Develop Reference

Why would someone take an address, typecast the pointer, and then dereference it?

I ran into a weird code snippet while following an image processing guide. The language is C. What is the purpose of taking an address, casting the pointer, then dereferencing it? I am new to C, so I am unsure if this is a common practice and its purpose.
unsigned char header[];
// not sure why we are dereferencing the array then getting its address and casting it into an int pointer then dereferencing that.
int width = *(int *)&header[18];
int height = *(int *)&header[22];
int bitDepth = *(int *)&header[28];
// why not this?
int width = (int) header[18];
int height = (int) header[22];
int bitDepth = (int) header[28];

I am unsure if this is a common practice and its purpose.
Code like this is a problem.
Aliasing
The behavior of this code is not defined by the C standard because it violates the aliasing rules in C 2018 6.5 7. (Other) answers tell you what the author of the code may have intended to do, but code like this should not be used without a guarantee from the compiler that it supports this aliasing. You should avoid writing code like this.
#Eric Postpischil
Alignment
(int *)&header[18] and others risks alignment failure and undefined behavior (UB). Don't do it.
Endian
Result is endian dependent. Proceed with caution.
Rather than poorly code, use memcpy() and let the compiler emit efficient code.
// int width = *(int *)&header[18];
int width;
memcpy(&width, &header[18], sizeof width);

It seems the type of the pointer header is not int *. Maybe it has the type void * or char * or unsigned char *.
So to get an integer you need to cast the pointer to the type int * and then to dereference it to get the value pointed to by the pointer.

The type that & returns is a pointer type. In this case, it is a pointer to the 18th element of the array (17th if you start from the zeroth element).
(int *) &header[18];
(int *) is then casting the pointer type returned by & to an int pointer, or int *.
*(int *) &header[18];
The * then dereferences that int pointer, or int *, to initialize width.
Now, to answer your question:
Why the cast?
Because the type of the pointer header might not be an int *, hence the cast.

Why does the compilation fail with error: conversion to non-scalar type requested

Program:
#include <stdio.h>
#include <stdlib.h>
struct s
{
int a;
struct x
{
int b;
}*p;
};
int main()
{
struct s *a;
a=(struct s *)malloc(sizeof(struct s) * 10);
a->p=(struct x)malloc(sizeof(struct x));
return 0;
}
Error:- In function 'main': 16:41: error: conversion to non-scalar type requested a->p=(struct x)malloc(sizeof(struct x)); ^

In C, as in physics, a scalar type is a type that just has a single magnitude. Integer types, floating point types and pointer types are considered to be scalar types. structs are not scalar types.
This line
a->p=(struct x)malloc(sizeof(struct x));
attempts to cast the result of a malloc which is a pointer (a void* in fact and thus a scalar, to a struct which is not. a->p is also a pointer, having type struct s* so what the error message means is that your cast forgets the * that makes the target type a pointer type. i.e. this is what it should be:
a->p=(struct x*)malloc(sizeof(struct x));
Actually, in C, as opposed to C++ you don't need to cast void* to other pointer types, so it is better just to write
a->p=malloc(sizeof(struct x));
The main reason for this is that if you forget to include stdlib.h which is where the prototype for malloc comes from, the compiler assumes that malloc returns int which is a disaster if a pointer cannot be represented as an int. For example, modern 64 bit compilers often have 32 bit int and 64 bit pointers. Putting the cast in silences the warning that the compiler is assuming malloc returns int because you forgot stdlib.h
One final improvement: you can take sizeof of an object even if it doesn't exist yet so
a->p=malloc(sizeof *(a->p));
The compiler often knows the size of the thing a->p points to and so sets the sizeof to the right number as long as it knows the size (see "incomplete types" for an exception). Now you can modify the type of a->p without having to fix all the mallocs.

To avoid type-mismatches, allocations should follow the canonical way of
a = malloc(10 * sizeof(*a));
a->p = malloc(1 * sizeof(*a->p));
i.e. always referencing the variable being assigned to in the sizeof. Note how short this is. Note how this auto-adapts when the type of a changes. You could even drop the parentheses around the sizeof operand and the multiplication by 1.

As stated in the comments, you're attempting to assign a struct x (casted from void *) to a struct x *. You can't assign a non-pointer to a pointer.
You can avoid this by using the correct cast:
a->p=(struct x *)malloc(sizeof(struct x));
Or better yet remove the cast entirely, since you can freely cast between a void * and any non-function pointer without one:
a=malloc(sizeof(struct s) * 10);
a->p=malloc(sizeof(struct x));

Missing asterix. If the type conversion is really necessary, the statement
a->p=(struct x)malloc(sizeof(struct x)); // struct x is not a pointer
should actually be
a->p=(struct x *)malloc(sizeof(struct x));
Of course, as others have said in comments, the type conversion is inadvisable. It would also be advisable to not name the types being malloc()ed in the parameter of sizeof so the two statements in your function would be
a = malloc(sizeof(*a) * 10);
a->p = malloc(sizeof(*(a->p)));
It would also be advisable to check the result of each call of malloc() before using it, since malloc() returns NULL when it fails.
Note: if your C compiler is really a C++ compiler, a conversion of the result of malloc() would be needed. However, in standard C, the conversion is not required, and is actively discouraged.

You have a simple typo that originates from the inadvisable practice of casting malloc on the right of an assignment1.
Also you should check the return value of malloc, especially before using the pointer to member operator ->.
So I'd rather see something on the lines of
if (a = malloc(sizeof(*a) * 10)){
if (a->p = malloc(sizeof(*(a->p)))){
// Everything is allocated.
// ToDo - code here
free(a->p);
}
free(a);
}
(Note that in the evaluation of sizeof(*(a->p)) the compiler must not actually do any dereferencing, so it doesn't matter if a is valid or a->p is valid.)
1See Do I cast the result of malloc?

You should try
a->p=(struct x*)malloc(sizeof(struct x));

Why typecasting between char *ptr to int and int *ptr to char works completely fine? when they are designed to point to specific datatyped variables

I have just started learning pointers. I have some questions regarding pointers typecasting. Consider below program.
int main(){
int a = 0xff01;
char *s = &a;
char *t = (int *) &a;
printf("%x",*(int *)s);
printf(" %x",*(int *)t);
return 0;
}
The statement char *s = &a gives
warning: incompatible pointer conversion type.
But noticed that the two printf() statements works fine they give me the right output. The question is
char *t , char *s both are pointers to character type.
Why does 'C' compilers lets me to assign integer variable to char *p ? why dont they raise an error and restrict the programmer?
We have int *ptr to point to integer variables, then why do they still allow programmer to make char *ptr point to integer variable?
// Another sample code
char s = 0x02;
int *ptr = (char *)&s;
printf("%x",*(char *)ptr); // prints the right output
Why does an int *ptr made point to character type? it works. why compiler dont restrict me?
I really think this leads me to confusion. If the pointer types are interchangeable with a typecast then what is the point to have two different pointers char *ptr , int *ptr ?
when we could retrieve values using (int *) or (char *).
All pointers are of same size 4bytes(on 32bite machine). Then one could use void pointer.
Yes people told me, void pointers always needs typecasting when retrieving values from memory. When we know the type of variable we go for that specific pointer which eliminates the use of casting.
int a = 0x04;
int *ptr = &a;
void *p = &a;
printf("%x",*ptr); // does not require typecasting.
printf("%x",*(int *)p); // requires typecasting.
Yes, I have read that back in old days char *ptrs played role of void pointers. Is this one good reason? why still compilers support typecasting between pointers? Any help is greatly appreciated.

Compiling with GCC 4.9.1 on Mac OS X 10.9.5, using this mildly modified version of your code (different definition of main() so it compiles with my preferred compiler options, and included <stdio.h> which I assume was omitted for brevity in the question — nothing critical) in file ptr.c:
#include <stdio.h>
int main(void)
{
int a = 0xff01;
char *s = &a;
char *t = (int *) &a;
printf("%x",*(int *)s);
printf(" %x",*(int *)t);
return 0;
}
I get the compilation errors:
$ gcc -O3 -g -std=c11 -Wall -Wextra -Wmissing-prototypes -Wstrict-prototypes \
-Wold-style-definition -Werror ptr.c -o ptr
ptr.c: In function ‘main’:
ptr.c:6:15: error: initialization from incompatible pointer type [-Werror]
char *s = &a;
^
ptr.c:7:14: error: initialization from incompatible pointer type [-Werror]
char *t = (int *) &a;
^
cc1: all warnings being treated as errors
$
So, both assignments are the source of a warning; my compilation options turn that into an error.
All pointers other than void * are typed; they point to an object of a particular type. Void pointers don't point to any type of object and must be cast to a type before they can be dereferenced.
In particular, char * and int * point to different types of data, and even when they hold the same address, they are not the same pointer. Under normal circumstances (most systems, most compilers — but there are probably exceptions if you work hard enough, but you're unlikely to be running into one of them)…as I was saying, under normal circumstances, the types char * and int * are not compatible because they point to different types.
Given:
int data = 0xFF01;
int *ip = &data;
char *cp = (char *)&data;
the code would compile without complaint. The int data line is clearly unexceptional (unless you happen to have 16-bit int types — but I will assume 32-bit systems). The int *ip line assigns the address of data to ip; that is assigning a pointer to int to a pointer to int, so no cast is necessary.
The char *cp line forces the compiler's hand to treat the address of data as a char pointer. On most modern systems, the value in cp is the same as the value in ip. On the system I learned C on (ICL Perq), the value of a char * address to a memory location was different from the 'anything else pointer' address to the same memory location. The machine was word-oriented, and byte-aligned addresses had extra bits set in the high end of the address. (This was in the days when the expansion of memory from 1 MiB to 2 MiB made a vast improvement because 750 KiB were used by the O/S, so we actually got about 5 times as much memory after as before for programs to use! Gigabytes and gibibytes were both fantasies, whether for disk or memory.)
Your code is:
int a = 0xff01;
char *s = &a;
char *t = (int *) &a;
Both the assignments have an int * on the RHS. The cast in the second line is superfluous; the type of &a is int * both before and after the cast. Assigning an int * to a char * is a warnable offense — hence the compiler warned. The types are different. Had you written char *t = (char *)&a;, then you would have gotten no warning from the compiler.
The printing code works because you take the char * values that were assigned to s and t and convert them back to the original int * before dereferencing them. This will usually work; the standard guarantees it for conversions to void * (instead of char *), but in practice it will normally work for anything * where anything is an object type, not a function type. (You are not guaranteed to be able to convert function pointers to data pointers and back again.)

The statement char *s = &a gives
warning: incompatible pointer conversion type.
In this case, the warning indicates a constraint violation: A compiler must complain and may refuse to compile. For initialization (btw, a declaration is not a statement), the same conversion rules as for assignment apply, and there is no implicit conversion from int * to char * (or the other way round). That is, an explicit cast is required:
char *s = (char *)&a;
Why do C compilers let me assign an integer variable to char *p? Why don’t they raise an error and restrict the programmer?
Well, you’ve got a warning. At the very least, a warning means you must understand why it is there before you ignore it. And as said above, in this case a compiler may refuse to compile.*)
We have int *ptr to point to integer variables, then why do they still allow programmer to make char *ptr point to integer variable?
Pointers to a character type are special, they are allowed to point to objects of every type. That you’re allowed to do so, doesn’t mean it’s a good idea, the cast is required to keep you from doing such a conversion accidently. For pointer-to-pointer conversions in general, see below.
int *ptr = (char *)&s;
Here, ptr is of type int *, and is initialized with a value of type char *. This is, again, a constraint violation.
printf("%x",*(char *)ptr); // prints the right output
If a conversion from a pointer to another is valid, the conversion back also is and always yields the original value.
If the pointer types are interchangeable with a typecast then what is the point to have two different pointers char *ptr, int *ptr?
Types exist to save you from errors. Casts exist to give you a way to tell the compiler that you know what you’re doing.
All pointers are of same size 4bytes(on 32bite machine). Then one could use void pointer.
That’s true for many architectures, but quite not for all the C standard addresses. Having only void pointers would be pretty useless, as you cannot really do anything with them: no arithmetic, no dereferencing.
Yes, I have read that back in old days char *ptrs played role of void pointers. Is this one good reason?
Perhaps a reason. (If a good one, is another question…)
When pointer-to-pointer conversions are allowed:
C11 (N1570) 6.3.2.3 p7
A pointer to an object type may be converted to a pointer to a different object type. If the resulting pointer is not correctly aligned×) for the referenced type, the behavior is undefined. Otherwise, when converted back again, the result shall compare equal to the original pointer. When a pointer to an object is converted to a pointer to a character type, the result points to the lowest addressed byte of the object. Successive increments of the result, up to the size of the object, yield pointers to the remaining bytes of the object.
×) In general, the concept “correctly aligned” is transitive: if a pointer to type A is correctly aligned for a pointer to type B, which in turn is correctly aligned for a pointer to type C, then a pointer to type A is correctly aligned for a pointer to type C.
Pointers to character types and pointers to void, as mentioned above, are always correctly aligned (and so are int8_t and uint8_t if they exist). There are platforms, on which a conversion from an arbitrary char pointer to an int pointer may violate alignment restrictions and cause a crash if executed.
If a converted pointer satisfies alignment requirements, this does not imply that it’s allowed to dereference that pointer, the only guarantee is that it’s allowed to convert it back to what it originally pointed to. For more information, look for strict-aliasing; in short, this means you’re not allowed to access an object with an expression of the wrong type, the only exception being the character types.
*) I don’t know the reasons in your particular case, but as an example, where it’s useful to give implementations such latitude in how to treat ill-formed programmes, see for example object-pointer-to-function-pointer conversions: They are a constraint violation (so they require a diagnostic message from the compiler) but are valid on POSIX systems (which guarantess well-defined semantics for such conversions). If the C standard required a conforming implementation to abort compilation, POSIX had to contradict ISO C (cf. POSIX dlsym for an example why these conversions can be useful), which it explicitly doesn’t intend to.

Pointers are not having any types, types described with pointer in program actually means that to which kind of data pointer is pointing. Pointers will be of same size.
When you write,
char *ptr;
it means that is is pointer to character type data and when dereferenced, it will fetch one bytes data from memory
Similarly,
double *ptr;
is pointer to double type data. So when you dereference, they will fetch 8 bytes starting from the location pointed by pointer.
Now remember that all the pointer are of 4 bytes on 32 bit machines irrespective of the type of data to which it is pointing. So if you store integer variable's address to a pointer which is pointing to character, it is completely legal and if you dereference it, it will get only one byte from memory. That is lowest byte of integer on little endian pc and highest byte of integer on big endian pc.
Now you are type casting your pointer to int type explicitly. So while dereferencing it will get while integer and print it. There is nothing wrong with this and this is how pointers work in c.
In your second example you are doing the same. Assigning address of character type variable to pointer which is pointing to integer. Again you are type casting pointer to character type so by dereference it will get only one byte from that location which is your character.
And frankly speaking, i dont know any practical usage of void pointer but as far as i know, void pointers are used when many type of data is to be dereferenced using a single pointer.
Consider that you want to store an integer variable's address to pointer. So you will declare pointer of integer type. Now later in program there is a need to store a double variable's address to pointer. So instead of declaring a new pointer you store its address in int type pointer then if you dereference using it, there will be a big problem and result in logical error which may get unnoticed by you if you have forgot to type cast it to double type. This is not case with void pointer. If you use void pointer, you have to compulsarily type cast it to particular type inorder to fetch data from memory. Otherwise compiler will show error. So in such cases using void pointer reminds you that you have to type cast it to proper type every time otherwise compiler will show you error. But no error will be shown in previous case

What is the intention/benefit of malloc returning type void *?

Knowing more C++ than C I wondered if someone could explain the reason why malloc() always returns a pointer of type void, rather than malloc having been implemented with some mechanism which allows it to return a pointer of the type the user passed in? It just seems a little "hacky" constantly explicitly casting the returned void pointer to the type you want.

Well, in C you don't have to do the cast, so your point is moot. That is, these two statements are 100% equivalent:
char *x = malloc(100);
char *y = (char *)malloc(100);
Conversions to and from void * are implicit in C. So, to address your question, the very reason malloc returns void * is so that you don't have to cast.
Besides that, in C there's no way to pass type information around, so doing something like:
char *x = malloc(100, char);
is not possible.
If you're in C++, the cast is necessary, but you shouldn't be using malloc anyway - that's what new is for, and it does handle the type information correctly.

It's not hacky at all, from C standard ISO/IEC 9899 2011, section 6.2.2.3:
A pointer to void may be converted to or from a pointer to any object type. A pointer to any object type may be converted to a pointer to void and back again; the result shall compare equal to the original pointer.
So a pointer to void* is a valid pointer to whatever type you want without the need of explicit casting.
In addition to this you can't dynamically pass a type to a function to let so that it will return the correct type, you can pass just the size itself (so malloc would be able to allocate size_t count * size_t size but not return the correctly type in any case).

C has no mechanism for "passing a type" at all. Also, in C, conversion from void* to a pointer of any other type is automatic (no cast is needed) so malloc works naturally in C. It's only in C++ where malloc requires casts to work.

There are two reasons, first, malloc doesn't know why you need memory. So it just return number of bytes asked to return. Secondly you cannot de-reference void * easily so it can help you to avoid accidents.
int *p;
p = (int *)malloc(sizeof(int)*10);

Casting void pointers

I've seen a lot of the following in older C code:
type_t *x = (type_t *) malloc(...);
What's the point of casting the pointer returned from malloc() since it's void *? Is it because older C compilers didn't support void pointers and malloc() used to return char * instead?

Your own explanation is the right one. Pre-ANSI C ('K&R' C) did not have a void * type with implicit conversion. char * doubled as a pseudo void * type, but you needed the explicit conversion of a type cast.
In modern C the casting is frowned upon because it can suppress compiler warnings for a missing prototype of malloc. In C++, the casting is needed (but there you should be using new instead of malloc most of the time).
Update
My comments below that try to explain why the cast is required were a bit unclear, I'll try to explain it better here. You might think that even when malloc returns char *, the cast is not needed because it is similar to:
int *a;
char *b = a;
But in this example a cast is also needed. The second line is a constraint violation for the simple assignment operator (C99 6.5.1.6.1). Both pointer operands need to be of compatible type. When you change this to:
int *a;
char *b = (char *) a;
the constraint violation disappears (both operands now have type char *) and the result is well-defined (for converting to a char pointer). In the 'reverse situation':
char *c;
int *d = (int *) c;
the same argument hold for the cast, but when int * has stricter alignment requirements than char *, the result is implementation defined.
Conclusion: In the pre-ANSI days the type cast was necessary because malloc returned char * and not casting results is a constraint violation for the '=' operator.

The problem here is not compatibility with any dialect of C. The problem is C++. In C++, a void pointer cannot be automatically converted to any other pointer type. So, without an explicit cast, this code would not compile with a C++ compiler.

I'm not aware that malloc ever returned a char*.
But implicit casting from void* to type_t* (or any other type) hasn't always been allowed.
Hence, the need to explicitly cast to the proper type.

What's the point of casting the pointer returned from malloc() since it's void *?
Quite the contrary. You need to cast a void pointer to an actual type before you can use it, because a void * signifies nothing about the data stored at that location.