Understanding Dangling Pointers in C Language

The most common errors related to pointers and memory management are dangling pointers. Sometimes, programmers fail to initialize pointers with a valid address, and such uninitialized pointers are called dangling pointers in C language.

Dangling pointers occur when an object is destroyed, and the pointer’s value is not modified when the object is deleted or freed from memory. In this case, the pointer points to memory that has been released. Dangling pointers may point to memory containing program code or operating system code. If we assign a value to this pointer, it will overwrite the values of program code or operating system instructions; in this case, the program will exhibit undesirable results and may even crash. If the memory is reallocated to other processes, dereferencing a dangling pointer will result in a segmentation fault.

Let’s observe the following example

In the image above, we can see that pointer 3 is a dangling pointer. Pointers 1 and 2 point to allocated objects (Object 1 and Object 2). Pointer 3 is a dangling pointer because it points to a released object.

Let’s understand dangling pointers through some C programs.

Using the free() function to release memory.

#include <stdio.h>
int main(){  int *ptr = (int *)malloc(sizeof(int));  int a = 560;  ptr = &a;  free(ptr);  return 0;}

In the code above, we created two variables, *ptr and a, where ptr is a pointer and a is an integer variable. *ptr is a pointer variable created using the malloc() function. Since we know that the malloc() function returns void, we use int * to cast the void pointer to an int pointer.

👇Click to receive👇
👉C Language Knowledge Collection

The statement int *ptr = (int *)malloc(sizeof(int)); allocates 4 bytes of memory, as shown in the image below:

The statement free(ptr) releases the memory, as shown in the image below, with a cross symbol, and the ptr pointer becomes a dangling pointer because it points to released memory.

If we assign a NULL value to ptr, then ptr will no longer point to the deleted memory. Therefore, we can say that ptr is not a dangling pointer, as shown in the image below:

Variables Going Out of Scope

When a variable goes out of scope, the pointer pointing to that variable becomes a dangling pointer.

#include<stdio.h>
int main(){  char *str;  {    char a = 'A';    str = &a;  }  // a goes out of scope  // str is now a dangling pointer  printf("%s", *str);}

In the code above, we performed the following steps:

• First, we declared the pointer variable str.

• In the inner scope, we declared a character variable. The str pointer contains the address of variable a.

• When the control flow leaves the inner scope, variable a is no longer available, so str points to released memory. This means that the str pointer becomes a dangling pointer.

Function Calls

Now, we will see how pointers can become dangling pointers when calling functions.

Let’s understand through an example.

#include <stdio.h>
int *fun(){  int y = 10;  return &y;}
int main(){  int *p = fun();  printf("%d", *p);  return 0;}

In the code above, we performed the following steps:

• First, we created pointer p in the main() function, which contains the return value of fun().

• When calling fun(), the control flow enters the context of int *fun(), and fun() returns the address of variable y.

• When the control flow returns to the context of the main() function, it means that variable y is no longer available. Therefore, we can say that pointer p is a dangling pointer because it points to released memory.

Output

Let’s illustrate how the above code works.

Let’s consider another example of a dangling pointer.

#include <stdio.h>
int *fun(){  static int y = 10;  return &y;}
int main(){  int *p = fun();  printf("%d", *p);  return 0;}

The code above is similar to the previous code, with the only difference being that variable y is static.We know that static variables are stored in global memory.

Output

Now, let’s illustrate how the above code works.

The image above shows the stack memory. First, the fun() function is called, then the control flow moves to the context of int *fun(). Since y is a static variable, it is stored in global memory; its scope is available throughout the program. When the address value is returned, the control flow returns to the context of main(). Pointer p contains the address of variable y, which is 100. When we print the value of *p, it prints the value of variable y, which is 10. Therefore, we can say that pointer p is not a dangling pointer because it contains the address of a variable stored in global memory.

Avoiding Dangling Pointer Errors

Dangling pointer errors can be avoided by initializing pointers to NULL. If a NULL value is assigned to a pointer, then the pointer will not point to released memory. Assigning a NULL value to a pointer means that the pointer does not point to any memory location.

Programmer Technical Exchange Group

Scan the code to join the group, remember to note: city, nickname, and technical direction.