Creating test case using base program. Added an environment variable read to get a filename to read in the file contents using an fread operation within the function Completed injection. UNSPECIFIED UNSPECIFIED $SS_TC_ROOT/$SS_TC_INSTALL/bin/gimp $SS_TC_ROOT/testData/input.jpg env ./configure --prefix="$SS_TC_ROOT/$SS_TC_INSTALL" --disable-alsatest --without-libmng --without-libexif --without-aa --without-librsvg --without-poppler --without-gvfs --without-libjasper --with-lcms --without-alsa --disable-python make V=1 CC="$SS_CC" make install V=1 Open saved jpg file Has a fixed heap buffer of size 64. (malloc(64*sizeof(char))) When input has a larger size, the heap buffer will be over read NONE /opt/stonesoup/workspace/testData/exilarch_inpolygon/herb_beeherd.txt AAAAAAAAAAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 GOOD-01 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT input image opened. DOES_NOT_RETURN CONTROLLED_EXIT color invert an image Has a fixed heap buffer of size 64. (malloc(64*sizeof(char))) When input has a larger size, the heap buffer will be over read NONE /opt/stonesoup/workspace/testData/exilarch_inpolygon/herb_beeherd.txt Hello World! $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 GOOD-02 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT image colors inverted DOES_NOT_RETURN CONTROLLED_EXIT create a layer, fill with black, use divde layer mode Has a fixed heap buffer of size 64. (malloc(64*sizeof(char))) When input has a larger size, the heap buffer will be over read NONE /opt/stonesoup/workspace/testData/exilarch_inpolygon/herb_beeherd.txt Short is good $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 GOOD-03 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT Layer created, and layer mode changed. DOES_NOT_RETURN CONTROLLED_EXIT view color histogram of image Has a fixed heap buffer of size 64. (malloc(64*sizeof(char))) When input has a larger size, the heap buffer will be over read NONE /opt/stonesoup/workspace/testData/exilarch_inpolygon/herb_beeherd.txt AAAAAAAAAAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 GOOD-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT Histogram of image generated. DOES_NOT_RETURN CONTROLLED_EXIT add supernova filter Has a fixed heap buffer of size 64. (malloc(64*sizeof(char))) When input has a larger size, the heap buffer will be over read NONE /opt/stonesoup/workspace/testData/exilarch_inpolygon/herb_beeherd.txt Hello World! $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 GOOD-05 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT supernova added DOES_NOT_RETURN CONTROLLED_EXIT make selection with magic wand, paste into new image Has a fixed heap buffer of size 64. (malloc(64*sizeof(char))) When input has a larger size, the heap buffer will be over read NONE /opt/stonesoup/workspace/testData/exilarch_inpolygon/herb_beeherd.txt Short is good $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 GOOD-06 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT Magic Wand selection pasted into new document. DOES_NOT_RETURN CONTROLLED_EXIT rotate image 180 degrees Has a fixed heap buffer of size 64. (malloc(64*sizeof(char))) When input has a larger size, the heap buffer will be over read NONE /opt/stonesoup/workspace/testData/exilarch_inpolygon/herb_beeherd.txt AAAAAAAAAAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 GOOD-07 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT Image rotated 180 degrees. DOES_NOT_RETURN CONTROLLED_EXIT add pagecurl filter Has a fixed heap buffer of size 64. (malloc(64*sizeof(char))) When input has a larger size, the heap buffer will be over read NONE /opt/stonesoup/workspace/testData/exilarch_inpolygon/herb_beeherd.txt Hello World! $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 GOOD-08 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT pagecurl added DOES_NOT_RETURN CONTROLLED_EXIT use edgefinder filter Has a fixed heap buffer of size 64. (malloc(64*sizeof(char))) When input has a larger size, the heap buffer will be over read NONE /opt/stonesoup/workspace/testData/exilarch_inpolygon/herb_beeherd.txt Short is good $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 GOOD-09 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT pagecurl added DOES_NOT_RETURN CONTROLLED_EXIT pixelize image Has a fixed heap buffer of size 64. (malloc(64*sizeof(char))) When input has a larger size, the heap buffer will be over read NONE /opt/stonesoup/workspace/testData/exilarch_inpolygon/herb_beeherd.txt AAAAAAAAAAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 GOOD-10 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT image pixelized. DOES_NOT_RETURN CONTROLLED_EXIT Has a fixed heap buffer of size 64. (malloc(64*sizeof(char))) When input has a larger size, the heap buffer will be over read READ_APPLICATION_DATA /opt/stonesoup/workspace/testData/exilarch_inpolygon/herb_beeherd.txt AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 weakness_started_Ceq4iVHHs3944Ambzw74 AND ((NOT PERFORMER AND (output_exceeds_63_bytes_WKFAViH5go AND output_excess_non_null_bviaMKGcwQ) AND NOT timeout_IxtnxI0aek) or (PERFORMER AND NOT ((output_exceeds_63_bytes_WKFAViH5go AND output_excess_non_null_bviaMKGcwQ) OR timeout_IxtnxI0aek))) (NOT PERFORMER AND (output_exceeds_63_bytes_WKFAViH5go AND output_excess_non_null_bviaMKGcwQ) AND NOT timeout_IxtnxI0aek) or (PERFORMER AND NOT ((output_exceeds_63_bytes_WKFAViH5go AND output_excess_non_null_bviaMKGcwQ) OR timeout_IxtnxI0aek)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION if (( $(wc -c "logfile.txt" | cut -d " " -f 1) > 126 )); then true; else false; fi; if (( $(head -c -126 "logfile.txt" | tr -d '0\n' | wc -c) > 0 )); then true; else false; fi; None stonesoup_trace:weakness_start Has a fixed heap buffer of size 64. (malloc(64*sizeof(char))) When input has a larger size, the heap buffer will be over read READ_APPLICATION_DATA /opt/stonesoup/workspace/testData/exilarch_inpolygon/herb_beeherd.txt This is probably going to overflow a buffer of some sort. Let's run it anyway and see what happens. I hope that everything turns out ok, because I would love to see what this looks like in all CAPS. Converting ASCII characters to upper case is easy, you can either call a system function, or just add the standard difference between the start of the two character sets. But, I am sure there is a reason that system functions exist for this sort of functionality. $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 weakness_started_B5AUfLWr7H9DhcusjKE8 AND ((NOT PERFORMER AND (output_exceeds_63_bytes_8nNQJwOCFn AND output_excess_non_null_kqvmXPUetD) AND NOT timeout_pJNTsgiwyt) or (PERFORMER AND NOT ((output_exceeds_63_bytes_8nNQJwOCFn AND output_excess_non_null_kqvmXPUetD) OR timeout_pJNTsgiwyt))) (NOT PERFORMER AND (output_exceeds_63_bytes_8nNQJwOCFn AND output_excess_non_null_kqvmXPUetD) AND NOT timeout_pJNTsgiwyt) or (PERFORMER AND NOT ((output_exceeds_63_bytes_8nNQJwOCFn AND output_excess_non_null_kqvmXPUetD) OR timeout_pJNTsgiwyt)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION if (( $(wc -c "logfile.txt" | cut -d " " -f 1) > 126 )); then true; else false; fi; if (( $(head -c -126 "logfile.txt" | tr -d '0\n' | wc -c) > 0 )); then true; else false; fi; None stonesoup_trace:weakness_start