Creating test case using base program. Added a Socket Server to accept communication from untrusted source. Completed injection. UNSPECIFIED UNSPECIFIED $SS_TC_ROOT/$SS_TC_INSTALL/bin/tree make install CC="$SS_CC" LD="$SS_LNK" CFLAGS="$CFLAGS" CPPFLAGS="$CPPFLAGS" LDFLAGS="$LDFLAGS" prefix="$SS_TC_ROOT/$SS_TC_INSTALL" LIBS="$LIBS" Create a function pointer on the stack. If the input length is not equal to 10, set the function pointer to a function. Try to use the function pointer. This will seg fault if the input length is exactly 10. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 --charset ASCII --sort=name -n -q input/good-01 STDOUT-REPORT-01 AND STDOUT-CONTENT-LENGTH-01 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT 5 directories, 10 files SIMILAR DOES_NOT_RETURN CONTROLLED_EXIT Create a function pointer on the stack. If the input length is not equal to 10, set the function pointer to a function. Try to use the function pointer. This will seg fault if the input length is exactly 10. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 --charset ASCII --sort=name -n -q -L 2 input/good-02 STDOUT-REPORT-02 AND STDOUT-CONTENT-LENGTH-02 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT 5 directories, 4 files SIMILAR DOES_NOT_RETURN CONTROLLED_EXIT Create a function pointer on the stack. If the input length is not equal to 10, set the function pointer to a function. Try to use the function pointer. This will seg fault if the input length is exactly 10. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 --charset ASCII --sort=name -n -q -J input/good-03 STDOUT-REPORT-03 AND STDOUT-CONTENT-LENGTH-03 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT {"type":"report","directories":7,"files":367} SIMILAR DOES_NOT_RETURN CONTROLLED_EXIT Create a function pointer on the stack. If the input length is not equal to 10, set the function pointer to a function. Try to use the function pointer. This will seg fault if the input length is exactly 10. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 --charset ASCII --sort=name -n -q -P "test*" -F input/good-03 STDOUT-REPORT-04 AND STDOUT-CONTENT-LENGTH-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT 7 directories, 62 files SIMILAR DOES_NOT_RETURN CONTROLLED_EXIT Create a function pointer on the stack. If the input length is not equal to 10, set the function pointer to a function. Try to use the function pointer. This will seg fault if the input length is exactly 10. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 --charset ASCII --sort=name -n -q -H "" input/good-01 STDOUT-REPORT-05 AND STDOUT-CONTENT-LENGTH-05 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT 5 directories, 10 files SIMILAR DOES_NOT_RETURN CONTROLLED_EXIT Create a function pointer on the stack. If the input length is not equal to 10, set the function pointer to a function. Try to use the function pointer. This will seg fault if the input length is exactly 10. DOS_UNCONTROLLED_EXIT $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 --charset ASCII --sort=name -n -q -J input/good-03 weakness_started_sn293Xe7wAWFIquUjkw4 AND ((NOT PERFORMER AND (segfault_code_9lhUgCU5DS OR segfault_code_ka2V81gB17 OR segfault_code_duoV4sVGst OR segfault_code_SmEigjb94p OR segfault_code_OnIqgUktvq OR segfault_msg_T9Sj2VGnYq OR illegal_inst_msg_EVNbejk0fG OR segfault_illegal_inst_CB6SFkUMOa OR segfault_illegal_return_wkRXDv7pGi) AND NOT timeout_Wy5kT1RZDq) or (PERFORMER AND NOT ((segfault_code_9lhUgCU5DS OR segfault_code_ka2V81gB17 OR segfault_code_duoV4sVGst OR segfault_code_SmEigjb94p OR segfault_code_OnIqgUktvq OR segfault_msg_T9Sj2VGnYq OR illegal_inst_msg_EVNbejk0fG OR segfault_illegal_inst_CB6SFkUMOa OR segfault_illegal_return_wkRXDv7pGi) OR timeout_Wy5kT1RZDq OR controlled_exit_LCYRUaQMg4))) (NOT PERFORMER AND (segfault_code_9lhUgCU5DS OR segfault_code_ka2V81gB17 OR segfault_code_duoV4sVGst OR segfault_code_SmEigjb94p OR segfault_code_OnIqgUktvq OR segfault_msg_T9Sj2VGnYq OR illegal_inst_msg_EVNbejk0fG OR segfault_illegal_inst_CB6SFkUMOa OR segfault_illegal_return_wkRXDv7pGi) AND NOT timeout_Wy5kT1RZDq) or (PERFORMER AND NOT ((segfault_code_9lhUgCU5DS OR segfault_code_ka2V81gB17 OR segfault_code_duoV4sVGst OR segfault_code_SmEigjb94p OR segfault_code_OnIqgUktvq OR segfault_msg_T9Sj2VGnYq OR illegal_inst_msg_EVNbejk0fG OR segfault_illegal_inst_CB6SFkUMOa OR segfault_illegal_return_wkRXDv7pGi) OR timeout_Wy5kT1RZDq OR controlled_exit_LCYRUaQMg4)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION None 132 None 134 None 135 None 136 None 139 None Segmentation fault None Illegal instruction None Illegal instruction None 132 None stonesoup_trace:weakness_start Create a function pointer on the stack. If the input length is not equal to 10, set the function pointer to a function. Try to use the function pointer. This will seg fault if the input length is exactly 10. DOS_UNCONTROLLED_EXIT $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 --charset ASCII --sort=name -n -q -J input/good-03 weakness_started_YBkcrgW8kR9uo6wOoBA4 AND ((NOT PERFORMER AND (segfault_code_TV4SLpak4M OR segfault_code_bfelzvsUcn OR segfault_code_3ByUxw1Yoj OR segfault_code_Bkh07x8dvZ OR segfault_code_y87z4eww4O OR segfault_msg_SQnnyhR955 OR illegal_inst_msg_bkxAFMUKz2 OR segfault_illegal_inst_GpSssuNwCC OR segfault_illegal_return_38OgP7SGPV) AND NOT timeout_KzsZJVAenN) or (PERFORMER AND NOT ((segfault_code_TV4SLpak4M OR segfault_code_bfelzvsUcn OR segfault_code_3ByUxw1Yoj OR segfault_code_Bkh07x8dvZ OR segfault_code_y87z4eww4O OR segfault_msg_SQnnyhR955 OR illegal_inst_msg_bkxAFMUKz2 OR segfault_illegal_inst_GpSssuNwCC OR segfault_illegal_return_38OgP7SGPV) OR timeout_KzsZJVAenN OR controlled_exit_fwSRTz5ugI))) (NOT PERFORMER AND (segfault_code_TV4SLpak4M OR segfault_code_bfelzvsUcn OR segfault_code_3ByUxw1Yoj OR segfault_code_Bkh07x8dvZ OR segfault_code_y87z4eww4O OR segfault_msg_SQnnyhR955 OR illegal_inst_msg_bkxAFMUKz2 OR segfault_illegal_inst_GpSssuNwCC OR segfault_illegal_return_38OgP7SGPV) AND NOT timeout_KzsZJVAenN) or (PERFORMER AND NOT ((segfault_code_TV4SLpak4M OR segfault_code_bfelzvsUcn OR segfault_code_3ByUxw1Yoj OR segfault_code_Bkh07x8dvZ OR segfault_code_y87z4eww4O OR segfault_msg_SQnnyhR955 OR illegal_inst_msg_bkxAFMUKz2 OR segfault_illegal_inst_GpSssuNwCC OR segfault_illegal_return_38OgP7SGPV) OR timeout_KzsZJVAenN OR controlled_exit_fwSRTz5ugI)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION None 132 None 134 None 135 None 136 None 139 None Segmentation fault None Illegal instruction None Illegal instruction None 132 None stonesoup_trace:weakness_start