Fuzz introspector: fuzz_sdp
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2 2 1 :

['syslog']

2 2 sdp_uuid_extract call site: 00038 /src/bluez/lib/sdp.c:998
2 2 1 :

['syslog']

2 2 sdp_uuid_extract call site: 00041 /src/bluez/lib/sdp.c:1005
2 2 1 :

['syslog']

2 2 sdp_extract_seqtype call site: 00007 /src/bluez/lib/sdp.c:1220
2 2 1 :

['syslog']

2 2 sdp_extract_seqtype call site: 00008 /src/bluez/lib/sdp.c:1229
2 2 1 :

['syslog']

2 2 sdp_extract_seqtype call site: 00010 /src/bluez/lib/sdp.c:1238
2 2 2 :

['syslog', 'free']

2 2 extract_int call site: 00023 /src/bluez/lib/sdp.c:1057
2 2 2 :

['syslog', 'free']

2 2 extract_int call site: 00025 /src/bluez/lib/sdp.c:1067
2 2 2 :

['syslog', 'free']

2 2 extract_int call site: 00029 /src/bluez/lib/sdp.c:1087
2 2 2 :

['syslog', 'free']

2 2 extract_seq call site: 00071 /src/bluez/lib/sdp.c:1269
0 0 None 10 26 extract_int call site: 00022 /src/bluez/lib/sdp.c:1032
0 0 None 10 18 extract_str call site: 00061 /src/bluez/lib/sdp.c:1136
0 0 None 4 10 sdp_data_alloc_with_length call site: 00097 /src/bluez/lib/sdp.c:350

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 openlog [call site] 00001
1 sdp_extract_pdu [function] [call site] 00002
2 sdp_record_alloc [function] [call site] 00003
3 bt_malloc0 [function] [call site] 00004
4 calloc [call site] 00005
2 sdp_extract_seqtype [function] [call site] 00006
3 syslog [call site] 00007
3 syslog [call site] 00008
3 syslog [call site] 00009
3 bt_get_be16 [function] [call site] 00010
4 __bswap_16 [function] [call site] 00011
3 syslog [call site] 00012
3 bt_get_be32 [function] [call site] 00013
4 __bswap_32 [function] [call site] 00014
3 syslog [call site] 00015
2 syslog [call site] 00016
2 bt_get_be16 [function] [call site] 00017
2 sdp_extract_attr [function] [call site] 00018
3 syslog [call site] 00019
3 extract_int [function] [call site] 00020
4 syslog [call site] 00021
4 bt_malloc0 [function] [call site] 00022
4 syslog [call site] 00023
4 syslog [call site] 00024
4 bt_get_be16 [function] [call site] 00025
4 syslog [call site] 00026
4 bt_get_be32 [function] [call site] 00027
4 syslog [call site] 00028
4 bt_get_be64 [function] [call site] 00029
5 __bswap_64 [function] [call site] 00030
4 syslog [call site] 00031
4 ntoh128 [function] [call site] 00032
5 bswap_128 [function] [call site] 00033
3 extract_uuid [function] [call site] 00034
4 bt_malloc0 [function] [call site] 00035
4 sdp_uuid_extract [function] [call site] 00036
5 syslog [call site] 00037
5 syslog [call site] 00038
5 syslog [call site] 00039
5 bt_get_be16 [function] [call site] 00040
5 sdp_uuid16_create [function] [call site] 00041
5 syslog [call site] 00042
5 bt_get_be32 [function] [call site] 00043
5 sdp_uuid32_create [function] [call site] 00044
5 syslog [call site] 00045
5 sdp_uuid128_create [function] [call site] 00046
4 sdp_pattern_add_uuid [function] [call site] 00047
5 sdp_uuid_to_uuid128 [function] [call site] 00048
6 bt_malloc0 [function] [call site] 00049
6 sdp_uuid32_to_uuid128 [function] [call site] 00050
7 htonl [call site] 00051
6 sdp_uuid16_to_uuid128 [function] [call site] 00052
7 htons [call site] 00053
5 sdp_list_find [function] [call site] 00054
5 sdp_uuid128_cmp [function] [call site] 00055
6 memcmp [call site] 00056
5 sdp_list_insert_sorted [function] [call site] 00057
5 bt_free [function] [call site] 00058
3 extract_str [function] [call site] 00059
4 syslog [call site] 00060
4 bt_malloc0 [function] [call site] 00061
4 syslog [call site] 00062
4 syslog [call site] 00063
4 bt_get_be16 [function] [call site] 00064
4 syslog [call site] 00065
4 syslog [call site] 00066
4 bt_malloc0 [function] [call site] 00067
4 syslog [call site] 00068
3 extract_seq [function] [call site] 00069
4 bt_malloc0 [function] [call site] 00070
4 sdp_extract_seqtype [function] [call site] 00071
4 syslog [call site] 00072
4 sdp_extract_attr [function] [call site] 00073
5 syslog [call site] 00074
2 extract_svclass_uuid [function] [call site] 00075
2 sdp_attr_replace [function] [call site] 00076
3 sdp_data_get [function] [call site] 00077
4 sdp_list_find [function] [call site] 00078
4 sdp_attrid_comp_func [function] [call site] 00079
3 sdp_list_remove [function] [call site] 00080
3 sdp_data_free [function] [call site] 00081
4 data_seq_free [function] [call site] 00082
5 sdp_data_free [function] [call site] 00083
3 sdp_list_insert_sorted [function] [call site] 00084
3 extract_svclass_uuid [function] [call site] 00085
1 sdp_copy_record [function] [call site] 00086
2 sdp_record_alloc [function] [call site] 00087
2 sdp_list_foreach [function] [call site] 00088
2 sdp_copy_pattern [function] [call site] 00089
3 sdp_pattern_add_uuid [function] [call site] 00090
2 sdp_list_foreach [function] [call site] 00091
2 sdp_copy_attrlist [function] [call site] 00092
3 sdp_data_value [function] [call site] 00093
4 sdp_copy_seq [function] [call site] 00094
5 sdp_data_value [function] [call site] 00095
5 sdp_data_alloc_with_length [function] [call site] 00096
6 bt_malloc0 [function] [call site] 00097
6 sdp_uuid16_create [function] [call site] 00098
6 sdp_uuid32_create [function] [call site] 00099
6 sdp_uuid128_create [function] [call site] 00100
6 syslog [call site] 00101
6 syslog [call site] 00102
3 sdp_attr_add_new [function] [call site] 00103
4 sdp_data_alloc [function] [call site] 00104
5 strlen [call site] 00105
5 sdp_data_alloc_with_length [function] [call site] 00106
4 sdp_attr_replace [function] [call site] 00107
3 sdp_attr_add_new_with_length [function] [call site] 00108
4 sdp_data_alloc_with_length [function] [call site] 00109
4 sdp_attr_replace [function] [call site] 00110
1 sdp_record_free [function] [call site] 00111
2 sdp_list_free [function] [call site] 00112
2 sdp_list_free [function] [call site] 00113
1 sdp_record_free [function] [call site] 00114
1 closelog [call site] 00115