1 2 #include <stdlib.h> 3 #include <stdio.h> 4 5 static void* return_arg(void* p); 6 int frame3 ( void ) 7 { 8 int *a = malloc(10 * sizeof(int)); 9 10 // bad address; 11 int n = a[10]; 12 13 // undefined condition 14 if (a[5] == 42) { 15 printf("hello from frame3(). The answer is 42.\n"); 16 } else { 17 printf("hello from frame3(). The answer is not 42.\n"); 18 } 19 20 // undefined address (careful ..) 21 n = a[ a[0] & 7 ]; 22 23 // invalid free, the second time 24 free(a); 25 free(a); 26 27 // more invalid frees 28 free(return_arg(&n)); 29 30 // leak .. 31 a = malloc(99 * sizeof(int)); 32 33 // pass garbage to the exit syscall 34 return n; 35 } 36 37 int frame2 ( void ) 38 { 39 return frame3() - 1; 40 } 41 42 int frame1 ( void ) 43 { 44 return frame2() + 1; 45 } 46 47 int main ( void ) 48 { 49 return frame1() - 1; 50 } 51 52 /* 53 * The only purpose of the function below is to make sure that gcc 4.4.x does 54 * not print the following warning during the compilation of this test program: 55 * warning: attempt to free a non-heap object 56 */ 57 static void* return_arg(void* p) 58 { 59 return p; 60 } 61 62
