Hi,
Please see this:
When i make a declaration as:

char *i, j[15], *k;
and then do
sprintf( k, "print.sh %s", i );

the program works fine.

But when i change the declaration to:
char *i, *k;
and then do
sprintf( k, "print.sh %s", i );
I get a segmentation fault at the 'sprintf' statement.

The program works only when j is an array of 15. Nothing less/more

Please Note: variable j is just a dummy. I do absolutely nothing with it.
Also, i know using sprintf the way i have done is illegal. The pointer is not assigned to anything, prior to such a statement.

It may be silly but could someone please explain why this happens? Guess something to do with the way memory is allocated.

Thanks in advance!

You are trying to write to random memory as "k" has not been pointed at anything. The kernel can give you three answers...

(a) let you do it

(b) trap because you are writing to read only memory, eg the program image

(c) trap because you are writing to memory that has not been allocated to you

Well, on the above lines, i could further deduce:

1. in one case, k was pointing to stdout (dont know how!), coz its memory contents were that of my printf statement, prior to the sprintf. (Surprising!)

2. In one case, k was pointing to the string part of my sprintf statement. Hence again, it is not illegal, and the program would work. (Seems possible).

However, this kind of valid but garbage initializations seem to happen only when variable j is declared. Else, the program halts by SEGV.

But i still believe that this is a special and one-off case. Guess the same code would not work on another machine. (Mine is Solaris).

Any comments/inputs/further insight anyone?

The stack that main is using won't be untouched virgin memory, it will have been used for subroutine calls by the program's prolog, ie crt0.o (or whatever) prior to main() being called.

The memory is truely in an unknown state, but I take your point about the contents being repeatable under certain conditions. I would call it a case of deja vu.

agree . However in repeated runs, the program variables are allocated the same memory location.
Even on reading in a very large string (20 chars) and sending it to sprintf, it is surprising how there is no segmentation fault.

At some point, unless 'k' is pointing to stdout, the length of the memory should cause violation, and program should get SEGV right?

Also, if at all 'k' points to stdout, on doing a flush immediately, i should see the contents of 'k' right? coz it sould overwrite previous contents of stdout.

Try and see...?

Are you running it under gdb and see where things are really going?

You have a problem in both cases. One is being caught, the other is not.
"char *i, j[15], *k" says the following:
Point to memory and call that pointer i;
Create space in memory to hold 15 characters and call that space j;
and point to memory and call that pointer k;

When you try to do "sprintf( k, "print.sh %s", i );" you are asking the computer to stick the string "print.sh ?" in the memory location you pointed to with the pointer variable k. Your problem is that you have not allocated any space to hold the string at the pointer location of k, k is currently just pointing to some random memory location and no space has been allocated to hold anything at the memory location pointed to by k.

That is the reason it dies. The reason it doensn't die (yet) in the example where j is allocated space, is that there is at least some space allocated on the stack, and k is probably accidently pointing there, and therefor corrupting j, but not causing a segv (yet).

I suggest you go study up on the differences on *k, k[10], k[10,10] and **k. When you understand what these different forms mean, you're sysadmin will have a much better day.