Fuzz introspector: fuzz_bfd
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
988 988 1 :

['bfd_init_section_compress_status']

990 1016 _bfd_elf_make_section_from_shdr call site: 00000 /src/binutils-gdb/bfd/elf.c:1209
988 988 1 :

['bfd_init_section_compress_status']

990 992 make_a_section_from_file call site: 00000 /src/binutils-gdb/bfd/coffgen.c:249
510 510 2 :

['try_load_plugin', 'build_plugin_list']

510 510 load_plugin call site: 00000 /src/binutils-gdb/bfd/plugin.c:571
268 1675 26 :

['image_write_l', 'alpha_vms_add_qw_reloc', 'dst_restore_location', '_bfd_abort', 'alpha_vms_add_fixup_qr', 'image_set_ptr', 'bfd_getl64', 'alpha_vms_sym_to_ctxt', 'image_write_w', 'bfd_getl32', 'image_write_q', 'alpha_vms_add_lw_reloc', 'alpha_vms_add_fixup_lp', 'alpha_vms_get_sym_value', '_bfd_vms_get_value', 'image_write', 'bfd_getl16', 'alpha_vms_add_fixup_ca', 'dst_retrieve_location', '_bfd_vms_push', 'alpha_vms_fix_sec_rel', 'image_write_b', '_bfd_vms_pop', 'dst_define_location', 'image_inc_ptr', 'alpha_vms_add_fixup_lr']

294 2251 _bfd_vms_slurp_etir call site: 00000 /src/binutils-gdb/bfd/vms-alpha.c:1987
228 261 2 :

['bfd_pef_scan', 'bfd_zalloc']

228 272 bfd_pef_object_p call site: 00000 /src/binutils-gdb/bfd/pef.c:600
123 142 7 :

['bfd_get_error', '_bfd_real_fseek', 'bfd_open_file', '_bfd_error_handler', 'bfd_set_error', 'dgettext', 'bfd_errmsg']

123 142 bfd_cache_lookup_worker call site: 00000 /src/binutils-gdb/bfd/cache.c:247
82 82 1 :

['bfd_open_file']

82 82 io_reinit call site: 00154 /src/binutils-gdb/bfd/format.c:171
71 73 3 :

['dgettext', 'bfd_link_hash_lookup', '_bfd_error_handler']

71 73 _bfd_vms_get_value call site: 00000 /src/binutils-gdb/bfd/vms-alpha.c:1786
61 138 3 :

['bfd_make_section_with_flags', 'ppcboot_set_arch_mach', 'ppcboot_mkobject']

61 149 ppcboot_object_p call site: 00000 /src/binutils-gdb/bfd/ppcboot.c:181
44 44 1 :

['s3_elf32_score_new_section_hook']

44 44 elf32_score_new_section_hook call site: 00000 /src/binutils-gdb/bfd/elf32-score.c:4392
29 29 1 :

['close_one']

29 31 bfd_cache_init call site: 00118 /src/binutils-gdb/bfd/cache.c:499
22 22 1 :

['find_target']

22 22 bfd_find_target call site: 00086 /src/binutils-gdb/bfd/./targets.c:1619

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 bfd_init [function] [call site] 00001
2 error_handler_fprintf [function] [call site] 00002
3 _bfd_doprnt_scan [function] [call site] 00003
4 strchr [call site] 00004
4 strchr [call site] 00005
4 _bfd_abort [function] [call site] 00006
5 dgettext [call site] 00007
5 _bfd_error_handler [function] [call site] 00008
5 dgettext [call site] 00009
5 _bfd_error_handler [function] [call site] 00010
5 dgettext [call site] 00011
5 _bfd_error_handler [function] [call site] 00012
5 _exit [call site] 00013
4 _bfd_abort [function] [call site] 00014
4 strchr [call site] 00015
4 _bfd_abort [function] [call site] 00016
4 _bfd_abort [function] [call site] 00017
4 _bfd_abort [function] [call site] 00018
4 _bfd_abort [function] [call site] 00019
3 fflush [call site] 00020
3 _bfd_get_error_program_name [function] [call site] 00021
3 fprintf [call site] 00022
3 _bfd_doprnt [function] [call site] 00023
4 strchr [call site] 00024
4 fputc [call site] 00025
4 strchr [call site] 00026
4 abs [call site] 00027
4 sprintf [call site] 00028
4 abs [call site] 00029
4 sprintf [call site] 00030
4 strchr [call site] 00031
4 _bfd_abort [function] [call site] 00032
4 _bfd_abort [function] [call site] 00033
4 bfd_get_flavour [function] [call site] 00034
4 bfd_get_flavour [function] [call site] 00035
4 bfd_get_flavour [function] [call site] 00036
4 _bfd_abort [function] [call site] 00037
4 bfd_is_thin_archive [function] [call site] 00038
4 bfd_get_filename [function] [call site] 00039
4 bfd_get_filename [function] [call site] 00040
4 bfd_get_filename [function] [call site] 00041
4 _bfd_abort [function] [call site] 00042
3 fprintf [call site] 00043
3 fputc [call site] 00044
3 fflush [call site] 00045
2 _bfd_default_assert_handler [function] [call site] 00046
3 _bfd_error_handler [function] [call site] 00047
1 abort [call site] 00048
1 strncpy [call site] 00049
1 bufferToFile [function] [call site] 00050
2 mkstemp [call site] 00051
2 __errno_location [call site] 00052
2 write [call site] 00053
2 __errno_location [call site] 00054
2 close [call site] 00055
2 close [call site] 00056
1 bfd_openr [function] [call site] 00057
2 bfd_fopen [function] [call site] 00058
3 _bfd_new_bfd [function] [call site] 00059
4 bfd_zmalloc [function] [call site] 00060
5 bfd_malloc [function] [call site] 00061
6 bfd_set_error [function] [call site] 00062
7 _bfd_abort [function] [call site] 00063
6 bfd_set_error [function] [call site] 00064
4 objalloc_create [function] [call site] 00065
4 bfd_set_error [function] [call site] 00066
4 bfd_hash_table_init_n [function] [call site] 00067
5 bfd_set_error [function] [call site] 00068
5 objalloc_create [function] [call site] 00069
5 bfd_set_error [function] [call site] 00070
5 _objalloc_alloc [function] [call site] 00071
6 _objalloc_alloc [function] [call site] 00072
5 bfd_hash_table_free [function] [call site] 00073
6 objalloc_free [function] [call site] 00074
5 bfd_set_error [function] [call site] 00075
4 bfd_section_hash_newfunc [function] [call site] 00076
5 bfd_hash_allocate [function] [call site] 00077
6 _objalloc_alloc [function] [call site] 00078
6 bfd_set_error [function] [call site] 00079
5 bfd_hash_newfunc [function] [call site] 00080
6 bfd_hash_allocate [function] [call site] 00081
4 objalloc_free [function] [call site] 00082
3 close [call site] 00083
3 bfd_find_target [function] [call site] 00084
4 getenv [call site] 00085
4 strcmp [call site] 00086
4 find_target [function] [call site] 00087
5 strcmp [call site] 00088
5 fnmatch [call site] 00089
5 bfd_set_error [function] [call site] 00090
3 close [call site] 00091
3 _bfd_delete_bfd [function] [call site] 00092
4 bfd_hash_table_free [function] [call site] 00093
4 objalloc_free [function] [call site] 00094
4 bfd_get_filename [function] [call site] 00095
3 fdopen [call site] 00096
3 _bfd_real_fopen [function] [call site] 00097
4 fopen64 [call site] 00098
4 close_on_exec [function] [call site] 00099
5 fileno [call site] 00100
5 fcntl [call site] 00101
5 fcntl [call site] 00102
3 bfd_set_error [function] [call site] 00103
3 close [call site] 00104
3 _bfd_delete_bfd [function] [call site] 00105
3 bfd_set_filename [function] [call site] 00106
4 strlen [call site] 00107
4 bfd_alloc [function] [call site] 00108
5 bfd_set_error [function] [call site] 00109
5 _objalloc_alloc [function] [call site] 00110
5 bfd_set_error [function] [call site] 00111
4 bfd_set_error [function] [call site] 00112
3 fclose [call site] 00113
3 _bfd_delete_bfd [function] [call site] 00114
3 bfd_cache_init [function] [call site] 00115
4 bfd_assert [function] [call site] 00116
5 dgettext [call site] 00117
4 bfd_cache_max_open [function] [call site] 00118
5 getrlimit [call site] 00119
5 sysconf [call site] 00120
4 close_one [function] [call site] 00121
5 _bfd_real_ftell [function] [call site] 00122
6 ftello64 [call site] 00123
5 bfd_cache_delete [function] [call site] 00124
6 fclose [call site] 00125
6 bfd_set_error [function] [call site] 00126
6 snip [function] [call site] 00127
4 insert [function] [call site] 00128
3 fclose [call site] 00129
3 _bfd_delete_bfd [function] [call site] 00130
3 bfd_set_cacheable [function] [call site] 00131
1 remove [call site] 00132
1 bfd_check_format [function] [call site] 00133
2 bfd_check_format_matches [function] [call site] 00134
3 bfd_set_error [function] [call site] 00135
3 bfd_malloc [function] [call site] 00136
3 bfd_set_error_handler [function] [call site] 00137
3 null_error_handler [function] [call site] 00138
3 _bfd_set_error_handler_caching [function] [call site] 00139
4 bfd_set_error_handler [function] [call site] 00140
3 bfd_preserve_save [function] [call site] 00141
4 bfd_alloc [function] [call site] 00142
4 bfd_hash_table_init [function] [call site] 00143
5 bfd_hash_table_init_n [function] [call site] 00144
4 bfd_section_hash_newfunc [function] [call site] 00145
3 bfd_seek [function] [call site] 00146
4 bfd_is_thin_archive [function] [call site] 00147
4 bfd_set_error [function] [call site] 00148
4 __errno_location [call site] 00149
4 bfd_set_error [function] [call site] 00150
4 bfd_set_error [function] [call site] 00151
3 bfd_reinit [function] [call site] 00152
4 io_reinit [function] [call site] 00153
5 bfd_cache_close [function] [call site] 00154
6 bfd_cache_delete [function] [call site] 00155
5 bfd_open_file [function] [call site] 00156
6 bfd_cache_max_open [function] [call site] 00157
6 close_one [function] [call site] 00158
6 bfd_get_filename [function] [call site] 00159
6 _bfd_real_fopen [function] [call site] 00160
6 bfd_get_filename [function] [call site] 00161
6 _bfd_real_fopen [function] [call site] 00162
6 bfd_get_filename [function] [call site] 00163
6 _bfd_real_fopen [function] [call site] 00164
6 bfd_get_filename [function] [call site] 00165
6 stat [call site] 00166
6 bfd_get_filename [function] [call site] 00167
6 unlink_if_ordinary [function] [call site] 00168
7 lstat [call site] 00169
7 unlink [call site] 00170
6 bfd_get_filename [function] [call site] 00171
6 _bfd_real_fopen [function] [call site] 00172
6 bfd_set_error [function] [call site] 00173
6 bfd_cache_init [function] [call site] 00174
4 bfd_section_list_clear [function] [call site] 00175
3 bfd_release [function] [call site] 00176
4 objalloc_free_block [function] [call site] 00177
5 abort [call site] 00178
3 bfd_alloc [function] [call site] 00179
3 bfd_seek [function] [call site] 00180
3 bfd_has_map [function] [call site] 00181
3 bfd_get_error [function] [call site] 00182
3 bfd_preserve_save [function] [call site] 00183
3 bfd_preserve_restore [function] [call site] 00184
4 bfd_hash_table_free [function] [call site] 00185
4 io_reinit [function] [call site] 00186
4 bfd_release [function] [call site] 00187
3 bfd_reinit [function] [call site] 00188
3 bfd_release [function] [call site] 00189
3 bfd_seek [function] [call site] 00190
3 bfd_assert [function] [call site] 00191
3 bfd_preserve_finish [function] [call site] 00192
4 bfd_hash_table_free [function] [call site] 00193
3 bfd_preserve_finish [function] [call site] 00194
3 bfd_set_error_handler [function] [call site] 00195
3 _bfd_per_xvec_warn [function] [call site] 00196
4 bfd_malloc [function] [call site] 00197
3 print_warnmsg [function] [call site] 00198
4 fflush [call site] 00199
4 _bfd_get_error_program_name [function] [call site] 00200
4 fprintf [call site] 00201
4 fputs [call site] 00202
4 fputc [call site] 00203
4 fflush [call site] 00204
3 _bfd_per_xvec_warn [function] [call site] 00205
3 clear_warnmsg [function] [call site] 00206
3 bfd_set_error [function] [call site] 00207
3 bfd_set_error [function] [call site] 00208
3 bfd_preserve_finish [function] [call site] 00209
3 bfd_preserve_restore [function] [call site] 00210
3 bfd_set_error_handler [function] [call site] 00211
3 _bfd_per_xvec_warn [function] [call site] 00212
3 print_warnmsg [function] [call site] 00213
3 clear_warnmsg [function] [call site] 00214
1 bfd_close [function] [call site] 00215
2 bfd_close_all_done [function] [call site] 00216
3 _maybe_make_executable [function] [call site] 00217
4 bfd_get_filename [function] [call site] 00218
4 stat [call site] 00219
4 umask [call site] 00220
4 umask [call site] 00221
4 bfd_get_filename [function] [call site] 00222
4 chmod [call site] 00223
3 _bfd_delete_bfd [function] [call site] 00224
1 remove [call site] 00225