Next: Pointer-Integer Conversion, Previous: Pointer Increment/Decrement, Up: Pointers [Contents][Index]
Pointer arithmetic is clean and elegant, but it is also the cause of a major security flaw in the C language. Theoretically, it is only valid to adjust a pointer within one object allocated as a unit in memory. However, if you unintentionally adjust a pointer across the bounds of the object and into some other object, the system has no way to detect this error.
A bug which does that can easily result in clobbering part of another
object. For example, with array[-1] you can read or write the
nonexistent element before the beginning of an array—probably part
of some other data.
Combining pointer arithmetic with casts between pointer types, you can create a pointer that fails to be properly aligned for its type. For example,
int a[2]; char *pa = (char *)a; int *p = (int *)(pa + 1);
gives p a value pointing to an “integer” that includes part
of a[0] and part of a[1]. Dereferencing that with
*p can cause a fatal SIGSEGV signal or it can return the
contents of that badly aligned int (see Signals. If it
“works,” it may be quite slow. It can also cause aliasing
confusions (see Aliasing).
Warning: Using improperly aligned pointers is risky—don’t do it unless it is really necessary.