Crash or "segmentation fault" when data is copied/scanned/read to an uninitialized pointer

A pointer is a special type of variable, which can only contain an address of another variable. It cannot contain any data. You cannot "copy/store data into a pointer" - that doesn't make any sense. You can only set a pointer to point at data allocated elsewhere.

This means that in order for a pointer to be meaningful, it must always point at a valid memory location. For example it could point at memory allocated on the stack:

{
  int data = 0;
  int* ptr = &data;
  ...
}

Or memory allocated dynamically on the heap:

int* ptr = malloc(sizeof(int));

It is always a bug to use a pointer before it has been initialized. It does not yet point at valid memory.

These examples could all lead to program crashes or other kinds of unexpected behavior, such as "segmentation faults":

/*** examples of incorrect use of pointers ***/

// 1.
int* bad;
*bad = 42;

// 2.
char* bad;
strcpy(bad, "hello");

Instead, you must ensure that the pointer points at (enough) allocated memory:

/*** examples of correct use of pointers ***/

// 1.
int var;
int* good = &var;
*good = 42;

// 2.
char* good = malloc(5 + 1); // allocates memory for 5 characters *and*  the null terminator
strcpy(good, "hello");

Note that you can also set a pointer to point at a well-defined "nowhere", by letting it point to NULL. This makes it a null pointer, which is a pointer that is guaranteed not to point at any valid memory. This is different from leaving the pointer completely uninitialized.

int* p1 = NULL; // pointer to nowhere
int* p2;        // uninitialized pointer, pointer to "anywhere", cannot be used yet

Yet, should you attempt to access the memory pointed at by a null pointer, you can get similar problems as when using an uninitialized pointer: crashes or segmentation faults. In the best case, your system notices that you are trying to access the address null and then throws a "null pointer exception".

The solution for null pointer exception bugs is the same: you must set the pointer to point at valid memory before using it.


Further reading:

Pointers pointing at invalid data
How to access a local variable from a different function using pointers?
Can a local variable's memory be accessed outside its scope?

Segmentation fault and causes
What is a segmentation fault?
Why do I get a segmentation fault when writing to a string initialized with "char *s" but not "char s[]"?
What is the difference between char s[] and char *s?
Definitive List of Common Reasons for Segmentation Faults
What is a bus error?


  1. Pointers only point to a memory location. You created a pointer but you did not bind to a memory location yet. strcpy wants you to pass two pointers (first one mustn't be constant) that point to two character arrays like this signature:

    char * strcpy ( char * destination, const char * source );
    

    sample usage:

    char* ptr = malloc(32);  
    strcpy(ptr, "hello world");
    
    char str[32];  
    strcpy(str, "hello world");
    
  2. You can try the following code snippet to read string until reaching newline character (*you can also add other whitespace characters like "%[^\t\n]s"(tab, newline) or "%[^ \t\n]s" (space, tab, newline)).

    char *ptr = malloc(32);
    scanf("%31[^\n]", ptr);
    

    (In real life, don't forget to check the return value from scanf()!)


One situation that frequently occurs while learning C is trying to use single quotes to denote a string literal:

char ptr[5];
strcpy(ptr, 'hello'); // crash here!
//            ^     ^   because of ' instead of "

In C, 'h' is a single character literal, while "h" is a string literal containing an 'h' and a null terminator \0 (that is, a 2 char array). Also, in C, the type of a character literal is int, that is, sizeof('h') is equivalent to sizeof(int), while sizeof(char) is 1.

char h = 'h';
printf("Size: %zu\n", sizeof(h));     // Size: 1
printf("Size: %zu\n", sizeof('h'));   // likely output: Size: 4