I think this can be explained this way, since a picture is worth a thousand words…

We’ll start off with char name[] = "Fortran", which is an array of chars, the length is known at compile time, 7 to be exact, right? Wrong! it is 8, since a ‘\0’ is a nul terminating character, all strings have to have that.

char name[] = "Fortran";
+======+     +-+-+-+-+-+-+-+--+
|0x1234|     |F|o|r|t|r|a|n|\0|
+======+     +-+-+-+-+-+-+-+--+ 

At link time, the compiler and linker gave the symbol name a memory address of 0x1234.
Using the subscript operator, i.e. name[1] for example, the compiler knows how to calculate where in memory is the character at offset, 0x1234 + 1 = 0x1235, and it is indeed ‘o’. That is simple enough, furthermore, with the ANSI C standard, the size of a char data type is 1 byte, which can explain how the runtime can obtain the value of this semantic name[cnt++], assuming cnt is an integer and has a value of 3 for example, the runtime steps up by one automatically, and counting from zero, the value of the offset is ‘t’. This is simple so far so good.

What happens if name[12] was executed? Well, the code will either crash, or you will get garbage, since the boundary of the array is from index/offset 0 (0x1234) up to 8 (0x123B). Anything after that does not belong to name variable, that would be called a buffer overflow!

The address of name in memory is 0x1234, as in the example, if you were to do this:

printf("The address of name is %p\n", &name);

Output would be:
The address of name is 0x00001234

For the sake of brevity and keeping with the example, the memory addresses are 32bit, hence you see the extra 0’s. Fair enough? Right, let’s move on.

Now on to pointers…
char *name is a pointer to type of char….

Edit:
And we initialize it to NULL as shown Thanks Dan for pointing out the little error…

char *name = (char*)NULL;
+======+     +======+ 
|0x5678| ->  |0x0000|    ->    NULL
+======+     +======+ 

At compile/link time, the name does not point to anything, but has a compile/link time address for the symbol name (0x5678), in fact it is NULL, the pointer address of name is unknown hence 0x0000.

Now, remember, this is crucial, the address of the symbol is known at compile/link time, but the pointer address is unknown, when dealing with pointers of any type

Suppose we do this:

name = (char *)malloc((20 * sizeof(char)) + 1);
strcpy(name, "Fortran");

We called malloc to allocate a memory block for 20 bytes, no, it is not 21, the reason I added 1 on to the size is for the ‘\0’ nul terminating character. Suppose at runtime, the address given was 0x9876,

char *name;
+======+     +======+          +-+-+-+-+-+-+-+--+
|0x5678| ->  |0x9876|    ->    |F|o|r|t|r|a|n|\0|
+======+     +======+          +-+-+-+-+-+-+-+--+

So when you do this:

printf("The address of name is %p\n", name);
printf("The address of name is %p\n", &name);

Output would be:
The address of name is 0x00005678
The address of name is 0x00009876

Now, this is where the illusion that ‘arrays and pointers are the same comes into play here‘

When we do this:

char ch = name[1];

What happens at runtime is this:

1. The address of symbol name is looked up
2. Fetch the memory address of that symbol, i.e. 0x5678.
3. At that address, contains another address, a pointer address to memory and fetch it, i.e. 0x9876
4. Get the offset based on the subscript value of 1 and add it onto the pointer address, i.e. 0x9877 to retrieve the value at that memory address, i.e. ‘o’ and is assigned to ch.

That above is crucial to understanding this distinction, the difference between arrays and pointers is how the runtime fetches the data, with pointers, there is an extra indirection of fetching.

Remember, an array of type T will always decay into a pointer of the first element of type T.

When we do this:

char ch = *(name + 5);

1. The address of symbol name is looked up
2. Fetch the memory address of that symbol, i.e. 0x5678.
3. At that address, contains another address, a pointer address to memory and fetch it, i.e. 0x9876
4. Get the offset based on the value of 5 and add it onto the pointer address, i.e. 0x987A to retrieve the value at that memory address, i.e. ‘r’ and is assigned to ch.

Incidentally, you can also do that to the array of chars also…

Further more, by using subscript operators in the context of an array i.e. char name[] = "..."; and name[subscript_value] is really the same as *(name + subscript_value).
i.e.

name[3] is the same as *(name + 3)

And since the expression *(name + subscript_value) is commutative, that is in the reverse,

*(subscript_value + name) is the same as *(name + subscript_value)

Hence, this explains why in one of the answers above you can write it like this (despite it, the practice is not recommended even though it is quite legitimate!)

3[name]

Ok, how do I get the value of the pointer?
That is what the * is used for,
Suppose the pointer name has that pointer memory address of 0x9878, again, referring to the above example, this is how it is achieved:

char ch = *name;

This means, obtain the value that is pointed to by the memory address of 0x9878, now ch will have the value of ‘r’. This is called dereferencing. We just dereferenced a name pointer to obtain the value and assign it to ch.

Also, the compiler knows that a sizeof(char) is 1, hence you can do pointer increment/decrement operations like this

*name++;
*name--;

The pointer automatically steps up/down as a result by one.

When we do this, assuming the pointer memory address of 0x9878:

char ch = *name++;

What is the value of *name and what is the address, the answer is, the *name will now contain ‘t’ and assign it to ch, and the pointer memory address is 0x9879.

This where you have to be careful also, in the same principle and spirit as to what was stated earlier in relation to the memory boundaries in the very first part (see ‘What happens if name[12] was executed’ in the above) the results will be the same, i.e. code crashes and burns!

Now, what happens if we deallocate the block of memory pointed to by name by calling the C function free with name as the parameter, i.e. free(name):

+======+     +======+ 
|0x5678| ->  |0x0000|    ->    NULL
+======+     +======+ 

Yes, the block of memory is freed up and handed back to the runtime environment for use by another upcoming code execution of malloc.

Now, this is where the common notation of Segmentation fault comes into play, since name does not point to anything, what happens when we dereference it i.e.

char ch = *name;

Yes, the code will crash and burn with a ‘Segmentation fault’, this is common under Unix/Linux. Under windows, a dialog box will appear along the lines of ‘Unrecoverable error’ or ‘An error has occurred with the application, do you wish to send the report to Microsoft?’….if the pointer has not been mallocd and any attempt to dereference it, is guaranteed to crash and burn.

Also: remember this, for every malloc there is a corresponding free, if there is no corresponding free, you have a memory leak in which memory is allocated but not freed up.

And there you have it, that is how pointers work and how arrays are different to pointers, if you are reading a textbook that says they are the same, tear out that page and rip it up! 🙂

I hope this is of help to you in understanding pointers.