Creating test case using base program.
Added an environment variable read to the function definition.
Completed injection.
UNSPECIFIED
UNSPECIFIED
$SS_TC_ROOT/$SS_TC_INSTALL/bin/grep
./configure --prefix="$SS_TC_ROOT/$SS_TC_INSTALL" --exec-prefix="$SS_TC_ROOT/$SS_TC_INSTALL" --with-included-regex
make V=1 CC="$SS_CC" CCLD="$SS_LNK"
make V=1 install CC="$SS_CC" CCLD="$SS_LNK"
all words beginning with e or x, case sensitive
Has a fixed stack buffer of size 64, allocated within a struct (char [64])
NONE
AAA
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
^[ex] input/dict.txt
STDOUT-01 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-01/std-out.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
find BIRMINGHAM, ignore case, recursive
Has a fixed stack buffer of size 64, allocated within a struct (char [64])
NONE
Hellow world!
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
-r -i BIRMINGHAM input/zip/
STDOUT-02 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-02/std-out.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
read extented regular expressions from file
Has a fixed stack buffer of size 64, allocated within a struct (char [64])
NONE
Good-bye cruel world!
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
-E -f input/grep-good-03-expr.txt input/mktsymbols.txt
STDOUT-03 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-03/std-out.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
search for entire words matching a specific pattern
Has a fixed stack buffer of size 64, allocated within a struct (char [64])
NONE
AAA
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
-w -f input/grep-good-04-expr.txt input/mktsymbols.txt
STDOUT-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-04/std-out.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
use mmap(), find NASDAQ in file
Has a fixed stack buffer of size 64, allocated within a struct (char [64])
NONE
Hellow world!
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
--mmap NASDAQ input/mktsymbols.txt
STDOUT-05 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-05/std-out.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
match lines not containing NASDAQ, ignore case, count
Has a fixed stack buffer of size 64, allocated within a struct (char [64])
NONE
Good-bye cruel world!
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
-v -i -c NASDAQ input/mktsymbols.txt
STDOUT-06 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-06/std-out.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
grep stdin (a device), match words beginning w/ D, P, or Z, redirect file into stdin
Has a fixed stack buffer of size 64, allocated within a struct (char [64])
NONE
AAA
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
-D read -e ^[DPZ] /dev/stdin < input/mktsymbols.txt
STDOUT-07 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-07/std-out.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
extended grep, print number of lines of context
Has a fixed stack buffer of size 64, allocated within a struct (char [64])
NONE
Hellow world!
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
-E -C 15 ^[BRT] input/mktsymbols.txt
STDOUT-08 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-08/std-out.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
lines not beginning w/ B, R or T
Has a fixed stack buffer of size 64, allocated within a struct (char [64])
NONE
Good-bye cruel world!
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
-v ^[BRT] input/mktsymbols.txt
STDOUT-09 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-09/std-out.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
count lines not beginning w/ B, R or T
Has a fixed stack buffer of size 64, allocated within a struct (char [64])
NONE
AAA
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
-c -v ^[BRT] input/mktsymbols.txt
STDOUT-10 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-10/std-out.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
Has a fixed stack buffer of size 64, allocated within a struct (char [64])
DOS_UNCONTROLLED_EXIT
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
-E -f input/grep-good-03-expr.txt input/mktsymbols.txt
weakness_started_z9bUJA1kDUCfD4laniRO AND ((NOT PERFORMER AND (segfault_code_n50k3wcVOw OR segfault_code_BCha7ePt38 OR segfault_code_u1zI1oAfsB OR segfault_code_61Z0S5GlUZ OR segfault_code_zG85FIDqqq OR segfault_msg_ktfT43RsTC OR illegal_inst_msg_ozMe12v82j) AND NOT timeout_b2BYXJ5Lvm) or (PERFORMER AND NOT ((segfault_code_n50k3wcVOw OR segfault_code_BCha7ePt38 OR segfault_code_u1zI1oAfsB OR segfault_code_61Z0S5GlUZ OR segfault_code_zG85FIDqqq OR segfault_msg_ktfT43RsTC OR illegal_inst_msg_ozMe12v82j) OR timeout_b2BYXJ5Lvm)))
(NOT PERFORMER AND (segfault_code_n50k3wcVOw OR segfault_code_BCha7ePt38 OR segfault_code_u1zI1oAfsB OR segfault_code_61Z0S5GlUZ OR segfault_code_zG85FIDqqq OR segfault_msg_ktfT43RsTC OR illegal_inst_msg_ozMe12v82j) AND NOT timeout_b2BYXJ5Lvm) or (PERFORMER AND NOT ((segfault_code_n50k3wcVOw OR segfault_code_BCha7ePt38 OR segfault_code_u1zI1oAfsB OR segfault_code_61Z0S5GlUZ OR segfault_code_zG85FIDqqq OR segfault_msg_ktfT43RsTC OR illegal_inst_msg_ozMe12v82j) OR timeout_b2BYXJ5Lvm))
DOES_NOT_RETURN
CONTROLLED_EXIT
CONTINUED_EXECUTION
None
132
None
134
None
135
None
136
None
139
None
Segmentation fault
None
Illegal instruction
None
stonesoup_trace:weakness_start
Has a fixed stack buffer of size 64, allocated within a struct (char [64])
DOS_UNCONTROLLED_EXIT
This is probably going to overflow a buffer of some sort. Let's run it anyway and see what happens. I hope that everything turns out ok, because I would love to see what this looks like in all CAPS. Converting ASCII characters to upper case is easy, you can either call a system function, or just add the standard difference between the start of the two character sets. But, I am sure there is a reason that system functions exist for this sort of functionality.
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
-E -f input/grep-good-03-expr.txt input/mktsymbols.txt
weakness_started_DPWXZ2DXaO1jSyBSOeJG AND ((NOT PERFORMER AND (segfault_code_A5vqkCqOqN OR segfault_code_indsZLxR00 OR segfault_code_VsW8akpMUs OR segfault_code_mPOKSxBYwW OR segfault_code_nekKtWMPjz OR segfault_msg_MCBIW5pbNP OR illegal_inst_msg_UzHubVbhgw) AND NOT timeout_C39vH7nqbp) or (PERFORMER AND NOT ((segfault_code_A5vqkCqOqN OR segfault_code_indsZLxR00 OR segfault_code_VsW8akpMUs OR segfault_code_mPOKSxBYwW OR segfault_code_nekKtWMPjz OR segfault_msg_MCBIW5pbNP OR illegal_inst_msg_UzHubVbhgw) OR timeout_C39vH7nqbp)))
(NOT PERFORMER AND (segfault_code_A5vqkCqOqN OR segfault_code_indsZLxR00 OR segfault_code_VsW8akpMUs OR segfault_code_mPOKSxBYwW OR segfault_code_nekKtWMPjz OR segfault_msg_MCBIW5pbNP OR illegal_inst_msg_UzHubVbhgw) AND NOT timeout_C39vH7nqbp) or (PERFORMER AND NOT ((segfault_code_A5vqkCqOqN OR segfault_code_indsZLxR00 OR segfault_code_VsW8akpMUs OR segfault_code_mPOKSxBYwW OR segfault_code_nekKtWMPjz OR segfault_msg_MCBIW5pbNP OR illegal_inst_msg_UzHubVbhgw) OR timeout_C39vH7nqbp))
DOES_NOT_RETURN
CONTROLLED_EXIT
CONTINUED_EXECUTION
None
132
None
134
None
135
None
136
None
139
None
Segmentation fault
None
Illegal instruction
None
stonesoup_trace:weakness_start