diff options
Diffstat (limited to 'pathologist/refs/src')
-rw-r--r-- | pathologist/refs/src/Makefile.am | 41 | ||||
-rw-r--r-- | pathologist/refs/src/bug_assertion_failure.c | 16 | ||||
-rw-r--r-- | pathologist/refs/src/bug_bad_food.c | 11 | ||||
-rw-r--r-- | pathologist/refs/src/bug_bad_memory_access.c | 16 | ||||
-rw-r--r-- | pathologist/refs/src/bug_crypto_crc.c | 121 | ||||
-rw-r--r-- | pathologist/refs/src/bug_division_by_zero_loop.c | 18 | ||||
-rw-r--r-- | pathologist/refs/src/bug_null_pointer_exception.c | 21 | ||||
-rw-r--r-- | pathologist/refs/src/bug_null_pointer_exception_modified.c | 32 | ||||
-rw-r--r-- | pathologist/refs/src/bug_sigbus.c | 50 |
9 files changed, 326 insertions, 0 deletions
diff --git a/pathologist/refs/src/Makefile.am b/pathologist/refs/src/Makefile.am new file mode 100644 index 0000000..63d622a --- /dev/null +++ b/pathologist/refs/src/Makefile.am | |||
@@ -0,0 +1,41 @@ | |||
1 | if MINGW | ||
2 | WINFLAGS = -Wl,--no-undefined -Wl,--export-all-symbols | ||
3 | endif | ||
4 | |||
5 | |||
6 | if USE_COVERAGE | ||
7 | AM_CFLAGS = --coverage -g -O0 | ||
8 | XLIB = -lgcov | ||
9 | else | ||
10 | AM_CFLAGS = -g -O0 | ||
11 | endif | ||
12 | |||
13 | |||
14 | noinst_PROGRAMS = | ||
15 | bug_null_pointer_exception \ | ||
16 | bug_bad_memory_access \ | ||
17 | bug_assertion_failure \ | ||
18 | bug_crypto_crc \ | ||
19 | bug_division_by_zero_loop \ | ||
20 | bug_null_pointer_exception_modified \ | ||
21 | bug_sigbus \ | ||
22 | bug_bad_food | ||
23 | |||
24 | check_PROGRAMS = \ | ||
25 | bug_null_pointer_exception \ | ||
26 | bug_bad_memory_access \ | ||
27 | bug_assertion_failure \ | ||
28 | bug_crypto_crc \ | ||
29 | bug_division_by_zero_loop \ | ||
30 | bug_null_pointer_exception_modified \ | ||
31 | bug_sigbus \ | ||
32 | bug_bad_food | ||
33 | |||
34 | bug_null_pointer_exception_SOURCES = bug_null_pointer_exception.c | ||
35 | bug_bad_memory_access_SOURCES = bug_bad_memory_access.c | ||
36 | bug_assertion_failure_SOURCES = bug_assertion_failure.c | ||
37 | bug_crypto_crc_SOURCES = bug_crypto_crc.c | ||
38 | bug_division_by_zero_loop_SOURCES = bug_division_by_zero_loop.c | ||
39 | bug_null_pointer_exception_modified_SOURCES = bug_null_pointer_exception_modified.c | ||
40 | bug_sigbus_SOURCES = bug_sigbus.c | ||
41 | bug_bad_food_SOURCES = bug_bad_food.c | ||
diff --git a/pathologist/refs/src/bug_assertion_failure.c b/pathologist/refs/src/bug_assertion_failure.c new file mode 100644 index 0000000..2dbc3f0 --- /dev/null +++ b/pathologist/refs/src/bug_assertion_failure.c | |||
@@ -0,0 +1,16 @@ | |||
1 | #include <stdio.h> | ||
2 | #include <assert.h> | ||
3 | |||
4 | void assertionFailure() | ||
5 | { | ||
6 | int x; | ||
7 | x = 5; | ||
8 | printf("Assertion Failure Now!\n"); | ||
9 | assert(x < 4); | ||
10 | } | ||
11 | |||
12 | int main(int argc, char *argv[]) | ||
13 | { | ||
14 | assertionFailure(); | ||
15 | return 0; | ||
16 | } | ||
diff --git a/pathologist/refs/src/bug_bad_food.c b/pathologist/refs/src/bug_bad_food.c new file mode 100644 index 0000000..8c4de54 --- /dev/null +++ b/pathologist/refs/src/bug_bad_food.c | |||
@@ -0,0 +1,11 @@ | |||
1 | #include <stdio.h> | ||
2 | |||
3 | int main(int argc, char **argv) | ||
4 | { | ||
5 | void *badfood = (void*) (long) 0xBAADF00D; | ||
6 | void *nil = NULL; | ||
7 | |||
8 | fprintf (stderr, "%d\n", | ||
9 | (int) (long) * (int*) ((1 == argc) ? badfood : nil)); | ||
10 | return 0; | ||
11 | } | ||
diff --git a/pathologist/refs/src/bug_bad_memory_access.c b/pathologist/refs/src/bug_bad_memory_access.c new file mode 100644 index 0000000..54e50ad --- /dev/null +++ b/pathologist/refs/src/bug_bad_memory_access.c | |||
@@ -0,0 +1,16 @@ | |||
1 | #include <stdio.h> | ||
2 | #include <string.h> | ||
3 | |||
4 | |||
5 | void badMemoryAccess() | ||
6 | { | ||
7 | int *p = (int*) 0x4252352; | ||
8 | printf("Bad memory access now!\n"); | ||
9 | *p = 5; | ||
10 | } | ||
11 | |||
12 | int main(int argc, char *argv[]) | ||
13 | { | ||
14 | badMemoryAccess(); | ||
15 | return 0; | ||
16 | } | ||
diff --git a/pathologist/refs/src/bug_crypto_crc.c b/pathologist/refs/src/bug_crypto_crc.c new file mode 100644 index 0000000..f252785 --- /dev/null +++ b/pathologist/refs/src/bug_crypto_crc.c | |||
@@ -0,0 +1,121 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | (C) 2001, 2002, 2003, 2004, 2006 Christian Grothoff (and other contributing authors) | ||
4 | |||
5 | GNUnet is free software; you can redistribute it and/or modify | ||
6 | it under the terms of the GNU General Public License as published | ||
7 | by the Free Software Foundation; either version 2, or (at your | ||
8 | option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU General Public License | ||
16 | along with GNUnet; see the file COPYING. If not, write to the | ||
17 | Free Software Foundation, Inc., 59 Temple Place - Suite 330, | ||
18 | Boston, MA 02111-1307, USA. | ||
19 | |||
20 | For the actual CRC code: | ||
21 | Copyright abandoned; this code is in the public domain. | ||
22 | Provided to GNUnet by peter@horizon.com | ||
23 | */ | ||
24 | |||
25 | /** | ||
26 | * @file monkey/bug_crypto_crc.c | ||
27 | * @brief implementation of CRC32 (this code has been copied from GNUnet util source directory, and modified to be Seaspider friendly) | ||
28 | * @author Christian Grothoff, Safey A.Halim | ||
29 | */ | ||
30 | |||
31 | #include <assert.h> | ||
32 | #include <stdlib.h> | ||
33 | #include <stdio.h> | ||
34 | #include <stdint.h> | ||
35 | |||
36 | #define Z_NULL 0 | ||
37 | |||
38 | |||
39 | #define POLYNOMIAL (unsigned long)0xedb88320 | ||
40 | static unsigned long crc_table[256]; | ||
41 | |||
42 | /* | ||
43 | * This routine writes each crc_table entry exactly once, | ||
44 | * with the ccorrect final value. Thus, it is safe to call | ||
45 | * even on a table that someone else is using concurrently. | ||
46 | */ | ||
47 | static void | ||
48 | crc_init () | ||
49 | { | ||
50 | static int once; | ||
51 | unsigned int i, j; | ||
52 | unsigned long h = 1; | ||
53 | |||
54 | if (once) | ||
55 | return; | ||
56 | once = 1; | ||
57 | crc_table[0] = 0; | ||
58 | for (i = 128; i; i >>= 1) | ||
59 | { | ||
60 | h = (h >> 1) ^ ((h & 1) ? POLYNOMIAL : 0); | ||
61 | /* h is now crc_table[i] */ | ||
62 | for (j = 0; j < 256; j += 2 * i) | ||
63 | crc_table[i + j] = crc_table[j] ^ h; | ||
64 | } | ||
65 | } | ||
66 | |||
67 | /* | ||
68 | * This computes the standard preset and inverted CRC, as used | ||
69 | * by most networking standards. Start by passing in an initial | ||
70 | * chaining value of 0, and then pass in the return value from the | ||
71 | * previous crc32() call. The final return value is the CRC. | ||
72 | * Note that this is a little-endian CRC, which is best used with | ||
73 | * data transmitted lsbit-first, and it should, itself, be appended | ||
74 | * to data in little-endian byte and bit order to preserve the | ||
75 | * property of detecting all burst errors of length 32 bits or less. | ||
76 | */ | ||
77 | static unsigned long | ||
78 | crc_go (unsigned long crc, const char *buf, size_t len) | ||
79 | { | ||
80 | crc_init (); | ||
81 | assert (crc_table[255] != 0); | ||
82 | crc ^= 0xffffffff; | ||
83 | while (len--) | ||
84 | crc = (crc >> 8) ^ crc_table[(crc ^ *buf++) & 0xff]; | ||
85 | return crc ^ 0xffffffff; | ||
86 | } | ||
87 | |||
88 | |||
89 | /** | ||
90 | * Compute the CRC32 checksum for the first len bytes of the buffer. | ||
91 | * | ||
92 | * @param buf the data over which we're taking the CRC | ||
93 | * @param len the length of the buffer | ||
94 | * @return the resulting CRC32 checksum | ||
95 | */ | ||
96 | int32_t | ||
97 | crc32_n (const void *buf, size_t len) | ||
98 | { | ||
99 | unsigned long crc; | ||
100 | crc = crc_go (0L, Z_NULL, 0); | ||
101 | crc = crc_go (crc, (char *) buf, len); | ||
102 | return crc; | ||
103 | } | ||
104 | |||
105 | |||
106 | int main () | ||
107 | { | ||
108 | char buf[1024]; | ||
109 | int i; | ||
110 | for (i = 0; i < 1024; i++) | ||
111 | { | ||
112 | buf[i] = (char) i; | ||
113 | } | ||
114 | for (i = 0; i < 1024; i++) | ||
115 | { | ||
116 | printf("%d\n", crc32_n (&buf[i], 1024 - i)); | ||
117 | } | ||
118 | return 0; | ||
119 | } | ||
120 | |||
121 | /* end of bug_crypto_crc.c */ | ||
diff --git a/pathologist/refs/src/bug_division_by_zero_loop.c b/pathologist/refs/src/bug_division_by_zero_loop.c new file mode 100644 index 0000000..544b7d2 --- /dev/null +++ b/pathologist/refs/src/bug_division_by_zero_loop.c | |||
@@ -0,0 +1,18 @@ | |||
1 | #include <stdio.h> | ||
2 | |||
3 | int | ||
4 | main (int argc, char *argv[]) | ||
5 | { | ||
6 | int i, k, result, tmp; | ||
7 | k = -1; | ||
8 | result = 10; | ||
9 | |||
10 | printf("I am alive!\n"); | ||
11 | for (i = 0; i < 5; i++) | ||
12 | { | ||
13 | k += i; | ||
14 | result = result / k; /* Division by zero in second iteration */ | ||
15 | printf("result = %d\n", result); | ||
16 | } | ||
17 | return 0; | ||
18 | } | ||
diff --git a/pathologist/refs/src/bug_null_pointer_exception.c b/pathologist/refs/src/bug_null_pointer_exception.c new file mode 100644 index 0000000..4accd65 --- /dev/null +++ b/pathologist/refs/src/bug_null_pointer_exception.c | |||
@@ -0,0 +1,21 @@ | |||
1 | #include <stdio.h> | ||
2 | #include <string.h> | ||
3 | |||
4 | |||
5 | struct CrashStruct { | ||
6 | const char *crashValue; | ||
7 | }; | ||
8 | |||
9 | void crashFunction() | ||
10 | { | ||
11 | struct CrashStruct *crashStruct; | ||
12 | crashStruct = NULL; | ||
13 | printf("Now the program will crash!\n"); | ||
14 | crashStruct->crashValue = "hello!"; | ||
15 | } | ||
16 | |||
17 | int main(int argc, char *argv[]) | ||
18 | { | ||
19 | crashFunction(); | ||
20 | return 0; | ||
21 | } | ||
diff --git a/pathologist/refs/src/bug_null_pointer_exception_modified.c b/pathologist/refs/src/bug_null_pointer_exception_modified.c new file mode 100644 index 0000000..497b9f0 --- /dev/null +++ b/pathologist/refs/src/bug_null_pointer_exception_modified.c | |||
@@ -0,0 +1,32 @@ | |||
1 | #include <stdio.h> | ||
2 | #include <string.h> | ||
3 | |||
4 | |||
5 | struct CrashStruct { | ||
6 | const char *crashValue; | ||
7 | }; | ||
8 | |||
9 | void crashFunction() | ||
10 | { | ||
11 | struct CrashStruct *crashStruct; | ||
12 | int a; | ||
13 | int b; | ||
14 | int c; | ||
15 | a = 3; | ||
16 | b = 5; | ||
17 | c = a + b; | ||
18 | crashStruct = NULL; | ||
19 | printf("Now the program will crash!\n"); | ||
20 | crashStruct->crashValue = "hello!"; | ||
21 | } | ||
22 | |||
23 | void intermediateFunction() | ||
24 | { | ||
25 | crashFunction(); | ||
26 | } | ||
27 | |||
28 | int main(int argc, char *argv[]) | ||
29 | { | ||
30 | intermediateFunction(); | ||
31 | return 0; | ||
32 | } | ||
diff --git a/pathologist/refs/src/bug_sigbus.c b/pathologist/refs/src/bug_sigbus.c new file mode 100644 index 0000000..39348ef --- /dev/null +++ b/pathologist/refs/src/bug_sigbus.c | |||
@@ -0,0 +1,50 @@ | |||
1 | #include <stdlib.h> | ||
2 | #include <stdio.h> | ||
3 | #include <string.h> | ||
4 | |||
5 | int main(int argc, char **argv) | ||
6 | { | ||
7 | // | ||
8 | // __asm__("pushf\n" | ||
9 | // "orl $0x40000, (%esp)\n" | ||
10 | // "popf"); | ||
11 | |||
12 | int testvar = 0x12345678; | ||
13 | int *testvarp; | ||
14 | |||
15 | testvarp = &testvar; | ||
16 | printf("testvarp was %lx\n", testvarp); | ||
17 | printf("testvar was %lx\n", *testvarp); | ||
18 | |||
19 | testvarp = (int *)(((char *)testvarp) + 1); | ||
20 | printf("testvarp is %lx\n", testvarp); | ||
21 | printf("testvar is %lx\n", *testvarp); | ||
22 | |||
23 | |||
24 | // char* str; | ||
25 | // str = realloc(str,10); | ||
26 | // */ | ||
27 | // | ||
28 | // /* | ||
29 | // char *p; | ||
30 | // | ||
31 | // __asm__("pushf\n" | ||
32 | // "orl $0x40000, (%esp)\n" | ||
33 | // "popf"); | ||
34 | // | ||
35 | // /* | ||
36 | // * malloc() always provides aligned memory. | ||
37 | // * Do not use stack variable like a[9], depending on the compiler you use, | ||
38 | // * a may not be aligned properly. | ||
39 | // */ | ||
40 | // p = malloc(sizeof(int) + 1); | ||
41 | // memset(p, 0, sizeof(int) + 1); | ||
42 | // | ||
43 | // /* making p unaligned */ | ||
44 | // p++; | ||
45 | // | ||
46 | // printf("%d\n", *(int *)p); | ||
47 | // | ||
48 | // return 0; | ||
49 | |||
50 | } | ||