Dangling pointer

wild pointerdangling referenceuse-after-freeuse after freedanglingdangling referencesdeallocated memorywild reference
Dangling pointers and wild pointers in computer programming are pointers that do not point to a valid object of the appropriate type.wikipedia
81 Related Articles

Memory safety

memory-safeinvalid memorymemory-
These are special cases of memory safety violations.
Memory safety is the state of being protected from various software bugs and security vulnerabilities when dealing with memory access, such as buffer overflows and dangling pointers.

Link rot

dead linkdeadbroken links
More generally, dangling references and wild references are references that do not resolve to a valid destination, and include such phenomena as link rot on the internet.
A link that no longer points to its target, often called a broken or dead link, is a specific form of dangling pointer.

Reference (computer science)

referencereferencesHandle
More generally, dangling references and wild references are references that do not resolve to a valid destination, and include such phenomena as link rot on the internet.
References can cause significant complexity in a program, partially due to the possibility of dangling and wild references and partially because the topology of data with references is a directed graph, whose analysis can be quite complicated.

Pointer (computer programming)

pointerpointerspointer arithmetic
Dangling pointers and wild pointers in computer programming are pointers that do not point to a valid object of the appropriate type.
A pointer which does not have any address assigned to it is called a wild pointer.

Garbage collection (computer science)

garbage collectiongarbage collectorgarbage-collected
In object-oriented languages with garbage collection, dangling references are prevented by only destroying objects that are unreachable, meaning they do not have any incoming pointers; this is ensured either by tracing or reference counting.

Object resurrection

Zombie object
However, a finalizer may create new references to an object, requiring object resurrection to prevent a dangling reference.
If this happens, the referenced object – which is not necessarily the finalized object – is no longer garbage, and cannot be deallocated, as otherwise the references to it would become dangling references and cause errors when used, generally program crash or unpredictable behavior.

Segmentation fault

access violationSIGSEGVsegmentation violation
If the memory has been reallocated to another process, then attempting to dereference the dangling pointer can cause segmentation faults (UNIX, Linux) or general protection faults (Windows).
Determining the root cause – debugging the bug – can be simple in some cases, where the program will consistently cause a segmentation fault (e.g., dereferencing a null pointer), while in other cases the bug can be difficult to reproduce and depend on memory allocation on each run (e.g., dereferencing a dangling pointer).

Locks-and-keys

A similar approach was proposed by Fisher and LeBlanc under the name Locks-and-keys. Some other techniques include the tombstones method and the locks-and-keys method (see paper by Fisher & LeBlanc).
Locks-and-keys is a solution to dangling pointers in computer programming languages.

Tombstone (programming)

dummy-elementstombstonetombstone log
Some other techniques include the tombstones method and the locks-and-keys method (see paper by Fisher & LeBlanc).
Tombstones are a mechanism to detect dangling pointers that can appear in certain computer programming languages, e. g. C, C++ and assembly languages, and to act as a containment to their dangerous effects.

Object lifetime

lifetimeobject destructionobject creation
Dangling pointers arise during object destruction, when an object that has an incoming reference is deleted or deallocated, without modifying the value of the pointer, so that the pointer still points to the memory location of the deallocated memory.
Destroying an object will cause any references to the object to become invalid, and in manual memory management any existing references become dangling references.

Smart pointer

smart pointershandleshared_ptrs
Among more structured solutions, a popular technique to avoid dangling pointers in C++ is to use smart pointers.
Smart pointers also eliminate dangling pointers by postponing destruction until an object is no longer in use.

Rust (programming language)

RustRust programming languageCargo
In the language Rust, the type system has been extended to include also the variables lifetimes and resource acquisition is initialization.
The system is designed to be memory safe, and it does not permit null pointers, dangling pointers, or data races in safe code.

C (programming language)

CC programming languageC language
In many languages (e.g., the C programming language) deleting an object from memory explicitly or by destroying the stack frame on return does not alter associated pointers.
Although properly used pointers point to safe places, they can be made to point to unsafe places by using invalid pointer arithmetic; the objects they point to may continue to be used after deallocation (dangling pointers); they may be used without having been initialized (wild pointers); or they may be directly assigned an unsafe value using a cast, union, or through another corrupt pointer.

Finalizer

finalizedfinalizationobject finalization
However, a finalizer may create new references to an object, requiring object resurrection to prevent a dangling reference.
For languages without garbage collection, this is a severe bug, and causes dangling references and memory safety violations; for languages with garbage collection, this is prevented by the garbage collector, most commonly by adding another step to garbage collection (after running all user-specified finalizers, check for resurrection), which complicates and slows down garbage collection.

AddressSanitizer

KernelAddressSanitizer
Tools such as Polyspace, TotalView, Valgrind, Mudflap, AddressSanitizer, or tools based on LLVM can also be used to detect uses of dangling pointers.
AddressSanitizer (or ASan) is an open source programming tool by Google that detects memory corruption bugs such as buffer overflows or accesses to a dangling pointer (use-after-free).

Computer programming

programmingcodingprogrammable
Dangling pointers and wild pointers in computer programming are pointers that do not point to a valid object of the appropriate type.

Dereference operator

dereferencingdereferenceddereference
The system may reallocate the previously freed memory, and if the program then dereferences the (now) dangling pointer, unpredictable behavior may result, as the memory may now contain completely different data.

Undefined behavior

undefinedundefined behaviourbehaviour is undefined
The system may reallocate the previously freed memory, and if the program then dereferences the (now) dangling pointer, unpredictable behavior may result, as the memory may now contain completely different data.

Software bug

bugsbugsoftware bugs
If the program writes to memory referenced by a dangling pointer, a silent corruption of unrelated data may result, leading to subtle bugs that can be extremely difficult to find.

General protection fault

Unrecoverable Application Errorcrashgeneral protection (GP) fault
If the memory has been reallocated to another process, then attempting to dereference the dangling pointer can cause segmentation faults (UNIX, Linux) or general protection faults (Windows).

Object-oriented programming

object-orientedobject orientedobject-oriented programming language
In object-oriented languages with garbage collection, dangling references are prevented by only destroying objects that are unreachable, meaning they do not have any incoming pointers; this is ensured either by tracing or reference counting.

Reference counting

reference countreference countedreference cycle
In object-oriented languages with garbage collection, dangling references are prevented by only destroying objects that are unreachable, meaning they do not have any incoming pointers; this is ensured either by tracing or reference counting.

Null pointer

nullnil
If the operating system is able to detect run-time references to null pointers, a solution to the above is to assign 0 (null) to dp immediately before the inner block is exited.

Static variable

staticstatically allocatedStatic memory allocation
If a pointer to num must be returned, num must have scope beyond the function—it might be declared as static.