File: lib2.c

package info (click to toggle)
aflplusplus 4.04c-4
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 13,568 kB
  • sloc: ansic: 101,393; cpp: 15,334; sh: 4,215; python: 3,340; makefile: 896; javascript: 507; java: 43; sql: 3; xml: 1
file content (61 lines) | stat: -rw-r--r-- 1,056 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
 
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <string.h>


void __attribute__((noinline)) crashme(const uint8_t *Data, size_t Size) {

  if (Size < 1) return;

  char *buf = malloc(10);

  if (buf == NULL) return;

  switch (Data[0]) {

    /* Underflow */
    case 'U':
      printf("Underflow\n");
      buf[-1] = '\0';
      free(buf);
      break;
    /* Overflow */
    case 'O':
      printf("Overflow\n");
      buf[10] = '\0';
      free(buf);
      break;
    /* Double free */
    case 'D':
      printf("Double free\n");
      free(buf);
      free(buf);
      break;
    /* Use after free */
    case 'A':
      printf("Use after free\n");
      free(buf);
      buf[0] = '\0';
      break;
    /* Test Limits (OK) */
    case 'T':
      printf("Test-Limits - No Error\n");
      buf[0] = 'A';
      buf[9] = 'I';
      free(buf);
      break;
    case 'M':
      printf("Memset too many\n");
      memset(buf, '\0', 11);
      free(buf);
      break;
    default:
      printf("Nop - No Error\n");
      break;

  }


}