1ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj 2ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj#include <stdlib.h> 3ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj#include <stdio.h> 4ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj 5bf9b85cb40e2d63dc5bd94a510ebee76caff0ba9bartstatic void* return_arg(void* p); 6ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardjint frame3 ( void ) 7ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj{ 8ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj int *a = malloc(10 * sizeof(int)); 9ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj 10ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj // bad address; 11ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj int n = a[10]; 12ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj 13ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj // undefined condition 14ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj if (a[5] == 42) { 15ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj printf("hello from frame3(). The answer is 42.\n"); 16ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj } else { 17ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj printf("hello from frame3(). The answer is not 42.\n"); 18ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj } 19ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj 20ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj // undefined address (careful ..) 21ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj n = a[ a[0] & 7 ]; 22ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj 23ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj // invalid free, the second time 24ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj free(a); 25ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj free(a); 26ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj 27ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj // more invalid frees 28bf9b85cb40e2d63dc5bd94a510ebee76caff0ba9bart free(return_arg(&n)); 29ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj 30ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj // leak .. 31ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj a = malloc(99 * sizeof(int)); 32ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj 33ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj // pass garbage to the exit syscall 34ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj return n; 35ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj} 36ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj 37ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardjint frame2 ( void ) 38ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj{ 39ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj return frame3() - 1; 40ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj} 41ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj 42ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardjint frame1 ( void ) 43ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj{ 44ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj return frame2() + 1; 45ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj} 46ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj 47ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardjint main ( void ) 48ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj{ 498eb8bab992e3998c33770b0cdb16059a8b918a06sewardj int ret = frame1() - 1; 508eb8bab992e3998c33770b0cdb16059a8b918a06sewardj 518eb8bab992e3998c33770b0cdb16059a8b918a06sewardj#if defined(VGO_solaris) 528eb8bab992e3998c33770b0cdb16059a8b918a06sewardj /* Avoid reporting possible memory leak on finish when both FILE->base 538eb8bab992e3998c33770b0cdb16059a8b918a06sewardj and FILE->ptr point to the middle of a buffer allocated in _findbuf() 548eb8bab992e3998c33770b0cdb16059a8b918a06sewardj for stdout. */ 558eb8bab992e3998c33770b0cdb16059a8b918a06sewardj fcloseall(); 568eb8bab992e3998c33770b0cdb16059a8b918a06sewardj#endif 578eb8bab992e3998c33770b0cdb16059a8b918a06sewardj return ret; 58ebf67cc20d4647b6e0640c7489a3b10330d676a1sewardj} 59bf9b85cb40e2d63dc5bd94a510ebee76caff0ba9bart 60bf9b85cb40e2d63dc5bd94a510ebee76caff0ba9bart/* 61bf9b85cb40e2d63dc5bd94a510ebee76caff0ba9bart * The only purpose of the function below is to make sure that gcc 4.4.x does 62bf9b85cb40e2d63dc5bd94a510ebee76caff0ba9bart * not print the following warning during the compilation of this test program: 63bf9b85cb40e2d63dc5bd94a510ebee76caff0ba9bart * warning: attempt to free a non-heap object 64bf9b85cb40e2d63dc5bd94a510ebee76caff0ba9bart */ 65bf9b85cb40e2d63dc5bd94a510ebee76caff0ba9bartstatic void* return_arg(void* p) 66bf9b85cb40e2d63dc5bd94a510ebee76caff0ba9bart{ 67bf9b85cb40e2d63dc5bd94a510ebee76caff0ba9bart return p; 68bf9b85cb40e2d63dc5bd94a510ebee76caff0ba9bart} 69bf9b85cb40e2d63dc5bd94a510ebee76caff0ba9bart 70