1 typedef struct {int dims[0]; } *A;
2 
f(unsigned long obj)3 f(unsigned long obj)
4 {
5   unsigned char y = obj >> 24;
6   y &= ~4;
7 
8   if ((y==0)||(y!=251  ))
9     abort();
10 
11   if(((int)obj&7)!=7)return;
12 
13   REST_OF_CODE_JUST_HERE_TO_TRIGGER_THE_BUG:
14 
15   {
16     unsigned char t = obj >> 24;
17     if (!(t==0)&&(t<=0x03))
18       return 0;
19     return ((A)(obj&0x00FFFFFFL))->dims[1];
20   }
21 }
22 
g()23 long g(){return 0xff000000L;}
main()24 main (){int x;f(g());exit(0);}
25