diff --git a/test/simple-memory-corruption/write_after_free_large.c b/test/simple-memory-corruption/write_after_free_large.c index f2d30bf..ce4c691 100644 --- a/test/simple-memory-corruption/write_after_free_large.c +++ b/test/simple-memory-corruption/write_after_free_large.c @@ -1,4 +1,3 @@ -#include #include #include @@ -9,6 +8,6 @@ int main(void) { return 1; } free(p); - memset(p, 'a', 128 * 1024); + p[64 * 1024 + 1] = 'a'; return 0; } diff --git a/test/simple-memory-corruption/write_after_free_small.c b/test/simple-memory-corruption/write_after_free_small.c index bcaa64b..2a80835 100644 --- a/test/simple-memory-corruption/write_after_free_small.c +++ b/test/simple-memory-corruption/write_after_free_small.c @@ -1,14 +1,19 @@ -#include #include #include __attribute__((optimize(0))) int main(void) { - char *p = malloc(16); + char *p = malloc(128); if (!p) { return 1; } free(p); - memset(p, 'a', 16); + + p[65] = 'a'; + + // trigger reuse of the allocation + for (size_t i = 0; i < 100000; i++) { + free(malloc(128)); + } return 0; }