[Question] Can a single string input trigger the vulnerabilities inside the CGC programs?

[Hanseltu]

Hi all. I am new to learn CGC programs and I hope this is the right place to ask a question. Please forgive me if the question is not suitable enough to ask.

Normally, we can use tester.py or cb-test.py with a binary of POV to validate the vulnerabilities inside the CGC program. My question is that is it possible to trigger the vulnerabilities using a single input? Like, for example

$./Palindrome "some string input"
// crash

$./Palindrome_patched "some string input"
// not crash

Can I do the above thing correctly? Or are there any solutions to implement this?

Thanks for your help and any suggestions are welcome!

[woodruffw]

This is the right place to ask!

The CGC programs are a broad corpus -- some of them are noninteractive, while others are interactive on the terminal, while others yet are client-server programs that interact through other mechanisms. In general: I think you can trigger the vulnerabilities in some of the CGC programs using a single input string, but not all of them.

Hopefully that answers your question. Also, feel free to join our Slack (https://empireslacking.herokuapp.com/, join #challenge-sets); someone (potentially not me) may be able to help you in real-time.

[Hanseltu]

hi @woodruffw.

Thanks for your speedy and useful reply! I think I know want I should do next.

Btw, I have joined the Slack through your shared link, and the Slack looks awesome! Thanks for the recommendation! I will take some time to learn new things here.

Thanks again for your kind help and hope you have a good week!

[woodruffw]

Thanks, you too!