Regression test for the use-after-free in map insertion

diff --git a/regress/usr.sbin/btrace/Makefile b/regress/usr.sbin/btrace/Makefile
index 04c322f..29f90ce 100644 (file)
--- a/regress/usr.sbin/btrace/Makefile
+++ b/regress/usr.sbin/btrace/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.26 2022/11/12 14:19:08 mpi Exp $
+# $OpenBSD: Makefile,v 1.27 2023/08/13 09:49:47 mpi Exp $
 
 BTRACE?=                /usr/sbin/btrace
 ALLOWDT!=              sysctl -n kern.allowdt 2>/dev/null
@@ -14,7 +14,7 @@ BT_LANG_SCRIPTS=      arithm beginend boolean comments delete exit \
 BT_ARG_LANG_SCRIPTS=   staticv str
 
 # scripts that use kernel probes
-BT_KERN_SCRIPTS=       filters multiprobe
+BT_KERN_SCRIPTS=       filters mapoverwrite multiprobe
 
 REGRESS_EXPECTED_FAILURES=     run-maxoperand
 

diff --git a/regress/usr.sbin/btrace/mapoverwrite.bt b/regress/usr.sbin/btrace/mapoverwrite.bt
new file mode 100644 (file)
index 0000000..43fffc9
--- /dev/null
+++ b/regress/usr.sbin/btrace/mapoverwrite.bt
@@ -0,0 +1,23 @@
+BEGIN
+{
+       @counter = 0;
+
+       @map[0] = 1;
+       @map[1] = 2;
+       @map[3] = 3;
+}
+
+/*
+ * Overwrite map periodically to ensure there's no double-free.
+ */
+interval:hz:1
+{
+       if (@counter >= 10)
+               exit();
+
+       @counter = @counter + 1;
+
+       @map[0] = 11;
+       @map[1] = 22;
+       @map[3] = 33;
+}

diff --git a/regress/usr.sbin/btrace/mapoverwrite.ok b/regress/usr.sbin/btrace/mapoverwrite.ok
new file mode 100644 (file)
index 0000000..e69de29