Segmentation Fault doesn't come up immediately after accessing out-of-bound memory

Question

I wrote this piece of code and was expecting a segmentation fault quicly, but it seems I am allowed to access pieces of memory I shouldn\'t be able to.

#inc         


        

Answer 1

Accessing array out of bound will cause undefined behavior. You are seeing this at i=1000

Check this link: How dangerous is it to access an array out of bounds?

Answer 2

When you're using out-of-bound memory, you'll be facing Undefined behavior. You cannot define something called Undefined behavior.

In your case, it is happening at i = 1000s, in others' case it may very well happen at i=347 or so..

Segmentation fault is the result of accessing memory outside the allowed stack address space of your program. it may run properly and surprise you with apparent proper working if you finish your execution within that memory range. an out-of-bound access may produce vaild memory access till the point you're not crossing the stack memory region.

Consider yourself lucky if you get a segmentation fault, because that tells you, something's wrong. Otherwise, you have no idea of the resulting horror.

^{Note: as a suggestion, the question title should be changed to .. comes up very late or something simmilar}

Answer 3

Accessing beyond the end of an array is undefined behaviour. Anything may happen. It may work, it may fail, it may reformat your hard drive or it might post questions on stack overflow.

Sometimes it seg faults

Answer 4

You are accessing outside the boundaries of tab, but you are still in your own stack space (probably because a stack frame is larger than a byte). You have full read / write access on your own stack. This is in fact the reason many cracks are possible.

The segmentation fault occurs when your are going out of the bounds of you own stack. That's the moment you try to access a segment that's not yours (hence the name "segmentation fault").

Answer 5

Your array tab will be located someplace on the stack. When you print past the end of the array, you are actually printing values of other memory locations on the stack.

The reason it takes around 1000 iterations to get the seg fault is that the stack is mapped in pages, and pages are usually 4 KB in size. Once you read around 1000 ints, you are around 4000 bytes past where you should be and you have crossed over to an unmapped page. Reading from an unmapped page is what actually triggers the seg fault.

Take note that I am only explaining what happened on your system. There is no guarantee that the stack will be mapped in pages or that the pages will be 4 KB in size. Technically, you are triggering undefined behavior and anything can happen. You might find it illuminating to do printf("%p\n", &tab[i]); on each iteration and see what is the last address it prints before you get the seg fault. If I was right about the 4 KB pages, the last address you see printed will end in ffc because that will be the last 4 bytes on the page.