select.c revision e837b14a5306d92ff37a916427c7bbb0c52ec009
1/* 2 * Based on test by Dr. David Alan Gilbert <dave@treblig.org> 3 */ 4#include <assert.h> 5#include <unistd.h> 6#include <sys/select.h> 7 8static fd_set set[0x1000000 / sizeof(fd_set)]; 9 10int main() 11{ 12 int fds[2]; 13 struct timeval timeout = { .tv_sec = 0, .tv_usec = 100 }; 14 15 (void) close(0); 16 (void) close(1); 17 assert(pipe(fds) == 0); 18 19 /* 20 * Start with a nice simple select. 21 */ 22 FD_ZERO(set); 23 FD_SET(0, set); 24 FD_SET(1, set); 25 assert(select(2, set, set, set, NULL) == 1); 26 27 /* 28 * Now the crash case that trinity found, negative nfds 29 * but with a pointer to a large chunk of valid memory. 30 */ 31 FD_ZERO(set); 32 FD_SET(1,set); 33 assert(select(-1, NULL, set, NULL, NULL) == -1); 34 35 /* 36 * Another variant, with nfds exceeding FD_SETSIZE limit. 37 */ 38 FD_ZERO(set); 39 FD_SET(0,set); 40 assert(select(FD_SETSIZE + 1, set, set + 1, NULL, &timeout) == 0); 41 42 return 0; 43} 44