Compile and run program without main() in C

Question

I'm trying to compile and run following program without main() function in C. I have compiled my program using the following command.

gcc -nostartfiles nomain.c

And compiler gives warning

/usr/bin/ld: warning: cannot find entry symbol _start; defaulting to 0000000000400340

Ok, No problem. then, I have run executable file(a.out), both printf statements print successfully, and then get segmentation fault.

So, my question is, Why segmentation fault after successfully execute print statements?

my code:

#include <stdio.h>

void nomain()
{
        printf("Hello World...\n");
        printf("Successfully run without main...\n");
}

output:

Hello World...
Successfully run without main...
Segmentation fault (core dumped)

Note:

Here, -nostartfiles gcc flag prevents the compiler from using standard startup files when linking

Answer 1

Let's have a look at the generated assembly of your program:

.LC0:
        .string "Hello World..."
.LC1:
        .string "Successfully run without main..."
nomain:
        push    rbp
        mov     rbp, rsp
        mov     edi, OFFSET FLAT:.LC0
        call    puts
        mov     edi, OFFSET FLAT:.LC1
        call    puts
        nop
        pop     rbp
        ret

Note the ret statement. Your program's entry point is determined to be nomain, all is fine with that. But once the function returns, it attempts to jump into an address on the call stack... that isn't populated. That's an illegal access and a segmentation fault follows.

A quick solution would be to call exit() at the end of your program (and assuming C11 we might as well mark the function as _Noreturn):

#include <stdio.h>
#include <stdlib.h>

_Noreturn void nomain(void)
{
    printf("Hello World...\n");
    printf("Successfully run without main...\n");
    exit(0);
}

In fact, now your function behaves pretty much like a regular main function, since after returning from main, the exit function is called with main's return value.

Answer 2

In C, when functions/subroutines are called the stack is populated as (in the order):

1. The arguments,
2. Return address,
3. Local variables, --> top of the stack

main() being the start point, ELF structures the program in such a way that whatever instructions comes first would get pushed first, in this case printfs are.

Now, program is sort of truncated without return-address OR __end__ and infact it assumes that whatever is there on the stack at that(__end__) location is the return-address, but unfortunately its not and hence it crashes.