From 0c9babe8a00e7a79fd5e2317e8cf5e0378a7c514 Mon Sep 17 00:00:00 2001
From: an7s <an7s@git.zephyr-software.com>
Date: Wed, 31 Aug 2011 18:30:33 +0000
Subject: [PATCH] test program for integer bugs
---
.gitattributes | 1 +
examples/Makefile | 7 +--
examples/integerbug.c | 119 ++++++++++++++++++++++++++++++++++++++++++
3 files changed, 124 insertions(+), 3 deletions(-)
create mode 100644 examples/integerbug.c
diff --git a/.gitattributes b/.gitattributes
index 5ab01e4da..2ac542c52 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -144,6 +144,7 @@ beaengine/obj/Linux.gnu.Debug/beaengineSources/CMakeFiles/progress.marks -text
examples/Makefile -text
examples/dumbledore.c -text
examples/dumbledore_cmd.c -text
+examples/integerbug.c -text
examples/overflow1.c -text
examples/test1.c -text
libIRDB/Makefile -text
diff --git a/examples/Makefile b/examples/Makefile
index d54f124b6..8c3620429 100644
--- a/examples/Makefile
+++ b/examples/Makefile
@@ -6,8 +6,9 @@ LD=DO_NOT_USE
.SUFFIXES: .o .c .cpp .exe
#exes=dumbledore_cmd.exe test1.exe
-exes=overflow1.exe #overflow2.exe
+#exes=overflow1.exe #overflow2.exe
#exes=dumbledore_cmd.exe
+exes=integerbug.exe
all: env_check ${exes}
@@ -15,8 +16,8 @@ all: env_check ${exes}
.PHONY: env_check
.o.exe:
- ${PEASOUP_HOME}/tools/ps_link.sh $< -o $@
-# gcc $< -o $@
+# ${PEASOUP_HOME}/tools/ps_link.sh $< -o $@
+ gcc $< -o $@
${PEASOUP_HOME}/tools/ps_analyze.sh $@ $@
.c.o:
diff --git a/examples/integerbug.c b/examples/integerbug.c
new file mode 100644
index 000000000..e2af2fa44
--- /dev/null
+++ b/examples/integerbug.c
@@ -0,0 +1,119 @@
+int int_fussy_overflow(int x, int y)
+{
+ printf("int_fussy_overflow: %d %d\n", x, y);
+ int result = x + 10000 - y;
+ return result;
+}
+
+unsigned uint_fussy_overflow(unsigned x, unsigned y)
+{
+ printf("uint_fussy_overflow: %u %u\n", x, y);
+ unsigned result = x + 10000 - y;
+ return result;
+}
+
+int signed_overflow(int x, int y)
+{
+ printf("signed_overflow: %d %d\n", x, y);
+ int sum = x + y;
+ return sum;
+}
+
+unsigned unsigned_overflow(unsigned x, unsigned y)
+{
+ printf("unsigned_overflow: %u %u\n", x, y);
+ unsigned sum = x + y;
+ return sum;
+}
+
+char* integer_overflow_into_malloc_1(unsigned numElements)
+{
+ printf("integer_overflow_into_malloc_1: %u\n", numElements);
+ unsigned int size = numElements * 4; // compiler may use shifting here
+ char *buf = malloc(size);
+ return buf;
+}
+
+char* integer_overflow_into_malloc_2(unsigned numElements, unsigned sizePerElement)
+{
+ printf("integer_overflow_into_malloc_2: %u %u\n", numElements, sizePerElement);
+ unsigned int size = numElements * sizePerElement;
+ char *buf = malloc(size);
+ return buf;
+}
+
+char* integer_underflow(unsigned len, char *src)
+{
+ printf("integer_underflow: %d\n", len);
+ unsigned int size;
+ size = len - 2; // len = 0, size = -2
+ char *comm = (char*) malloc(size + 1); // -1 (MAX_UNSIGNED_INT) passed to malloc
+ memcpy(comm, src, size);
+ return comm;
+}
+
+char* signed_error(int size)
+{
+ printf("signed_error: %d\n", size);
+ return malloc(size);
+}
+
+int signed_error_bypass_check(unsigned value)
+{
+ printf("signed_error_bypass_check: %u\n", value);
+ int x = value;
+ if ( x > 1024 )
+ {
+ printf("too big\n");
+ return 1;
+ }
+ else
+ {
+ printf("passed upper bound check\n");
+ return 0;
+ }
+}
+
+char* trunc_error(unsigned size, int numElements)
+{
+ printf("trunc_error: %u %d\n", size, numElements);
+ short len = size;
+ return malloc(len * numElements);
+}
+
+int main(int argc, char **argv)
+{
+ int selector = 0;
+ int myint;
+ int result;
+ char *bufptr;
+ char buf[16] = "hello";
+
+ if (argc == 2)
+ selector = atoi(argv[1]);
+
+ switch(selector)
+ {
+ case 0:
+ bufptr = integer_overflow_into_malloc_2(4, 4);
+ break;
+ case 1:
+ bufptr = integer_overflow_into_malloc_2(2000000000, 4);
+ break;
+ case 2:
+ bufptr = integer_overflow_into_malloc_1(4);
+ break;
+ case 3:
+ bufptr = integer_overflow_into_malloc_1(4000000000);
+ break;
+ case 4:
+ bufptr = integer_underflow(10, buf);
+ break;
+ case 5:
+ result = signed_error_bypass_check(2048);
+ break;
+ case 6:
+ result = signed_error_bypass_check(4000000000);
+ break;
+ }
+}
--
GitLab