I'm trying to understand the issues surrounding overwriting memory.\nTo this end I have the following (truncated) gdb session.\n\nThe main question is at the end and probably appears naive in the\nextreme. I'm just checking my understanding.\n\nFirst a deliberate mistake\nI apparently declare an array of pointers to int\nbut only allocate enough space for int\n\nint **pr4 = malloc(sizeof(int) * 5);\n\ngdb print pr4\n(int **) 0x602040\n\ngdb x/1xg 0x602040\n0x602040: 0x0000000000000000\n0x602048: 0x0000000000000000\n0x602050: 0x00000000 <- last int\n54: 00000000 <- padding?\n0x602058: 0x0000000000020fb1\n\nI have actually allocated enough space to store\n5*4 byte integers, I think the last 4 bytes at 54 is (64 bit)word align.\n\n***\nIs this correct?\n***\n\nI then declare and init an int and assign it's address\nto the 3rd slot of the array. This effectively overwrites the padding bytes.\n\n\nint i2 = 14;\npr4 = &i2; //address should overwrite the padding\n\ngdb print pr4\n(int **) 0x602040\n\ngdb x/1xg 0x602040\n0x602040: 0x0000000000000000\n0x602048: 0x0000000000000000\n0x602050: 0x00007fffffffe5d8 <- overwrites unallocated 4 bytes\n0x602058: 0x0000000000020fb1\n\nI can view the value and print it out\n\ngdb x/1xw 0x00007fffffffe5d8\n0x7fffffffe5d8: 0x0000000e <- pr4 i2 (14)\n\nand I can keep going\n\n....\n\nint i4 = 16;\npr4 = &i4;\n\ngdb print pr4\n(int **) 0x602040\n\ngdb x/1xg 0x602040\n0x602040: 0x0000000000000000\n0x602048: 0x0000000000000000\n0x602050: 0x00007fffffffe5d0 <- alloc'd mem stops at 602054\n0x602058: 0x00007fffffffe5d4\n0x602060: 0x00007fffffffe5d8\n\ngdbx/1xw 0x00007fffffffe5d0\n0x7fffffffe5d0: 0x0000000e <- pr4 i2 (14)\n0x7fffffffe5d4: 0x0000000d <- pr4 i3 (13)\n0x7fffffffe5d8: 0x00000010 <- pr4 i4 (16)\n\nI have now allocated 20 bytes more that I declared for.\nI can access this memory, dereference the pointer and print\nout the stored value\n\nprintf("%d\n", *pr4);\n\nIf you have got this far, kudos :-)\n\nThe question is this\n\nIt appears that I can go well beyond the allocated space and still\naccess the memory without problem, it doesn't appear to be an issue\n\nWhat *does* appear to be the issue however is that the additional memory\nI have 'stolen' may be in use by another part of the program. I have\noverwritten this memory despite not asking for it and that may cause\nproblems elsewhere. *This* appears to be the issue.\n\n***\nIs this correct\n***\n\nThank you for your indulgence.