From 0a79e82474c0ce7f2b0d2beeb76299369ffcf8a5 Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Fri, 24 Aug 2018 04:45:48 -0400
Subject: [PATCH] add basic invalid free tests

---
 test/simple-memory-corruption/Makefile             |  3 +++
 .../invalid_free_protected.c                       | 14 ++++++++++++++
 .../invalid_free_small_region.c                    | 12 ++++++++++++
 .../invalid_free_unprotected.c                     | 14 ++++++++++++++
 4 files changed, 43 insertions(+)
 create mode 100644 test/simple-memory-corruption/invalid_free_protected.c
 create mode 100644 test/simple-memory-corruption/invalid_free_small_region.c
 create mode 100644 test/simple-memory-corruption/invalid_free_unprotected.c

diff --git a/test/simple-memory-corruption/Makefile b/test/simple-memory-corruption/Makefile
index 7ea6e22..e638996 100644
--- a/test/simple-memory-corruption/Makefile
+++ b/test/simple-memory-corruption/Makefile
@@ -9,3 +9,6 @@ all: \
     write_after_free_small \
     read_zero_size \
     write_zero_size \
+    invalid_free_protected \
+    invalid_free_unprotected \
+    invalid_free_small_region \
diff --git a/test/simple-memory-corruption/invalid_free_protected.c b/test/simple-memory-corruption/invalid_free_protected.c
new file mode 100644
index 0000000..97d5be1
--- /dev/null
+++ b/test/simple-memory-corruption/invalid_free_protected.c
@@ -0,0 +1,14 @@
+#include <stdlib.h>
+
+#include <sys/mman.h>
+
+__attribute__((optimize(0)))
+int main(void) {
+    free(malloc(16));
+    char *p = mmap(NULL, 4096 * 16, PROT_NONE, MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
+    if (p == MAP_FAILED) {
+        return 1;
+    }
+    free(p + 4096 * 8);
+    return 0;
+}
diff --git a/test/simple-memory-corruption/invalid_free_small_region.c b/test/simple-memory-corruption/invalid_free_small_region.c
new file mode 100644
index 0000000..d7f9321
--- /dev/null
+++ b/test/simple-memory-corruption/invalid_free_small_region.c
@@ -0,0 +1,12 @@
+#include <stdlib.h>
+
+__attribute__((optimize(0)))
+int main(void) {
+    char *p = malloc(16);
+    if (!p) {
+        return 1;
+    }
+    char *q = p + 4096 * 4;
+    free(q);
+    return 0;
+}
diff --git a/test/simple-memory-corruption/invalid_free_unprotected.c b/test/simple-memory-corruption/invalid_free_unprotected.c
new file mode 100644
index 0000000..01fc630
--- /dev/null
+++ b/test/simple-memory-corruption/invalid_free_unprotected.c
@@ -0,0 +1,14 @@
+#include <stdlib.h>
+
+#include <sys/mman.h>
+
+__attribute__((optimize(0)))
+int main(void) {
+    free(malloc(16));
+    char *p = mmap(NULL, 4096 * 16, PROT_READ|PROT_WRITE, MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
+    if (p == MAP_FAILED) {
+        return 1;
+    }
+    free(p + 4096 * 8);
+    return 0;
+}