5.1.18 · D5 · HinglishC Programming

Question bankCommon memory errors — null dereference, buffer overflow, use-after-free, double free, memory leak

2,024 words9 min read↑ Read in English

5.1.18 · D5 · Coding › C Programming › Common memory errors — null dereference, buffer overflow, us

Yeh bank usi vocabulary pe lean karta hai jo tumne pehle banai thi: Pointers in C, malloc and free, Stack vs Heap Memory, Undefined Behaviour, aur Strings in C and the null terminator. Agar neeche koi term unfamiliar lage, to woh link wahi hai jahan woh rehta hai.


Pehle, do counting ideas jinpe hum lean karenge

Trap questions se pehle, do chhote vocabulary pieces nail down karte hain jo answers mein use hote hain, taaki koi letter un-earned na lage.


True ya false — justify karo

free(p) se p ka value NULL ho jaata hai.
False. free address ki ek copy receive karta hai (Pointers in C se pass-by-value); tumhara variable p untouched rehta hai aur ab purane address pe dangle karta hai.
free(NULL) call karna ek bug hai jo crash karta hai.
False. C standard guarantee karta hai ki free(NULL) kuch nahi karta — exactly isliye free ke baad null karna ek safe universal habit hai.
Memory leak undefined behaviour hai.
False. Leak well-defined aur legal hai; bas memory waste karta hai. Compare karo use-after-free aur double free se, jo true Undefined Behaviour hain.
Program exit se pehle har malloc exactly ek free se match hona chahiye.
True correctness/leak-freedom ke liye. Conservation law (allocations equal frees) ke mutabiq, har block ek baar freed; OS exit pe sab reclaim karta hai, lekin long-running processes ko khud free karna padta hai.
Dangling pointer woh hota hai jo NULL ke equal ho.
False. Dangling pointer ek kabhi-valid address hold karta hai freed/expired memory ka. NULL pointer ulti problem hai — yeh purposely kahi valid nahi point karta.
Stack arrays bhi apni bounds overflow kar sakte hain.
True. Buffer overflow koi bhi out-of-bounds access hai; stack pe yeh saved return addresses clobber kar sakta hai (dekho Buffer Overflow Exploits), sirf heap blocks nahi.
char buf[8] 7-character string "welcome" safely hold kar sakta hai.
True. bytes ke buffer aur visible characters ke saath, , to string aur uska \0 exactly fit hota hai bina koi spare room ke.
Freed pointer ke through sirf padhna (likhna nahi) harmless hai.
False. Ek read use-after-free abhi bhi Undefined Behaviour hai; allocator ne block reuse kiya hoga, to tum kisi aur ka live data ya metadata padh rahe ho.
Agar program chalte dikhe, to uski memory usage correct thi.
False. Undefined Behaviour aaj sahi lagna allow hai aur kal data corrupt karna — "theek chala" kuch prove nahi karta.

Error dhundho

int *p = malloc(sizeof *p); *p = 5; free(p); free(p);
Double free. Doosra free(p) allocator ke free-list metadata ko corrupt karta hai; fix karo pehle free ke baad p = NULL; set karke. (Note karo sizeof *p portable hai — kabhi byte count hardcode mat karo jaise 4, kyunki sizeof(int) har jagah 4 nahi hota.)
char s[5]; strcpy(s, "hello");
Buffer overflow. "hello" 6 bytes hai (5 chars + \0) lekin s sirf 5 hold karta hai; \0 end se ek byte past likha jaata hai.
int *p = malloc(sizeof *p); *p = 9; (koi NULL check nahi).
Potential null dereference. Agar malloc fail hua to NULL return kiya, aur *p = 9 address 0 pe likhta hai → trap. if (!p) se guard karo.
p = malloc(100); p = malloc(200); free(p);
Pehle block ka leak. p overwrite karne se 100-byte block ka ek hi handle discard ho gaya; sirf 200-byte block free hota hai.
for (int i = 0; i <= n; i++) a[i] = 0; for int a[n].
Off-by-one overflow. Valid indices hain ; i == n array se ek element past likhta hai. Use karo i < n.
free(p); printf("%d", *p);
Use-after-free. Block free ke baad owned nahi raha; *p padhna Undefined Behaviour hai. Free ke turant baad p null karo.
char *p = malloc(10); ... return; // never freed ek loop mein.
Memory leak. Har iteration bina freeing ke allocate karta hai, to (allocations frees se aage nikal jaate hain) aur heap unbounded grow karta hai — ek server mein fatal.
int a[5]; a[5] = 0;
Buffer overflow (off-by-one). Index 5 valid range se bahar hai; end se ek bhi single write Undefined Behaviour hai.

Why questions

free ke baad pointer null karna dono use-after-free aur double free kyun khatam karta hai?
Baad mein *p ek detectable null deref ban jaata hai silent corruption ki jagah, aur free(NULL) guaranteed no-op hai, to repeated free harmlessly kuch nahi karta.
C arrays Python ki tarah automatically bounds-check kyun nahi kar sakta?
C array mein koi stored length nahi hota — ek pointer sirf ek raw address hai, to runtime ke paas compare karne ke liye koi size nahi; yahi zero supervision ki keemat hai.
Ek server mein leak aksar crash se zyada dangerous kyun hota hai?
Crash loud aur immediate hota hai; ek slow leak dino tak silently memory grow karta rehta hai jab tak OOM-killer strike nahi karta, diagnose karna mushkil hota hai aur long-lived hota hai.
free(p) p ko dangling kyun chhodta hai use clear karne ki jagah?
free ko address value ki copy milti hai; yeh block allocator ko wapas karta hai lekin tumhare variable tak reach back karke modify nahi kar sakta.
Buffer overflow classic security exploit kyun hai?
Stack buffer se past likhna saved return address overwrite kar sakta hai, jo attacker ko execution redirect karne deta hai (dekho Buffer Overflow Exploits).
malloc ka NULL return karna garbage ki jagah crash kyun karta hai?
OS page 0 ko unmapped rakhta hai, to CPU address 0 pe kisi bhi access pe trap karta hai — silent corruption ki jagah ek clean segfault.
"OS clean kar lega" freeing na karne ka bura excuse kyun hai?
Yeh sirf process exit pe true hai; ek long-running program kabhi exit tak nahi pahunchta, to uska leaked memory poore time chalte rehne par accumulate hota jaata hai.
12 bytes char buf[8] mein copy karna exactly 4 se overflow kyun karta hai?
Yahan string length hai ("hello world"), to use bytes chahiye; buffer hai, aur bytes buffer ke end se past land karte hain.

Edge cases

Kya free(NULL) safe hai?
Haan — standard ise no-op ke roop mein define karta hai, isliye null-after-free habit unconditionally safe hai.
Agar tum malloc(0) karo to kya hota hai?
Implementation-defined: yeh NULL return kar sakta hai ya ek unique non-null pointer jo tum dereference nahi kar sakte; dono cases mein tumhe abhi bhi free karna padega agar non-null ho.
Kya ek pointer dereference karna jo array ke end se ek past hai legal hai?
Nahi — one-past-end pointer banana comparison ke liye legal hai, lekin use dereference karna Undefined Behaviour hai.
Agar malloc fail ho aur NULL return kare, to kya pehle ki successful memory leak hoti hai?
Nahi — failed call ne kuch allocate nahi kiya; sirf woh blocks leak hote hain jo tumne obtain kiye aur phir unka handle kho diya.
Kya exactly full buffer (, string bytes buffer size ke equal) overflow karta hai?
Nahi — yahi tight legal case hai: characters plus \0 precisely fit hote hain, zero spare bytes ke saath.
free(p); p = NULL; ke baad, kya if (p) *p = 5; safe hai?
Haan — guard p == NULL dekhta hai (false) aur write skip karta hai, to null-after-free habit ek landmine ko no-op mein badal deti hai.
Kya ek leaked block abhi bhi Undefined Behaviour hai access karne ke liye agar tumne pointer ki copy rakhi?
Nahi — agar tumhare paas abhi bhi valid pointer hai to yeh leaked ya freed nahi hai; yeh sirf live memory hai jo tum free karna bhool gaye. Leak ka matlab hai last handle kho gaya.

Recall Har trap ki ek-line summary

free tumhare variable ko touch nahi karta; arrays apna size nahi jaante ( hold hona chahiye); free(NULL) safe hai; leaks hain aur legal-but-lethal; aur "kaam kiya" kabhi memory correctness prove nahi karta. Valgrind and AddressSanitizer jaisi tools woh pakadti hain jo aankhein miss karti hain.