| Elliott Hughes | 5dec78d | 2014-02-26 15:56:23 -0800 | [diff] [blame] | 1 | /* dave@treblig.org */ |
| 2 | #include <sys/select.h> |
| 3 | #include <sys/time.h> |
| 4 | #include <sys/types.h> |
| 5 | #include <stdlib.h> |
| 6 | #include <string.h> |
| 7 | #include <unistd.h> |
| 8 | |
| 9 | char buffer[1024*1024*2]; |
| 10 | |
| 11 | int main() |
| 12 | { |
| 13 | fd_set rds; |
| 14 | struct timeval timeout; |
| 15 | |
| 16 | FD_ZERO(&rds); |
| 17 | FD_SET(2, &rds); |
| 18 | /* Start with a nice simple select */ |
| 19 | select(3, &rds, &rds, &rds, NULL); |
| 20 | |
| 21 | /* Now the crash case that trinity found, negative nfds |
| 22 | * but with a pointer to a large chunk of valid memory. |
| 23 | */ |
| 24 | FD_ZERO((fd_set*)buffer); |
| 25 | FD_SET(2,(fd_set*)buffer); |
| 26 | select(-1, (fd_set *)buffer, NULL, NULL, NULL); |
| 27 | |
| 28 | /* Another variant, with nfds exceeding allowed limit. */ |
| 29 | timeout.tv_sec = 0; |
| 30 | timeout.tv_usec = 100; |
| 31 | select(FD_SETSIZE + 1, (fd_set *)buffer, NULL, NULL, &timeout); |
| 32 | |
| 33 | return 0; |
| 34 | } |