeof *tmp);

void pointers

I know that it does not work if you have void pointers. For example:

void *p;
p = malloc(n * sizeof *p); // Error: A void pointer cannot be dereferenced
p = malloc(sizeinbytes);   // Works fine

However, even if this isn't a very extreme and unusual case, this is indeed a pretty special case. And it's also pretty obvious that it's an exception. A C programmer should know that void pointers cannot be dereferenced. However, do note that both gcc and clang required compiling with -pedantic to warn about this.

Flexible array members

Another case is if you have a pointer to struct where the struct contains a flexible array. But although this indeed is a very valid real world use case where this approach would not work, it's also abundantly obvious that it is an exception, since the whole foundation around flexible array members is that you manually Furthermore, the rule can be shoehorned in if you want to. At least for the case where you want several instances of the struct and the flexible array equally big for each of them. Like this:

struct s {
    int x;
    char y;
    double z;
    long a[];
};

// m is how many elements the array s::a should have in each instance of s
// n is how many instances of s we want
struct s *p = malloc(n * (sizeof(*p) + m * sizeof *(p->a)));

Question

So my question is, when does this approach with just adding an asterisk to the pointer not work? I'm interested in both realistic use cases and examples created just to break this rule of thumb. Please specify if your example is a real issue or just a theoretical one.

c pointers malloc
posted almost 3 years ago
3y ago by hkotsubo‭
user card
klutt‭
1273 reputation 17 12 162 52
History
Why does this post require attention from curators or moderators?
You might want to add some details to your flag.
Why should this post be closed?

3 comment threads

"[...] because it reduces code duplication." Does it, though? (9 comments)
De-referencing void pointers (3 comments)
Typo? (2 comments)
Post
+4
−0

In addition to all the examples I gave in my answer to the linked post, all scenarios where p is a pointer to incomplete type fails. Not just the void* scenario, but also when p is a pointer to an array of incomplete type:

int (*p)[] = malloc(n * sizeof *p); // will not compile cleanly

And also when using forward-declared structs/unions:

struct fwd_declared* p;
p = malloc(n * sizeof *p); // will not compile cleanly

And when using function pointers:

void (*p)(void);
p = malloc(n * sizeof *p); // will not compile cleanly

All of these examples (including de-referencing void pointers) are invalid C as per C17 6.5.3.4:

Constraints

The sizeof operator shall not be applied to an expression that has function type or an incomplete type

Regarding "compile cleanly" please see What must a C compiler do when it finds an error?

And please note that gcc/clang are by default in a non-standard mode until you pass along -std=c17 -pedantic-errors to tell them to become conforming implementations.

These are weak arguments against using a certain malloc style though.

posted almost 3 years ago
user card
Lundin‭
8948 reputation 36 122 1027 166
History
Why does this post require attention from curators or moderators?
You might want to add some details to your flag.

1 comment thread

Nice answer. Some questions about it. (3 comments)
Nice answer. Some questions about it.
klutt‭ wrote almost 3 years ago
copy link

Nice answer!

Some questions here. Regarding allocation of forward declared structs/unions. Spontaneously, I think this looks like a really strong code smell. Am I right? It just feels like something is very wrong if you are about to allocate memory for a struct array before knowing the size of the struct. Is that really done for real? I can see how this can happen due to bad design, but I get the impression that changing the argument for sizeof is addressing the wrong problem.

The function pointer example seems like a theoretical example. My first thought was "WTF? An array of function pointers?" and it seemed very weird. Then I realized that an array of function pointers isn't very strange at all. But I do have a hard time imagining a realistic use case where a regular array would not be a better choice. And even if they do exist, they are extremely rare. Am I right?

Really nice catch though

klutt‭ wrote almost 3 years ago · edited almost 3 years ago
copy link

The first example with pointer to array with unknown size was the most confusing at first. But I guess it's about the same thing as the struct/union example. If you want to allocate an array of arrays, you do want to know the size of the array. And if you don't something is weird.

And also, would you agree that anyone who are on the level where any of these pointers you have mentioned may be a good idea to use, that person is also clever enough to realize that these are exceptions to the rule of thumb?

Lundin‭ wrote almost 3 years ago
copy link

klutt‭ All of these are artificial examples. The whole point of using forward declaration in the context of opaque types is to block the caller from knowing anything about that type - which as it happens means that they won't know the struct size either. As for dynamically allocating an array of function pointers, that sounds like a very rare scenario indeed. Arrays of function pointers are commonly used (especially in embedded systems) but almost always const and with static storage duration.