From 27ac1e21bcf3a89e6ddf913d993125da193f00cd Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Fri, 24 Aug 2018 03:09:23 -0400
Subject: [PATCH] add initial simple memory corruption tests

---
 test/simple-memory-corruption/Makefile          | 11 +++++++++++
 .../double_free_large.c                         | 12 ++++++++++++
 .../double_free_small.c                         | 12 ++++++++++++
 .../read_after_free_large.c                     | 17 +++++++++++++++++
 .../read_after_free_small.c                     | 17 +++++++++++++++++
 test/simple-memory-corruption/read_zero_size.c  | 12 ++++++++++++
 .../unaligned_free_large.c                      | 11 +++++++++++
 .../unaligned_free_small.c                      | 11 +++++++++++
 .../write_after_free_large.c                    | 14 ++++++++++++++
 .../write_after_free_small.c                    | 14 ++++++++++++++
 test/simple-memory-corruption/write_zero_size.c | 12 ++++++++++++
 11 files changed, 143 insertions(+)
 create mode 100644 test/simple-memory-corruption/Makefile
 create mode 100644 test/simple-memory-corruption/double_free_large.c
 create mode 100644 test/simple-memory-corruption/double_free_small.c
 create mode 100644 test/simple-memory-corruption/read_after_free_large.c
 create mode 100644 test/simple-memory-corruption/read_after_free_small.c
 create mode 100644 test/simple-memory-corruption/read_zero_size.c
 create mode 100644 test/simple-memory-corruption/unaligned_free_large.c
 create mode 100644 test/simple-memory-corruption/unaligned_free_small.c
 create mode 100644 test/simple-memory-corruption/write_after_free_large.c
 create mode 100644 test/simple-memory-corruption/write_after_free_small.c
 create mode 100644 test/simple-memory-corruption/write_zero_size.c

diff --git a/test/simple-memory-corruption/Makefile b/test/simple-memory-corruption/Makefile
new file mode 100644
index 0000000..7ea6e22
--- /dev/null
+++ b/test/simple-memory-corruption/Makefile
@@ -0,0 +1,11 @@
+all: \
+    double_free_large \
+    double_free_small \
+    unaligned_free_large \
+    unaligned_free_small \
+    read_after_free_large \
+    read_after_free_small \
+    write_after_free_large \
+    write_after_free_small \
+    read_zero_size \
+    write_zero_size \
diff --git a/test/simple-memory-corruption/double_free_large.c b/test/simple-memory-corruption/double_free_large.c
new file mode 100644
index 0000000..ce4850d
--- /dev/null
+++ b/test/simple-memory-corruption/double_free_large.c
@@ -0,0 +1,12 @@
+#include <stdlib.h>
+
+__attribute__((optimize(0)))
+int main(void) {
+    void *p = malloc(128 * 1024);
+    if (!p) {
+        return 1;
+    }
+    free(p);
+    free(p);
+    return 0;
+}
diff --git a/test/simple-memory-corruption/double_free_small.c b/test/simple-memory-corruption/double_free_small.c
new file mode 100644
index 0000000..399b8d0
--- /dev/null
+++ b/test/simple-memory-corruption/double_free_small.c
@@ -0,0 +1,12 @@
+#include <stdlib.h>
+
+__attribute__((optimize(0)))
+int main(void) {
+    void *p = malloc(16);
+    if (!p) {
+        return 1;
+    }
+    free(p);
+    free(p);
+    return 0;
+}
diff --git a/test/simple-memory-corruption/read_after_free_large.c b/test/simple-memory-corruption/read_after_free_large.c
new file mode 100644
index 0000000..81e8628
--- /dev/null
+++ b/test/simple-memory-corruption/read_after_free_large.c
@@ -0,0 +1,17 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+__attribute__((optimize(0)))
+int main(void) {
+    char *p = malloc(128 * 1024);
+    if (!p) {
+        return 1;
+    }
+    memset(p, 'a', 16);
+    free(p);
+    for (size_t i = 0; i < 128 * 1024; i++) {
+        printf("%x\n", p[i]);
+    }
+    return 0;
+}
diff --git a/test/simple-memory-corruption/read_after_free_small.c b/test/simple-memory-corruption/read_after_free_small.c
new file mode 100644
index 0000000..cc4d154
--- /dev/null
+++ b/test/simple-memory-corruption/read_after_free_small.c
@@ -0,0 +1,17 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+__attribute__((optimize(0)))
+int main(void) {
+    char *p = malloc(16);
+    if (!p) {
+        return 1;
+    }
+    memset(p, 'a', 16);
+    free(p);
+    for (size_t i = 0; i < 16; i++) {
+        printf("%x\n", p[i]);
+    }
+    return 0;
+}
diff --git a/test/simple-memory-corruption/read_zero_size.c b/test/simple-memory-corruption/read_zero_size.c
new file mode 100644
index 0000000..7e6ed78
--- /dev/null
+++ b/test/simple-memory-corruption/read_zero_size.c
@@ -0,0 +1,12 @@
+#include <stdlib.h>
+#include <stdio.h>
+
+__attribute__((optimize(0)))
+int main(void) {
+    char *p = malloc(0);
+    if (!p) {
+        return 1;
+    }
+    printf("%c\n", *p);
+    return 0;
+}
diff --git a/test/simple-memory-corruption/unaligned_free_large.c b/test/simple-memory-corruption/unaligned_free_large.c
new file mode 100644
index 0000000..3bee868
--- /dev/null
+++ b/test/simple-memory-corruption/unaligned_free_large.c
@@ -0,0 +1,11 @@
+#include <stdlib.h>
+
+__attribute__((optimize(0)))
+int main(void) {
+    char *p = malloc(128 * 1024);
+    if (!p) {
+        return 1;
+    }
+    free(p + 1);
+    return 0;
+}
diff --git a/test/simple-memory-corruption/unaligned_free_small.c b/test/simple-memory-corruption/unaligned_free_small.c
new file mode 100644
index 0000000..bf80307
--- /dev/null
+++ b/test/simple-memory-corruption/unaligned_free_small.c
@@ -0,0 +1,11 @@
+#include <stdlib.h>
+
+__attribute__((optimize(0)))
+int main(void) {
+    char *p = malloc(16);
+    if (!p) {
+        return 1;
+    }
+    free(p + 1);
+    return 0;
+}
diff --git a/test/simple-memory-corruption/write_after_free_large.c b/test/simple-memory-corruption/write_after_free_large.c
new file mode 100644
index 0000000..f2d30bf
--- /dev/null
+++ b/test/simple-memory-corruption/write_after_free_large.c
@@ -0,0 +1,14 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+__attribute__((optimize(0)))
+int main(void) {
+    char *p = malloc(128 * 1024);
+    if (!p) {
+        return 1;
+    }
+    free(p);
+    memset(p, 'a', 128 * 1024);
+    return 0;
+}
diff --git a/test/simple-memory-corruption/write_after_free_small.c b/test/simple-memory-corruption/write_after_free_small.c
new file mode 100644
index 0000000..bcaa64b
--- /dev/null
+++ b/test/simple-memory-corruption/write_after_free_small.c
@@ -0,0 +1,14 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+__attribute__((optimize(0)))
+int main(void) {
+    char *p = malloc(16);
+    if (!p) {
+        return 1;
+    }
+    free(p);
+    memset(p, 'a', 16);
+    return 0;
+}
diff --git a/test/simple-memory-corruption/write_zero_size.c b/test/simple-memory-corruption/write_zero_size.c
new file mode 100644
index 0000000..def29b5
--- /dev/null
+++ b/test/simple-memory-corruption/write_zero_size.c
@@ -0,0 +1,12 @@
+#include <stdlib.h>
+#include <stdio.h>
+
+__attribute__((optimize(0)))
+int main(void) {
+    char *p = malloc(0);
+    if (!p) {
+        return 1;
+    }
+    *p = 5;
+    return 0;
+}