Search code examples
csegmentation-faultcallocdynamic-allocation

Calloc causing segmentation fault

Here is my code:

#include <stdio.h>
#include <stdlib.h>

int main(){
int n=10;
char *s= calloc(2,sizeof(char));
sprintf(s,"%d",n);
printf(s);
return 0;
}

The intent is to assing 2 digit number to a (char *). when I run the code, I get segmentation fault. Outout from valgrind is- 

==18540== Command: ./test
==18540== 
==18540== Conditional jump or move depends on uninitialised value(s)
==18540==    at 0x366C06F397: _IO_str_init_static_internal (in /lib64/libc-2.5.so)
==18540==    by 0x366C063C8A: vsprintf (in /lib64/libc-2.5.so)
==18540==    by 0x366C04D677: sprintf (in /lib64/libc-2.5.so)
==18540==    by 0x4004FC: main (test.c:8)
==18540== 
==18540== Conditional jump or move depends on uninitialised value(s)
==18540==    at 0x366C06E37B: _IO_default_xsputn (in /lib64/libc-2.5.so)
==18540==    by 0x366C043D38: vfprintf (in /lib64/libc-2.5.so)
==18540==    by 0x366C063C98: vsprintf (in /lib64/libc-2.5.so)
==18540==    by 0x366C04D677: sprintf (in /lib64/libc-2.5.so)
==18540==    by 0x4004FC: main (test.c:8)
==18540== 
==18540== Conditional jump or move depends on uninitialised value(s)
==18540==    at 0x366C06F20A: _IO_str_overflow (in /lib64/libc-2.5.so)
==18540==    by 0x366C06E3E3: _IO_default_xsputn (in /lib64/libc-2.5.so)
==18540==    by 0x366C043D38: vfprintf (in /lib64/libc-2.5.so)
==18540==    by 0x366C063C98: vsprintf (in /lib64/libc-2.5.so)
==18540==    by 0x366C04D677: sprintf (in /lib64/libc-2.5.so)
==18540==    by 0x4004FC: main (test.c:8)
==18540== 
==18540== Use of uninitialised value of size 8
==18540==    at 0x366C06F241: _IO_str_overflow (in /lib64/libc-2.5.so)
==18540==    by 0x366C06E3E3: _IO_default_xsputn (in /lib64/libc-2.5.so)
==18540==    by 0x366C043D38: vfprintf (in /lib64/libc-2.5.so)
==18540==    by 0x366C063C98: vsprintf (in /lib64/libc-2.5.so)
==18540==    by 0x366C04D677: sprintf (in /lib64/libc-2.5.so)
==18540==    by 0x4004FC: main (test.c:8)
==18540== 
==18540== Invalid write of size 1
==18540==    at 0x366C06F241: _IO_str_overflow (in /lib64/libc-2.5.so)
==18540==    by 0x366C06E3E3: _IO_default_xsputn (in /lib64/libc-2.5.so)
==18540==    by 0x366C043D38: vfprintf (in /lib64/libc-2.5.so)
==18540==    by 0x366C063C98: vsprintf (in /lib64/libc-2.5.so)
==18540==    by 0x366C04D677: sprintf (in /lib64/libc-2.5.so)
==18540==    by 0x4004FC: main (test.c:8)
==18540==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==18540==
Solution

  • You allocate space for just 2 chars and then put the string '10\0' which needs another char to hold the null/0 terminating character. So you need to allocate 3 chars for this particular example to work.

    Read up C Strings for full details.