1 /*
2  * Copyright (c) 2015-2016 Dmitry V. Levin <ldv@altlinux.org>
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  * 3. The name of the author may not be used to endorse or promote products
14  *    derived from this software without specific prior written permission.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26  */
27 
28 /*
29  * Based on test by Dr. David Alan Gilbert <dave@treblig.org>
30  */
31 
32 #include <assert.h>
33 #include <stdio.h>
34 #include <unistd.h>
35 #include <sys/select.h>
36 
37 static fd_set set[0x1000000 / sizeof(fd_set)];
38 
main(void)39 int main(void)
40 {
41 	int fds[2];
42 	struct {
43 		struct timeval tv;
44 		int pad[2];
45 	} tm_in = {
46 		.tv = { .tv_sec = 0xc0de1, .tv_usec = 0xc0de2 },
47 		.pad = { 0xdeadbeef, 0xbadc0ded }
48 	}, tm = tm_in;
49 
50 	if (pipe(fds))
51 		perror_msg_and_fail("pipe");
52 
53 	/*
54 	 * Start with a nice simple select.
55 	 */
56 	FD_ZERO(set);
57 	FD_SET(fds[0], set);
58 	FD_SET(fds[1], set);
59 	int rc = syscall(TEST_SYSCALL_NR, fds[1] + 1, set, set, set, NULL);
60 	if (rc < 0)
61 		perror_msg_and_skip(TEST_SYSCALL_STR);
62 	assert(rc == 1);
63 	printf("%s(%d, [%d %d], [%d %d], [%d %d], NULL) = 1 ()\n",
64 	       TEST_SYSCALL_STR, fds[1] + 1, fds[0], fds[1],
65 	       fds[0], fds[1], fds[0], fds[1]);
66 
67 	/*
68 	 * Another simple one, with a timeout.
69 	 */
70 	FD_SET(1, set);
71 	FD_SET(2, set);
72 	FD_SET(fds[0], set);
73 	FD_SET(fds[1], set);
74 	assert(syscall(TEST_SYSCALL_NR, fds[1] + 1, NULL, set, NULL, &tm.tv) == 3);
75 	printf("%s(%d, NULL, [1 2 %d %d], NULL, {tv_sec=%lld, tv_usec=%lld})"
76 	       " = 3 (out [1 2 %d], left {tv_sec=%lld, tv_usec=%lld})\n",
77 	       TEST_SYSCALL_STR, fds[1] + 1, fds[0], fds[1],
78 	       (long long) tm_in.tv.tv_sec, (long long) tm_in.tv.tv_usec,
79 	       fds[1],
80 	       (long long) tm.tv.tv_sec, (long long) tm.tv.tv_usec);
81 
82 	/*
83 	 * Now the crash case that trinity found, negative nfds
84 	 * but with a pointer to a large chunk of valid memory.
85 	 */
86 	FD_ZERO(set);
87 	FD_SET(fds[1],set);
88 	assert(syscall(TEST_SYSCALL_NR, -1, NULL, set, NULL, NULL) == -1);
89 	printf("%s(-1, NULL, %p, NULL, NULL) = -1 EINVAL (%m)\n",
90 	       TEST_SYSCALL_STR, set);
91 
92 	/*
93 	 * Another variant, with nfds exceeding FD_SETSIZE limit.
94 	 */
95 	FD_ZERO(set);
96 	FD_SET(fds[0],set);
97 	tm.tv.tv_sec = 0;
98 	tm.tv.tv_usec = 123;
99 	assert(syscall(TEST_SYSCALL_NR, FD_SETSIZE + 1, set, set + 1, NULL, &tm.tv) == 0);
100 	printf("%s(%d, [%d], [], NULL, {tv_sec=0, tv_usec=123}) = 0 (Timeout)\n",
101 	       TEST_SYSCALL_STR, FD_SETSIZE + 1, fds[0]);
102 
103 	puts("+++ exited with 0 +++");
104 	return 0;
105 }
106