Creating test case using base program.
Added an environment variable read to the function definition.
Completed injection.
UNSPECIFIED
UNSPECIFIED
$SS_TC_ROOT/$SS_TC_INSTALL/bin/ffmpeg
env
./configure --prefix="$SS_TC_ROOT/$SS_TC_INSTALL" --enable-pic --disable-static --enable-shared --disable-yasm --disable-doc --enable-pthreads --disable-w32threads --disable-os2threads --enable-zlib --enable-openssl --disable-asm --extra-cflags="$SS_CFLAGS" --extra-ldflags="$SS_LDFLAGS" --extra-libs="$SS_LIBS"
mv config.mak config.mak.bak
awk -v compiler="$SS_CC" '/CC=gcc/{gsub(/gcc/, compiler)};{print}' config.mak.bak > config.mak && true
make V=1
make install V=1
remove the audio from a video
Has a heap buffer of size 128 within a struct. reads in an ascii string from an environmentvariable and increments the corresponding values in the heap buffer. Then reads in an input and prints out the count of the characters from the heap buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read
NONE
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
-an -i grsm_0001-shorter.mov good-01/grsm_0001_no_audio.mov
(GOOD-01-CENTOS OR GOOD-01-UBUNTU OR GOOD-01-DEBIAN) AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-01/grsm_0001_no_audio.mov
good-01/grsm_0001_no_audio-centos.mov
good-01/grsm_0001_no_audio.mov
good-01/grsm_0001_no_audio-ubuntu.mov
good-01/grsm_0001_no_audio.mov
good-01/grsm_0001_no_audio-debian.mov
DOES_NOT_RETURN
CONTROLLED_EXIT
change the frame rate and aspect ration of a video
Has a heap buffer of size 128 within a struct. reads in an ascii string from an environmentvariable and increments the corresponding values in the heap buffer. Then reads in an input and prints out the count of the characters from the heap buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read
NONE
This is probably not going to overflow a buffer of some sort. Let's run it anyway and see what happens.
AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
-r 20 -aspect 16:9 -i elis_m0001-shorter.mov good-02/elis_m0001_rate_aspect.mov
(GOOD-02-CENTOS OR GOOD-02-UBUNTU OR GOOD-02-DEBIAN) AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-02/elis_m0001_rate_aspect.mov
good-02/elis_m0001_rate_aspect-centos.mov
good-02/elis_m0001_rate_aspect.mov
good-02/elis_m0001_rate_aspect-ubuntu.mov
good-02/elis_m0001_rate_aspect.mov
good-02/elis_m0001_rate_aspect-debian.mov
DOES_NOT_RETURN
CONTROLLED_EXIT
remove the audio and change the video format from .mov to .mp4 using the mpeg4 codec
Has a heap buffer of size 128 within a struct. reads in an ascii string from an environmentvariable and increments the corresponding values in the heap buffer. Then reads in an input and prints out the count of the characters from the heap buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read
NONE
As long as this statement has more than 64 characters, then nothing bad should happen
AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
-an -i bost_people_0001-shorter.mov -vcodec mpeg4 -strict -2 good-03/bost_people_0001.mp4
(GOOD-03-CENTOS OR GOOD-03-UBUNTU OR GOOD-03-DEBIAN) AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-03/bost_people_0001.mp4
good-03/bost_people_0001-centos.mp4
good-03/bost_people_0001.mp4
good-03/bost_people_0001-ubuntu.mp4
good-03/bost_people_0001.mp4
good-03/bost_people_0001-debian.mp4
DOES_NOT_RETURN
CONTROLLED_EXIT
copy the audio file and convert the number of audio channels to 2.
Has a heap buffer of size 128 within a struct. reads in an ascii string from an environmentvariable and increments the corresponding values in the heap buffer. Then reads in an input and prints out the count of the characters from the heap buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read
NONE
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
-i ApacheTomcat-SomewhereInMyMind.mp3 -acodec copy -ac 2 good-04/ApacheTomcat_dualchannelaudio.mp3
GOOD-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-04/ApacheTomcat_dualchannelaudio.mp3
good-04/ApacheTomcat_dualchannelaudio.mp3
DOES_NOT_RETURN
CONTROLLED_EXIT
remove original audio from a file and combine the audio from another file to create a new video and audio file
Has a heap buffer of size 128 within a struct. reads in an ascii string from an environmentvariable and increments the corresponding values in the heap buffer. Then reads in an input and prints out the count of the characters from the heap buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read
NONE
This is probably not going to overflow a buffer of some sort. Let's run it anyway and see what happens.
AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
-an -i grsm_0001-shorter.mov -i ApacheTomcat-SomewhereInMyMind.mp3 -acodec copy good-05/combined.mov
(GOOD-05-CENTOS OR GOOD-05-UBUNTU OR GOOD-05-DEBIAN) AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-05/combined.mov
good-05/combined-centos.mov
good-05/combined.mov
good-05/combined-ubuntu.mov
good-05/combined.mov
good-05/combined-debian.mov
DOES_NOT_RETURN
CONTROLLED_EXIT
Convert the size of a video to vga (640x480)
Has a heap buffer of size 128 within a struct. reads in an ascii string from an environmentvariable and increments the corresponding values in the heap buffer. Then reads in an input and prints out the count of the characters from the heap buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read
NONE
As long as this statement has more than 64 characters, then nothing bad should happen
AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
-i good-06/combined.mov -strict -2 -s vga good-06/combined_vga_sized.mov
(GOOD-06-CENTOS OR GOOD-06-UBUNTU OR GOOD-06-DEBIAN) AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-06/combined_vga_sized.mov
good-06/combined_vga_sized-centos.mov
good-06/combined_vga_sized.mov
good-06/combined_vga_sized-ubuntu.mov
good-06/combined_vga_sized.mov
good-06/combined_vga_sized-debian.mov
DOES_NOT_RETURN
CONTROLLED_EXIT
Covert a .wav file to .mp2 at 22050Hz
Has a heap buffer of size 128 within a struct. reads in an ascii string from an environmentvariable and increments the corresponding values in the heap buffer. Then reads in an input and prints out the count of the characters from the heap buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read
NONE
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
-i good-07/Bow_To_My_firewall.wav -ar 22050 good-07/Bow_To_My_firewall.mp2
GOOD-07 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-07/Bow_To_My_firewall.mp2
good-07/Bow_To_My_firewall.mp2
DOES_NOT_RETURN
CONTROLLED_EXIT
Change the bitrate and do it in two passes
Has a heap buffer of size 128 within a struct. reads in an ascii string from an environmentvariable and increments the corresponding values in the heap buffer. Then reads in an input and prints out the count of the characters from the heap buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read
NONE
This is probably not going to overflow a buffer of some sort. Let's run it anyway and see what happens.
AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
-b 300 -pass 2 -i grsm_0001-shorter.mov good-08/grsm_0001_bitrate.mov
(GOOD-08-CENTOS OR GOOD-08-UBUNTU OR GOOD-08-DEBIAN) AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-08/grsm_0001_bitrate.mov
good-08/grsm_0001_bitrate-centos.mov
good-08/grsm_0001_bitrate.mov
good-08/grsm_0001_bitrate-ubuntu.mov
good-08/grsm_0001_bitrate.mov
good-08/grsm_0001_bitrate-debian.mov
DOES_NOT_RETURN
CONTROLLED_EXIT
Convert images into a video
Has a heap buffer of size 128 within a struct. reads in an ascii string from an environmentvariable and increments the corresponding values in the heap buffer. Then reads in an input and prints out the count of the characters from the heap buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read
NONE
As long as this statement has more than 64 characters, then nothing bad should happen
AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
-f image2 -i good-09/%03d.jpg -r 12 -s vga good-09/images.avi
(GOOD-09-CENTOS OR GOOD-09-UBUNTU OR GOOD-09-DEBIAN) AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-09/images.avi
good-09/images-centos.avi
good-09/images.avi
good-09/images-ubuntu.avi
good-09/images.avi
good-09/images-debian.avi
DOES_NOT_RETURN
CONTROLLED_EXIT
Extract every fifth frame and convert it to an image
Has a heap buffer of size 128 within a struct. reads in an ascii string from an environmentvariable and increments the corresponding values in the heap buffer. Then reads in an input and prints out the count of the characters from the heap buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read
NONE
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
-i elis_m0001-shorter.mov -r 5 -s vga good-10/elise-%04d.jpg
((GOOD-10-1-CENTOS AND GOOD-10-2-CENTOS) OR (GOOD-10-1-UBUNTU AND GOOD-10-2-UBUNTU) OR (GOOD-10-1-DEBIAN AND GOOD-10-2-DEBIAN)) AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-10/elise-0001.jpg
good-10/elise-0001-centos.jpg
good-10/elise-0028.jpg
good-10/elise-0028-centos.jpg
good-10/elise-0001.jpg
good-10/elise-0001-ubuntu.jpg
good-10/elise-0028.jpg
good-10/elise-0028-ubuntu.jpg
good-10/elise-0001.jpg
good-10/elise-0001-debian.jpg
good-10/elise-0028.jpg
good-10/elise-0028-debian.jpg
DOES_NOT_RETURN
CONTROLLED_EXIT
Has a heap buffer of size 128 within a struct. reads in an ascii string from an environmentvariable and increments the corresponding values in the heap buffer. Then reads in an input and prints out the count of the characters from the heap buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read
READ_APPLICATION_DATA
QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUGugIE=
AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
-i ApacheTomcat-SomewhereInMyMind.mp3 -acodec copy -ac 2 good-04/ApacheTomcat_dualchannelaudio.mp3
weakness_started_vVTBX8xvlcyJam9H9s0t AND ((NOT PERFORMER AND (output_excess_non_null_XDy8RHPGRk) AND NOT timeout_SRQ6XUc9hR) or (PERFORMER AND NOT ((output_excess_non_null_XDy8RHPGRk) OR timeout_SRQ6XUc9hR)))
(NOT PERFORMER AND (output_excess_non_null_XDy8RHPGRk) AND NOT timeout_SRQ6XUc9hR) or (PERFORMER AND NOT ((output_excess_non_null_XDy8RHPGRk) OR timeout_SRQ6XUc9hR))
DOES_NOT_RETURN
CONTROLLED_EXIT
CONTINUED_EXECUTION
if (( $(/bin/grep -P "value [\x80-\xFF] appears: 5555 times" "logfile.txt" | wc -l) > 0)); then true; else false; fi;
None
stonesoup_trace:weakness_start
Has a heap buffer of size 128 within a struct. reads in an ascii string from an environmentvariable and increments the corresponding values in the heap buffer. Then reads in an input and prints out the count of the characters from the heap buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read
READ_APPLICATION_DATA
SGVsbKUgV6lybGSI
AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
-an -i grsm_0001-shorter.mov -i ApacheTomcat-SomewhereInMyMind.mp3 -acodec copy good-05/combined.mov
weakness_started_ZvZkflbe4ZFCm7z8FbGe AND ((NOT PERFORMER AND (output_excess_non_null_HYsZHX2z16) AND NOT timeout_OblQZrlLRa) or (PERFORMER AND NOT ((output_excess_non_null_HYsZHX2z16) OR timeout_OblQZrlLRa)))
(NOT PERFORMER AND (output_excess_non_null_HYsZHX2z16) AND NOT timeout_OblQZrlLRa) or (PERFORMER AND NOT ((output_excess_non_null_HYsZHX2z16) OR timeout_OblQZrlLRa))
DOES_NOT_RETURN
CONTROLLED_EXIT
CONTINUED_EXECUTION
if (( $(/bin/grep -P "value [\x80-\xFF] appears: 5555 times" "logfile.txt" | wc -l) > 0)); then true; else false; fi;
None
stonesoup_trace:weakness_start