Creating test case using base program. Added an environment variable read to the function definition. Completed injection. TRUE UNSPECIFIED UNSPECIFIED ./configure -v --prefix="$SS_TC_ROOT/$SS_TC_INSTALL" --with-apr="$SS_TC_DEPS/bin/apr-1-config" --with-apr-util="$SS_TC_DEPS/bin/apu-1-config" --with-serf --with-sqlite="$SS_TC_DEPS" --with-sasl --with-libmagic --with-zlib --without-kwallet --without-gnome-keyring --disable-keychain --without-trang --without-doxygen --without-swig --without-jikes --without-ctypesgen --without-junit --without-jdk --without-apxs --with-editor="/usr/bin/vi" --disable-shared --with-pic=yes make VERBOSE=1 CC="$SS_CC" CCLD="$SS_LNK" make install CC="$SS_CC" CCLD="$SS_LNK" create a repository Has a fixed heap buffer of size 64. (char [64]) NONE AAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 $SS_TC_ROOT/$SS_TC_INSTALL/bin/svnserve -d --foreground -r $SS_TC_ROOT/testData/svnrepos --pid-file=$SS_TC_ROOT/$SS_TC_INSTALL/svnserve.pid STDOUT AND NOT TIMEOUT AND NOT CONTROLLED_EXIT Checked out revision 0. DOES_NOT_RETURN CONTROLLED_EXIT commit a file Has a fixed heap buffer of size 64. (char [64]) NONE Hellow world! $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 $SS_TC_ROOT/$SS_TC_INSTALL/bin/svnserve -d --foreground -r $SS_TC_ROOT/testData/svnrepos --pid-file=$SS_TC_ROOT/$SS_TC_INSTALL/svnserve.pid CHECKOUT AND ADD AND COMMIT AND NOT TIMEOUT AND NOT CONTROLLED_EXIT Checked out revision 0. A file.txt good-02/output.txt DOES_NOT_RETURN CONTROLLED_EXIT diff two files using svn diff Has a fixed heap buffer of size 64. (char [64]) NONE Good-bye cruel world! $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 $SS_TC_ROOT/$SS_TC_INSTALL/bin/svn diff css/main.css css/main2.css STDOUT AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-03/output.txt DOES_NOT_RETURN CONTROLLED_EXIT use svn mkdir to create a directory and add it to the svn repo Has a fixed heap buffer of size 64. (char [64]) NONE AAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 $SS_TC_ROOT/$SS_TC_INSTALL/bin/svn mkdir newdir STDOUT AND NOT TIMEOUT AND NOT CONTROLLED_EXIT A newdir DOES_NOT_RETURN CONTROLLED_EXIT use svn to move a file and its position in the repo Has a fixed heap buffer of size 64. (char [64]) NONE Hellow world! $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 $SS_TC_ROOT/$SS_TC_INSTALL/bin/svn move 404.html js/ STDOUT AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-05/output.txt DOES_NOT_RETURN CONTROLLED_EXIT run blame on 404.html Has a fixed heap buffer of size 64. (char [64]) NONE Good-bye cruel world! $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 $SS_TC_ROOT/$SS_TC_INSTALL/bin/svn blame 404.html STDOUT AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-06/output.txt DOES_NOT_RETURN CONTROLLED_EXIT apply a patch Has a fixed heap buffer of size 64. (char [64]) NONE AAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 $SS_TC_ROOT/$SS_TC_INSTALL/bin/svn patch good-07.diff STDOUT AND NOT TIMEOUT AND NOT CONTROLLED_EXIT U 404.html DOES_NOT_RETURN CONTROLLED_EXIT add a property Has a fixed heap buffer of size 64. (char [64]) NONE Hellow world! $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 $SS_TC_ROOT/$SS_TC_INSTALL/bin/svn propset rating "awesome" 404.html STDOUT AND NOT TIMEOUT AND NOT CONTROLLED_EXIT property 'rating' set on '404.html' DOES_NOT_RETURN CONTROLLED_EXIT get a property Has a fixed heap buffer of size 64. (char [64]) NONE Good-bye cruel world! $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 $SS_TC_ROOT/$SS_TC_INSTALL/bin/svn propget rating 404.html STDOUT AND NOT TIMEOUT AND NOT CONTROLLED_EXIT awesome DOES_NOT_RETURN CONTROLLED_EXIT delete a property Has a fixed heap buffer of size 64. (char [64]) NONE AAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 $SS_TC_ROOT/$SS_TC_INSTALL/bin/svn propdel rating 404.html STDOUT AND NOT TIMEOUT AND NOT CONTROLLED_EXIT property 'rating' deleted from '404.html'. DOES_NOT_RETURN CONTROLLED_EXIT Has a fixed heap buffer of size 64. (char [64]) DOS_UNCONTROLLED_EXIT READ_APPLICATION_DATA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 $SS_TC_ROOT/$SS_TC_INSTALL/bin/svn diff css/main.css css/main2.css weakness_started_PQwaNfuB2EWvPT2sGYiT AND ((NOT PERFORMER AND (segfault_glibc_fNLhfWVHrE OR print_overflowed_buffer_zvrLuASAqL OR (segfault_code_rVPX54qDj7 OR segfault_code_7t6fVdtAle OR segfault_code_OFHXYNGk8n OR segfault_code_Y8KEomaE9n OR segfault_code_qb4JhB9Fob OR segfault_msg_4WSTxRSmzP OR illegal_inst_msg_jhlCX1Tjpj)) AND NOT timeout_Sqp7gKrxBv) or (PERFORMER AND NOT ((segfault_glibc_fNLhfWVHrE OR print_overflowed_buffer_zvrLuASAqL OR (segfault_code_rVPX54qDj7 OR segfault_code_7t6fVdtAle OR segfault_code_OFHXYNGk8n OR segfault_code_Y8KEomaE9n OR segfault_code_qb4JhB9Fob OR segfault_msg_4WSTxRSmzP OR illegal_inst_msg_jhlCX1Tjpj)) OR timeout_Sqp7gKrxBv))) (NOT PERFORMER AND (segfault_glibc_fNLhfWVHrE OR print_overflowed_buffer_zvrLuASAqL OR (segfault_code_rVPX54qDj7 OR segfault_code_7t6fVdtAle OR segfault_code_OFHXYNGk8n OR segfault_code_Y8KEomaE9n OR segfault_code_qb4JhB9Fob OR segfault_msg_4WSTxRSmzP OR illegal_inst_msg_jhlCX1Tjpj)) AND NOT timeout_Sqp7gKrxBv) or (PERFORMER AND NOT ((segfault_glibc_fNLhfWVHrE OR print_overflowed_buffer_zvrLuASAqL OR (segfault_code_rVPX54qDj7 OR segfault_code_7t6fVdtAle OR segfault_code_OFHXYNGk8n OR segfault_code_Y8KEomaE9n OR segfault_code_qb4JhB9Fob OR segfault_msg_4WSTxRSmzP OR illegal_inst_msg_jhlCX1Tjpj)) OR timeout_Sqp7gKrxBv)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION None 132 None 134 None 135 None 136 None 139 None Segmentation fault None Illegal instruction None free(): invalid pointer ../logfile.txt [a-zA-Z0-9,. ']{64,} None stonesoup_trace:weakness_start Has a fixed heap buffer of size 64. (char [64]) DOS_UNCONTROLLED_EXIT READ_APPLICATION_DATA This is probably going to overflow a buffer of some sort. Let's run it anyway and see what happens. I hope that everything turns out ok, because I would love to see what this looks like in all CAPS. Converting ASCII characters to upper case is easy, you can either call a system function, or just add the standard difference between the start of the two character sets. But, I am sure there is a reason that system functions exist for this sort of functionality. $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 $SS_TC_ROOT/$SS_TC_INSTALL/bin/svn blame 404.html weakness_started_zIRGryt3m5aVmDKXQ6K1 AND ((NOT PERFORMER AND (segfault_glibc_bNoqSPzOlu OR print_overflowed_buffer_qKLCTXO5Iv OR (segfault_code_E1booyR3uT OR segfault_code_QhtvjTRrIY OR segfault_code_gtIKxHDvkJ OR segfault_code_G1xFKTKTwn OR segfault_code_MFniwrxR8C OR segfault_msg_wAmPgRxsNJ OR illegal_inst_msg_MG8MH8nukO)) AND NOT timeout_W3sUm3kWQj) or (PERFORMER AND NOT ((segfault_glibc_bNoqSPzOlu OR print_overflowed_buffer_qKLCTXO5Iv OR (segfault_code_E1booyR3uT OR segfault_code_QhtvjTRrIY OR segfault_code_gtIKxHDvkJ OR segfault_code_G1xFKTKTwn OR segfault_code_MFniwrxR8C OR segfault_msg_wAmPgRxsNJ OR illegal_inst_msg_MG8MH8nukO)) OR timeout_W3sUm3kWQj))) (NOT PERFORMER AND (segfault_glibc_bNoqSPzOlu OR print_overflowed_buffer_qKLCTXO5Iv OR (segfault_code_E1booyR3uT OR segfault_code_QhtvjTRrIY OR segfault_code_gtIKxHDvkJ OR segfault_code_G1xFKTKTwn OR segfault_code_MFniwrxR8C OR segfault_msg_wAmPgRxsNJ OR illegal_inst_msg_MG8MH8nukO)) AND NOT timeout_W3sUm3kWQj) or (PERFORMER AND NOT ((segfault_glibc_bNoqSPzOlu OR print_overflowed_buffer_qKLCTXO5Iv OR (segfault_code_E1booyR3uT OR segfault_code_QhtvjTRrIY OR segfault_code_gtIKxHDvkJ OR segfault_code_G1xFKTKTwn OR segfault_code_MFniwrxR8C OR segfault_msg_wAmPgRxsNJ OR illegal_inst_msg_MG8MH8nukO)) OR timeout_W3sUm3kWQj)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION None 132 None 134 None 135 None 136 None 139 None Segmentation fault None Illegal instruction None free(): invalid pointer ../logfile.txt [a-zA-Z0-9,. ']{64,} None stonesoup_trace:weakness_start