Insert "%s" at various points in an attempt to trigger format string bugs.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@13792 f5534014-38df-0310-8fa8-9805f1628bb7

diff --git a/randpkt.c b/randpkt.c
index e93ed5f492a92a6d62d9ae43ff3c3fd898003955..b443ddf7b9845067e9a2f060fb17e8182c4169d1 100644 (file)
--- a/randpkt.c
+++ b/randpkt.c
@@ -471,7 +471,13 @@ main(int argc, char **argv)
                pkthdr.ts.tv_sec = i; /* just for variety */
 
                for (j = example->sample_length; j < len_random; j++) {
-                       buffer[j] = (rand() % 0x100);
+                       /* Add format strings here and there */
+                       if ((int) (100.0*rand()/(RAND_MAX+1.0)) < 3 && j < (len_random - 3)) {
+                               memcpy(&buffer[j], "%s", 3);
+                               j += 2;
+                       } else {
+                               buffer[j] = (rand() % 0x100);
+                       }
                }
 
                wtap_dump(dump, &pkthdr, &ps_header, &buffer[0], &err);