One of my classmates sent me a code and asked what was wrong with it. It was something like this:
#include <stdio.h>
#include <stdlib.h>
int main()
{
int *d_array, number, divisor_count, i, size = 1;
char answer;
d_array = (int*) malloc(size * sizeof(int));
do
{
printf("\nEnter a number: ");
scanf("%d", &number);
divisor_count = 0;
for(i = 2; i < number; i++)
if (number % i == 0) divisor_count++;
if(divisor_count == 0)
{
realloc(d_array,(size + 1) * sizeof(int));
d_array[size - 1] = number;
size++;
}
printf("\nIs there another number? y/n ");
getchar();
answer = getchar();
} while (answer == 'y');
for(i = 0; i < size - 1; i++)
printf("\n%d", d_array[i]);
return 0;
}
It's supposed to get numbers from the user and keep the ones that are prime and print them in the end. The output on my computer is something like:
Enter a number: 3
Is there another number? y/n y
Enter a number: 5
Is there another number? y/n y
Enter a number: 8
Is there another number? y/n y
Enter a number: 7
Is there another number? y/n y
Enter a number: 2
Is there another number? y/n n
4072680
5
7
2
There were other things in the code but the biggest problem is obviously not assigning the return value of realloc(). But the strange thing is, which is my question, why does this code shows the first prime number wrong and the others correct? The adress of the dynamic array possibly changes but why are the second one and the rest correct and not the first one?
Edit: Ok, the reason why I asked this was to try to understand the behaviour of realloc() in this code, if you have good resources please do share. When reallocating memory (when it is freeing the old one), does realloc() change the content of the old memory location?
This will show you a little bit about what is going on:
#include <stdio.h>
#include <stdlib.h>
void dbg_print_array(unsigned sz, const int * array, const char * label) {
fprintf(stderr, "{%s:\t%p:\t", label, array);
while (sz--) {
fprintf(stderr, " %x ", *array++);
}
fprintf(stderr, "}\n");
}
int main()
{
int *d_array, number, divisor_count, i, size = 1;
char answer;
d_array = (int*) malloc(size * sizeof(int));
dbg_print_array(size, d_array, "Initial");
do
{
printf("\nEnter a number: ");
scanf("%d", &number);
divisor_count = 0;
for(i = 2; i < number; i++)
if (number % i == 0) divisor_count++;
if(divisor_count == 0)
{
int * p;
dbg_print_array(d_array, size, "pre-realloc");
p = realloc(d_array,(size + 1) * sizeof(int));
dbg_print_array(d_array, size+1, "post-realloc (d_array)");
dbg_print_array(p, size+1, "post-realloc (p)");
d_array[size - 1] = number;
size++;
}
printf("\nIs there another number? y/n ");
getchar();
answer = getchar();
} while (answer == 'y');
for(i = 0; i < size - 1; i++)
printf("\n%d", d_array[i]);
return 0;
}
As far as why this data gets over written so soon, it is difficult to tell. Different heap allocation implementations are likely to behave very differently for this. Since the reallocation is done in such small steps (the array grows by 1 each time) realloc will be called often.
Since even though you and I may normally think of the unallocated heap space as unused the heap allocation and freeing functions do store some data there to keep up with things. Since each call to realloc reads this data and the program provided writes to data that realloc probably assumes is owned by the heap allocation routines then it may be reading something that this program has overwritten (it writes off the end of the originally allocated space each time through the loop). After reading this corrupted data realloc may make a decision based on what it read, resulting in who knows what. At this point in the program you should consider every behavior as undefined because the basic assumptions made for normal operation are no longer valid.
By examining the output of the above code you should be able to determine when realloc actually does return a different pointer than the one it was passed (my guess is to make space for the last integer read in, in your example, because malloc probably rounded up to 16 bytes for the first allocation -- also because realloc didn't abort, probably since it was never passed the invalid pointer).
The adjacent post-realloc print statements will have different addresses (first number printed for them) when realloc did not return the same pointer that it was passed.