9 files changed, 326 insertions, 0 deletions

diff --git a/pathologist/refs/src/Makefile.am b/pathologist/refs/src/Makefile.am
new file mode 100644
index 0000000..63d622a
--- /dev/null
+++ b/pathologist/refs/src/Makefile.am
@@ -0,0 +1,41 @@
+if MINGW
+        WINFLAGS = -Wl,--no-undefined -Wl,--export-all-symbols
+endif
+
+
+if USE_COVERAGE
+        AM_CFLAGS = --coverage -g -O0
+        XLIB = -lgcov
+else
+        AM_CFLAGS = -g -O0
+endif
+
+
+noinst_PROGRAMS =
+        bug_null_pointer_exception \
+        bug_bad_memory_access \
+        bug_assertion_failure \
+        bug_crypto_crc \
+        bug_division_by_zero_loop \
+        bug_null_pointer_exception_modified \
+        bug_sigbus \
+        bug_bad_food
+
+check_PROGRAMS = \
+        bug_null_pointer_exception \
+        bug_bad_memory_access \
+        bug_assertion_failure \
+        bug_crypto_crc \
+        bug_division_by_zero_loop \
+        bug_null_pointer_exception_modified \
+        bug_sigbus \
+        bug_bad_food
+
+bug_null_pointer_exception_SOURCES = bug_null_pointer_exception.c
+bug_bad_memory_access_SOURCES = bug_bad_memory_access.c
+bug_assertion_failure_SOURCES = bug_assertion_failure.c
+bug_crypto_crc_SOURCES = bug_crypto_crc.c
+bug_division_by_zero_loop_SOURCES = bug_division_by_zero_loop.c
+bug_null_pointer_exception_modified_SOURCES = bug_null_pointer_exception_modified.c
+bug_sigbus_SOURCES = bug_sigbus.c
+bug_bad_food_SOURCES = bug_bad_food.c
diff --git a/pathologist/refs/src/bug_assertion_failure.c b/pathologist/refs/src/bug_assertion_failure.c
new file mode 100644
index 0000000..2dbc3f0
--- /dev/null
+++ b/pathologist/refs/src/bug_assertion_failure.c
@@ -0,0 +1,16 @@
+#include <stdio.h>
+#include <assert.h>
+
+void assertionFailure()
+{
+        int x;
+        x = 5;
+        printf("Assertion Failure Now!\n");
+        assert(x < 4);
+}
+
+int main(int argc, char *argv[])
+{
+        assertionFailure();
+        return 0;
+}
diff --git a/pathologist/refs/src/bug_bad_food.c b/pathologist/refs/src/bug_bad_food.c
new file mode 100644
index 0000000..8c4de54
--- /dev/null
+++ b/pathologist/refs/src/bug_bad_food.c
@@ -0,0 +1,11 @@
+#include <stdio.h>
+
+int main(int argc, char **argv)
+{
+  void *badfood = (void*) (long) 0xBAADF00D;
+  void *nil = NULL;
+
+  fprintf (stderr, "%d\n",
+           (int) (long) * (int*) ((1 == argc) ? badfood : nil));
+  return 0;
+}
diff --git a/pathologist/refs/src/bug_bad_memory_access.c b/pathologist/refs/src/bug_bad_memory_access.c
new file mode 100644
index 0000000..54e50ad
--- /dev/null
+++ b/pathologist/refs/src/bug_bad_memory_access.c
@@ -0,0 +1,16 @@
+#include <stdio.h>
+#include <string.h>
+
+
+void badMemoryAccess()
+{
+        int *p = (int*) 0x4252352;
+        printf("Bad memory access now!\n");
+        *p = 5;
+}
+
+int main(int argc, char *argv[])
+{
+        badMemoryAccess();
+        return 0;
+}
diff --git a/pathologist/refs/src/bug_crypto_crc.c b/pathologist/refs/src/bug_crypto_crc.c
new file mode 100644
index 0000000..f252785
--- /dev/null
+++ b/pathologist/refs/src/bug_crypto_crc.c
@@ -0,0 +1,121 @@
+/*
+     This file is part of GNUnet.
+     (C) 2001, 2002, 2003, 2004, 2006 Christian Grothoff (and other contributing authors)
+
+     GNUnet is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published
+     by the Free Software Foundation; either version 2, or (at your
+     option) any later version.
+
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     General Public License for more details.
+
+     You should have received a copy of the GNU General Public License
+     along with GNUnet; see the file COPYING.  If not, write to the
+     Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+     Boston, MA 02111-1307, USA.
+
+     For the actual CRC code:
+     Copyright abandoned; this code is in the public domain.
+     Provided to GNUnet by peter@horizon.com
+*/
+
+/**
+ * @file monkey/bug_crypto_crc.c
+ * @brief implementation of CRC32 (this code has been copied from GNUnet util source directory, and modified to be Seaspider friendly)
+ * @author Christian Grothoff, Safey A.Halim
+ */
+
+#include <assert.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <stdint.h>
+
+#define Z_NULL  0
+
+
+#define POLYNOMIAL (unsigned long)0xedb88320
+static unsigned long crc_table[256];
+
+/*
+ * This routine writes each crc_table entry exactly once,
+ * with the ccorrect final value.  Thus, it is safe to call
+ * even on a table that someone else is using concurrently.
+ */
+static void 
+crc_init ()
+{
+  static int once;
+  unsigned int i, j;
+  unsigned long h = 1;
+
+  if (once)
+    return;
+  once = 1;
+  crc_table[0] = 0;
+  for (i = 128; i; i >>= 1)
+    {
+      h = (h >> 1) ^ ((h & 1) ? POLYNOMIAL : 0);
+      /* h is now crc_table[i] */
+      for (j = 0; j < 256; j += 2 * i)
+        crc_table[i + j] = crc_table[j] ^ h;
+    }
+}
+
+/*
+ * This computes the standard preset and inverted CRC, as used
+ * by most networking standards.  Start by passing in an initial
+ * chaining value of 0, and then pass in the return value from the
+ * previous crc32() call.  The final return value is the CRC.
+ * Note that this is a little-endian CRC, which is best used with
+ * data transmitted lsbit-first, and it should, itself, be appended
+ * to data in little-endian byte and bit order to preserve the
+ * property of detecting all burst errors of length 32 bits or less.
+ */
+static unsigned long
+crc_go (unsigned long crc, const char *buf, size_t len)
+{
+  crc_init ();
+  assert (crc_table[255] != 0);
+  crc ^= 0xffffffff;
+  while (len--)
+    crc = (crc >> 8) ^ crc_table[(crc ^ *buf++) & 0xff];
+  return crc ^ 0xffffffff;
+}
+
+
+/**
+ * Compute the CRC32 checksum for the first len bytes of the buffer.
+ *
+ * @param buf the data over which we're taking the CRC
+ * @param len the length of the buffer
+ * @return the resulting CRC32 checksum
+ */
+int32_t
+crc32_n (const void *buf, size_t len)
+{
+  unsigned long crc;
+  crc = crc_go (0L, Z_NULL, 0);
+  crc = crc_go (crc, (char *) buf, len);
+  return crc;
+}
+
+
+int main ()
+{
+  char buf[1024];
+  int i;
+  for (i = 0; i < 1024; i++)
+  {
+     buf[i] = (char) i;
+  }
+  for (i = 0; i < 1024; i++)
+  {
+    printf("%d\n", crc32_n (&buf[i], 1024 - i));
+  }
+  return 0;
+}
+
+/* end of bug_crypto_crc.c */
diff --git a/pathologist/refs/src/bug_division_by_zero_loop.c b/pathologist/refs/src/bug_division_by_zero_loop.c
new file mode 100644
index 0000000..544b7d2
--- /dev/null
+++ b/pathologist/refs/src/bug_division_by_zero_loop.c
@@ -0,0 +1,18 @@
+#include <stdio.h>
+
+int
+main (int argc, char *argv[])
+{
+  int i, k, result, tmp;
+  k = -1;
+  result = 10;
+
+  printf("I am alive!\n");
+  for (i = 0; i < 5; i++)
+    {
+      k += i;
+      result = result / k;      /* Division by zero in second iteration */
+      printf("result = %d\n", result);
+    }
+  return 0;
+}
diff --git a/pathologist/refs/src/bug_null_pointer_exception.c b/pathologist/refs/src/bug_null_pointer_exception.c
new file mode 100644
index 0000000..4accd65
--- /dev/null
+++ b/pathologist/refs/src/bug_null_pointer_exception.c
@@ -0,0 +1,21 @@
+#include <stdio.h>
+#include <string.h>
+
+
+struct CrashStruct {
+        const char *crashValue;
+};
+
+void crashFunction() 
+{
+        struct CrashStruct *crashStruct;
+        crashStruct = NULL;
+        printf("Now the program will crash!\n");
+        crashStruct->crashValue = "hello!";
+}
+
+int main(int argc, char *argv[]) 
+{
+        crashFunction();
+        return 0;
+}
diff --git a/pathologist/refs/src/bug_null_pointer_exception_modified.c b/pathologist/refs/src/bug_null_pointer_exception_modified.c
new file mode 100644
index 0000000..497b9f0
--- /dev/null
+++ b/pathologist/refs/src/bug_null_pointer_exception_modified.c
@@ -0,0 +1,32 @@
+#include <stdio.h>
+#include <string.h>
+
+
+struct CrashStruct {
+        const char *crashValue;
+};
+
+void crashFunction()
+{
+        struct CrashStruct *crashStruct;
+        int a;
+        int b;
+        int c;
+        a = 3;
+        b = 5;
+        c = a + b;
+        crashStruct = NULL;
+        printf("Now the program will crash!\n");
+        crashStruct->crashValue = "hello!";
+}
+
+void intermediateFunction()
+{
+        crashFunction();
+}
+
+int main(int argc, char *argv[])
+{
+        intermediateFunction();
+        return 0;
+}
diff --git a/pathologist/refs/src/bug_sigbus.c b/pathologist/refs/src/bug_sigbus.c
new file mode 100644
index 0000000..39348ef
--- /dev/null
+++ b/pathologist/refs/src/bug_sigbus.c
@@ -0,0 +1,50 @@
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+int main(int argc, char **argv)
+{
+//
+//      __asm__("pushf\n"
+//            "orl $0x40000, (%esp)\n"
+//            "popf");
+
+    int testvar = 0x12345678;
+    int *testvarp;
+
+    testvarp = &testvar;
+    printf("testvarp was %lx\n", testvarp);
+    printf("testvar was %lx\n", *testvarp);
+
+    testvarp = (int *)(((char *)testvarp) + 1);
+    printf("testvarp is %lx\n", testvarp);
+    printf("testvar is %lx\n", *testvarp);
+
+
+//      char* str;
+//      str = realloc(str,10);
+//      */
+//
+//      /*
+//    char *p;
+//
+//    __asm__("pushf\n"
+//            "orl $0x40000, (%esp)\n"
+//            "popf");
+//
+//    /*
+//     * malloc() always provides aligned memory.
+//     * Do not use stack variable like a[9], depending on the compiler you use,
+//     * a may not be aligned properly.
+//     */
+//    p = malloc(sizeof(int) + 1);
+//    memset(p, 0, sizeof(int) + 1);
+//
+//    /* making p unaligned */
+//    p++;
+//
+//    printf("%d\n", *(int *)p);
+//
+//    return 0;
+
+}