From 7b9322dbc506e8d84e323a3bd4be9d8ca76bd6a4 Mon Sep 17 00:00:00 2001
From: Linus Groh <mail@linusgroh.de>
Date: Mon, 4 Jan 2021 21:18:20 +0100
Subject: crash: Remove -x and -y which do not crash (write to / read from
 freed memory)

These do not crash the process anymore.
Fixes #4685.
---
 Userland/crash.cpp | 29 -----------------------------
 1 file changed, 29 deletions(-)

(limited to 'Userland')

diff --git a/Userland/crash.cpp b/Userland/crash.cpp
index d19c3c3a0f..8aeae5f69a 100644
--- a/Userland/crash.cpp
+++ b/Userland/crash.cpp
@@ -117,8 +117,6 @@ int main(int argc, char** argv)
     bool do_invalid_stack_pointer_on_syscall = false;
     bool do_invalid_stack_pointer_on_page_fault = false;
     bool do_syscall_from_writeable_memory = false;
-    bool do_write_to_freed_memory_still_cached_by_malloc = false;
-    bool do_read_from_freed_memory_still_cached_by_malloc = false;
     bool do_execute_non_executable_memory = false;
     bool do_trigger_user_mode_instruction_prevention = false;
     bool do_use_io_instruction = false;
@@ -141,8 +139,6 @@ int main(int argc, char** argv)
     args_parser.add_option(do_invalid_stack_pointer_on_syscall, "Make a syscall while using an invalid stack pointer", nullptr, 'T');
     args_parser.add_option(do_invalid_stack_pointer_on_page_fault, "Trigger a page fault while using an invalid stack pointer", nullptr, 't');
     args_parser.add_option(do_syscall_from_writeable_memory, "Make a syscall from writeable memory", nullptr, 'S');
-    args_parser.add_option(do_write_to_freed_memory_still_cached_by_malloc, "Read from recently freed memory (tests an opportunistic malloc guard)", nullptr, 'x');
-    args_parser.add_option(do_read_from_freed_memory_still_cached_by_malloc, "Write to recently free memory (tests an opportunistic malloc guard)", nullptr, 'y');
     args_parser.add_option(do_execute_non_executable_memory, "Attempt to execute non-executable memory (not mapped with PROT_EXEC)", nullptr, 'X');
     args_parser.add_option(do_trigger_user_mode_instruction_prevention, "Attempt to trigger an x86 User Mode Instruction Prevention fault", nullptr, 'U');
     args_parser.add_option(do_use_io_instruction, "Use an x86 I/O instruction in userspace", nullptr, 'I');
@@ -294,31 +290,6 @@ int main(int argc, char** argv)
         }).run(run_type);
     }
 
-    if (do_read_from_freed_memory_still_cached_by_malloc || do_all_crash_types) {
-        Crash("Read from memory still cached by malloc", []() {
-            auto* ptr = (u8*)malloc(1024);
-            if (!ptr)
-                return Crash::Failure::UnexpectedError;
-
-            free(ptr);
-            dbgprintf("ptr = %p\n", ptr);
-            [[maybe_unused]] volatile auto foo = *ptr;
-            return Crash::Failure::DidNotCrash;
-        }).run(run_type);
-    }
-
-    if (do_write_to_freed_memory_still_cached_by_malloc || do_all_crash_types) {
-        Crash("Write to freed memory still cached by malloc", []() {
-            auto* ptr = (u8*)malloc(1024);
-            if (!ptr)
-                return Crash::Failure::UnexpectedError;
-            free(ptr);
-            dbgprintf("ptr = %p\n", ptr);
-            *ptr = 'x';
-            return Crash::Failure::DidNotCrash;
-        }).run(run_type);
-    }
-
     if (do_execute_non_executable_memory || do_all_crash_types) {
         Crash("Execute non executable memory", []() {
             auto* ptr = (u8*)mmap(nullptr, PAGE_SIZE, PROT_READ | PROT_WRITE, MAP_ANONYMOUS | MAP_PRIVATE, 0, 0);
-- 
cgit v1.2.3