Fuzz introspector: fuzz_strings
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
1875 1875 2 :

['_bfd_elf_setup_sections', 'bfd_section_from_shdr']

1877 1890 bfd_elf64_object_p call site: 00000 /src/binutils-gdb/bfd/./elfcode.h:871
1875 1875 2 :

['_bfd_elf_setup_sections', 'bfd_section_from_shdr']

1877 1890 bfd_elf32_object_p call site: 00000 /src/binutils-gdb/bfd/./elfcode.h:871
1060 1154 6 :

['_bfd_vms_slurp_etbt', '_bfd_vms_slurp_egsd', '_bfd_vms_slurp_edbg', '_bfd_vms_slurp_eeom', '_bfd_vms_get_object_record', '_bfd_vms_slurp_ehdr']

1060 1154 _bfd_vms_slurp_object_records call site: 00000 /src/binutils-gdb/bfd/vms-alpha.c:2705
988 988 1 :

['bfd_init_section_compress_status']

990 992 make_a_section_from_file call site: 00000 /src/binutils-gdb/bfd/coffgen.c:249
510 510 2 :

['try_load_plugin', 'build_plugin_list']

510 510 load_plugin call site: 00000 /src/binutils-gdb/bfd/plugin.c:571
236 269 2 :

['bfd_pef_scan', 'bfd_zalloc']

236 280 bfd_pef_object_p call site: 00000 /src/binutils-gdb/bfd/pef.c:599
220 240 3 :

['ihex_scan', 'bfd_release', 'ihex_mkobject']

220 262 ihex_object_p call site: 00000 /src/binutils-gdb/bfd/ihex.c:505
76 201 7 :

['bfd_getl64', 'bfd_set_section_flags', 'bfd_assert', '_bfd_vms_save_counted_string', 'bfd_alloc', 'bfd_getl32', 'bfd_make_section']

76 201 _bfd_vms_slurp_eisd call site: 00000 /src/binutils-gdb/bfd/vms-alpha.c:554
61 206 6 :

['bfd_get_error', 'bfd_make_section_with_flags', 'bfd_read', 'ppcboot_mkobject', 'bfd_stat', 'ppcboot_set_arch_mach']

61 272 ppcboot_object_p call site: 00000 /src/binutils-gdb/bfd/ppcboot.c:145
50 632 4 :

['bfd_default_set_arch_mach', '_bfd_vms_slurp_object_records', 'bfd_getl16', '_bfd_vms_slurp_ehdr']

50 666 alpha_vms_object_p call site: 00000 /src/binutils-gdb/bfd/vms-alpha.c:2888
33 33 1 :

['bfd_pef_xlib_scan']

33 44 bfd_pef_xlib_object_p call site: 00000 /src/binutils-gdb/bfd/pef.c:1132
30 82 3 :

['bfd_read', 'maybe_adjust_record_pointer_for_object', 'bfd_realloc_or_free']

30 104 vms_get_remaining_object_record call site: 00000 /src/binutils-gdb/bfd/vms-alpha.c:847

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 getpid [call site] 00001
1 fopen [call site] 00002
1 fwrite [call site] 00003
1 fclose [call site] 00004
1 strings_object_file [function] [call site] 00005
2 bfd_openr [function] [call site] 00006
3 bfd_fopen [function] [call site] 00007
4 _bfd_new_bfd [function] [call site] 00008
5 bfd_zmalloc [function] [call site] 00009
6 bfd_malloc [function] [call site] 00010
7 bfd_set_error [function] [call site] 00011
8 _bfd_abort [function] [call site] 00012
9 dgettext [call site] 00013
9 _bfd_error_handler [function] [call site] 00014
9 dgettext [call site] 00015
9 _bfd_error_handler [function] [call site] 00016
9 dgettext [call site] 00017
9 _bfd_error_handler [function] [call site] 00018
9 _exit [call site] 00019
7 bfd_set_error [function] [call site] 00020
5 objalloc_create [function] [call site] 00021
5 bfd_set_error [function] [call site] 00022
5 bfd_hash_table_init_n [function] [call site] 00023
6 bfd_set_error [function] [call site] 00024
6 objalloc_create [function] [call site] 00025
6 bfd_set_error [function] [call site] 00026
6 _objalloc_alloc [function] [call site] 00027
7 _objalloc_alloc [function] [call site] 00028
6 bfd_hash_table_free [function] [call site] 00029
7 objalloc_free [function] [call site] 00030
6 bfd_set_error [function] [call site] 00031
5 bfd_section_hash_newfunc [function] [call site] 00032
6 bfd_hash_allocate [function] [call site] 00033
7 _objalloc_alloc [function] [call site] 00034
7 bfd_set_error [function] [call site] 00035
6 bfd_hash_newfunc [function] [call site] 00036
7 bfd_hash_allocate [function] [call site] 00037
5 objalloc_free [function] [call site] 00038
4 close [call site] 00039
4 bfd_find_target [function] [call site] 00040
5 getenv [call site] 00041
5 strcmp [call site] 00042
5 find_target [function] [call site] 00043
6 strcmp [call site] 00044
6 fnmatch [call site] 00045
6 bfd_set_error [function] [call site] 00046
4 close [call site] 00047
4 _bfd_delete_bfd [function] [call site] 00048
5 bfd_hash_table_free [function] [call site] 00049
5 objalloc_free [function] [call site] 00050
5 bfd_get_filename [function] [call site] 00051
4 fdopen [call site] 00052
4 _bfd_real_fopen [function] [call site] 00053
5 fopen64 [call site] 00054
5 close_on_exec [function] [call site] 00055
6 fileno [call site] 00056
6 fcntl [call site] 00057
6 fcntl [call site] 00058
4 bfd_set_error [function] [call site] 00059
4 close [call site] 00060
4 _bfd_delete_bfd [function] [call site] 00061
4 bfd_set_filename [function] [call site] 00062
5 strlen [call site] 00063
5 bfd_alloc [function] [call site] 00064
6 bfd_set_error [function] [call site] 00065
6 _objalloc_alloc [function] [call site] 00066
6 bfd_set_error [function] [call site] 00067
5 bfd_set_error [function] [call site] 00068
4 fclose [call site] 00069
4 _bfd_delete_bfd [function] [call site] 00070
4 bfd_cache_init [function] [call site] 00071
5 bfd_assert [function] [call site] 00072
6 dgettext [call site] 00073
5 bfd_cache_max_open [function] [call site] 00074
6 getrlimit [call site] 00075
6 sysconf [call site] 00076
5 close_one [function] [call site] 00077
6 _bfd_real_ftell [function] [call site] 00078
7 ftello64 [call site] 00079
6 bfd_cache_delete [function] [call site] 00080
7 fclose [call site] 00081
7 bfd_set_error [function] [call site] 00082
7 snip [function] [call site] 00083
5 insert [function] [call site] 00084
4 fclose [call site] 00085
4 _bfd_delete_bfd [function] [call site] 00086
4 bfd_set_cacheable [function] [call site] 00087
2 bfd_check_format [function] [call site] 00088
3 bfd_check_format_matches [function] [call site] 00089
4 bfd_set_error [function] [call site] 00090
4 bfd_malloc [function] [call site] 00091
4 bfd_set_error_handler [function] [call site] 00092
4 null_error_handler [function] [call site] 00093
4 _bfd_set_error_handler_caching [function] [call site] 00094
5 bfd_set_error_handler [function] [call site] 00095
4 bfd_preserve_save [function] [call site] 00096
5 bfd_alloc [function] [call site] 00097
5 bfd_hash_table_init [function] [call site] 00098
6 bfd_hash_table_init_n [function] [call site] 00099
5 bfd_section_hash_newfunc [function] [call site] 00100
4 bfd_seek [function] [call site] 00101
5 bfd_is_thin_archive [function] [call site] 00102
5 bfd_set_error [function] [call site] 00103
5 bfd_assert [function] [call site] 00104
5 __errno_location [call site] 00105
5 bfd_set_error [function] [call site] 00106
5 bfd_set_error [function] [call site] 00107
4 bfd_reinit [function] [call site] 00108
5 io_reinit [function] [call site] 00109
6 bfd_cache_close [function] [call site] 00110
7 bfd_cache_delete [function] [call site] 00111
6 bfd_open_file [function] [call site] 00112
7 bfd_cache_max_open [function] [call site] 00113
7 close_one [function] [call site] 00114
7 bfd_get_filename [function] [call site] 00115
7 _bfd_real_fopen [function] [call site] 00116
7 bfd_get_filename [function] [call site] 00117
7 _bfd_real_fopen [function] [call site] 00118
7 bfd_get_filename [function] [call site] 00119
7 _bfd_real_fopen [function] [call site] 00120
7 bfd_get_filename [function] [call site] 00121
7 stat [call site] 00122
7 bfd_get_filename [function] [call site] 00123
7 unlink_if_ordinary [function] [call site] 00124
8 lstat [call site] 00125
8 unlink [call site] 00126
7 bfd_get_filename [function] [call site] 00127
7 _bfd_real_fopen [function] [call site] 00128
7 bfd_set_error [function] [call site] 00129
7 bfd_cache_init [function] [call site] 00130
5 bfd_section_list_clear [function] [call site] 00131
4 bfd_release [function] [call site] 00132
5 objalloc_free_block [function] [call site] 00133
6 abort [call site] 00134
4 bfd_alloc [function] [call site] 00135
4 bfd_seek [function] [call site] 00136
4 bfd_has_map [function] [call site] 00137
4 bfd_get_error [function] [call site] 00138
4 bfd_preserve_save [function] [call site] 00139
4 bfd_preserve_restore [function] [call site] 00140
5 bfd_hash_table_free [function] [call site] 00141
5 io_reinit [function] [call site] 00142
5 bfd_release [function] [call site] 00143
4 bfd_reinit [function] [call site] 00144
4 bfd_release [function] [call site] 00145
4 bfd_seek [function] [call site] 00146
4 bfd_assert [function] [call site] 00147
4 bfd_preserve_finish [function] [call site] 00148
5 bfd_hash_table_free [function] [call site] 00149
4 bfd_preserve_finish [function] [call site] 00150
4 bfd_set_error_handler [function] [call site] 00151
4 _bfd_per_xvec_warn [function] [call site] 00152
5 bfd_malloc [function] [call site] 00153
4 print_warnmsg [function] [call site] 00154
5 fflush [call site] 00155
5 _bfd_get_error_program_name [function] [call site] 00156
5 fprintf [call site] 00157
5 fputs [call site] 00158
5 fputc [call site] 00159
5 fflush [call site] 00160
4 _bfd_per_xvec_warn [function] [call site] 00161
4 clear_warnmsg [function] [call site] 00162
4 bfd_set_error [function] [call site] 00163
4 bfd_set_error [function] [call site] 00164
4 bfd_preserve_finish [function] [call site] 00165
4 bfd_preserve_restore [function] [call site] 00166
4 bfd_set_error_handler [function] [call site] 00167
4 _bfd_per_xvec_warn [function] [call site] 00168
4 print_warnmsg [function] [call site] 00169
4 clear_warnmsg [function] [call site] 00170
2 bfd_close [function] [call site] 00171
3 bfd_close_all_done [function] [call site] 00172
4 _maybe_make_executable [function] [call site] 00173
5 bfd_get_filename [function] [call site] 00174
5 stat [call site] 00175
5 umask [call site] 00176
5 umask [call site] 00177
5 bfd_get_filename [function] [call site] 00178
5 chmod [call site] 00179
4 _bfd_delete_bfd [function] [call site] 00180
2 strings_a_section [function] [call site] 00181
3 bfd_section_size [function] [call site] 00182
3 bfd_malloc_and_get_section [function] [call site] 00183
4 bfd_get_full_section_contents [function] [call site] 00184
5 bfd_get_section_limit_octets [function] [call site] 00185
5 bfd_get_section_alloc_size [function] [call site] 00186
5 _bfd_section_size_insane [function] [call site] 00187
6 bfd_get_section_limit_octets [function] [call site] 00188
6 bfd_section_flags [function] [call site] 00189
6 bfd_section_flags [function] [call site] 00190
6 bfd_section_flags [function] [call site] 00191
6 bfd_get_flavour [function] [call site] 00192
6 bfd_get_file_size [function] [call site] 00193
7 bfd_is_thin_archive [function] [call site] 00194
7 memcmp [call site] 00195
7 bfd_get_size [function] [call site] 00196
8 bfd_stat [function] [call site] 00197
9 bfd_is_thin_archive [function] [call site] 00198
9 bfd_set_error [function] [call site] 00199
9 bfd_set_error [function] [call site] 00200
6 bfd_set_error [function] [call site] 00201
6 bfd_set_error [function] [call site] 00202
5 dgettext [call site] 00203
5 _bfd_error_handler [function] [call site] 00204
5 bfd_malloc [function] [call site] 00205
5 dgettext [call site] 00206
5 _bfd_error_handler [function] [call site] 00207
5 bfd_get_section_contents [function] [call site] 00208
6 bfd_get_section_limit_octets [function] [call site] 00209
6 bfd_set_error [function] [call site] 00210
6 bfd_set_error [function] [call site] 00211
5 bfd_malloc [function] [call site] 00212
5 bfd_get_section_contents [function] [call site] 00213
5 bfd_malloc [function] [call site] 00214
5 bfd_get_compression_header_size [function] [call site] 00215
6 bfd_get_flavour [function] [call site] 00216
5 decompress_contents [function] [call site] 00217
6 inflateInit_ [function] [call site] 00218
7 inflateInit2_ [function] [call site] 00219
8 zcalloc [function] [call site] 00220
8 zcfree [function] [call site] 00221
8 inflateReset2 [function] [call site] 00222
9 inflateStateCheck [function] [call site] 00223
9 inflateReset [function] [call site] 00224
10 inflateStateCheck [function] [call site] 00225
10 inflateResetKeep [function] [call site] 00226
11 inflateStateCheck [function] [call site] 00227
6 inflate [function] [call site] 00228
7 inflateStateCheck [function] [call site] 00229
7 crc32 [function] [call site] 00230
8 crc32_z [function] [call site] 00231
9 crc_word [function] [call site] 00232
9 crc_word [function] [call site] 00233
9 crc_word [function] [call site] 00234
9 crc_word [function] [call site] 00235
9 crc_word [function] [call site] 00236
9 byte_swap [function] [call site] 00237
9 crc_word_big [function] [call site] 00238
9 crc_word_big [function] [call site] 00239
9 crc_word_big [function] [call site] 00240
9 crc_word_big [function] [call site] 00241
9 crc_word_big [function] [call site] 00242
9 byte_swap [function] [call site] 00243
7 crc32 [function] [call site] 00244
7 adler32 [function] [call site] 00245
8 adler32_z [function] [call site] 00246
7 crc32 [function] [call site] 00247
7 crc32 [function] [call site] 00248
7 crc32 [function] [call site] 00249
7 crc32 [function] [call site] 00250
7 crc32 [function] [call site] 00251
7 crc32 [function] [call site] 00252
7 crc32 [function] [call site] 00253
7 crc32 [function] [call site] 00254
7 adler32 [function] [call site] 00255
7 fixedtables [function] [call site] 00256
7 inflate_table [function] [call site] 00257
7 inflate_table [function] [call site] 00258
7 inflate_table [function] [call site] 00259
7 inflate_fast [function] [call site] 00260
7 crc32 [function] [call site] 00261
7 adler32 [function] [call site] 00262
7 updatewindow [function] [call site] 00263
7 crc32 [function] [call site] 00264
7 adler32 [function] [call site] 00265
6 inflateReset [function] [call site] 00266
6 inflateEnd [function] [call site] 00267
7 inflateStateCheck [function] [call site] 00268
5 bfd_set_error [function] [call site] 00269
5 bfd_malloc [function] [call site] 00270
5 _bfd_abort [function] [call site] 00271
3 gettext [call site] 00272
3 bfd_get_error [function] [call site] 00273
3 non_fatal [function] [call site] 00274
4 report [function] [call site] 00275
5 fflush [call site] 00276
5 fprintf [call site] 00277
5 vfprintf [call site] 00278
5 putc [call site] 00279
3 print_strings [function] [call site] 00280
4 print_unicode_buffer [function] [call site] 00281
5 fprintf [call site] 00282
5 is_valid_utf8 [function] [call site] 00283
5 print_filename_and_address [function] [call site] 00284
6 printf [call site] 00285
6 printf [call site] 00286
6 printf [call site] 00287
5 putchar [call site] 00288
5 is_valid_utf8 [function] [call site] 00289
5 display_utf8_char [function] [call site] 00290
6 fprintf [call site] 00291
6 isatty [call site] 00292
6 printf [call site] 00293
6 printf [call site] 00294
6 printf [call site] 00295
6 printf [call site] 00296
6 isatty [call site] 00297
6 printf [call site] 00298
6 putchar [call site] 00299
6 printf [call site] 00300
6 printf [call site] 00301
6 putchar [call site] 00302
6 printf [call site] 00303
5 fputs [call site] 00304
5 putchar [call site] 00305
5 print_unicode_buffer [function] [call site] 00306
4 print_unicode_stream [function] [call site] 00307
5 fprintf [call site] 00308
5 xmalloc [function] [call site] 00309
6 xmalloc_failed [function] [call site] 00310
7 sbrk [call site] 00311
7 sbrk [call site] 00312
7 fprintf [call site] 00313
7 xexit [function] [call site] 00314
8 exit [call site] 00315
5 print_unicode_stream_body [function] [call site] 00316
6 get_unicode_byte [function] [call site] 00317
7 getc_unlocked [call site] 00318
6 get_unicode_byte [function] [call site] 00319
6 get_unicode_byte [function] [call site] 00320
6 get_unicode_byte [function] [call site] 00321
6 print_filename_and_address [function] [call site] 00322
6 putchar [call site] 00323
6 display_utf8_char [function] [call site] 00324
6 get_unicode_byte [function] [call site] 00325
6 putchar [call site] 00326
6 get_unicode_byte [function] [call site] 00327
6 display_utf8_char [function] [call site] 00328
6 get_unicode_byte [function] [call site] 00329
6 display_utf8_char [function] [call site] 00330
6 get_unicode_byte [function] [call site] 00331
6 display_utf8_char [function] [call site] 00332
6 fputs [call site] 00333
6 putchar [call site] 00334
6 print_unicode_stream_body [function] [call site] 00335
4 xmalloc [function] [call site] 00336
4 get_char [function] [call site] 00337
5 getc_unlocked [call site] 00338
4 unget_part_char [function] [call site] 00339
4 print_filename_and_address [function] [call site] 00340
4 fputs [call site] 00341
4 get_char [function] [call site] 00342
4 unget_part_char [function] [call site] 00343
4 putchar [call site] 00344
4 fputs [call site] 00345
4 putchar [call site] 00346
2 bfd_close [function] [call site] 00347
2 bfd_nonfatal [function] [call site] 00348
3 bfd_get_error [function] [call site] 00349
3 gettext [call site] 00350
3 bfd_errmsg [function] [call site] 00351
4 bfd_errmsg [function] [call site] 00352
5 dgettext [call site] 00353
5 bfd_get_filename [function] [call site] 00354
5 bfd_asprintf [function] [call site] 00355
6 bfd_set_error [function] [call site] 00356
5 __errno_location [call site] 00357
5 xstrerror [function] [call site] 00358
6 sprintf [call site] 00359
5 dgettext [call site] 00360
3 fflush [call site] 00361
3 fprintf [call site] 00362
3 fprintf [call site] 00363
1 unlink [call site] 00364