Creating test case using base program. Added an environment variable read to the function definition. Completed injection. UNSPECIFIED UNSPECIFIED $SS_TC_ROOT/$SS_TC_INSTALL/bin/gimp $SS_TC_ROOT/testData/input.jpg env ./configure --prefix="$SS_TC_ROOT/$SS_TC_INSTALL" --disable-alsatest --without-libmng --without-libexif --without-aa --without-librsvg --without-poppler --without-gvfs --without-libjasper --with-lcms --without-alsa --disable-python make V=1 CC="$SS_CC" make install V=1 Open saved jpg file Has a buffer declared on the heap. malloc(64*sizeOf(char)) If input is shorter than 64 it will overflowdue to using improper sizeof and strlen checking NONE AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaAAAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 GOOD-01 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT input image opened. DOES_NOT_RETURN CONTROLLED_EXIT color invert an image Has a buffer declared on the heap. malloc(64*sizeOf(char)) If input is shorter than 64 it will overflowdue to using improper sizeof and strlen checking NONE Hello World! If this statement isn't more than 64 characters, it will go badly $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 GOOD-02 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT image colors inverted DOES_NOT_RETURN CONTROLLED_EXIT create a layer, fill with black, use divde layer mode Has a buffer declared on the heap. malloc(64*sizeOf(char)) If input is shorter than 64 it will overflowdue to using improper sizeof and strlen checking NONE Short is good for buffer overflows, unless you make a mistake and get it wrong $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 GOOD-03 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT Layer created, and layer mode changed. DOES_NOT_RETURN CONTROLLED_EXIT view color histogram of image Has a buffer declared on the heap. malloc(64*sizeOf(char)) If input is shorter than 64 it will overflowdue to using improper sizeof and strlen checking NONE AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaAAAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 GOOD-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT Histogram of image generated. DOES_NOT_RETURN CONTROLLED_EXIT add supernova filter Has a buffer declared on the heap. malloc(64*sizeOf(char)) If input is shorter than 64 it will overflowdue to using improper sizeof and strlen checking NONE Hello World! If this statement isn't more than 64 characters, it will go badly $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 GOOD-05 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT supernova added DOES_NOT_RETURN CONTROLLED_EXIT make selection with magic wand, paste into new image Has a buffer declared on the heap. malloc(64*sizeOf(char)) If input is shorter than 64 it will overflowdue to using improper sizeof and strlen checking NONE Short is good for buffer overflows, unless you make a mistake and get it wrong $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 GOOD-06 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT Magic Wand selection pasted into new document. DOES_NOT_RETURN CONTROLLED_EXIT rotate image 180 degrees Has a buffer declared on the heap. malloc(64*sizeOf(char)) If input is shorter than 64 it will overflowdue to using improper sizeof and strlen checking NONE AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaAAAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 GOOD-07 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT Image rotated 180 degrees. DOES_NOT_RETURN CONTROLLED_EXIT add pagecurl filter Has a buffer declared on the heap. malloc(64*sizeOf(char)) If input is shorter than 64 it will overflowdue to using improper sizeof and strlen checking NONE Hello World! If this statement isn't more than 64 characters, it will go badly $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 GOOD-08 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT pagecurl added DOES_NOT_RETURN CONTROLLED_EXIT use edgefinder filter Has a buffer declared on the heap. malloc(64*sizeOf(char)) If input is shorter than 64 it will overflowdue to using improper sizeof and strlen checking NONE Short is good for buffer overflows, unless you make a mistake and get it wrong $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 GOOD-09 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT pagecurl added DOES_NOT_RETURN CONTROLLED_EXIT pixelize image Has a buffer declared on the heap. malloc(64*sizeOf(char)) If input is shorter than 64 it will overflowdue to using improper sizeof and strlen checking NONE AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaAAAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 GOOD-10 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT image pixelized. DOES_NOT_RETURN CONTROLLED_EXIT Has a buffer declared on the heap. malloc(64*sizeOf(char)) If input is shorter than 64 it will overflowdue to using improper sizeof and strlen checking DOS_UNCONTROLLED_EXIT AAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 weakness_started_Bsk0phYcwOr7zhXGrJL4 AND ((NOT PERFORMER AND (segfault_code_fzVdhWJhr5 OR segfault_code_aXiMNS69Pt OR segfault_code_4KHAstElwI OR segfault_code_f1VEknNup6 OR segfault_code_4sMErBEYoF OR segfault_msg_gUITCpThem OR illegal_inst_msg_9wXryJh9Gd OR segfault_glibc_Hf7OlNqgiU) AND NOT timeout_DKTEyBaNWS) or (PERFORMER AND NOT ((segfault_code_fzVdhWJhr5 OR segfault_code_aXiMNS69Pt OR segfault_code_4KHAstElwI OR segfault_code_f1VEknNup6 OR segfault_code_4sMErBEYoF OR segfault_msg_gUITCpThem OR illegal_inst_msg_9wXryJh9Gd OR segfault_glibc_Hf7OlNqgiU) OR timeout_DKTEyBaNWS))) (NOT PERFORMER AND (segfault_code_fzVdhWJhr5 OR segfault_code_aXiMNS69Pt OR segfault_code_4KHAstElwI OR segfault_code_f1VEknNup6 OR segfault_code_4sMErBEYoF OR segfault_msg_gUITCpThem OR illegal_inst_msg_9wXryJh9Gd OR segfault_glibc_Hf7OlNqgiU) AND NOT timeout_DKTEyBaNWS) or (PERFORMER AND NOT ((segfault_code_fzVdhWJhr5 OR segfault_code_aXiMNS69Pt OR segfault_code_4KHAstElwI OR segfault_code_f1VEknNup6 OR segfault_code_4sMErBEYoF OR segfault_msg_gUITCpThem OR illegal_inst_msg_9wXryJh9Gd OR segfault_glibc_Hf7OlNqgiU) OR timeout_DKTEyBaNWS)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION None 132 None 134 None 135 None 136 None 139 None Segmentation fault None Illegal instruction None glibc detected None stonesoup_trace:weakness_start Has a buffer declared on the heap. malloc(64*sizeOf(char)) If input is shorter than 64 it will overflowdue to using improper sizeof and strlen checking DOS_UNCONTROLLED_EXIT Short is now bad $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 weakness_started_9TiJjCSBBRViDZIfAtim AND ((NOT PERFORMER AND (segfault_code_Ku51vhmDBb OR segfault_code_toaDPMmbIT OR segfault_code_XuXEjSvcnx OR segfault_code_2SFtFDVTAz OR segfault_code_Es3G61mqTG OR segfault_msg_LafzOAJDEL OR illegal_inst_msg_hxBv9y2EXp OR segfault_glibc_LwFCoECOlo) AND NOT timeout_M1SWzq6E5M) or (PERFORMER AND NOT ((segfault_code_Ku51vhmDBb OR segfault_code_toaDPMmbIT OR segfault_code_XuXEjSvcnx OR segfault_code_2SFtFDVTAz OR segfault_code_Es3G61mqTG OR segfault_msg_LafzOAJDEL OR illegal_inst_msg_hxBv9y2EXp OR segfault_glibc_LwFCoECOlo) OR timeout_M1SWzq6E5M))) (NOT PERFORMER AND (segfault_code_Ku51vhmDBb OR segfault_code_toaDPMmbIT OR segfault_code_XuXEjSvcnx OR segfault_code_2SFtFDVTAz OR segfault_code_Es3G61mqTG OR segfault_msg_LafzOAJDEL OR illegal_inst_msg_hxBv9y2EXp OR segfault_glibc_LwFCoECOlo) AND NOT timeout_M1SWzq6E5M) or (PERFORMER AND NOT ((segfault_code_Ku51vhmDBb OR segfault_code_toaDPMmbIT OR segfault_code_XuXEjSvcnx OR segfault_code_2SFtFDVTAz OR segfault_code_Es3G61mqTG OR segfault_msg_LafzOAJDEL OR illegal_inst_msg_hxBv9y2EXp OR segfault_glibc_LwFCoECOlo) OR timeout_M1SWzq6E5M)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION None 132 None 134 None 135 None 136 None 139 None Segmentation fault None Illegal instruction None glibc detected None stonesoup_trace:weakness_start