Write Underflow. We dynamically allocate a buffer with malloc(3), decrement the pointer, and then write into that memory location—a write or buffer underflow bug:
/* test case 4 : out-of-bounds : write underflow */
static void write_underflow(void)
{
char *p = malloc(8);
if (!p)
FATAL("malloc failed ");
p--;
strncpy(p, "abcd5678", 8); /* Bug: write underflow */
free(++p);
}
In this test case, we don't want the free(3) to fail, so we ensure the pointer passed to it is correct. The compiler does not detect any bug here; at runtime though, it does indeed crash, with modern glibc detecting errors (in this case, memory corruption):
$ ./membugs 4
double free or corruption (out)
Aborted
$