| /** |
| * Copyright (C) 2017 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| #define _GNU_SOURCE |
| #include <pthread.h> |
| #include <setjmp.h> |
| #include <signal.h> |
| #include <stdint.h> |
| #include <stdlib.h> |
| #include <string.h> |
| #include <sys/types.h> |
| #include <sys/wait.h> |
| #include <syscall.h> |
| #include <unistd.h> |
| |
| __thread int skip_segv; |
| __thread jmp_buf segv_env; |
| |
| #define NONFAILING(...) \ |
| { \ |
| __atomic_fetch_add(&skip_segv, 1, __ATOMIC_SEQ_CST); \ |
| if (_setjmp(segv_env) == 0) { \ |
| __VA_ARGS__; \ |
| } \ |
| __atomic_fetch_sub(&skip_segv, 1, __ATOMIC_SEQ_CST); \ |
| } |
| |
| #ifndef SYS_socket |
| #define SYS_socket 41 |
| #endif |
| #ifndef SYS_mmap |
| #define SYS_mmap __NR_mmap |
| #endif |
| #ifndef __NR_mmap |
| #define __NR_mmap 222 |
| #endif |
| #ifndef SYS_syz_open_dev |
| #define SYS_syz_open_dev 1000001 |
| #endif |
| #ifndef SYS_write |
| #define SYS_write 1 |
| #endif |
| |
| long r; |
| |
| int main() { |
| r = syscall(SYS_socket, 0x10ul, 0x3ul, 0x1ful, 0, 0, 0); |
| syscall(SYS_mmap, 0x20005000ul, 0x1000ul, 0x3ul, 0x32ul, 0xfffffffffffffffful, |
| 0x0ul); |
| NONFAILING(*(uint32_t*)0x20005ff0 = (uint32_t)0x10); |
| NONFAILING(*(uint32_t*)0x20005ff4 = (uint32_t)0x31); |
| NONFAILING(*(uint64_t*)0x20005ff8 = (uint64_t)0xb4); |
| syscall(SYS_write, r, 0x20005ff0ul, 0x10ul, 0, 0, 0); |
| return 0; |
| } |
