Question bank — Common memory errors — null dereference, buffer overflow, use-after-free, double free, memory leak
5.1.18 · D5· Coding › C Programming › Common memory errors — null dereference, buffer overflow, us
Yeh bank usi vocabulary pe lean karta hai jo tumne pehle banai thi: Pointers in C, malloc and free, Stack vs Heap Memory, Undefined Behaviour, aur Strings in C and the null terminator. Agar neeche koi term unfamiliar lage, to woh link wahi hai jahan woh rehta hai.
Pehle, do counting ideas jinpe hum lean karenge
Trap questions se pehle, do chhote vocabulary pieces nail down karte hain jo answers mein use hote hain, taaki koi letter un-earned na lage.
True ya false — justify karo
free(p) se p ka value NULL ho jaata hai.
free address ki ek copy receive karta hai (Pointers in C se pass-by-value); tumhara variable p untouched rehta hai aur ab purane address pe dangle karta hai.free(NULL) call karna ek bug hai jo crash karta hai.
free(NULL) kuch nahi karta — exactly isliye free ke baad null karna ek safe universal habit hai.Memory leak undefined behaviour hai.
Program exit se pehle har malloc exactly ek free se match hona chahiye.
Dangling pointer woh hota hai jo NULL ke equal ho.
NULL pointer ulti problem hai — yeh purposely kahi valid nahi point karta.Stack arrays bhi apni bounds overflow kar sakte hain.
char buf[8] 7-character string "welcome" safely hold kar sakta hai.
\0 exactly fit hota hai bina koi spare room ke.Freed pointer ke through sirf padhna (likhna nahi) harmless hai.
Agar program chalte dikhe, to uski memory usage correct thi.
Error dhundho
int *p = malloc(sizeof *p); *p = 5; free(p); free(p);
free(p) allocator ke free-list metadata ko corrupt karta hai; fix karo pehle free ke baad p = NULL; set karke. (Note karo sizeof *p portable hai — kabhi byte count hardcode mat karo jaise 4, kyunki sizeof(int) har jagah 4 nahi hota.)char s[5]; strcpy(s, "hello");
"hello" 6 bytes hai (5 chars + \0) lekin s sirf 5 hold karta hai; \0 end se ek byte past likha jaata hai.int *p = malloc(sizeof *p); *p = 9; (koi NULL check nahi).
malloc fail hua to NULL return kiya, aur *p = 9 address 0 pe likhta hai → trap. if (!p) se guard karo.p = malloc(100); p = malloc(200); free(p);
p overwrite karne se 100-byte block ka ek hi handle discard ho gaya; sirf 200-byte block free hota hai.for (int i = 0; i <= n; i++) a[i] = 0; for int a[n].
i == n array se ek element past likhta hai. Use karo i < n.free(p); printf("%d", *p);
free ke baad owned nahi raha; *p padhna Undefined Behaviour hai. Free ke turant baad p null karo.char *p = malloc(10); ... return; // never freed ek loop mein.
int a[5]; a[5] = 0;
Why questions
free ke baad pointer null karna dono use-after-free aur double free kyun khatam karta hai?
*p ek detectable null deref ban jaata hai silent corruption ki jagah, aur free(NULL) guaranteed no-op hai, to repeated free harmlessly kuch nahi karta.C arrays Python ki tarah automatically bounds-check kyun nahi kar sakta?
Ek server mein leak aksar crash se zyada dangerous kyun hota hai?
free(p) p ko dangling kyun chhodta hai use clear karne ki jagah?
free ko address value ki copy milti hai; yeh block allocator ko wapas karta hai lekin tumhare variable tak reach back karke modify nahi kar sakta.Buffer overflow classic security exploit kyun hai?
malloc ka NULL return karna garbage ki jagah crash kyun karta hai?
"OS clean kar lega" freeing na karne ka bura excuse kyun hai?
12 bytes char buf[8] mein copy karna exactly 4 se overflow kyun karta hai?
Edge cases
Kya free(NULL) safe hai?
Agar tum malloc(0) karo to kya hota hai?
NULL return kar sakta hai ya ek unique non-null pointer jo tum dereference nahi kar sakte; dono cases mein tumhe abhi bhi free karna padega agar non-null ho.Kya ek pointer dereference karna jo array ke end se ek past hai legal hai?
Agar malloc fail ho aur NULL return kare, to kya pehle ki successful memory leak hoti hai?
Kya exactly full buffer (, string bytes buffer size ke equal) overflow karta hai?
\0 precisely fit hote hain, zero spare bytes ke saath.free(p); p = NULL; ke baad, kya if (p) *p = 5; safe hai?
p == NULL dekhta hai (false) aur write skip karta hai, to null-after-free habit ek landmine ko no-op mein badal deti hai.Kya ek leaked block abhi bhi Undefined Behaviour hai access karne ke liye agar tumne pointer ki copy rakhi?
Recall Har trap ki ek-line summary
free tumhare variable ko touch nahi karta; arrays apna size nahi jaante ( hold hona chahiye); free(NULL) safe hai; leaks hain aur legal-but-lethal; aur "kaam kiya" kabhi memory correctness prove nahi karta. Valgrind and AddressSanitizer jaisi tools woh pakadti hain jo aankhein miss karti hain.