Creating test case using base program. Added an environment variable read to the function definition. Completed injection. TRUE UNSPECIFIED UNSPECIFIED ./configure -v --prefix="$SS_TC_ROOT/$SS_TC_INSTALL" --with-apr="$SS_TC_DEPS/bin/apr-1-config" --with-apr-util="$SS_TC_DEPS/bin/apu-1-config" --with-serf --with-sqlite="$SS_TC_DEPS" --with-sasl --with-libmagic --with-zlib --without-kwallet --without-gnome-keyring --disable-keychain --without-trang --without-doxygen --without-swig --without-jikes --without-ctypesgen --without-junit --without-jdk --without-apxs --with-editor="/usr/bin/vi" --disable-shared --with-pic=yes make VERBOSE=1 CC="$SS_CC" CCLD="$SS_LNK" make install CC="$SS_CC" CCLD="$SS_LNK" create a repository Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 $SS_TC_ROOT/$SS_TC_INSTALL/bin/svnserve -d --foreground -r $SS_TC_ROOT/testData/svnrepos --pid-file=$SS_TC_ROOT/$SS_TC_INSTALL/svnserve.pid STDOUT AND NOT TIMEOUT AND NOT CONTROLLED_EXIT Checked out revision 0. DOES_NOT_RETURN CONTROLLED_EXIT commit a file Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE This is probably not going to overflow a buffer of some sort. $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 $SS_TC_ROOT/$SS_TC_INSTALL/bin/svnserve -d --foreground -r $SS_TC_ROOT/testData/svnrepos --pid-file=$SS_TC_ROOT/$SS_TC_INSTALL/svnserve.pid CHECKOUT AND ADD AND COMMIT AND NOT TIMEOUT AND NOT CONTROLLED_EXIT Checked out revision 0. A file.txt good-02/output.txt DOES_NOT_RETURN CONTROLLED_EXIT diff two files using svn diff Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE This statement has less than 64 characters, then nothing bad. $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 $SS_TC_ROOT/$SS_TC_INSTALL/bin/svn diff css/main.css css/main2.css STDOUT AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-03/output.txt DOES_NOT_RETURN CONTROLLED_EXIT use svn mkdir to create a directory and add it to the svn repo Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 $SS_TC_ROOT/$SS_TC_INSTALL/bin/svn mkdir newdir STDOUT AND NOT TIMEOUT AND NOT CONTROLLED_EXIT A newdir DOES_NOT_RETURN CONTROLLED_EXIT use svn to move a file and its position in the repo Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE This is probably not going to overflow a buffer of some sort. $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 $SS_TC_ROOT/$SS_TC_INSTALL/bin/svn move 404.html js/ STDOUT AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-05/output.txt DOES_NOT_RETURN CONTROLLED_EXIT run blame on 404.html Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE This statement has less than 64 characters, then nothing bad. $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 $SS_TC_ROOT/$SS_TC_INSTALL/bin/svn blame 404.html STDOUT AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-06/output.txt DOES_NOT_RETURN CONTROLLED_EXIT apply a patch Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 $SS_TC_ROOT/$SS_TC_INSTALL/bin/svn patch good-07.diff STDOUT AND NOT TIMEOUT AND NOT CONTROLLED_EXIT U 404.html DOES_NOT_RETURN CONTROLLED_EXIT add a property Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE This is probably not going to overflow a buffer of some sort. $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 $SS_TC_ROOT/$SS_TC_INSTALL/bin/svn propset rating "awesome" 404.html STDOUT AND NOT TIMEOUT AND NOT CONTROLLED_EXIT property 'rating' set on '404.html' DOES_NOT_RETURN CONTROLLED_EXIT get a property Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE This statement has less than 64 characters, then nothing bad. $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 $SS_TC_ROOT/$SS_TC_INSTALL/bin/svn propget rating 404.html STDOUT AND NOT TIMEOUT AND NOT CONTROLLED_EXIT awesome DOES_NOT_RETURN CONTROLLED_EXIT delete a property Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 $SS_TC_ROOT/$SS_TC_INSTALL/bin/svn propdel rating 404.html STDOUT AND NOT TIMEOUT AND NOT CONTROLLED_EXIT property 'rating' deleted from '404.html'. DOES_NOT_RETURN CONTROLLED_EXIT Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. READ_APPLICATION_DATA DOS_UNCONTROLLED_EXIT abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 $SS_TC_ROOT/$SS_TC_INSTALL/bin/svn patch good-07.diff weakness_started_TGsLci51tmcED3qg8JcC AND ((NOT PERFORMER AND (print_buffer_RAzDABFMlk OR (segfault_code_87khDup9r3 OR segfault_code_dvl5AzWWrV OR segfault_code_eTt5t56LKH OR segfault_code_IfasRXuNTF OR segfault_code_w41sM18VSJ OR segfault_msg_dtAsFvC0Nx OR illegal_inst_msg_KIkFZHjRdI)) AND NOT timeout_C3OssFkayE) or (PERFORMER AND NOT ((print_buffer_RAzDABFMlk OR (segfault_code_87khDup9r3 OR segfault_code_dvl5AzWWrV OR segfault_code_eTt5t56LKH OR segfault_code_IfasRXuNTF OR segfault_code_w41sM18VSJ OR segfault_msg_dtAsFvC0Nx OR illegal_inst_msg_KIkFZHjRdI)) OR timeout_C3OssFkayE))) (NOT PERFORMER AND (print_buffer_RAzDABFMlk OR (segfault_code_87khDup9r3 OR segfault_code_dvl5AzWWrV OR segfault_code_eTt5t56LKH OR segfault_code_IfasRXuNTF OR segfault_code_w41sM18VSJ OR segfault_msg_dtAsFvC0Nx OR illegal_inst_msg_KIkFZHjRdI)) AND NOT timeout_C3OssFkayE) or (PERFORMER AND NOT ((print_buffer_RAzDABFMlk OR (segfault_code_87khDup9r3 OR segfault_code_dvl5AzWWrV OR segfault_code_eTt5t56LKH OR segfault_code_IfasRXuNTF OR segfault_code_w41sM18VSJ OR segfault_msg_dtAsFvC0Nx OR illegal_inst_msg_KIkFZHjRdI)) OR timeout_C3OssFkayE)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION None 132 None 134 None 135 None 136 None 139 None Segmentation fault None Illegal instruction ../logfile.txt [a-zA-Z0-9]{65,} None stonesoup_trace:weakness_start Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. READ_APPLICATION_DATA DOS_UNCONTROLLED_EXIT The quick brown fox jumps over the lazy dog. Why? I don't know, because he was in a rush and trying to get somewhere. $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 $SS_TC_ROOT/$SS_TC_INSTALL/bin/svn propset rating "awesome" 404.html weakness_started_Ap61nOdfMxaAxMSPmuX9 AND ((NOT PERFORMER AND (print_buffer_Y2KOjED7tz OR (segfault_code_LjllZEpKLM OR segfault_code_R5n4kvlSPG OR segfault_code_P5g5PMTbXt OR segfault_code_lAhOIcchLR OR segfault_code_5IumigdUfS OR segfault_msg_AbPkpoYitT OR illegal_inst_msg_LdP9xcyaN0)) AND NOT timeout_Z6BtOT0aCZ) or (PERFORMER AND NOT ((print_buffer_Y2KOjED7tz OR (segfault_code_LjllZEpKLM OR segfault_code_R5n4kvlSPG OR segfault_code_P5g5PMTbXt OR segfault_code_lAhOIcchLR OR segfault_code_5IumigdUfS OR segfault_msg_AbPkpoYitT OR illegal_inst_msg_LdP9xcyaN0)) OR timeout_Z6BtOT0aCZ))) (NOT PERFORMER AND (print_buffer_Y2KOjED7tz OR (segfault_code_LjllZEpKLM OR segfault_code_R5n4kvlSPG OR segfault_code_P5g5PMTbXt OR segfault_code_lAhOIcchLR OR segfault_code_5IumigdUfS OR segfault_msg_AbPkpoYitT OR illegal_inst_msg_LdP9xcyaN0)) AND NOT timeout_Z6BtOT0aCZ) or (PERFORMER AND NOT ((print_buffer_Y2KOjED7tz OR (segfault_code_LjllZEpKLM OR segfault_code_R5n4kvlSPG OR segfault_code_P5g5PMTbXt OR segfault_code_lAhOIcchLR OR segfault_code_5IumigdUfS OR segfault_msg_AbPkpoYitT OR illegal_inst_msg_LdP9xcyaN0)) OR timeout_Z6BtOT0aCZ)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION None 132 None 134 None 135 None 136 None 139 None Segmentation fault None Illegal instruction ../logfile.txt [a-zA-Z0-9]{65,} None stonesoup_trace:weakness_start