// Copyright 2009 Google Inc. All Rights Reserved.
// Author: sburford@google.com (Sean Burford)
//
// Demonstrate libc select() bug.
//

#include <stdio.h>
#include <unistd.h>
#include <sys/select.h>
#include <sys/types.h>

void *get_address(int fd)
{
	fd_set fds;
	FD_ZERO(&fds);
	FD_SET(fd, &fds);

	return &fds;
}

void call_select(int fd)
{
	fd_set fds;

	printf("&fds = %08X\n", &fds);
	FD_ZERO(&fds);
	FD_SET(fd, &fds);
	printf("press enter\n");
	select(fd+1, &fds, 0, 0, 0);
}


int main(int argc, char **argv)
{
	unsigned int i=0;
	unsigned int target=-1;
	unsigned int fd_count;
	unsigned long fd_set_address;

	fd_set_address = (unsigned long)get_address(0);
	//fd_set_address -= 16;
	fd_count = ((unsigned long)&target - fd_set_address) * 8;
	printf("%08X - %08X = %d (*8=%d)\n", &target,
                                             fd_set_address,
                                             fd_count/8,
                                             fd_count); 

        while (i < fd_count)
                i = dup(1);

	printf("opened %d file descriptors\n", i);

	printf("before calling select our local variable = %08X\n", target);

	// We call select() from a function so that the fd_set will be below
	// our target variable on the stack.
	call_select(i);

	printf("after calling select our local variable = %08X\n", target);

	return 0;
}