1 2 // Comment "both" means tp[0] and tp[-1] are both bad. 3 // Otherwise only tp[-1] is bad. 4 5 #define TTT \ 6 if (__builtin_setjmp(TTT_jmpbuf) == 0) \ 7 { fprintf(stderr, "about to do %d [0]\n", __LINE__); tn = tp[ 0]; } \ 8 if (__builtin_setjmp(TTT_jmpbuf) == 0) \ 9 { fprintf(stderr, "about to do %d [-1]\n", __LINE__); tn = tp[-1]; } 10 11 #define b( a, c) tp = (long*)a; TTT 12 #define ui(op, a, c) tp = (long*)op(long)a; TTT 13 #define g(op, a,b,c) tp = (long*)((long)a op (long)b); TTT 14 #define UNU __attribute__((unused)) 15 16 struct sigaction sigsegv; 17 // Scratch values 18 long a, tn; 19 long* tp; 20 21 // Known pointers 22 long* p = malloc(sizeof(long)*10); UNU long* p2 = malloc(sizeof(long)*10); 23 UNU long* pp = p; 24 // Unknown pointers 25 // long up[10], UNU up2[10]; 26 27 // Known nonptrs; make them zero and known 28 long n = a ^ a, UNU n2 = n+1, UNU n7F = 0x7fffffffUL, UNU nFF = ~n; 29 30 // Unknown nonptrs; make them zero but unknown 31 long un = 0x01100000UL, UNU un2 = un; 32 33 // Known nonptr, from pointerness range check 34 UNU long nn = 0; 35 36 // Intall SEGV handler 37 memset(&sigsegv, 0, sizeof(sigsegv)); 38 sigsegv.sa_handler = SEGV_handler; 39 sigsegv.sa_flags = SA_NODEFER; /* so we can handle signal many times */ 40 assert( 0 == sigemptyset( &sigsegv.sa_mask ) ); 41 assert( 0 == sigaction(SIGSEGV, &sigsegv, NULL) ); 42
