Creating test case using base program. Added an environment variable read to the function definition. Completed injection. UNSPECIFIED UNSPECIFIED $SS_TC_ROOT/$SS_TC_INSTALL/bin/grep ./configure --prefix="$SS_TC_ROOT/$SS_TC_INSTALL" --exec-prefix="$SS_TC_ROOT/$SS_TC_INSTALL" --with-included-regex make V=1 CC="$SS_CC" CCLD="$SS_LNK" make V=1 install CC="$SS_CC" CCLD="$SS_LNK" all words beginning with e or x, case sensitive Has a buffer declared on the stack. char[20] If input is resolved to a value larger than 20 it will overflow NONE /etc/passwd $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 ^[ex] input/dict.txt STDOUT-01 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-01/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT find BIRMINGHAM, ignore case, recursive Has a buffer declared on the stack. char[20] If input is resolved to a value larger than 20 it will overflow NONE /etc/ssh/ssh_config $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -r -i BIRMINGHAM input/zip/ STDOUT-02 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-02/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT read extented regular expressions from file Has a buffer declared on the stack. char[20] If input is resolved to a value larger than 20 it will overflow NONE /usr/bin/gcc $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -E -f input/grep-good-03-expr.txt input/mktsymbols.txt STDOUT-03 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-03/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT search for entire words matching a specific pattern Has a buffer declared on the stack. char[20] If input is resolved to a value larger than 20 it will overflow NONE /etc/passwd $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -w -f input/grep-good-04-expr.txt input/mktsymbols.txt STDOUT-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-04/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT use mmap(), find NASDAQ in file Has a buffer declared on the stack. char[20] If input is resolved to a value larger than 20 it will overflow NONE /etc/ssh/ssh_config $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 --mmap NASDAQ input/mktsymbols.txt STDOUT-05 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-05/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT match lines not containing NASDAQ, ignore case, count Has a buffer declared on the stack. char[20] If input is resolved to a value larger than 20 it will overflow NONE /usr/bin/gcc $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -v -i -c NASDAQ input/mktsymbols.txt STDOUT-06 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-06/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT grep stdin (a device), match words beginning w/ D, P, or Z, redirect file into stdin Has a buffer declared on the stack. char[20] If input is resolved to a value larger than 20 it will overflow NONE /etc/passwd $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -D read -e ^[DPZ] /dev/stdin < input/mktsymbols.txt STDOUT-07 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-07/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT extended grep, print number of lines of context Has a buffer declared on the stack. char[20] If input is resolved to a value larger than 20 it will overflow NONE /etc/ssh/ssh_config $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -E -C 15 ^[BRT] input/mktsymbols.txt STDOUT-08 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-08/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT lines not beginning w/ B, R or T Has a buffer declared on the stack. char[20] If input is resolved to a value larger than 20 it will overflow NONE /usr/bin/gcc $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -v ^[BRT] input/mktsymbols.txt STDOUT-09 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-09/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT count lines not beginning w/ B, R or T Has a buffer declared on the stack. char[20] If input is resolved to a value larger than 20 it will overflow NONE /etc/passwd $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -c -v ^[BRT] input/mktsymbols.txt STDOUT-10 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-10/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT Has a buffer declared on the stack. char[20] If input is resolved to a value larger than 20 it will overflow DOS_UNCONTROLLED_EXIT ../testData $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 ^[ex] input/dict.txt weakness_started_sCi437D9NriFZ5FZEt5I AND ((NOT PERFORMER AND (segfault_code_w94bhVqmE0 OR segfault_code_YYwS0NofEA OR segfault_code_T3D83TPQsu OR segfault_code_9RTcxln73R OR segfault_code_ja8p5uOW1P OR segfault_msg_fy19dMGjmk OR illegal_inst_msg_zgJg7Uje6B) AND NOT timeout_Et6eneXYdP) or (PERFORMER AND NOT ((segfault_code_w94bhVqmE0 OR segfault_code_YYwS0NofEA OR segfault_code_T3D83TPQsu OR segfault_code_9RTcxln73R OR segfault_code_ja8p5uOW1P OR segfault_msg_fy19dMGjmk OR illegal_inst_msg_zgJg7Uje6B) OR timeout_Et6eneXYdP))) (NOT PERFORMER AND (segfault_code_w94bhVqmE0 OR segfault_code_YYwS0NofEA OR segfault_code_T3D83TPQsu OR segfault_code_9RTcxln73R OR segfault_code_ja8p5uOW1P OR segfault_msg_fy19dMGjmk OR illegal_inst_msg_zgJg7Uje6B) AND NOT timeout_Et6eneXYdP) or (PERFORMER AND NOT ((segfault_code_w94bhVqmE0 OR segfault_code_YYwS0NofEA OR segfault_code_T3D83TPQsu OR segfault_code_9RTcxln73R OR segfault_code_ja8p5uOW1P OR segfault_msg_fy19dMGjmk OR illegal_inst_msg_zgJg7Uje6B) OR timeout_Et6eneXYdP)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION None 132 None 134 None 135 None 136 None 139 None Segmentation fault None Illegal instruction None stonesoup_trace:weakness_start Has a buffer declared on the stack. char[20] If input is resolved to a value larger than 20 it will overflow DOS_UNCONTROLLED_EXIT ../testOutput $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 ^[ex] input/dict.txt weakness_started_XiSHuVfCaLnmqv0d4Cve AND ((NOT PERFORMER AND (segfault_code_a7Kg9mzdc2 OR segfault_code_oCO5OSGZZ5 OR segfault_code_csmVmyrF2j OR segfault_code_pAfZjvDEx1 OR segfault_code_Ede4T07nfh OR segfault_msg_flJDwvgQGS OR illegal_inst_msg_xLdkDUmujI) AND NOT timeout_mSn5RPC839) or (PERFORMER AND NOT ((segfault_code_a7Kg9mzdc2 OR segfault_code_oCO5OSGZZ5 OR segfault_code_csmVmyrF2j OR segfault_code_pAfZjvDEx1 OR segfault_code_Ede4T07nfh OR segfault_msg_flJDwvgQGS OR illegal_inst_msg_xLdkDUmujI) OR timeout_mSn5RPC839))) (NOT PERFORMER AND (segfault_code_a7Kg9mzdc2 OR segfault_code_oCO5OSGZZ5 OR segfault_code_csmVmyrF2j OR segfault_code_pAfZjvDEx1 OR segfault_code_Ede4T07nfh OR segfault_msg_flJDwvgQGS OR illegal_inst_msg_xLdkDUmujI) AND NOT timeout_mSn5RPC839) or (PERFORMER AND NOT ((segfault_code_a7Kg9mzdc2 OR segfault_code_oCO5OSGZZ5 OR segfault_code_csmVmyrF2j OR segfault_code_pAfZjvDEx1 OR segfault_code_Ede4T07nfh OR segfault_msg_flJDwvgQGS OR illegal_inst_msg_xLdkDUmujI) OR timeout_mSn5RPC839)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION None 132 None 134 None 135 None 136 None 139 None Segmentation fault None Illegal instruction None stonesoup_trace:weakness_start