Is incrementing a null pointer well-defined?

Question

There are lots of examples of undefined/unspecified behavior when doing pointer arithmetics - pointers have to point inside the same array (or one past the end), or inside t

Answer 1

The C Standard requires that no object which is created via Standard-defined means can have an address which is equal to a null pointer. Implementations may allow for the existence of objects which are not created via Standard-defined means, however, and the Standard says nothing about whether such an object might have an address which (likely because of hardware design issues) is the same as a null pointer.

If an implementation documents the existence of a multi-byte object whose address would compare equal to null, then on that implementation saying char *p = (char*)0; would make p hold a pointer to the first byte of that object [which would compare equal to a null pointer], and p++ would make it point to the second byte. Unless an implementation either documents the existence of such an object, however, or specifies that it will perform pointer arithmetic as though such an object exists, there is no reason to expect any particular behavior. Having implementation deliberately trap attempts to perform any kind of arithmetic on null pointers other than adding or subtracting zero or other null pointers can be a useful safety measure, and code that would increment null pointers for some intended useful purpose would be incompatible with it. Worse, some "clever" compilers may decide that they can omit null checks in cases on pointers that would get incremented even if they hold null, thus allowing all manner of havoc to ensue.

Answer 2

It turns out it's actually undefined. There are systems for which this is true

int *p = NULL;
if (*(int *)&p == 0xFFFF)

Therefore, ++p would trip the undefined overflow rule (turns out that sizeof(int *) == 2)). Pointers aren't guaranteed to be unsigned integers so the unsigned wrap rule doesn't apply.

Answer 3

§5.2.6/1:

The value of the operand object is modified by adding 1 to it, unless the object is of type bool [..]

And additive expressions involving pointers are defined in §5.7/5:

If both the pointer operand and the result point to elements of the same array object, or one past the last element of the array object, the evaluation shall not produce an overflow; otherwise, the behavior is undefined.