/*
 * This code was stolen from somewhere and partially deobufscated prior to
 * other changes.
 *
 * It exercises a bug where unix socket garbage collector would inspect freed
 * memory.
 */
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/uio.h>

#include <err.h>
#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>

#define SEND_FDS 10

int main(int argc, char **argv)
{
	int sv[2];
	struct msghdr msg;
	struct iovec iov;
	union {
		struct cmsghdr header;
		char bytes[CMSG_SPACE(sizeof(int)*SEND_FDS)];
	} cmsg;
	struct cmsghdr *cmh = &cmsg.header;
	int *fds;
	int i;

	if (socketpair(PF_UNIX, SOCK_STREAM, 0, sv) == -1)
		err(1, "socketpair");

	iov.iov_base = "a";
	iov.iov_len = 1;

	cmh->cmsg_len = CMSG_LEN(sizeof(int)*SEND_FDS);
	cmh->cmsg_level = SOL_SOCKET;
	cmh->cmsg_type = SCM_RIGHTS;
	fds = (int *)CMSG_DATA(cmh);
	for (i = 0; i < SEND_FDS; i++) {
		fds[i] = 0;
	}

	msg.msg_name = NULL;
	msg.msg_namelen = 0;
	msg.msg_iov = &iov;
	msg.msg_iovlen = 1;
	msg.msg_control = cmh;
	msg.msg_controllen = CMSG_SPACE(sizeof(int)*SEND_FDS);
	msg.msg_flags = 0;

	if (sendmsg(sv[0], &msg, 0) == -1)
		err(1, "sendmsg");

	return (0);
}