Creating test case using base program. Added an environment variable read to the function definition. Completed injection. UNSPECIFIED UNSPECIFIED $SS_TC_ROOT/$SS_TC_INSTALL/bin/tree make install CC="$SS_CC" LD="$SS_LNK" CFLAGS="$CFLAGS" CPPFLAGS="$CPPFLAGS" LDFLAGS="$LDFLAGS" prefix="$SS_TC_ROOT/$SS_TC_INSTALL" LIBS="$LIBS" Has a stack buffer of size 128 within a struct. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read NONE AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2 $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 --charset ASCII --sort=name -n -q input/good-01 STDOUT-REPORT-01 AND STDOUT-CONTENT-LENGTH-01 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT 5 directories, 10 files SIMILAR DOES_NOT_RETURN CONTROLLED_EXIT Has a stack buffer of size 128 within a struct. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read NONE This is probably not going to overflow a buffer of some sort. Let's run it anyway and see what happens. AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2 $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 --charset ASCII --sort=name -n -q -L 2 input/good-02 STDOUT-REPORT-02 AND STDOUT-CONTENT-LENGTH-02 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT 5 directories, 4 files SIMILAR DOES_NOT_RETURN CONTROLLED_EXIT Has a stack buffer of size 128 within a struct. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read NONE As long as this statement has more than 128 characters, then nothing bad should happen AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2 $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 --charset ASCII --sort=name -n -q -J input/good-03 STDOUT-REPORT-03 AND STDOUT-CONTENT-LENGTH-03 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT {"type":"report","directories":7,"files":367} SIMILAR DOES_NOT_RETURN CONTROLLED_EXIT Has a stack buffer of size 128 within a struct. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read NONE AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2 $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 --charset ASCII --sort=name -n -q -P "test*" -F input/good-03 STDOUT-REPORT-04 AND STDOUT-CONTENT-LENGTH-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT 7 directories, 62 files SIMILAR DOES_NOT_RETURN CONTROLLED_EXIT Has a stack buffer of size 128 within a struct. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read NONE This is probably not going to overflow a buffer of some sort. Let's run it anyway and see what happens. AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2 $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 --charset ASCII --sort=name -n -q -H "" input/good-01 STDOUT-REPORT-05 AND STDOUT-CONTENT-LENGTH-05 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT 5 directories, 10 files SIMILAR DOES_NOT_RETURN CONTROLLED_EXIT Has a stack buffer of size 128 within a struct. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read READ_APPLICATION_DATA QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUGugIE= AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2 $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 --charset ASCII --sort=name -n -q input/good-01 weakness_started_BpvGvoYSIVJVbFg4NNmh AND ((NOT PERFORMER AND (output_excess_non_null_WdTLiSM3fJ) AND NOT timeout_XmSPMjljCa) or (PERFORMER AND NOT ((output_excess_non_null_WdTLiSM3fJ) OR timeout_XmSPMjljCa))) (NOT PERFORMER AND (output_excess_non_null_WdTLiSM3fJ) AND NOT timeout_XmSPMjljCa) or (PERFORMER AND NOT ((output_excess_non_null_WdTLiSM3fJ) OR timeout_XmSPMjljCa)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION if (( $(/bin/grep -P "value [\x80-\xFF] appears: 5555 times" "logfile.txt" | wc -l) > 0)); then true; else false; fi; None stonesoup_trace:weakness_start Has a stack buffer of size 128 within a struct. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read READ_APPLICATION_DATA SGVsbKUgV6lybGSI AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2 $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 --charset ASCII --sort=name -n -q input/good-01 weakness_started_wtQVrBxmeHYopEwYuNdS AND ((NOT PERFORMER AND (output_excess_non_null_bwWFm3GHIJ) AND NOT timeout_Feef10V9sP) or (PERFORMER AND NOT ((output_excess_non_null_bwWFm3GHIJ) OR timeout_Feef10V9sP))) (NOT PERFORMER AND (output_excess_non_null_bwWFm3GHIJ) AND NOT timeout_Feef10V9sP) or (PERFORMER AND NOT ((output_excess_non_null_bwWFm3GHIJ) OR timeout_Feef10V9sP)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION if (( $(/bin/grep -P "value [\x80-\xFF] appears: 5555 times" "logfile.txt" | wc -l) > 0)); then true; else false; fi; None stonesoup_trace:weakness_start