1 /* dave@treblig.org */
2 #include <sys/select.h>
3 #include <sys/time.h>
4 #include <sys/types.h>
5 #include <stdlib.h>
6 #include <string.h>
7 #include <unistd.h>
8
9 char buffer[1024*1024*2];
10
main()11 int main()
12 {
13 fd_set rds;
14 struct timeval timeout;
15
16 FD_ZERO(&rds);
17 FD_SET(2, &rds);
18 /* Start with a nice simple select */
19 select(3, &rds, &rds, &rds, NULL);
20
21 /* Now the crash case that trinity found, negative nfds
22 * but with a pointer to a large chunk of valid memory.
23 */
24 FD_ZERO((fd_set*)buffer);
25 FD_SET(2,(fd_set*)buffer);
26 select(-1, (fd_set *)buffer, NULL, NULL, NULL);
27
28 /* Another variant, with nfds exceeding allowed limit. */
29 timeout.tv_sec = 0;
30 timeout.tv_usec = 100;
31 select(FD_SETSIZE + 1, (fd_set *)buffer, NULL, NULL, &timeout);
32
33 return 0;
34 }
35