What is Dangling Pointer with Cause and How to avoid it?

Dangling pointers in computer programming are pointers that pointing to a memory location that has been deleted (or freed).

Dangling pointers arise during object destruction, when an object that has an incoming reference is deleted or deallocated, without modifying the value of the pointer, so that the pointer still points to the memory location of the deallocated memory.

The system may reallocate the previously freed memory, unpredictable behavior may result as the memory may now contain completely different data.

Cause of dangling pointers

1. Return Local Variable in Function Call

#include<stdio.h>
#include<string.h>

char *getHello()  
{
    char str[10];
    strcpy(str,"Hello!");
    return(str);
}

int main()  
{
    //str falls out of scope
    //function call char *getHello() is now a dangling pointer 
    printf("%s", getHello());
}

Here we are returning an address which was a local variable (str), which would have gone out of scope by the time control was returned to the calling function.

Attempts to read from the pointer may still return the correct value (Hello!) for a while after calling function getHello, but any functions called thereafter will overwrite the stack storage allocated for str with other values and the pointer would no longer work correctly. If a pointer to str must be returned, str must have scope beyond the function—it might be declared as static.

2. Variable goes Out of Scope

#include<stdio.h>

int main()  
{
    char **strPtr;
    {
        char *str = "Hello!";
        strPtr = &str;
    }
    // str falls out of scope 
    // strPtr is now a dangling pointer 
    printf("%s", *strPtr);
}

As str character pointer is non-visible in Outer Block , then character pointer to pointer strPtr is still pointing to same invalid memory location in Outer block , then character pointer to pointer strPtr becomes "Dangling Pointer".

3. De-allocating or free variable memory

#include<stdio.h>
#include<stdlib.h>

int main()  
{
    char **strPtr;
    char *str = "Hello!";

    strPtr = &str;
    free(str);
    //strPtr now becomes a dangling pointer

    printf("%s", *strPtr);
}

Here we have declared the character pointer *str and character pointer to pointer strPtr. After assigning the address of str to strPtr we have de-allocated memory using free function. As soon as memory is de-allocated for character pointer str, character pointer to pointer strPtr becomes dangling pointer.

Avoiding dangling pointer errors

We can avoid the dangling pointer errors by initialize pointer to NULL, after de-allocating memory, so that pointer will be no longer dangling. Assigning NULL value means pointer is not pointing to any memory location.

char **strPtr;  
char *str = "Hello!";

strPtr = &str;

free (str);  /* strPtr now becomes a dangling pointer */  
ptr = NULL;   /* strPtr is no more dangling pointer */  

How dangling pointers becomes Security holes

Dangling pointer bugs frequently become security holes. For example, if the pointer is used to make a virtual function call, a different address (possibly pointing at exploit code) may be called due to the vtable pointer being overwritten. (Virtual function table or vftable is a mechanism used in a programming language to support dynamic dispatch).