Crash or "segmentation fault" when data is copied/scanned/read to an uninitialized pointer

This question is meant to be used as reference for all frequently asked questions of the nature:

Why do I get a mysterious crash or "segmentation fault" when I copy/scan data to the address where an uninitialised pointer points to?

For example:

char* ptr;
strcpy(ptr, "hello world"); // crash here!

or

char* ptr;
scanf("%s", ptr); // crash here!

A pointer is a special type of variable, which can only contain an address of another variable. It cannot contain any data. You cannot "copy/store data into a pointer" - that doesn't make any sense. You can only set a pointer to point at data allocated elsewhere.

This means that in order for a pointer to be meaningful, it must always point at a valid memory location. For example it could point at memory allocated on the stack:

{
  int data = 0;
  int* ptr = &data;
  ...
}

Or memory allocated dynamically on the heap:

int* ptr = malloc(sizeof(int));

It is always a bug to use a pointer before it has been initialized. It does not yet point at valid memory.

These examples could all lead to program crashes or other kinds of unexpected behavior, such as "segmentation faults":

/*** examples of incorrect use of pointers ***/

// 1.
int* bad;
*bad = 42;

// 2.
char* bad;
strcpy(bad, "hello");

Instead, you must ensure that the pointer points at (enough) allocated memory:

/*** examples of correct use of pointers ***/

// 1.
int var;
int* good = &var;
*good = 42;

// 2.
char* good = malloc(5 + 1); // allocates memory for 5 characters *and*  the null terminator
strcpy(good, "hello");

---

Note that you can also set a pointer to point at a well-defined "nowhere", by letting it point to NULL. This makes it a null pointer, which is a pointer that is guaranteed not to point at any valid memory. This is different from leaving the pointer completely uninitialized.

int* p1 = NULL; // pointer to nowhere
int* p2;        // uninitialized pointer, pointer to "anywhere", cannot be used yet

Yet, should you attempt to access the memory pointed at by a null pointer, you can get similar problems as when using an uninitialized pointer: crashes or segmentation faults. In the best case, your system notices that you are trying to access the address null and then throws a "null pointer exception".

The solution for null pointer exception bugs is the same: you must set the pointer to point at valid memory before using it.

---

Further reading:

Pointers pointing at invalid data
https://stackoverflow.com/questions/4570366/pointer-to-local-variable
https://stackoverflow.com/questions/6441218/can-a-local-variables-memory-be-accessed-outside-its-scope

Segmentation fault and causes
https://stackoverflow.com/questions/2346806/what-is-segmentation-fault
https://stackoverflow.com/questions/164194/why-do-i-get-a-segmentation-fault-when-writing-to-a-string-initialized-with-cha
https://stackoverflow.com/questions/1704407/what-is-the-difference-between-char-s-and-char-s-in-c
https://stackoverflow.com/questions/33047452/definitive-list-of-common-reasons-for-segmentation-faults
https://stackoverflow.com/questions/212466/what-is-a-bus-error

1. Pointers only point to a memory location. You created a pointer but you did not bind to a memory location yet. strcpy wants you to pass two pointers (first one mustn't be constant) that point to two character arrays like this signature:

    char * strcpy ( char * destination, const char * source );
   

###sample usage:

    char* ptr = malloc(32);  
    strcpy(ptr, "hello world");

 <!-- -->
   
    char str[32];  
    strcpy(str, "hello world");

1. You can try the following code snippet to read string until reaching newline character (*you can also add other whitespace characters like "%[^\t\n]s"(tab, newline) or "%[^ \t\n]s" (space, tab, newline)).

    char *ptr = malloc(32);
    scanf("%31[^\n]", ptr);
   

(In real life, don't forget to check the return value from scanf()!)

One situation that frequently occurs while learning C is trying to use single quotes to denote a string literal:

char ptr[5];
strcpy(ptr, 'hello'); // crash here!
//            ^     ^   because of ' instead of "

In C, 'h' is a single character literal, while "h" is a string literal containing an 'h' and a null terminator \0 (that is, a 2 char array). Also, in C, the type of a character literal is int, that is, sizeof('h') is equivalent to sizeof(int), while sizeof(char) is 1.

char h = 'h';
printf("Size: %zu\n", sizeof(h));     // Size: 1
printf("Size: %zu\n", sizeof('h'));   // likely output: Size: 4

This happens because you have not allocated memory for the pointer char* ptr . In this case you have to dynamically allocate memory for the pointer.

Two functions malloc() and calloc() can be used for dynamic memory allocation.

Try this code :-

char* ptr;
ptr = malloc(50); // allocate space for 50 characters.
strcpy(ptr, "hello world");

When the use of *ptr over don't forget to deallocate memory allocated for *ptr .This can be done using free() function.

free(ptr);  // deallocating memory.

Size of dynamically allocated memory can be changed by using realloc().

char *tmp = realloc(ptr, 100); // allocate space for 100 characters.
if (! tmp) {
    // reallocation failed, ptr not freed
    perror("Resize failed");
    exit(1);       
}
else {
    // reallocation succeeded, old ptr freed
    ptr = tmp;
}

In most cases "segmentation fault" happens due to error in memory allocation or array out of bound cases.

For making a modifiable copy of a string, instead of using malloc, strlen and strcpy, the POSIX C library has a handy function called strdup in <string.h> that will return a copy of the passed-in null-terminated string with allocated storage duration. After use the pointer should be released with free:

char* ptr;
ptr = strdup("hello world");
ptr[0] = 'H';
puts(ptr);
free(ptr);