blob: ba20721087990e3a99cd7c205bdc38800c03dafb (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
void __attribute__((noinline)) crashme(const uint8_t *Data, size_t Size) {
if (Size < 1) return;
char *buf = malloc(10);
if (buf == NULL) return;
switch (Data[0]) {
/* Underflow */
case 'U':
printf("Underflow\n");
buf[-1] = '\0';
free(buf);
break;
/* Overflow */
case 'O':
printf("Overflow\n");
buf[10] = '\0';
free(buf);
break;
/* Double free */
case 'D':
printf("Double free\n");
free(buf);
free(buf);
break;
/* Use after free */
case 'A':
printf("Use after free\n");
free(buf);
buf[0] = '\0';
break;
/* Test Limits (OK) */
case 'T':
printf("Test-Limits - No Error\n");
buf[0] = 'A';
buf[9] = 'I';
free(buf);
break;
case 'M':
printf("Memset too many\n");
memset(buf, '\0', 11);
free(buf);
break;
default:
printf("Nop - No Error\n");
break;
}
}
|
