What will happen in this case of malloc and realloc

Question

malloc take some contiguous part of heap for some variable,

 -------------
|     p       |
 -------------

again malloc happens for some other pointer

 ------------- -----------------
|      P      |      S          |
 ------------- -----------------

Now realloc happens for p

 ------------------- -----------
|       p           |    S      |
 ------------------- -----------

So S space is reduced??? Does it happen?

I ran a program like this,

#include <stdio.h>
#include <stdlib.h>

int main(void)
{
int *p;
char *s;
p = malloc(sizeof(*p));
printf("1:p points to %p\n", (void *)p);
//printf("1:p points to %p\n", (void *)(p+1));
s = malloc(sizeof(*s));
printf("1:s points to %p\n", (void *)s);
p = realloc(p, sizeof(*p)*2);
printf("2:p+2 points to %p\n", (void *)(p+2));
p = realloc(p, sizeof(*p)*7);
printf("3:p points to %p\n", (void *)(p));
printf("3:p+7 points to %p\n", (void *)(p+7));//should run over s's memory
printf("2:s points to %p\n", (void *)s);
free(p);
p =  NULL;
free(s);
s =  NULL;   
return 0;
}
output:
1:p points to 0x1291010
1:s points to 0x1291030
2:p+2 points to 0x1291018
3:p points to 0x1291050 --> location of p pointed to by p is changed.
3:p+7 points to 0x129106c
2:s points to 0x1291030

So first malloc gave 0x20 = 32 bytes on its own?? 0x1291030 - 0x1291010 = 0x20 = 32 bytes.

Is it possible that if I keep increasing size of memory pointed by 'p' will lead me to s's pointed memory and then i can access s using p?

P.S

edited the question to correctly say what I wanted to say. realloc will allocate some other place in memory once the memory of s is threatened to be stomped. Its clearly visible in output.

realloc is not guaranteed to keep the original address. It will allocate a larger region elsewhere and bit-wise copy the contents of P. — StoryTeller - Unslander Monica
realloc will return a pointer to a new piece of memory (where it has copied to old contents to). The heap may reserve space after an allocation to cope with reallocs. No "bits" are allocated, only bytes and probably suitably alligned on ` 4 or 8 byte boundary. — Paul Ogilvie
You talk about realloc but in your code you use calloc, and never free your first allocation. I struggle to make sense from your reasoning. — Kami Kaze

unwind unwind · Accepted Answer · 2017-03-27T08:58:32

All of this is implementation-defined, and thus impossible to reason about in general.

The only thing that can be said is that no, of course realloc() on one pointer will never affect the memory returned by another call to malloc() or any other allocation function. This is why realloc() returns the resulting pointer, it can be different from the one you passed in.

The inner workings of malloc() and friends depends on the allocator, and there are many allocators. You can work around the standard library's if you don't agree with its choices, by using some other implementation.

Also, this:

int *p;
p = malloc(sizeof(p));

makes little sense, you're allocating the size of the pointer which is not the same as the size of the data the pointer points at (i.e. an integer). To do that, you should use:

p = malloc(sizeof *p);

Finally, while printing pointers with %p is correct, that's only correct for void * and there's no automatic conversion since the varargs system doesn't know; you should cast to void * or you get undefined behavior.

What will happen in this case of malloc and realloc

3 Answers