From 918f0d33022a6a8f6f5df04b362202fff16d183f Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Thu, 6 Sep 2018 23:48:47 -0400
Subject: [PATCH] improve write-after-free tests

---
 .../simple-memory-corruption/write_after_free_large.c |  3 +--
 .../simple-memory-corruption/write_after_free_small.c | 11 ++++++++---
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/test/simple-memory-corruption/write_after_free_large.c b/test/simple-memory-corruption/write_after_free_large.c
index f2d30bf..ce4c691 100644
--- a/test/simple-memory-corruption/write_after_free_large.c
+++ b/test/simple-memory-corruption/write_after_free_large.c
@@ -1,4 +1,3 @@
-#include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 
@@ -9,6 +8,6 @@ int main(void) {
         return 1;
     }
     free(p);
-    memset(p, 'a', 128 * 1024);
+    p[64 * 1024 + 1] = 'a';
     return 0;
 }
diff --git a/test/simple-memory-corruption/write_after_free_small.c b/test/simple-memory-corruption/write_after_free_small.c
index bcaa64b..2a80835 100644
--- a/test/simple-memory-corruption/write_after_free_small.c
+++ b/test/simple-memory-corruption/write_after_free_small.c
@@ -1,14 +1,19 @@
-#include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 
 __attribute__((optimize(0)))
 int main(void) {
-    char *p = malloc(16);
+    char *p = malloc(128);
     if (!p) {
         return 1;
     }
     free(p);
-    memset(p, 'a', 16);
+
+    p[65] = 'a';
+
+    // trigger reuse of the allocation
+    for (size_t i = 0; i < 100000; i++) {
+        free(malloc(128));
+    }
     return 0;
 }