What Happens When Stack and Heap Collide

c++ c memory heap-memory stack-memory

19,621

Solution 1

In a modern languages running on a modern OS, you'll get either a stack overflow (hurray!) or malloc() or sbrk() or mmap() will fail when you try to grow the heap. But not all software is modern, so let's look at the failure modes:

If the stack grows into the heap, the typically C compiler will silently start to overwrite the heap's data structures. On a modern OS, there will be one or more virtual memory guard pages which prevent the stack from growing indefinitely. As long as the amount of memory in the guard pages is at least as large as the size of the growing procedure's activation record, the OS will guarantee you a segfault. If you're DOS running on a machine with no MMU, you're probably hosed.
If the heap grows into the stack, the operating system should always be aware of the situation and some sort of system call will fail. The implementation of malloc() almost certainly notices the failure and returns NULL. What happens after that is up to you.

I'm always amazed at the willingness of compiler writers to hope that the OS puts guard pages in place to prevent stack overflow. Of course, this trick works well until you start having thousands of threads, each with its own stack...

Solution 2

This would be platform dependent. On many platforms it actually can't happen at all (the heap and stack are allocated in different pages and ne'r the twain shall meet.

Keep in mind that the idea of the heap growing upward and the stack growing downward is only conceptual. On very small systems (like the old 8-bit micros that ran CP/M) and on some PICs and other flat memory model systems (those without an MMU nor any other virtual or protected memory support) then the heap and stack might be actually implemented this way. In that case the behavior would be undefined ... but it would almost certainly crash as soon as the code tried to return to some address on the top of the corrupted stack or follow an indirect pointer from one part of the heap to another or ...

In any event you won't see it on any modern, general purpose workstation or server. You'll hit a resource limit and get malloc failures, or you'll run into virtual memory and eventually the system will thrash itself into quivering pile of "hit the red switch."

Solution 3

In times like those it's time to turn to the sage words of Dr Egon Spengler....

Dr. Egon Spengler: There's something very important I forgot to tell you.
Dr. Peter Venkman: What?
Dr. Egon Spengler: Don't let the heap collide with the stack.
Dr. Peter Venkman: Why?
Dr. Egon Spengler: It would be bad.
Dr. Peter Venkman: I'm a little fuzzy on the whole "good/bad" thing here. What do you mean, "bad"?
Dr. Egon Spengler: Try to imagine all life as you know it stopping instantaneously and every molecule in your body exploding at the speed of light.
Dr. Ray Stantz: Total protonic reversal!
Dr. Peter Venkman: That's bad. Okay. All right, important safety tip. Thanks, Egon.

Solution 4

You get an out of memory exception or stack exception if you are lucky. If you are unlucky the program heads off into a invalid memory and either throws a bad memory exception. If you are extremely unlucky the program carries on and trashes something it shouldn't and you never know why your program failed.

Finally of course the universe may crack.

Solution 5

You will get segmentation fault or memory allocation error if stack/heap overflow occurs. Here is an example :

void recursiveFun ()
{
    static int i;
//  char *str= (char *)malloc (100);
    printf ("%d\t", i++);
    recursiveFun ();
// free (str);
}

Suppose, you call above function, it will run out of stack and program will crash. Now, remove the commented lines and call the function again, you will find segmentation fault occurs in less time than and less recursion than earlier version. [ In my test environment, Stack Overflow happened after 5237765 recursion in first case, whereas in second scenario it occured after 2616325 recursion.]

View more solutions

19,621

Author by

Soumya

program[cod]er

Updated on June 21, 2022

Comments

Soumya almost 2 years

I am curious to know what happens when the stack and the heap collide. If anybody has encountered this, please could they explain the scenario.
ATorras over 14 years

+1 MS-DOS universe have cracked but we have not seen yet the boom
AProgrammer over 14 years

Note that stack overflow can't be a C++ exception.
Preet Sangha over 14 years

@atorras - MSDOS universe won't crack until they prise the for command out of my cold dead hands :-)
plinth over 14 years

Oddly enough, the phrase I was thinking of was "dogs and cats living together"
new123456 about 13 years

Great illustration. Hopefully universed -debug frees all it's memory!
vinc17 almost 10 years

Even with a single thread, it is possible to get undetected stack-heap collision: gcc.gnu.org/ml/gcc-help/2014-07/msg00076.html (though this is rather unlikely to occur in practice, perhaps except in case of specific attacks). The GCC man page advises to use the -fstack-check flag with multi-threaded programs (and this flag also allows the collision to be detected in my example).
user3207158 over 4 years

Amazing. How come the two lines of comment play a role in program execution?
Contango about 4 years

@vinc17 This is also detected with -fsanitise=thread -g (the -g is to add line numbers). Program runs 2x to 20x slower, but it detects a boatload of threading-safety issues. Also detected with -fsanitise=address. On any issue, it prints the exact line number where it occurred. Running sample program from said link from @vinc17 under Ubuntu 18.04 + gcc 9.3.0 reveals no issue: program correct terminates immediately with a segmentation fault even if compiled witih -O3. Adding the -fsanitise=X options (above) reveals the exact line of code.
vinc17 about 4 years

@Contango With my test done with GCC 4.9.1 in 2014-07, the program terminated successfully. Now I get a segmentation fault during the GETADDR(c) before its printf, even with GCC 4.6.4 (released in 2013-04). So it seems that something has changed in the system to enable fast protection against stack-heap collision, independently from GCC (binutils? Linux kernel?). I would be interested to know. Things may also have changed in GCC, but later (2017+), so that GCC 4.6.4 is not concerned: gcc.gnu.org/legacy-ml/gcc-patches/2017-06/msg01343.html
Jens about 3 years

"The C compiler" does not overwrite anything. The program does. An important distinction.