1 /* dave (at) treblig.org */ 2 #include <sys/select.h> 3 #include <sys/time.h> 4 #include <sys/types.h> 5 #include <stdlib.h> 6 #include <string.h> 7 #include <unistd.h> 8 9 char buffer[1024*1024*2]; 10 11 int main() 12 { 13 fd_set rds; 14 struct timeval timeout; 15 16 FD_ZERO(&rds); 17 FD_SET(2, &rds); 18 /* Start with a nice simple select */ 19 select(3, &rds, &rds, &rds, NULL); 20 21 /* Now the crash case that trinity found, negative nfds 22 * but with a pointer to a large chunk of valid memory. 23 */ 24 FD_ZERO((fd_set*)buffer); 25 FD_SET(2,(fd_set*)buffer); 26 select(-1, (fd_set *)buffer, NULL, NULL, NULL); 27 28 /* Another variant, with nfds exceeding allowed limit. */ 29 timeout.tv_sec = 0; 30 timeout.tv_usec = 100; 31 select(FD_SETSIZE + 1, (fd_set *)buffer, NULL, NULL, &timeout); 32 33 return 0; 34 } 35
