This PR contains three more programs that I think ought to fail verification but instead pass:
exposeptr2.c: Similar to exposeptr.c in PR #3, this one leaks a pointer to user mode. Whereas exposeptr.c did so in the value of a map, exposeptr2.c does so in the key of a hash map, where the keys can be enumerated from user mode.
mapoverflow.c: This one uses an array map, and tries to index past the max_entries of the map.
mapunderflow.c: This one is like mapoverflow but tries to pass -1 as the array index (which, depending on the map implementation might be interpreted as negative or maxint).
And one that is correctly failed:
badhelpercall.c: This one tries to trick a helper function into writing outside the stack range.
This PR contains three more programs that I think ought to fail verification but instead pass:
And one that is correctly failed:
Signed-off-by: Dave Thaler dthaler@ntdev.microsoft.com