// Contributed by Alexandre Oliva <aoliva@redhat.com>
// From Red Hat case 106165.

typedef struct s1
{
  unsigned short v1;
  unsigned char *v2;
} S1;

extern void bar(const struct s1 *const hdb);
extern unsigned char* foo ();

unsigned int sn;
S1 *hdb;
S1 *pb;
unsigned short len;

unsigned int crashIt()
{
  unsigned char *p;
  unsigned int nsn;
  unsigned short cnt;

  if (sn != 0) return 1;

  if ((len < 12) || ((p = (((pb->v1) >= 8) ? pb->v2 : foo() )) == 0))
    return 1;

  nsn = (
	 (((*(unsigned int*)p) & 0x000000ff) << 24) |
	 (((*(unsigned int*)p) & 0x0000ff00) << 8)  |
	 (((*(unsigned int*)p) & 0x00ff0000) >> 8)  |
	 (((*(unsigned int*)p) & 0xff000000) >> 24)  );
  p += 4;

  cnt = (unsigned short) ((
			   (((*(unsigned int*)p) & 0x000000ff) << 24) |
			   (((*(unsigned int*)p) & 0x0000ff00) << 8)  |
			   (((*(unsigned int*)p) & 0x00ff0000) >> 8)  |
			   (((*(unsigned int*)p) & 0xff000000) >> 24)  ) &
			  0xffff);

  if ((len != 12 + (cnt * 56)) || (nsn == 0))
    {
      bar(hdb);
      return 1;
    }

  return 0;
}