#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>

void null_pointer_deref() {
    char *ptr = NULL;
    *ptr = 'x';
}

void buffer_overflow() {
    char buf[5];
    strcpy(buf, "This is too long!");
}

void use_after_free() {
    int *ptr = malloc(sizeof(int));
    free(ptr);
    *ptr = 100;  
}

void array_out_of_bounds() {
    int arr[3];
    arr[5] = 10;
}

void double_free() {
    int *ptr = malloc(sizeof(int));
    free(ptr);
    free(ptr);
}

void uninitialized_pointer() {
    int *ptr;
    printf("%d", *ptr);
}

void stack_overflow() {
    stack_overflow(); // 递归调用导致栈溢出
}

void wild_pointer() {
    int *ptr;
    ptr = (int*)0x12345678;
    *ptr = 100;
}

void dangling_pointer() {
    int *ptr1 = malloc(4);
    int *ptr2 = ptr1;
    free(ptr1);
    *ptr2 = 100;
}

void wrong_free() {
    int x = 10;
    int *ptr = &x;
    free(ptr); // 试图释放栈内存
}

void memory_alignment() {
    char *ptr = malloc(8);
    long *lptr = (long*)(ptr + 1); // 错误的内存对齐
    *lptr = 123456789;
    free(ptr);
}

void buffer_underflow() {
    int *arr = malloc(sizeof(int) * 5);
    arr[-1] = 100;
    free(arr);
}

void (*crash_funcs[])(void) = {
    null_pointer_deref,
    buffer_overflow, 
    use_after_free,
    array_out_of_bounds,
    double_free,
    uninitialized_pointer,
    stack_overflow,
    wild_pointer,
    dangling_pointer,
    wrong_free,
    memory_alignment,
    buffer_underflow
};

int main() {
    srand(time(NULL));
    int num_funcs = sizeof(crash_funcs) / sizeof(crash_funcs[0]);
    int index = rand() % num_funcs;
    printf("Executing crash function %d\n", index);
    crash_funcs[index]();
    return 0;
}