Creating test case using base program. Added an environment variable read to get a filename to read in the file contents using an fread operation within the function Completed injection. UNSPECIFIED UNSPECIFIED $SS_TC_ROOT/$SS_TC_INSTALL/bin/grep ./configure --prefix="$SS_TC_ROOT/$SS_TC_INSTALL" --exec-prefix="$SS_TC_ROOT/$SS_TC_INSTALL" --with-included-regex make V=1 CC="$SS_CC" CCLD="$SS_LNK" make V=1 install CC="$SS_CC" CCLD="$SS_LNK" all words beginning with e or x, case sensitive Has a fixed stack buffer of size 64, allocated within a struct When input has a larger size, the stack buffer will be over read NONE /opt/stonesoup/workspace/testData/soothed_universityship/davisville_mobile.txt AAAAAAAAAAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 ^[ex] input/dict.txt STDOUT-01 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-01/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT find BIRMINGHAM, ignore case, recursive Has a fixed stack buffer of size 64, allocated within a struct When input has a larger size, the stack buffer will be over read NONE /opt/stonesoup/workspace/testData/soothed_universityship/davisville_mobile.txt Hello World! $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -r -i BIRMINGHAM input/zip/ STDOUT-02 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-02/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT read extented regular expressions from file Has a fixed stack buffer of size 64, allocated within a struct When input has a larger size, the stack buffer will be over read NONE /opt/stonesoup/workspace/testData/soothed_universityship/davisville_mobile.txt Short is good $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -E -f input/grep-good-03-expr.txt input/mktsymbols.txt STDOUT-03 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-03/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT search for entire words matching a specific pattern Has a fixed stack buffer of size 64, allocated within a struct When input has a larger size, the stack buffer will be over read NONE /opt/stonesoup/workspace/testData/soothed_universityship/davisville_mobile.txt AAAAAAAAAAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -w -f input/grep-good-04-expr.txt input/mktsymbols.txt STDOUT-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-04/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT use mmap(), find NASDAQ in file Has a fixed stack buffer of size 64, allocated within a struct When input has a larger size, the stack buffer will be over read NONE /opt/stonesoup/workspace/testData/soothed_universityship/davisville_mobile.txt Hello World! $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 --mmap NASDAQ input/mktsymbols.txt STDOUT-05 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-05/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT match lines not containing NASDAQ, ignore case, count Has a fixed stack buffer of size 64, allocated within a struct When input has a larger size, the stack buffer will be over read NONE /opt/stonesoup/workspace/testData/soothed_universityship/davisville_mobile.txt Short is good $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -v -i -c NASDAQ input/mktsymbols.txt STDOUT-06 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-06/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT grep stdin (a device), match words beginning w/ D, P, or Z, redirect file into stdin Has a fixed stack buffer of size 64, allocated within a struct When input has a larger size, the stack buffer will be over read NONE /opt/stonesoup/workspace/testData/soothed_universityship/davisville_mobile.txt AAAAAAAAAAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -D read -e ^[DPZ] /dev/stdin < input/mktsymbols.txt STDOUT-07 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-07/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT extended grep, print number of lines of context Has a fixed stack buffer of size 64, allocated within a struct When input has a larger size, the stack buffer will be over read NONE /opt/stonesoup/workspace/testData/soothed_universityship/davisville_mobile.txt Hello World! $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -E -C 15 ^[BRT] input/mktsymbols.txt STDOUT-08 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-08/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT lines not beginning w/ B, R or T Has a fixed stack buffer of size 64, allocated within a struct When input has a larger size, the stack buffer will be over read NONE /opt/stonesoup/workspace/testData/soothed_universityship/davisville_mobile.txt Short is good $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -v ^[BRT] input/mktsymbols.txt STDOUT-09 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-09/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT count lines not beginning w/ B, R or T Has a fixed stack buffer of size 64, allocated within a struct When input has a larger size, the stack buffer will be over read NONE /opt/stonesoup/workspace/testData/soothed_universityship/davisville_mobile.txt AAAAAAAAAAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -c -v ^[BRT] input/mktsymbols.txt STDOUT-10 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-10/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT Has a fixed stack buffer of size 64, allocated within a struct When input has a larger size, the stack buffer will be over read READ_APPLICATION_DATA /opt/stonesoup/workspace/testData/soothed_universityship/davisville_mobile.txt AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -c -v ^[BRT] input/mktsymbols.txt weakness_started_ge3295Q8wqTYJSrqfGEr AND ((NOT PERFORMER AND (output_exceeds_63_bytes_B2VKfmTJFr AND output_excess_non_null_ptgp0H0dy5) AND NOT timeout_Q0juUkC4G2) or (PERFORMER AND NOT ((output_exceeds_63_bytes_B2VKfmTJFr AND output_excess_non_null_ptgp0H0dy5) OR timeout_Q0juUkC4G2))) (NOT PERFORMER AND (output_exceeds_63_bytes_B2VKfmTJFr AND output_excess_non_null_ptgp0H0dy5) AND NOT timeout_Q0juUkC4G2) or (PERFORMER AND NOT ((output_exceeds_63_bytes_B2VKfmTJFr AND output_excess_non_null_ptgp0H0dy5) OR timeout_Q0juUkC4G2)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION if (( $(wc -c "logfile.txt" | cut -d " " -f 1) > 126 )); then true; else false; fi; if (( $(head -c -126 "logfile.txt" | tr -d '0\n' | wc -c) > 0 )); then true; else false; fi; None stonesoup_trace:weakness_start Has a fixed stack buffer of size 64, allocated within a struct When input has a larger size, the stack buffer will be over read READ_APPLICATION_DATA /opt/stonesoup/workspace/testData/soothed_universityship/davisville_mobile.txt This is probably going to overflow a buffer of some sort. Let's run it anyway and see what happens. I hope that everything turns out ok, because I would love to see what this looks like in all CAPS. Converting ASCII characters to upper case is easy, you can either call a system function, or just add the standard difference between the start of the two character sets. But, I am sure there is a reason that system functions exist for this sort of functionality. $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -E -f input/grep-good-03-expr.txt input/mktsymbols.txt weakness_started_qNMvY0x9dMWtVvhZwabu AND ((NOT PERFORMER AND (output_exceeds_63_bytes_UOwJ45mfC8 AND output_excess_non_null_EOs9pV9yal) AND NOT timeout_P2eI2R8nAG) or (PERFORMER AND NOT ((output_exceeds_63_bytes_UOwJ45mfC8 AND output_excess_non_null_EOs9pV9yal) OR timeout_P2eI2R8nAG))) (NOT PERFORMER AND (output_exceeds_63_bytes_UOwJ45mfC8 AND output_excess_non_null_EOs9pV9yal) AND NOT timeout_P2eI2R8nAG) or (PERFORMER AND NOT ((output_exceeds_63_bytes_UOwJ45mfC8 AND output_excess_non_null_EOs9pV9yal) OR timeout_P2eI2R8nAG)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION if (( $(wc -c "logfile.txt" | cut -d " " -f 1) > 126 )); then true; else false; fi; if (( $(head -c -126 "logfile.txt" | tr -d '0\n' | wc -c) > 0 )); then true; else false; fi; None stonesoup_trace:weakness_start