OSDN Git Service

catch a small overflow in malloc-standard
authorMike Frysinger <vapier@gentoo.org>
Tue, 17 Apr 2007 11:58:35 +0000 (11:58 -0000)
committerMike Frysinger <vapier@gentoo.org>
Tue, 17 Apr 2007 11:58:35 +0000 (11:58 -0000)
test/malloc/malloc-standard-alignment.c [new file with mode: 0644]

diff --git a/test/malloc/malloc-standard-alignment.c b/test/malloc/malloc-standard-alignment.c
new file mode 100644 (file)
index 0000000..1b4c9b8
--- /dev/null
@@ -0,0 +1,42 @@
+/* exercise a bug found in malloc-standard when alignment
+ * values are out of whack and cause a small overflow into
+ * actual user data.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/types.h>
+
+#define ok(p) ((void*)p > (void*)0x1000)
+#define x \
+       do { \
+               printf("%i: phead = %p, phead->link @ %p = %p %s\n", \
+                       __LINE__, phead, \
+                       ok(phead) ? &phead->link : 0, \
+                       ok(phead) ? phead->link : 0, \
+                       ok(phead) ? phead->link == 0 ? "" : "!!!!!!!!!!!" : ""); \
+               if (phead->link != NULL) exit(1); \
+       } while (0);
+
+struct llist_s {
+       void *data;
+       struct llist_s *link;
+} *phead;
+
+int main()
+{
+       char *line, *reg;
+
+       setbuf(stdout, NULL);
+       setbuf(stderr, NULL);
+
+       phead = malloc(sizeof(*phead));
+       phead->link = NULL;
+
+x      line = malloc(80);
+x      line = realloc(line, 2);
+x      reg = malloc(32);
+x      free(line);
+
+x      return 0;
+}