1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
|
/*
* Test that allocating a variable length array in a loop
* does not use up a linear amount of memory
*/
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#define LOOP_COUNT 1000
#define ARRAY_SIZE 100
/* Overwrite a VLA. This will overwrite the return address if SP is incorrect */
void smash(char *p, int n) {
memset(p, 0, n);
}
int test1(int n) {
int i;
char *array_ptrs[LOOP_COUNT];
for (i = 0; i < LOOP_COUNT; ++i) {
char test[n];
smash(test, n);
array_ptrs[i] = test;
}
return (array_ptrs[0]-array_ptrs[LOOP_COUNT-1] < n) ? 0 : 1;
}
/* ensure goto does not circumvent array free */
int test2(int n) {
char *array_ptrs[LOOP_COUNT];
int i = 0;
loop:;
char test[n];
smash(test, n);
if (i >= LOOP_COUNT)
goto end;
array_ptrs[i] = test;
++i;
goto loop;
end:
smash(test, n);
char test2[n];
smash(test2, n);
return (array_ptrs[0] - array_ptrs[LOOP_COUNT-1] < n) ? 0 : 1;
}
int test3(int n) {
char test[n];
smash(test, n);
goto label;
label:
smash(test, n);
char test2[n];
smash(test2, n);
return (test-test2 >= n) ? 0 : 1;
}
#define RUN_TEST(t) \
if (!testname || (strcmp(#t, testname) == 0)) { \
fputs(#t "... ", stdout); \
fflush(stdout); \
if (t(ARRAY_SIZE) == 0) { \
fputs("success\n", stdout); \
} else { \
fputs("failure\n", stdout); \
retval = EXIT_FAILURE; \
} \
}
int main(int argc, char **argv) {
const char *testname = NULL;
int retval = EXIT_SUCCESS;
if (argc > 1)
testname = argv[1];
RUN_TEST(test1)
RUN_TEST(test2)
RUN_TEST(test3)
return retval;
}
|
