#include <stdio.h>
#include <stdlib.h>
#include <string.h>

static int process(size_t len)
{
    char src[512];
    char dst[128];
    memset(src, 'A', sizeof(src));
    memset(dst, 0, sizeof(dst));

    // Attacker-controlled length; no bounds check.
    memcpy(dst, src, len);

    // Return first byte to keep optimizer from removing the copy.
    return dst[0];
}

int main(int argc, char **argv)
{
    if (argc < 2)
    {
        fprintf(stderr, "usage: %s <len>\n", argv[0]);
        return 1;
    }

    char *end = NULL;
    long len = strtol(argv[1], &end, 10);
    if (end == argv[1] || len < 0)
    {
        fprintf(stderr, "invalid length\n");
        return 1;
    }

    int r = process((size_t)len);
    printf("result=%d\n", r);
    return 0;
}