/* dave@treblig.org */
#include <sys/select.h>
#include <sys/time.h>
#include <sys/types.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>

char buffer[1024*1024*2];

int main()
{
	fd_set rds;
	struct timeval timeout;

	FD_ZERO(&rds);
	FD_SET(2, &rds);
	/* Start with a nice simple select */
	select(3, &rds, &rds, &rds, NULL);

	/* Now the crash case that trinity found, negative nfds
	 * but with a pointer to a large chunk of valid memory.
	 */
	FD_ZERO((fd_set*)buffer);
	FD_SET(2,(fd_set*)buffer);
	select(-1, (fd_set *)buffer, NULL, NULL, NULL);

	/* Another variant, with nfds exceeding allowed limit. */
	timeout.tv_sec = 0;
	timeout.tv_usec = 100;
	select(FD_SETSIZE + 1, (fd_set *)buffer, NULL, NULL, &timeout);

	return 0;
}