Creating test case using base program. Added an environment variable read to get a filename to read in the file contents using an fread operation within the function Completed injection. TRUE UNSPECIFIED UNSPECIFIED ./configure -v --prefix="$SS_TC_ROOT/$SS_TC_INSTALL" --with-apr="$SS_TC_DEPS/bin/apr-1-config" --with-apr-util="$SS_TC_DEPS/bin/apu-1-config" --with-serf --with-sqlite="$SS_TC_DEPS" --with-sasl --with-libmagic --with-zlib --without-kwallet --without-gnome-keyring --disable-keychain --without-trang --without-doxygen --without-swig --without-jikes --without-ctypesgen --without-junit --without-jdk --without-apxs --with-editor="/usr/bin/vi" --disable-shared --with-pic=yes make VERBOSE=1 CC="$SS_CC" CCLD="$SS_LNK" make install CC="$SS_CC" CCLD="$SS_LNK" create a repository Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE /opt/stonesoup/workspace/testData/noncock_silverwood/morandi_sledgemeter.txt AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 $SS_TC_ROOT/$SS_TC_INSTALL/bin/svnserve -d --foreground -r $SS_TC_ROOT/testData/svnrepos --pid-file=$SS_TC_ROOT/$SS_TC_INSTALL/svnserve.pid STDOUT AND NOT TIMEOUT AND NOT CONTROLLED_EXIT Checked out revision 0. DOES_NOT_RETURN CONTROLLED_EXIT commit a file Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE /opt/stonesoup/workspace/testData/noncock_silverwood/morandi_sledgemeter.txt This is probably not going to overflow a buffer of some sort. $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 $SS_TC_ROOT/$SS_TC_INSTALL/bin/svnserve -d --foreground -r $SS_TC_ROOT/testData/svnrepos --pid-file=$SS_TC_ROOT/$SS_TC_INSTALL/svnserve.pid CHECKOUT AND ADD AND COMMIT AND NOT TIMEOUT AND NOT CONTROLLED_EXIT Checked out revision 0. A file.txt good-02/output.txt DOES_NOT_RETURN CONTROLLED_EXIT diff two files using svn diff Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE /opt/stonesoup/workspace/testData/noncock_silverwood/morandi_sledgemeter.txt This statement has less than 64 characters, then nothing bad. $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 $SS_TC_ROOT/$SS_TC_INSTALL/bin/svn diff css/main.css css/main2.css STDOUT AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-03/output.txt DOES_NOT_RETURN CONTROLLED_EXIT use svn mkdir to create a directory and add it to the svn repo Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE /opt/stonesoup/workspace/testData/noncock_silverwood/morandi_sledgemeter.txt AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 $SS_TC_ROOT/$SS_TC_INSTALL/bin/svn mkdir newdir STDOUT AND NOT TIMEOUT AND NOT CONTROLLED_EXIT A newdir DOES_NOT_RETURN CONTROLLED_EXIT use svn to move a file and its position in the repo Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE /opt/stonesoup/workspace/testData/noncock_silverwood/morandi_sledgemeter.txt This is probably not going to overflow a buffer of some sort. $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 $SS_TC_ROOT/$SS_TC_INSTALL/bin/svn move 404.html js/ STDOUT AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-05/output.txt DOES_NOT_RETURN CONTROLLED_EXIT run blame on 404.html Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE /opt/stonesoup/workspace/testData/noncock_silverwood/morandi_sledgemeter.txt This statement has less than 64 characters, then nothing bad. $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 $SS_TC_ROOT/$SS_TC_INSTALL/bin/svn blame 404.html STDOUT AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-06/output.txt DOES_NOT_RETURN CONTROLLED_EXIT apply a patch Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE /opt/stonesoup/workspace/testData/noncock_silverwood/morandi_sledgemeter.txt AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 $SS_TC_ROOT/$SS_TC_INSTALL/bin/svn patch good-07.diff STDOUT AND NOT TIMEOUT AND NOT CONTROLLED_EXIT U 404.html DOES_NOT_RETURN CONTROLLED_EXIT add a property Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE /opt/stonesoup/workspace/testData/noncock_silverwood/morandi_sledgemeter.txt This is probably not going to overflow a buffer of some sort. $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 $SS_TC_ROOT/$SS_TC_INSTALL/bin/svn propset rating "awesome" 404.html STDOUT AND NOT TIMEOUT AND NOT CONTROLLED_EXIT property 'rating' set on '404.html' DOES_NOT_RETURN CONTROLLED_EXIT get a property Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE /opt/stonesoup/workspace/testData/noncock_silverwood/morandi_sledgemeter.txt This statement has less than 64 characters, then nothing bad. $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 $SS_TC_ROOT/$SS_TC_INSTALL/bin/svn propget rating 404.html STDOUT AND NOT TIMEOUT AND NOT CONTROLLED_EXIT awesome DOES_NOT_RETURN CONTROLLED_EXIT delete a property Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE /opt/stonesoup/workspace/testData/noncock_silverwood/morandi_sledgemeter.txt AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 $SS_TC_ROOT/$SS_TC_INSTALL/bin/svn propdel rating 404.html STDOUT AND NOT TIMEOUT AND NOT CONTROLLED_EXIT property 'rating' deleted from '404.html'. DOES_NOT_RETURN CONTROLLED_EXIT Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. READ_APPLICATION_DATA DOS_UNCONTROLLED_EXIT /opt/stonesoup/workspace/testData/noncock_silverwood/morandi_sledgemeter.txt abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 $SS_TC_ROOT/$SS_TC_INSTALL/bin/svn mkdir newdir weakness_started_AKR5Yl5DoynXRrBpL7cq AND ((NOT PERFORMER AND (print_buffer_emMmauJ1es OR (segfault_code_hS2qxpaidC OR segfault_code_twFBSLPPDN OR segfault_code_agRrVCIHrY OR segfault_code_prqJ7b8nWF OR segfault_code_B6kIMV6mq0 OR segfault_msg_gRVnF1MQPs OR illegal_inst_msg_TcBjALPqtM)) AND NOT timeout_JNds2U9H9u) or (PERFORMER AND NOT ((print_buffer_emMmauJ1es OR (segfault_code_hS2qxpaidC OR segfault_code_twFBSLPPDN OR segfault_code_agRrVCIHrY OR segfault_code_prqJ7b8nWF OR segfault_code_B6kIMV6mq0 OR segfault_msg_gRVnF1MQPs OR illegal_inst_msg_TcBjALPqtM)) OR timeout_JNds2U9H9u))) (NOT PERFORMER AND (print_buffer_emMmauJ1es OR (segfault_code_hS2qxpaidC OR segfault_code_twFBSLPPDN OR segfault_code_agRrVCIHrY OR segfault_code_prqJ7b8nWF OR segfault_code_B6kIMV6mq0 OR segfault_msg_gRVnF1MQPs OR illegal_inst_msg_TcBjALPqtM)) AND NOT timeout_JNds2U9H9u) or (PERFORMER AND NOT ((print_buffer_emMmauJ1es OR (segfault_code_hS2qxpaidC OR segfault_code_twFBSLPPDN OR segfault_code_agRrVCIHrY OR segfault_code_prqJ7b8nWF OR segfault_code_B6kIMV6mq0 OR segfault_msg_gRVnF1MQPs OR illegal_inst_msg_TcBjALPqtM)) OR timeout_JNds2U9H9u)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION None 132 None 134 None 135 None 136 None 139 None Segmentation fault None Illegal instruction ../logfile.txt [a-zA-Z0-9]{65,} None stonesoup_trace:weakness_start Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. READ_APPLICATION_DATA DOS_UNCONTROLLED_EXIT /opt/stonesoup/workspace/testData/noncock_silverwood/morandi_sledgemeter.txt The quick brown fox jumps over the lazy dog. Why? I don't know, because he was in a rush and trying to get somewhere. $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 $SS_TC_ROOT/$SS_TC_INSTALL/bin/svn diff css/main.css css/main2.css weakness_started_s4RHsYm1ADBj2bxlriFI AND ((NOT PERFORMER AND (print_buffer_q0xbOxBZfG OR (segfault_code_lVpLk1hKGc OR segfault_code_Sf8Ly94BG5 OR segfault_code_H1IUq9EQHA OR segfault_code_7AmLl7yiNs OR segfault_code_2VVzgU6Vjr OR segfault_msg_Vk4nwgUDZc OR illegal_inst_msg_ELXjs696R3)) AND NOT timeout_MoxuBMzWJA) or (PERFORMER AND NOT ((print_buffer_q0xbOxBZfG OR (segfault_code_lVpLk1hKGc OR segfault_code_Sf8Ly94BG5 OR segfault_code_H1IUq9EQHA OR segfault_code_7AmLl7yiNs OR segfault_code_2VVzgU6Vjr OR segfault_msg_Vk4nwgUDZc OR illegal_inst_msg_ELXjs696R3)) OR timeout_MoxuBMzWJA))) (NOT PERFORMER AND (print_buffer_q0xbOxBZfG OR (segfault_code_lVpLk1hKGc OR segfault_code_Sf8Ly94BG5 OR segfault_code_H1IUq9EQHA OR segfault_code_7AmLl7yiNs OR segfault_code_2VVzgU6Vjr OR segfault_msg_Vk4nwgUDZc OR illegal_inst_msg_ELXjs696R3)) AND NOT timeout_MoxuBMzWJA) or (PERFORMER AND NOT ((print_buffer_q0xbOxBZfG OR (segfault_code_lVpLk1hKGc OR segfault_code_Sf8Ly94BG5 OR segfault_code_H1IUq9EQHA OR segfault_code_7AmLl7yiNs OR segfault_code_2VVzgU6Vjr OR segfault_msg_Vk4nwgUDZc OR illegal_inst_msg_ELXjs696R3)) OR timeout_MoxuBMzWJA)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION None 132 None 134 None 135 None 136 None 139 None Segmentation fault None Illegal instruction ../logfile.txt [a-zA-Z0-9]{65,} None stonesoup_trace:weakness_start