about summary refs log tree commit diff homepage
path: root/test/regression/2007-08-06-access-after-free.c
diff options
context:
space:
mode:
Diffstat (limited to 'test/regression/2007-08-06-access-after-free.c')
-rw-r--r--test/regression/2007-08-06-access-after-free.c29
1 files changed, 29 insertions, 0 deletions
diff --git a/test/regression/2007-08-06-access-after-free.c b/test/regression/2007-08-06-access-after-free.c
new file mode 100644
index 00000000..a1812062
--- /dev/null
+++ b/test/regression/2007-08-06-access-after-free.c
@@ -0,0 +1,29 @@
+// RUN: %llvmgcc %s -emit-llvm -O0 -c -o %t1.bc
+// RUN: %klee %t1.bc
+
+#include <assert.h>
+
+int main() {
+  int a;
+  unsigned char *p = malloc(4);
+
+  klee_make_symbolic(&a, sizeof a);
+  klee_make_symbolic(p, sizeof p);
+
+  p[0] |= 16;
+
+  if (a) {
+    free(p);
+
+    // this should give an error instead of
+    // pulling the state from the parent, where
+    // it is not free
+    assert(p[0] > 10);
+   
+    return 0;
+  }
+  
+  assert(p[0] > 10);
+
+  return 0;
+}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-21 19:40:12 +0000