Dangling Pointer in C: 3 Causes and How to Avoid It
A dangling pointer points to memory that has been freed or destroyed. See the 3 classic causes: free(), returning local address, and out-of-scope variables.
What is a dangling pointer?
Cause 1: Using memory after free()
#include <stdlib.h>
int *p = (int*)malloc(sizeof(int));
*p = 10;
free(p); /* memory returned to system */
*p = 20; /* DANGLING: writing to freed memory */
After free(p), the memory may be reused by the system at any moment. Writing there can corrupt other data or crash — sometimes much later, which makes this bug painful to find.
Cause 2: Returning the address of a local variable
int* getMarks() {
int marks = 85; /* lives on the stack */
return &marks; /* WARNING: address of local */
} /* marks is destroyed here! */
int main() {
int *p = getMarks(); /* p is dangling immediately */
printf("%d", *p); /* garbage or crash */
}
Cause 3: Pointer outliving a scope
int *p;
{
int x = 10;
p = &x; /* fine inside the block */
} /* x destroyed here */
printf("%d", *p); /* DANGLING */
How to avoid dangling pointers
- Set to NULL after free:
free(p); p = NULL;— later misuse crashes clearly instead of corrupting memory. - Never return &local from a function — return by value or allocate with malloc.
- Don't store addresses of shorter-lived variables in longer-lived pointers.
- If several pointers share one malloc block, NULL all of them after freeing.
Dangling vs Wild vs NULL: 10-second summary
| Pointer | Holds | Cause |
|---|---|---|
| Dangling | Address of freed/destroyed memory | free(), returning &local, scope end |
| Wild | Random garbage address | Never initialized |
| NULL | Address 0 (points to nothing) | Intentional and safe to test |
Dangling pointer क्या है?
कारण 1: free() के बाद memory use करना
#include <stdlib.h>
int *p = (int*)malloc(sizeof(int));
*p = 10;
free(p); /* memory system को वापस */
*p = 20; /* DANGLING: freed memory में लिखना */
free(p) के बाद वह memory system किसी भी समय reuse कर सकता है. वहां लिखने से दूसरा data corrupt हो सकता है या crash — कभी-कभी बहुत बाद में, इसीलिए यह bug ढूंढना मुश्किल होता है.
कारण 2: Local variable का address return करना
int* getMarks() {
int marks = 85; /* stack पर रहता है */
return &marks; /* WARNING: local का address */
} /* marks यहां destroy हो गया! */
int main() {
int *p = getMarks(); /* p तुरंत dangling है */
printf("%d", *p); /* garbage या crash */
}
कारण 3: Pointer का scope से ज़्यादा जीना
int *p;
{
int x = 10;
p = &x; /* block के अंदर ठीक है */
} /* x यहां destroy */
printf("%d", *p); /* DANGLING */
Dangling pointers से कैसे बचें
- free के बाद NULL करें:
free(p); p = NULL;— बाद की गलती memory corrupt करने की बजाय साफ crash देगी. - Function से कभी &local return न करें — value return करें या malloc से allocate करें.
- छोटी lifetime वाले variables के addresses लंबी lifetime वाले pointers में store न करें.
- अगर कई pointers एक ही malloc block share करते हैं, तो free के बाद सबको NULL करें.
Dangling vs Wild vs NULL: 10-second summary
| Pointer | रखता है | कारण |
|---|---|---|
| Dangling | Freed/destroyed memory का address | free(), &local return, scope end |
| Wild | Random garbage address | कभी initialize नहीं किया |
| NULL | Address 0 (कहीं point नहीं) | Intentional और test करने में safe |
Frequently Asked Questions
What is a dangling pointer in C?
A dangling pointer holds the address of memory that has been freed or destroyed, so dereferencing it is undefined behaviour.
What are the 3 causes of dangling pointers?
Using a pointer after free(), returning the address of a local variable from a function, and a pointer outliving the scope of the variable it points to.
How do we prevent dangling pointers?
Set the pointer to NULL immediately after free(), never return addresses of local variables, and match pointer lifetime with the memory it points to.