1 
2 #include <stdlib.h>
3 #include <stdio.h>
4 
5 static void* return_arg(void* p);
frame3(void)6 int frame3 ( void )
7 {
8   int *a = malloc(10 * sizeof(int));
9 
10   // bad address;
11   int n = a[10];
12 
13   // undefined condition
14   if (a[5] == 42) {
15     printf("hello from frame3().  The answer is 42.\n");
16   } else {
17     printf("hello from frame3().  The answer is not 42.\n");
18   }
19 
20   // undefined address (careful ..)
21   n = a[  a[0] & 7  ];
22 
23   // invalid free, the second time
24   free(a);
25   free(a);
26 
27   // more invalid frees
28   free(return_arg(&n));
29 
30   // leak ..
31   a = malloc(99 * sizeof(int));
32 
33   // pass garbage to the exit syscall
34   return n;
35 }
36 
frame2(void)37 int frame2 ( void )
38 {
39   return frame3() - 1;
40 }
41 
frame1(void)42 int frame1 ( void )
43 {
44   return frame2() + 1;
45 }
46 
main(void)47 int main ( void )
48 {
49   return frame1() - 1;
50 }
51 
52 /*
53  * The only purpose of the function below is to make sure that gcc 4.4.x does
54  * not print the following warning during the compilation of this test program:
55  * warning: attempt to free a non-heap object
56  */
return_arg(void * p)57 static void* return_arg(void* p)
58 {
59    return p;
60 }
61 
62