diff options
Diffstat (limited to 'malloc/mallocbug.c')
-rw-r--r-- | malloc/mallocbug.c | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/malloc/mallocbug.c b/malloc/mallocbug.c new file mode 100644 index 0000000000..84a6387954 --- /dev/null +++ b/malloc/mallocbug.c @@ -0,0 +1,67 @@ +/* Reproduce a GNU malloc bug. */ +#include <malloc.h> +#include <stdio.h> +#include <string.h> + +#define size_t unsigned int + +int +main (int argc, char *argv[]) +{ + char *dummy0; + char *dummy1; + char *fill_info_table1; + char *over_top; + size_t over_top_size = 0x3000; + char *over_top_dup; + size_t over_top_dup_size = 0x7000; + char *x; + size_t i; + + /* Here's what memory is supposed to look like (hex): + size contents + 3000 original_info_table, later fill_info_table1 + 3fa000 dummy0 + 3fa000 dummy1 + 6000 info_table_2 + 3000 over_top + + */ + /* mem: original_info_table */ + dummy0 = malloc (0x3fa000); + /* mem: original_info_table, dummy0 */ + dummy1 = malloc (0x3fa000); + /* mem: free, dummy0, dummy1, info_table_2 */ + fill_info_table1 = malloc (0x3000); + /* mem: fill_info_table1, dummy0, dummy1, info_table_2 */ + + x = malloc (0x1000); + free (x); + /* mem: fill_info_table1, dummy0, dummy1, info_table_2, freexx */ + + /* This is what loses; info_table_2 and freexx get combined unbeknownst + to mmalloc, and mmalloc puts over_top in a section of memory which + is on the free list as part of another block (where info_table_2 had + been). */ + over_top = malloc (over_top_size); + over_top_dup = malloc (over_top_dup_size); + memset (over_top, 0, over_top_size); + memset (over_top_dup, 1, over_top_dup_size); + + for (i = 0; i < over_top_size; ++i) + if (over_top[i] != 0) + { + printf ("FAIL: malloc expands info table\n"); + return 0; + } + + for (i = 0; i < over_top_dup_size; ++i) + if (over_top_dup[i] != 1) + { + printf ("FAIL: malloc expands info table\n"); + return 0; + } + + printf ("PASS: malloc expands info table\n"); + return 0; +} |