Mid-level 4 min · March 06, 2026

Function Pointers in C — NULL Crash in Embedded Firmware

Q: How do I debug a function pointer that crashes?

Use a debugger like GDB to inspect the value of the pointer before the call. If the address is 0x0, it's a NULL pointer. If it's a random high address, it's likely uninitialized. Always initialize your pointers and check them before calling to prevent these 'googable' production crashes.

Q: Can I have an array of function pointers with different signatures?

No. All elements in a C array must be of the same type. To simulate different signatures, you would typically use a 'generic' signature (like void* arguments) or wrap the function pointers in a union/struct with a type tag.

Q: Do I need the & operator to assign a function to a pointer?

Technically no. In C, a function name 'decays' to a pointer in an expression, much like an array name. `p = my_func;` and `p = &my_func;` are functionally identical, though the latter is more explicit.

Q: What is the LeetCode equivalent for practicing function pointers?

Problems involving custom sorting (using `qsort` or `std::sort` in C++) or implementing designs like a 'Min Stack' or 'LRU Cache' in C often require managing pointers to behavior. Implementing a 'Command Pattern' from scratch in C is also a standard interview challenge.

Q: How do I make function pointers thread-safe?

If multiple threads can read and write the same function pointer, use atomic operations or a mutex around reads and writes. C11 provides `atomic` types for this: `atomic TcfHandler handler;` ensures atomic loads/stores. For complex structures (dispatch tables), use RCU or copy-on-write to allow lock-free reads.

Missing config flag leaves function pointer NULL, triggering hard fault at 0x00000000.

Naren · Founder

Plain-English first. Then code. Then the interview question.

About

● Production Incident 🔎 Debug Guide

⚡Quick Answer

Function pointers store the address of a function, not the function itself
Syntax: int (ptr)(int, int) — parentheses around ptr are mandatory
Use typedef to make function pointer types readable
Callbacks allow passing a function as an argument — used in qsort, event handlers
Dispatch tables replace long switch/if-else chains with an array of function pointers
Biggest pitfall: calling a NULL function pointer causes a segfault — always check before calling

Plain-English First

Imagine you hire a contractor and instead of telling them exactly how to do every step, you hand them a card with a phone number to call when they finish a task — whoever answers decides what happens next. A function pointer is that phone number. It's not the function itself; it's the address where the function lives in memory, so you can hand it to someone else and say 'call this when you're ready.' This lets your code be flexible — the same contractor can call your plumber, your electrician, or your interior designer depending on what card you give them.

Every non-trivial C program eventually hits a wall: you need a piece of code to behave differently depending on context, but you don't want to litter your logic with a dozen if-else branches. Sort algorithms need comparison logic. Event loops need to dispatch to different handlers. Plugin systems need to call code that didn't exist when the core was compiled. In every one of these cases, function pointers are the tool C gives you — and understanding them is what separates C programmers who write clever hacks from those who write clean, extensible systems.

The problem function pointers solve is simple: in C, functions are not first-class values you can pass around the way you'd pass an integer. But their addresses are. A function pointer stores that address, which means you can store a function in a variable, pass it as an argument, return it from another function, or keep a whole table of them. This is how the C standard library's qsort works, how operating system kernels register interrupt handlers, and how game engines implement entity behavior without a class hierarchy.

By the end of this article you'll be able to declare and call function pointers without second-guessing the syntax, build a working callback system, construct a dispatch table that replaces a cascade of if-else statements, and spot the two errors that burn every developer the first time they use function pointers in production code.

Declaring and Calling a Function Pointer — Getting the Syntax Right Once and For All

The syntax for function pointers trips people up because the asterisk belongs to the name, not the return type. Read the declaration from the inside out: the name of the variable is in the middle, wrapped in parentheses with an asterisk, and the surrounding parts describe what function signature it can point to.

For a function that takes two ints and returns an int, the pointer type is: int (operation)(int, int). That parentheses around operation is mandatory — without it, int operation(int, int) is a completely different thing: a function named operation that returns int .

Once you have the pointer, calling it is straightforward. Modern C allows you to call it directly as operation(a, b) — the compiler knows it's a pointer and handles the dereference. The older explicit-dereference syntax (*operation)(a, b) also works and makes the pointer nature more obvious. Both styles are valid; pick one and be consistent within a codebase.

function_pointer_basics.cC

#include <stdio.h>

/* 
 * io.thecodeforge naming convention applied to math operations 
 * All share the signature: (int, int) -> int
 */
int tcf_add(int a, int b)      { return a + b; }
int tcf_subtract(int a, int b) { return a - b; }
int tcf_multiply(int a, int b) { return a * b; }

// Typedef makes the syntax human-readable
typedef int (*MathOperation)(int, int);

int main(void) {
    // Pointer assignment (no & required, though valid)
    MathOperation operation = tcf_add;

    printf("tcf_add(10, 4)      = %d\n", operation(10, 4));

    operation = tcf_subtract;
    printf("tcf_subtract(10, 4) = %d\n", operation(10, 4));

    operation = tcf_multiply;
    printf("tcf_multiply(10, 4) = %d\n", operation(10, 4));

    return 0;
}

Output

tcf_add(10, 4) = 14

tcf_subtract(10, 4) = 6

tcf_multiply(10, 4) = 40

Pro Tip: Always typedef your function pointer types

Writing typedef int (*MathOperation)(int, int) once means every subsequent use is just MathOperation. When this type appears in a struct, a parameter list, and a return type — and it will — you'll be very glad you did. It also makes the code self-documenting: MathOperation communicates intent far better than the raw pointer syntax.

Production Insight

In production, the most common failure is assigning a function pointer without matching the signature.

The compiler does not check the signature unless you use typedef and -Werror.

Always use typedef and compile with -Werror=incompatible-pointer-types to catch mismatches at compile time.

Key Takeaway

Read function pointer declarations inside-out: the name with the asterisk is in the middle.

Typedef your function pointer types immediately — one line that prevents entire classes of bugs.

Call syntax is flexible: ptr(args) or (*ptr)(args) — be consistent.

Callbacks — Passing Functions as Arguments the Way qsort Does

A callback is nothing more than a function pointer you pass to another function so that function can call yours at the right moment. It's the foundational pattern behind event-driven systems, custom sorting, plugin architectures, and async I/O notification.

The C standard library's qsort is the example every C programmer meets first. You hand qsort your array and a comparator — a function pointer that tells qsort how to decide which of two elements is 'less than' the other. qsort doesn't care what you're sorting or how you define order; it just calls your comparator whenever it needs to compare two elements.

Building your own callback-based API follows the same pattern. You design a function that accepts a function pointer parameter. Callers provide different functions to customize behavior. Your core logic stays untouched.

callback_pattern.cC

#include <stdio.h>
#include <stdlib.h>

namespace io_thecodeforge {

typedef struct {
    char name[32];
    int  score;
} TcfPlayer;

// Comparator for qsort: descending order
int tcf_compare_descending(const void *a, const void *b) {
    const TcfPlayer *pa = (const TcfPlayer *)a;
    const TcfPlayer *pb = (const TcfPlayer *)b;
    return pb->score - pa->score;
}

// Predicate callback type
typedef int (*TcfPredicate)(const TcfPlayer *p);

void tcf_filter_players(TcfPlayer *list, int n, TcfPredicate should_print) {
    for (int i = 0; i < n; i++) {
        if (should_print(&list[i])) {
            printf("  %s: %d\n", list[i].name, list[i].score);
        }
    }
}

int tcf_is_pro(const TcfPlayer *p) { return p->score >= 90; }

}

int main(void) {
    using namespace io_thecodeforge;
    TcfPlayer team[] = {{"Alice", 95}, {"Bob", 45}, {"Charlie", 92}};
    int n = 3;

    qsort(team, n, sizeof(TcfPlayer), tcf_compare_descending);
    
    printf("Pro Players Only:\n");
    tcf_filter_players(team, n, tcf_is_pro);

    return 0;
}

Output

Pro Players Only:

Alice: 95

Charlie: 92

Interview Gold: Why does qsort take void* parameters?

qsort was written to sort any type — ints, structs, strings. Because C has no generics, it uses void to accept a pointer to anything. Your comparator receives void and must cast to the concrete type it expects. This is safe because you know what you put in the array — the type information lives with the caller, not with qsort.

Production Insight

Callbacks in production often cause issues when the callback pointer is invalidated (e.g., after module unload).

Always manage callback lifetimes: register and deregister pairs, and use weak references if possible.

A common production bug: passing a callback from a dynamically loaded library that gets unloaded, then calling the callback — immediate segfault.

Key Takeaway

qsort demonstrates the power of callbacks: algorithms become reusable.

Callback receivers must handle NULL pointers gracefully.

Callback providers must ensure the pointer remains valid — use registration/deregistration pairs.

Dispatch Tables — Replacing if-else Chains With an Array of Function Pointers

Once you can store a function pointer in a variable, you can store them in an array. An array of function pointers is called a dispatch table (or jump table), and it's one of the most useful patterns in systems programming.

Consider a simple calculator that handles four operations. The naive approach is a chain of if-else or a switch statement. That works for four operations, but what about forty? You'd have forty branches, and adding a new operation means touching the dispatcher every single time.

A dispatch table maps an index (or enum value) directly to a function. Adding a new operation is adding one entry to the table. The dispatcher doesn't change at all.

dispatch_table.cC

#include <stdio.h>
#include <string.h>

typedef void (*TcfHandler)(const char *arg);

void tcf_log_info(const char *msg)  { printf("[INFO] %s\n", msg); }
void tcf_log_error(const char *msg) { printf("[ERROR] %s\n", msg); }

typedef struct {
    const char *cmd;
    TcfHandler action;
} TcfRoute;

static const TcfRoute routes[] = {
    {"info",  tcf_log_info},
    {"error", tcf_log_error}
};

void tcf_dispatch(const char *cmd, const char *msg) {
    for (size_t i = 0; i < 2; i++) {
        if (strcmp(routes[i].cmd, cmd) == 0) {
            routes[i].action(msg);
            return;
        }
    }
    printf("Unknown command\n");
}

int main() {
    tcf_dispatch("info", "System start");
    tcf_dispatch("error", "Disk full");
    return 0;
}

Output

[INFO] System start

[ERROR] Disk full

Pro Tip: Dispatch tables scale where switch statements don't

A switch statement with 50 cases is unreadable. A dispatch table with 50 entries is just a list — you can sort it, load it from a config file, or build it at runtime. In performance-critical code, a table lookup is often faster than a long branch chain.

Production Insight

Dispatch tables are fast, but they are static. Changing behavior at runtime requires reloading the table.

In production, ensure thread safety when the table is updated concurrently — use a mutex or RCU.

A common mistake: forgetting to terminate the table with a sentinel, causing out-of-bounds access.

Key Takeaway

Dispatch tables are the C way of doing polymorphism — map an enum to a function.

They scale linearly with the number of cases, unlike switch statements.

Always validate the index before accessing the table to avoid out-of-bounds crashes.

Function Pointers in Structs — How C Fakes Object-Oriented Design

If you put function pointers inside a struct, the struct gains behavior — it's not just data anymore. This is exactly how C++ implements virtual functions under the hood (the vtable).

This pattern works by defining a struct that holds function pointer fields. Different 'instances' can point their pointers at different implementations. Code that operates on the struct calls the function through the pointer without knowing which implementation it's talking to.

This matters because C is used where C++ isn't an option — microcontrollers and kernels. Knowing how to build a clean interface with function pointers lets you write reusable C code rather than copying logic for every new variant.

tcf_polymorphism.cC

#include <stdio.h>

typedef struct TcfLogger TcfLogger;

struct TcfLogger {
    void (*write)(const char *msg);
};

void tcf_console_write(const char *msg) { printf("Console: %s\n", msg); }
void tcf_file_write(const char *msg)    { printf("File: %s\n", msg); }

int main() {
    TcfLogger console = { tcf_console_write };
    TcfLogger file    = { tcf_file_write };

    TcfLogger *loggers[] = { &console, &file };

    for(int i = 0; i < 2; i++) {
        loggers[i]->write("TCF Polymorphism Test");
    }

    return 0;
}

Output

Console: TCF Polymorphism Test

File: TCF Polymorphism Test

Interview Gold: This is exactly how C++ vtables work

When you declare a virtual function in C++, the compiler generates a vtable (dispatch table) and a vptr (hidden pointer) in every object. Calling a virtual function is just dereferencing that pointer. Knowing this explains the 'cost' of virtual functions: one extra pointer dereference.

Production Insight

Structs with function pointers are powerful but fragile — a missing initializer leaves the pointer unset.

Always provide an init function that fills in all function pointers, or use designated initializers.

In production, consider using a const vtable pointer shared across instances to save memory.

Key Takeaway

Function pointers in structs give you polymorphism without inheritance.

Always initialize all function pointers in a struct — incomplete initialization is a time bomb.

This pattern is used in Linux device drivers, embedded RTOS, and many firmware frameworks.

State Machines with Function Pointers — Clean Event Handling Without Switch Statements

State machines are everywhere — protocol handlers, UI navigation, game states. The textbook approach uses a switch statement with a state variable. That works, but as states grow, the switch becomes a maintenance nightmare. Function pointers offer a cleaner alternative: each state is a function, and the state machine's current state pointer is a function pointer. Transitioning to a new state is as simple as reassigning the pointer.

This pattern is common in embedded systems where memory is tight and you need deterministic timing. Each state function receives events and returns the next state function pointer. The main loop simply calls the current state function in a tight loop, consuming no additional stack depth.

Implementing this avoids the risk of missing a state in a switch, keeps state logic isolated, and makes adding new states trivial — just write a new function and register it.

state_machine_fp.cC

#include <stdio.h>

typedef struct TcfEvent TcfEvent;
struct TcfEvent {
    int type;
    int data;
};

// Forward declarations of state functions
typedef void (*TcfState)(const TcfEvent *event, TcfState *next);

void tcf_state_idle(const TcfEvent *event, TcfState *next) {
    printf("Idle state\n");
    if (event->type == 1) {
        *next = tcf_state_active;
    } else {
        *next = tcf_state_idle;
    }
}

void tcf_state_active(const TcfEvent *event, TcfState *next) {
    printf("Active state\n");
    if (event->type == 2) {
        *next = tcf_state_idle;
    } else {
        *next = tcf_state_active;
    }
}

int main() {
    TcfState current = tcf_state_idle;
    TcfEvent events[] = {{1, 0}, {1, 0}, {2, 0}, {1, 0}};
    for (int i = 0; i < 4; i++) {
        current(&events[i], &current);
    }
    return 0;
}

Output

Idle state

Active state

Idle state

Pro Tip: State machine with function pointers eliminates the switch

Each state is a separate function with full visibility into its own logic. Transitions are explicit and traceable. This pattern is standard in automotive and aerospace code where state machines are large and must be verified.

Production Insight

Function pointer state machines are fast but can be tricky to debug because the call stack doesn't show a state variable.

Use a debug hook that prints the current state function name on each transition.

Watch out for infinite loops if a state function forgets to update the next pointer — the machine hangs.

Key Takeaway

State machines implemented with function pointers are cleaner than giant switch statements.

Each state is a function, transitions are pointer assignments.

Always initialize the next state before returning — unassigned next leads to a stuck state machine.

● Production incidentPOST-MORTEMseverity: high

NULL Function Pointer in Embedded Firmware

Symptom

Device crashes immediately when a specific task runs. No error message, just a reset. The crash log shows a hard fault at address 0x00000000.

Assumption

The function pointer was initialized at startup, but a code path skipped initialization under certain conditions.

Root cause

A conditional branch in the initialization code did not set the function pointer because a configuration flag was missing. The pointer remained NULL (zero). When the task dispatch attempted to call the function, the CPU jumped to address 0, causing a hard fault.

Fix

Initialize all function pointers to a safe default handler (a no-op function) at declaration. Add a NULL check before every call: if (handler) handler(); else default_handler();.

Key lesson

Always initialize function pointers to a safe default, not just NULL.
Add a NULL guard before every function pointer call — it costs one branch and prevents hard-to-diagnose crashes.
Treat uninitialized function pointers as undefined behavior — they will crash eventually.

Production debug guideSymptom → Action guide for diagnosing function pointer failures in C code4 entries

Symptom · 01

Segfault when calling through a function pointer

→

Fix

Check if the pointer is NULL. In GDB: print ptr — if 0x0, look for missing initialization. Use a conditional breakpoint to catch the assignment.

Symptom · 02

Correct behavior sometimes, wrong behavior other times (non-deterministic)

→

Fix

Likely a dangling pointer to a function that went out of scope (e.g., function defined in another translation unit that was unloaded). Check that the function's address is still valid. In embedded: confirm the function resides in a non-overwritten code section.

Symptom · 03

Stack corruption after calling through a function pointer

→

Fix

The function pointer signature does not match the actual function. Check the number and types of arguments and return value. Use typedef and compile with -Werror to catch mismatches.

Symptom · 04

Program crashes only on release build, not debug

→

Fix

Optimizer may have inlined or removed the function pointer. Use volatile on the pointer or disable optimization for that file. Alternatively, check that the pointer is not optimized away.

★ Quick Debug Cheat Sheet for Function PointersWhen a function pointer call crashes, use these commands to diagnose the problem fast.

Segfault on function pointer call−

Immediate action

Run GDB and inspect the pointer value.

Commands

print my_func_ptr

info functions my_func_ptr (to see if the target function exists in symbol table)

Fix now

Add a NULL check before the call: if (my_func_ptr) my_func_ptr();

Unexpected behavior, pointer seems valid+

Dangling pointer after module unload+

Aspect	Function Pointer	Direct Function Call
Flexibility	Runtime decision — any matching function	Compile-time decision — fixed function
Performance	One extra pointer dereference (negligible)	Inlineable — zero overhead possible
Syntax complexity	Requires careful declaration and typedef	Straightforward, no extra setup
Use case	Callbacks, plugins, dispatch tables, polymorphism	Known, fixed behavior — most code
Debuggability	Harder — must inspect pointer value in debugger	Easy — function name visible in call stack
Null risk	Calling NULL pointer = crash (undefined behavior)	No null risk — call site is always resolved
Testability	Easy to swap implementations in tests	Requires wrapping or recompiling to mock

Key takeaways

The asterisk in a function pointer declaration belongs to the name, not the return type

int (op)(int, int) is a pointer to a function; int op(int, int) is a function that returns a pointer.

typedef your function pointer types immediately

it's one line of investment that makes every struct, parameter list, and return type that uses the type readable and maintainable.

A dispatch table (array of function pointers keyed by a command name or enum value) is the clean alternative to long switch or if-else chains

adding a new case means adding one table entry, not touching dispatcher logic.

Function pointers inside structs give you runtime polymorphism in C

the same mechanism the Linux kernel uses for device drivers and that C++ compilers use to implement virtual functions via vtables.

Always check for NULL before calling a function pointer

a single uninitialized pointer can crash your entire system.

Common mistakes to avoid

3 patterns

Missing parentheses around the pointer name in declaration

Symptom

Writing int handler(int) instead of int (handler)(int). The compiler treats it as a function returning an int pointer, not a pointer to a function. The code compiles but calling handler(5) or dereferencing incorrectly causes undefined behavior.

Fix

Always wrap (*name) to ensure the asterisk modifies the variable name, not the return type. Use a typedef to avoid repeating the complex syntax.

Calling a NULL function pointer

Symptom

Uninitialized or reset pointers contain garbage or zero. Calling them causes a Segfault or HardFault immediately. In production, this is the number one source of crashes in code using function pointers.

Fix

Always initialize pointers to NULL and verify before execution: if (ptr) ptr(args);. Consider providing a default no-op function for empty states.

Signature mismatch when casting function pointers

Symptom

Forcing a void ()(int) function into a void ()(float) pointer via a cast. The code may compile with a warning, but calling it corrupts the stack because the arguments are interpreted differently.

Fix

Ensure the function signature exactly matches the typedef or the expected type. Never cast function pointers across incompatible signatures. Use compiler flags to enforce strict type checking.

INTERVIEW PREP · PRACTICE MODE

Interview Questions on This Topic

Q01JUNIOR

What is the difference between `void *f(int)` and `void (*f)(int)`?

Q02SENIOR

How would you implement a 'Plug-and-Play' driver architecture in C?

Q03SENIOR

Why is qsort's comparator function signature `int (*)(const void*, const...

Q04SENIOR

Explain the memory overhead and performance impact of using function poi...

Q01 of 04JUNIOR

What is the difference between `void *f(int)` and `void (*f)(int)`?

ANSWER

The first is a function declaration: f is a function taking an int and returning a void pointer. The second is a pointer to a function: f is a variable that can hold the address of a function taking an int and returning void. In the second case, you need to assign an actual function before calling f(5).

FAQ · 5 QUESTIONS

Frequently Asked Questions

How do I debug a function pointer that crashes?

Can I have an array of function pointers with different signatures?

Do I need the & operator to assign a function to a pointer?

What is the LeetCode equivalent for practicing function pointers?

How do I make function pointers thread-safe?

🔥

That's C Basics. Mark it forged?

4 min read · try the examples if you haven't