What are segmentation faults (segfaults), and how can I identify what's causing them?

A segmentation fault (aka segfault) is a common condition that causes programs to crash; they are often associated with a file named core . Segfaults occur in the following situations:

• A program attempts to access a memory location that it is not allowed to:
  
  
  • For example, calling memset() as shown below would cause a program to segfault: memset((char *)0x0, 1, 100);
  • Segfaults also frequently occur in the use of arrays. The following three cases illustrate the most common types of array-related segfaults:
    
    

    Case A	Case B	Case C
    /* "Array out of bounds" error valid indices for array foo are 0, 1, ... 999 */ int foo[1000]; for (int i = 0; i <= 1000 ; i++) foo[i] = i;	/* Illegal memory access if value of n happens to be >= 1000 */ int n; int foo[1000]; for (int i = 0; i < n ; i++) foo[i] = i;	/* Illegal memory access because foo2 is not malloc'ed */ float *foo, *foo2; foo = (float*)malloc(1000); */ foo2[0] = 1.0;

    
    
    • In case A, the for loop would work fine till the program tries to access foo[1000]. Since the array is defined to be foo[1000] (i.e., array index = 0, 1, 2, . . . 999), the last iteration of the for loop would result in a segfault.
      
      
    • In case B, integer n could be any random value; unless it happens to be less than 1000, the code will segfault.
      
      
    • In case C, allocation of memory for variable foo2 has been overlooked, so accessing foo2[0] will likely result in a segfault.
    
    
  • Another common programming error that leads to segfaults is oversight in the use of pointers. For example, the C function scanf() expects the address of a variable as its second parameter; therefore, the following will likely cause the program to crash with a segfault: int foo = 0; scanf("%d", foo); /* Note missing & sign ; correct usage would have been &foo */

    The variable foo might be defined at memory location 1000, but the above function call would try to read integer data into memory location 0 according to the definition of foo.

• A program attempts to operate on a memory location in a way it is not allowed to:
  
  
  • For example, attempts to write a read-only location would result in a segfault.

Spotting the cause of a segfault using debuggers

Segmentation faults can be tricky to spot; this is where a debugger could come in handy. For example, you could use GNU's well-known debugger GDB to view the backtrace of a core dumped by your program; whenever programs segfault, they usually dump the content of (their section of the) memory at the time of the crash into a core file. Or you could step through the code and spot where an illegal memory access might be happening.

Before you can use debuggers to examine your code, you'll need to take several preparatory steps; first and foremost, you must use compilation flags (e.g., the  -g  option with the gcc compiler). For more information, see Within Emacs on Unix, how can I debug a C or C++ program? and Step-by-step example for using GDB within Emacs to debug a C or C++ program.

This document was developed with support from the National Science Foundation (NSF) under Grant No. 0503697 to the University of Chicago and subcontracted to Indiana University. Additional support was provided by IU through its participation in the TeraGrid, which is supported by the NSF under Grants No. 0833618, SCI451237, SCI535258, and SCI504075. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the NSF.

Comments/Questions/Corrections