/*

  simple reproducer that tests whether we have commit 198214a7ee50375fa71a65e518341980cfd4b2f0 or not
  ^ from Red Hat
  v from me
  modified since PaX disallows writing to read-only areas of memory via 
  ptrace (which /proc/pid/mem uses the same routines of internally)
  and the original reproducer had both strings located in read-only 
  memory causing a "permission denied" error on the write, instead of a 
  correct vulnerable/not vulnerable report
  ^ from spender
  v from me
  modified since on 32-bit architectures both the original and spender's
  reproducer had reported "not vulnerable" wrongly because of a bad cast
  and incorrect return value checking... ;)
 */

#define _LARGEFILE64_SOURCE 
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>

int main(void)
{
  char *s = "not vulnerable";
  char *s2 = "vulnerable";

  int fd;

  fd = open("/proc/self/mem", O_RDWR);
  if(fd == -1) {
    perror("open");
    goto end;
  }

  if(lseek64(fd, (off64_t)(unsigned long) &s, SEEK_SET) == (off64_t) -1) {
    perror("lseek64");
    goto end;
  }

  if(write(fd, &s2, sizeof(s2)) == -1) {
    perror("write");
  }

end:
  close(fd);
  printf("%s\n", s);

  return 0;
}