Negate, Inject & Restore

In the next example we are using the snapshot engine:

  • Passing a file as argument.

  • We select we want to use the symbolic engine.

  • We taint the buffer that fread()reads from the file.

  • We create a snapshot in the function that parses the buffer read from the file.

  • When a condition is evaluated we negate it, inject the solution in memory and restore the snapshot with it.

  • The solution will be "valid" so we will satisfy the existent conditions.

Last updated