static void test_ptr_scan(struct torture_context *tctx, const struct ndr_interface_table *iface,
int opnum, DATA_BLOB *base_in, int min_ofs, int max_ofs, int depth)
{
DATA_BLOB stub_in, stub_out;
int ofs;
NTSTATUS status;
struct dcerpc_pipe *p = NULL;
reopen(tctx, &p, iface);
stub_in = data_blob(NULL, base_in->length);
memcpy(stub_in.data, base_in->data, base_in->length);
/* work out which elements are pointers */
for (ofs=min_ofs;ofs<=max_ofs-4;ofs+=4) {
SIVAL(stub_in.data, ofs, 1);
status = dcerpc_request(p, NULL, opnum, tctx, &stub_in, &stub_out);
if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
print_depth(depth);
printf("possible ptr at ofs %d - fault %s\n",
ofs-min_ofs, dcerpc_errstr(tctx, p->last_fault_code));
if (p->last_fault_code == 5) {
reopen(tctx, &p, iface);
}
if (depth == 0) {
try_expand(tctx, iface, opnum, &stub_in, ofs+4, depth+1);
} else {
try_expand(tctx, iface, opnum, &stub_in, max_ofs, depth+1);
}
SIVAL(stub_in.data, ofs, 0);
continue;
}
SIVAL(stub_in.data, ofs, 0);
}
talloc_free(p);
}
void push(int i) {
int ch = size++;
try_expand(size);
int p = (ch - 1) / 2;
while (ch > 0) {
p = (ch - 1) / 2;
if (mem[p] > i) {
mem[ch] = mem[p];
ch = p;
} else {
break;
}
}
mem[ch] = i;
}
