From 557251cc19f600a2d4c48f8537cbf2fedaa5ca8d Mon Sep 17 00:00:00 2001
From: Camille Oudot <camille.oudot@orange.com>
Date: Tue, 28 Feb 2017 20:30:21 +0100
Subject: [PATCH] malloc_test: new function that over/underflows

---
 src/modules/malloc_test/malloc_test.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/src/modules/malloc_test/malloc_test.c b/src/modules/malloc_test/malloc_test.c
index ff5eb872219..9b6bd736db6 100644
--- a/src/modules/malloc_test/malloc_test.c
+++ b/src/modules/malloc_test/malloc_test.c
@@ -39,6 +39,7 @@ MODULE_VERSION
 
 static int mt_mem_alloc_f(struct sip_msg*, char*,char*);
 static int mt_mem_free_f(struct sip_msg*, char*,char*);
+static int mt_pkg_overflow_f(struct sip_msg*, char*,char*);
 static int mod_init(void);
 static void mod_destroy(void);
 
@@ -48,6 +49,8 @@ static cmd_export_t cmds[]={
 		REQUEST_ROUTE|ONREPLY_ROUTE|FAILURE_ROUTE|BRANCH_ROUTE|ONSEND_ROUTE},
 	{"mt_mem_free", mt_mem_free_f, 1, fixup_var_int_1,
 		REQUEST_ROUTE|ONREPLY_ROUTE|FAILURE_ROUTE|BRANCH_ROUTE|ONSEND_ROUTE},
+	{"mt_pkg_overflow", mt_pkg_overflow_f, 0, 0,
+		REQUEST_ROUTE|ONREPLY_ROUTE|FAILURE_ROUTE|BRANCH_ROUTE|ONSEND_ROUTE},
 	{0, 0, 0, 0, 0}
 };
 
@@ -672,6 +675,25 @@ static int mt_mem_free_f(struct sip_msg* msg, char* sz, char* foo)
 	return (freed==0)?1:freed;
 }
 
+static int mt_pkg_overflow_f(struct sip_msg* msg, char *p1,char *p2) {
+	int i;
+	unsigned long *a;
+
+	a = pkg_malloc(1024 * sizeof(unsigned long));
+
+	if (!a) {
+		LM_ERR("no more pkg\n");
+		return -1;
+	}
+
+	*(a - 1) = 0xdeadbeef;
+	*(a + 1024) = 0xdeadc0de;
+	for (i = 0 ; i < 1024; i++) {
+		a[i] = (long)i;
+	}
+
+	return 1;
+}
 
 
 /* RPC exports: */