Tutorial by Examples

This is an example of dereferencing a NULL pointer, causing undefined behavior. int * pointer = NULL; int value = *pointer; /* Dereferencing happens here */ A NULL pointer is guaranteed by the C standard to compare unequal to any pointer to a valid object, and dereferencing it invokes undefined...

int i = 42; i = i++; /* Assignment changes variable, post-increment as well */ int a = i++ + i--; Code like this often leads to speculations about the "resulting value" of i. Rather than specifying an outcome, however, the C standards specify that evaluating such an expression produc...

int foo(void) { /* do stuff */ /* no return here */ } int main(void) { /* Trying to use the (not) returned value causes UB */ int value = foo(); return 0; } When a function is declared to return a value then it has to do so on every possible code path through it. Undefined beh...

Per paragraph 6.5/5 of both C99 and C11, evaluation of an expression produces undefined behavior if the result is not a representable value of the expression's type. For arithmetic types, that's called an overflow. Unsigned integer arithmetic does not overflow because paragraph 6.2.5/9 applies, ca...

int a; printf("%d", a); The variable a is an int with automatic storage duration. The example code above is trying to print the value of an uninitialized variable (a was never initialized). Automatic variables which are not initialized have indeterminate values; accessing these can le...

int* foo(int bar) { int baz = 6; baz += bar; return &baz; /* (&baz) copied to new memory location outside of foo. */ } /* (1) The lifetime of baz and bar end here as they have automatic storage * duration (local variables), thus the returned pointer is not valid! */ ...

int x = 0; int y = 5 / x; /* integer division */ or double x = 0.0; double y = 5.0 / x; /* floating point division */ or int x = 0; int y = 5 % x; /* modulo operation */ For the second line in each example, where the value of the second operand (x) is zero, the behaviour is undefine...

A a pointer to a piece of memory containing n elements may only be dereferenced if it is in the range memory and memory + (n - 1). Dereferencing a pointer outside of that range results in undefined behavior. As an example, consider the following code: int array[3]; int *beyond_array = array + 3; ...

A wide variety of standard library functions have among their effects copying byte sequences from one memory region to another. Most of these functions have undefined behavior when the source and destination regions overlap. For example, this ... #include <string.h> /* for memcpy() */ ch...

C11 Reading an object will cause undefined behavior, if the object is1: uninitialized defined with automatic storage duration it's address is never taken The variable a in the below example satisfies all those conditions: void Function( void ) { int a; int b = a; } 1 (Quo...

C11 C11 introduced support for multiple threads of execution, which affords the possibility of data races. A program contains a data race if an object in it is accessed1 by two different threads, where at least one of the accesses is non-atomic, at least one modifies the object, and program seman...

Even just reading the value of a pointer that was freed (i.e. without trying to dereference the pointer) is undefined behavior(UB), e.g. char *p = malloc(5); free(p); if (p == NULL) /* NOTE: even without dereferencing, this may have UB */ { } Quoting ISO/IEC 9899:2011, section 6.2.4 §2: ...

In this code example, the char pointer p is initialized to the address of a string literal. Attempting to modify the string literal has undefined behavior. char *p = "hello world"; p[0] = 'H'; // Undefined behavior However, modifying a mutable array of char directly, or through a poin...

Freeing memory twice is undefined behavior, e.g. int * x = malloc(sizeof(int)); *x = 9; free(x); free(x); Quote from standard(7.20.3.2. The free function of C99 ): Otherwise, if the argument does not match a pointer earlier returned by the calloc, malloc, or realloc function, or if the sp...

Using an incorrect format specifier in the first argument to printf invokes undefined behavior. For example, the code below invokes undefined behavior: long z = 'B'; printf("%c\n", z); Here is another example printf("%f\n",0); Above line of code is undefined behavior. %...

The following might have undefined behavior due to incorrect pointer alignment: char *memory_block = calloc(sizeof(uint32_t) + 1, 1); uint32_t *intptr = (uint32_t*)(memory_block + 1); /* possible undefined behavior */ uint32_t mvalue = *intptr; The undefined behavior happens as the pointer...

The following code has undefined behavior: char buffer[6] = "hello"; char *ptr1 = buffer - 1; /* undefined behavior */ char *ptr2 = buffer + 5; /* OK, pointing to the '\0' inside the array */ char *ptr3 = buffer + 6; /* OK, pointing to just beyond */ char *ptr4 = buffer + 7; /* un...

int main (void) { const int foo_readonly = 10; int *foo_ptr; foo_ptr = (int *)&foo_readonly; /* (1) This casts away the const qualifier */ *foo_ptr = 20; /* This is undefined behavior */ return 0; } Quoting ISO/IEC 9899:201x, section 6.7.3 §2: If an attempt i...

The %s conversion of printf states that the corresponding argument a pointer to the initial element of an array of character type. A null pointer does not point to the initial element of any array of character type, and thus the behavior of the following is undefined: char *foo = NULL; printf(&quo...

extern int var; static int var; /* Undefined behaviour */ C11, §6.2.2, 7 says: If, within a translation unit, the same identifier appears with both internal and external linkage, the behavior is undefined. Note that if an prior declaration of an identifier is visible then it'll have the pri...