Click here to Skip to main content
12,763,796 members (38,425 online)
Click here to Skip to main content

Tagged as


61 bookmarked
Posted 3 May 2012

Dangling Pointers: Pathology, Prevention and Cure

, 11 Nov 2012 CPOL
Dangling pointers were a problem in the past, but nowadays we'll find none, right? Guess again...
// DanglingPointer.cpp : Defines the entry point for the console application.

#include "stdafx.h"

// Interface.
struct I
    virtual bool IsAlive() = 0;
    virtual double foo(int i, double d) = 0;
    virtual ~I() { };

// Class, that implements that interface, and adds a few things. 
class X : public I
    int a;
    double y;
    virtual bool IsAlive() { return true; } 
    virtual double foo(int i, double d) { return i * d; }
    double multiply() { return a * y; }  
    X() { a = 789; y = 3.1313; } 
    ~X() { a = 1; y = 2.0; } 

void test(X *pX)
    I *pI = pX;
    printf("pX (a.k.a pI) is %s; the size of X is %d bytes; the int takes %d, the double %d, and the vtable pointer %d.\n", 
        pI->IsAlive() ? "alive": "dead", 
        sizeof X, sizeof (int), sizeof (double), sizeof (void *) ); 
    pX->a = 123;
    pX->y = 0.321;
#if _MSC_VER < 1300
    printf("pI->foo address is %p\n", pI->foo);
    printf("I::foo address is %p\n", &I::foo);
    printf("pI->foo(%d, %f) = %f\n", 3, 5.05, pI->foo(3, 5.05));
    delete pX; 
    // NOW X IS DANGLING! It was deleted! If you try to use it, the program will crash, right? (Wrong).
    // The next line should crash, shouldn't it?
    printf("Not crashed yet: pX->a is %d (0x%X), pX->y is %e (0x%I64X)\n", pX->a, pX->a, pX->y, pX->y); 
    // Well, then this will crash the program...
    pX->y = 111.222333; 
    printf("Still not crashed; pX->y is %f\n", pX->y);
    // Still pointing to the same address.
#if _MSC_VER < 1300
    printf("pX->foo address is %p\n", pX->foo);
    printf("X::foo address is %p\n", &X::foo);                     
    pX->a = 2;
    // Lookee, lookee! Calling a method on a dangling pointer!
    printf("pX->multiply() returned %f. Are we crashing yet?\n", pX->multiply());
    // Get a zombie! This syntax skips the vtable.                              
    printf("pX is %s.\n", pX->X::IsAlive() ? "UNDEAD!": "dead"); 
    // In order to make it really crash, uncomment the next printf() call. 
    // The vtable pointer is now 0xDDDDdddd in VC6, and some other invalid value in VC2008, 
    // which make the program crash when looking for IsAlive() in the vtable. 
    // printf("pI is %s.\n", pI->IsAlive() ? "alive": "dead"); 

int main(int argc, char* argv[])
    test(new X);
	return 0;

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

Pablo Aliskevicius
Software Developer (Senior)
Israel Israel
Pablo writes code for a living, in C++, C#, and SQL.

To make all that work easier, he uses some C++ libraries: STL, ATL & WTL (to write Windows applications), and code generation.

Pablo was born in 1963, got married in 1998, and is the proud father of two wonderful girls.

Favorite quotes:
"Accident: An inevitable occurrence due to the action of immutable natural laws." (Ambrose Bierce, "The Devil's Dictionary", published in several newspapers between 1881 and 1906).
"You are to act in the light of experience as guided by intelligence" (Rex Stout, "In the Best Families", 1950).

You may also be interested in...

Permalink | Advertise | Privacy | Terms of Use | Mobile
Web02 | 2.8.170217.1 | Last Updated 11 Nov 2012
Article Copyright 2012 by Pablo Aliskevicius
Everything else Copyright © CodeProject, 1999-2017
Layout: fixed | fluid