Returning pointers in functions

Question

Is the following code legal?

char* randomMethod1() {
    char* ret = "hello";
    return ret;
}

and this one?

char* randomMethod2() {
    char* ret = new char[10];

    for (int i = 0; i < 9; ++i) {
        ret[i] = (char)(65 + i);
    }

    ret[9] = '\0';

    return ret;
}

I'd say the first one is legal, as what you are actually doing is returning a pointer to a string literal that I think is loaded from the string table of the program. However, I'd say the second is not. I'd say in the second method you are allocating memory on the stack, which as soon as you leave the function, might be used by another method, turning to trash the pointer you are returning. How is that it really works?

edit: Ok, here is the disassembled code. Could anyone explain me how can I see it is being allocated on the heap?

char* randomMethod2() {
000536E0  push        ebp  
000536E1  mov         ebp,esp 
000536E3  sub         esp,0E4h 
000536E9  push        ebx  
000536EA  push        esi  
000536EB  push        edi  
000536EC  lea         edi,[ebp-0E4h] 
000536F2  mov         ecx,39h 
000536F7  mov         eax,0CCCCCCCCh 
000536FC  rep stos    dword ptr es:[edi] 
    char* ret = new char[10];
000536FE  push        0Ah  
00053700  call        operator new (511E0h) 
00053705  add         esp,4 
00053708  mov         dword ptr [ebp-0E0h],eax 
0005370E  mov         eax,dword ptr [ebp-0E0h] 
00053714  mov         dword ptr [ret],eax 

    for (int i = 0; i < 9; ++i) {
00053717  mov         dword ptr [i],0 
0005371E  jmp         randomMethod2+49h (53729h) 
00053720  mov         eax,dword ptr [i] 
00053723  add         eax,1 
00053726  mov         dword ptr [i],eax 
00053729  cmp         dword ptr [i],9 
0005372D  jge         randomMethod2+5Fh (5373Fh) 
        ret[i] = (char)(65 + i);
0005372F  mov         eax,dword ptr [i] 
00053732  add         eax,41h 
00053735  mov         ecx,dword ptr [ret] 
00053738  add         ecx,dword ptr [i] 
0005373B  mov         byte ptr [ecx],al 
    }
0005373D  jmp         randomMethod2+40h (53720h) 

    ret[9] = '\0';
0005373F  mov         eax,dword ptr [ret] 
00053742  mov         byte ptr [eax+9],0 

    return ret;
00053746  mov         eax,dword ptr [ret] 
}
00053749  pop         edi  
0005374A  pop         esi  
0005374B  pop         ebx  
0005374C  add         esp,0E4h 
00053752  cmp         ebp,esp 
00053754  call        @ILT+320(__RTC_CheckEsp) (51145h) 
00053759  mov         esp,ebp 
0005375B  pop         ebp  
0005375C  ret

Answer 1

Both are legal. In the second one, you are not allocating memory from the stack. You are using new and it allocates memory from the heap. If you don't free the pointer returned from the second method using delete, you'll have a memory leak.

By the way, stack allocated arrays are declared like this:

char x[10]; // note that there's no `new`.

Update:

This line calls operator new which allocates memory from the heap and initializes the object.

00053700  call        operator new (511E0h)

Answer 2

In fact both are legal. In the second case you allocate memory in heap, not on stack. This line:

00053700  call        operator new (511E0h)

is a call to operator new which is responsible for memory allocation.

Allocation on stack like this:

char* randomMethod2() {
    char ret[10];
    ....
    return ret;
}

would indeed lead to undefined behaviour.

However don't forget that in the first case an attempt to modify memory through the returned pointer would also cause undefined behaviour. And in the second case the caller is responsible for freeing memory (calling delete[]).

Answer 3

I think both are legal! Memory allocated by new is valid till we call delete explicitly or the program itself dies!

Answer 4

Both are legal. But, in my opinion the first can cause quite a bit of head scratching. And semantically, it's quite different from the second.

The first

It's a string literal and it will survive outside of the function and it's valid for the entire duration of the program therefore it's declared on the heap.

My initial reaction to the first method was wrong. I had thought that it was declared on the stack since it's a local variable but that's not accurate. Since it's a string literal, it's value is stored on the heap. However, the pointer you created and are returning from the function is on the stack.

The second

The second is declaring memory on the heap via new, but you must be sure to explicitly free it later using delete to avaoid a memory leak. The memory is not valid after free is called.

Yes, every call to new allocates memory on the heap, not the stack.

Edit: Updated based on Pete's comment below and this question.

Answer 5

With quite a modern compiler first should not compile (or at least give a warning) a fixed version would be:

const char* randomMethod1() {
    const char* ret = "hello";
    return ret;
}

As "hello" is a constant (in static init space) it's address is fine to use (but as read-only). The second example is perfectly legal: you can pass around (and use!) a pointer allocated with new until delete is called on it. In this case think that you have to use delete [] (with bracket operators as you allocated an array)

Answer 6

Both are allocating variables on the heap so when you return control from function both pointer will be alive.

In second function

00053700 call operator new (511E0h)

is calling new to allocate the memory space.

Second would be illegal if you will free ret using delete[] ret before returning the control;

To allocate variable on heap you have to write like : int ret[10]; now you can't return pointer ret because it will be destroyed in in end of function.