Creating test case using base program. Added an environment variable read to get a filename to read in the file contents using an fread operation within the function Completed injection. UNSPECIFIED UNSPECIFIED $SS_TC_ROOT/$SS_TC_INSTALL/bin/grep ./configure --prefix="$SS_TC_ROOT/$SS_TC_INSTALL" --exec-prefix="$SS_TC_ROOT/$SS_TC_INSTALL" --with-included-regex make V=1 CC="$SS_CC" CCLD="$SS_LNK" make V=1 install CC="$SS_CC" CCLD="$SS_LNK" all words beginning with e or x, case sensitive Has a stack buffer of size 128 within a struct. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read NONE /opt/stonesoup/workspace/testData/diplomaed_impudicity/varicotomy_bardolatry.txt AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2 $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 ^[ex] input/dict.txt STDOUT-01 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-01/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT find BIRMINGHAM, ignore case, recursive Has a stack buffer of size 128 within a struct. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read NONE /opt/stonesoup/workspace/testData/diplomaed_impudicity/varicotomy_bardolatry.txt This is probably not going to overflow a buffer of some sort. Let's run it anyway and see what happens. AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2 $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -r -i BIRMINGHAM input/zip/ STDOUT-02 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-02/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT read extented regular expressions from file Has a stack buffer of size 128 within a struct. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read NONE /opt/stonesoup/workspace/testData/diplomaed_impudicity/varicotomy_bardolatry.txt As long as this statement has more than 128 characters, then nothing bad should happen AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2 $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -E -f input/grep-good-03-expr.txt input/mktsymbols.txt STDOUT-03 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-03/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT search for entire words matching a specific pattern Has a stack buffer of size 128 within a struct. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read NONE /opt/stonesoup/workspace/testData/diplomaed_impudicity/varicotomy_bardolatry.txt AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2 $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -w -f input/grep-good-04-expr.txt input/mktsymbols.txt STDOUT-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-04/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT use mmap(), find NASDAQ in file Has a stack buffer of size 128 within a struct. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read NONE /opt/stonesoup/workspace/testData/diplomaed_impudicity/varicotomy_bardolatry.txt This is probably not going to overflow a buffer of some sort. Let's run it anyway and see what happens. AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2 $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 --mmap NASDAQ input/mktsymbols.txt STDOUT-05 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-05/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT match lines not containing NASDAQ, ignore case, count Has a stack buffer of size 128 within a struct. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read NONE /opt/stonesoup/workspace/testData/diplomaed_impudicity/varicotomy_bardolatry.txt As long as this statement has more than 128 characters, then nothing bad should happen AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2 $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -v -i -c NASDAQ input/mktsymbols.txt STDOUT-06 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-06/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT grep stdin (a device), match words beginning w/ D, P, or Z, redirect file into stdin Has a stack buffer of size 128 within a struct. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read NONE /opt/stonesoup/workspace/testData/diplomaed_impudicity/varicotomy_bardolatry.txt AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2 $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -D read -e ^[DPZ] /dev/stdin < input/mktsymbols.txt STDOUT-07 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-07/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT extended grep, print number of lines of context Has a stack buffer of size 128 within a struct. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read NONE /opt/stonesoup/workspace/testData/diplomaed_impudicity/varicotomy_bardolatry.txt This is probably not going to overflow a buffer of some sort. Let's run it anyway and see what happens. AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2 $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -E -C 15 ^[BRT] input/mktsymbols.txt STDOUT-08 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-08/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT lines not beginning w/ B, R or T Has a stack buffer of size 128 within a struct. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read NONE /opt/stonesoup/workspace/testData/diplomaed_impudicity/varicotomy_bardolatry.txt As long as this statement has more than 128 characters, then nothing bad should happen AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2 $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -v ^[BRT] input/mktsymbols.txt STDOUT-09 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-09/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT count lines not beginning w/ B, R or T Has a stack buffer of size 128 within a struct. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read NONE /opt/stonesoup/workspace/testData/diplomaed_impudicity/varicotomy_bardolatry.txt AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2 $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -c -v ^[BRT] input/mktsymbols.txt STDOUT-10 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-10/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT Has a stack buffer of size 128 within a struct. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read READ_APPLICATION_DATA /opt/stonesoup/workspace/testData/diplomaed_impudicity/varicotomy_bardolatry.txt QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUGugIE= AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2 $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -c -v ^[BRT] input/mktsymbols.txt weakness_started_5DLMY3QfzRVAxtTln0vf AND ((NOT PERFORMER AND (output_excess_non_null_M1D5HHdf59) AND NOT timeout_2KPuBd33JO) or (PERFORMER AND NOT ((output_excess_non_null_M1D5HHdf59) OR timeout_2KPuBd33JO))) (NOT PERFORMER AND (output_excess_non_null_M1D5HHdf59) AND NOT timeout_2KPuBd33JO) or (PERFORMER AND NOT ((output_excess_non_null_M1D5HHdf59) OR timeout_2KPuBd33JO)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION if (( $(/bin/grep -P "value [\x80-\xFF] appears: 5555 times" "logfile.txt" | wc -l) > 0)); then true; else false; fi; None stonesoup_trace:weakness_start Has a stack buffer of size 128 within a struct. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read READ_APPLICATION_DATA /opt/stonesoup/workspace/testData/diplomaed_impudicity/varicotomy_bardolatry.txt SGVsbKUgV6lybGSI AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2 $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 ^[ex] input/dict.txt weakness_started_STWyzldnGpAZdxdwlxot AND ((NOT PERFORMER AND (output_excess_non_null_5CgBi8iYrw) AND NOT timeout_KuHWp0F9IJ) or (PERFORMER AND NOT ((output_excess_non_null_5CgBi8iYrw) OR timeout_KuHWp0F9IJ))) (NOT PERFORMER AND (output_excess_non_null_5CgBi8iYrw) AND NOT timeout_KuHWp0F9IJ) or (PERFORMER AND NOT ((output_excess_non_null_5CgBi8iYrw) OR timeout_KuHWp0F9IJ)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION if (( $(/bin/grep -P "value [\x80-\xFF] appears: 5555 times" "logfile.txt" | wc -l) > 0)); then true; else false; fi; None stonesoup_trace:weakness_start