Creating test case using base program. Added an environment variable read to get a filename to read in the file contents using an fread operation within the function Completed injection. TRUE UNSPECIFIED UNSPECIFIED $SS_TC_ROOT/$SS_TC_INSTALL/bin/postgres -p 8432 ./configure --prefix="$SS_TC_ROOT/$SS_TC_INSTALL" --with-pgport=8432 --with-libraries="$SS_TC_DEPS/lib" --with-includes="$SS_TC_DEPS/include" --with-openssl --with-libxml --with-libxslt --without-selinux --with-readline --without-tcl --without-perl --without-python --without-gssapi --without-pam --without-krb5 --with-ldap --without-bonjour --with-zlib --disable-thread-safety make CC="$SS_CC" CCLD="$SS_LNK" make install CC="$SS_CC" CCLD="$SS_LNK" initalize a database Has a fixed stack buffer of size 64, allocated within a struct When input has a larger size, the stack buffer will be over read NONE /opt/stonesoup/workspace/testData/hypertragical_handwritings/triticum_graycourt.txt AAAAAAAAAAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 sudo -E -u postgres $SS_TC_ROOT/$SS_TC_INSTALL/bin/initdb $SS_TC_ROOT/testData/good-01/psqldb (UTF8 OR ASCII) AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-01/good-01-UTF8.out good-01/good-01-ASCII.out DOES_NOT_RETURN CONTROLLED_EXIT perform a select Has a fixed stack buffer of size 64, allocated within a struct When input has a larger size, the stack buffer will be over read NONE /opt/stonesoup/workspace/testData/hypertragical_handwritings/triticum_graycourt.txt Hello World! $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -D $SS_TC_ROOT/testData/good-02/psql GOOD-02 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-02/good-02.out DOES_NOT_RETURN CONTROLLED_EXIT perform an insert Has a fixed stack buffer of size 64, allocated within a struct When input has a larger size, the stack buffer will be over read NONE /opt/stonesoup/workspace/testData/hypertragical_handwritings/triticum_graycourt.txt Short is good $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -D $SS_TC_ROOT/testData/good-03/psql GOOD-03 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-03/good-03.out DOES_NOT_RETURN CONTROLLED_EXIT perform a create Has a fixed stack buffer of size 64, allocated within a struct When input has a larger size, the stack buffer will be over read NONE /opt/stonesoup/workspace/testData/hypertragical_handwritings/triticum_graycourt.txt AAAAAAAAAAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -D $SS_TC_ROOT/testData/good-04/psql GOOD-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-04/good-04.out DOES_NOT_RETURN CONTROLLED_EXIT perform a delete Has a fixed stack buffer of size 64, allocated within a struct When input has a larger size, the stack buffer will be over read NONE /opt/stonesoup/workspace/testData/hypertragical_handwritings/triticum_graycourt.txt Hello World! $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -D $SS_TC_ROOT/testData/good-05/psql GOOD-05 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-05/good-05.out DOES_NOT_RETURN CONTROLLED_EXIT perform a drop Has a fixed stack buffer of size 64, allocated within a struct When input has a larger size, the stack buffer will be over read NONE /opt/stonesoup/workspace/testData/hypertragical_handwritings/triticum_graycourt.txt Short is good $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -D $SS_TC_ROOT/testData/good-06/psql GOOD-06 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-06/good-06.out DOES_NOT_RETURN CONTROLLED_EXIT import a .sql file Has a fixed stack buffer of size 64, allocated within a struct When input has a larger size, the stack buffer will be over read NONE /opt/stonesoup/workspace/testData/hypertragical_handwritings/triticum_graycourt.txt AAAAAAAAAAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -D $SS_TC_ROOT/testData/good-07/psql GOOD-07 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-07/good-07.out DOES_NOT_RETURN CONTROLLED_EXIT perform an alter Has a fixed stack buffer of size 64, allocated within a struct When input has a larger size, the stack buffer will be over read NONE /opt/stonesoup/workspace/testData/hypertragical_handwritings/triticum_graycourt.txt Hello World! $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -D $SS_TC_ROOT/testData/good-08/psql GOOD-08 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-08/good-08.out DOES_NOT_RETURN CONTROLLED_EXIT see who's logged in Has a fixed stack buffer of size 64, allocated within a struct When input has a larger size, the stack buffer will be over read NONE /opt/stonesoup/workspace/testData/hypertragical_handwritings/triticum_graycourt.txt Short is good $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -D $SS_TC_ROOT/testData/good-09/psql GOOD-09 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT \s*booktown\s*\|\s*root\s*\|\s*([0-9]{1,3}\.){3}[0-9]{1,3}\s* DOES_NOT_RETURN CONTROLLED_EXIT perform a select using LIKE Has a fixed stack buffer of size 64, allocated within a struct When input has a larger size, the stack buffer will be over read NONE /opt/stonesoup/workspace/testData/hypertragical_handwritings/triticum_graycourt.txt AAAAAAAAAAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -D $SS_TC_ROOT/testData/good-10/psql GOOD-10 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-10/good-10.out DOES_NOT_RETURN CONTROLLED_EXIT Has a fixed stack buffer of size 64, allocated within a struct When input has a larger size, the stack buffer will be over read READ_APPLICATION_DATA /opt/stonesoup/workspace/testData/hypertragical_handwritings/triticum_graycourt.txt AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -D $SS_TC_ROOT/testData/good-08/psql weakness_started_roS76pzgpT4nxfCDEYcU AND ((NOT PERFORMER AND (output_exceeds_63_bytes_VPU21G0bBV AND output_excess_non_null_rEfH8P8HJE) AND NOT timeout_SrVeyKbMnS) or (PERFORMER AND NOT ((output_exceeds_63_bytes_VPU21G0bBV AND output_excess_non_null_rEfH8P8HJE) OR timeout_SrVeyKbMnS OR controlled_exit_mptI0jt65Z))) (NOT PERFORMER AND (output_exceeds_63_bytes_VPU21G0bBV AND output_excess_non_null_rEfH8P8HJE) AND NOT timeout_SrVeyKbMnS) or (PERFORMER AND NOT ((output_exceeds_63_bytes_VPU21G0bBV AND output_excess_non_null_rEfH8P8HJE) OR timeout_SrVeyKbMnS OR controlled_exit_mptI0jt65Z)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION if (( $(wc -c "logfile.txt" | cut -d " " -f 1) > 126 )); then true; else false; fi; if (( $(head -c -126 "logfile.txt" | tr -d '0\n' | wc -c) > 0 )); then true; else false; fi; None stonesoup_trace:weakness_start Has a fixed stack buffer of size 64, allocated within a struct When input has a larger size, the stack buffer will be over read READ_APPLICATION_DATA /opt/stonesoup/workspace/testData/hypertragical_handwritings/triticum_graycourt.txt This is probably going to overflow a buffer of some sort. Let's run it anyway and see what happens. I hope that everything turns out ok, because I would love to see what this looks like in all CAPS. Converting ASCII characters to upper case is easy, you can either call a system function, or just add the standard difference between the start of the two character sets. But, I am sure there is a reason that system functions exist for this sort of functionality. $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -D $SS_TC_ROOT/testData/good-08/psql weakness_started_f7JkUS2GRqfvUMLFZJ3U AND ((NOT PERFORMER AND (output_exceeds_63_bytes_xTZiZP0Y5I AND output_excess_non_null_tAGzobbWKs) AND NOT timeout_EyGhfw2TQW) or (PERFORMER AND NOT ((output_exceeds_63_bytes_xTZiZP0Y5I AND output_excess_non_null_tAGzobbWKs) OR timeout_EyGhfw2TQW OR controlled_exit_3G9INWHPee))) (NOT PERFORMER AND (output_exceeds_63_bytes_xTZiZP0Y5I AND output_excess_non_null_tAGzobbWKs) AND NOT timeout_EyGhfw2TQW) or (PERFORMER AND NOT ((output_exceeds_63_bytes_xTZiZP0Y5I AND output_excess_non_null_tAGzobbWKs) OR timeout_EyGhfw2TQW OR controlled_exit_3G9INWHPee)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION if (( $(wc -c "logfile.txt" | cut -d " " -f 1) > 126 )); then true; else false; fi; if (( $(head -c -126 "logfile.txt" | tr -d '0\n' | wc -c) > 0 )); then true; else false; fi; None stonesoup_trace:weakness_start