Fuzz introspector: fuzz_xml
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
18 18 1 :

['g_obex_packet_set_data']

18 100 g_obex_packet_decode call site: 00000 /src/bluez/gobex/gobex-packet.c:357
8 8 1 :

['get_body']

8 8 g_obex_packet_encode call site: 00000 /src/bluez/gobex/gobex-packet.c:438
2 2 1 :

['syslog']

2 2 sdp_data_alloc_with_length call site: 00000 /src/bluez/lib/sdp.c:424
2 2 1 :

['syslog']

2 2 sdp_uuid_extract call site: 00000 /src/bluez/lib/sdp.c:1008
2 2 1 :

['syslog']

2 2 sdp_uuid_extract call site: 00000 /src/bluez/lib/sdp.c:1015
2 2 1 :

['syslog']

2 2 sdp_extract_seqtype call site: 00000 /src/bluez/lib/sdp.c:1230
2 2 1 :

['syslog']

2 2 sdp_extract_seqtype call site: 00000 /src/bluez/lib/sdp.c:1239
2 2 1 :

['syslog']

2 2 sdp_extract_seqtype call site: 00000 /src/bluez/lib/sdp.c:1248
2 2 2 :

['free', 'syslog']

2 2 extract_int call site: 00000 /src/bluez/lib/sdp.c:1057
2 2 2 :

['free', 'syslog']

2 2 extract_int call site: 00000 /src/bluez/lib/sdp.c:1067
2 2 2 :

['free', 'syslog']

2 2 extract_int call site: 00000 /src/bluez/lib/sdp.c:1077
2 2 2 :

['free', 'syslog']

2 2 extract_int call site: 00000 /src/bluez/lib/sdp.c:1087

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 sdp_xml_parse_record [function] [call site] 00001
2 sdp_record_alloc [function] [call site] 00002
3 bt_malloc0 [function] [call site] 00003
4 calloc [call site] 00004
2 g_markup_parse_context_new [call site] 00005
2 g_markup_parse_context_parse [call site] 00006
2 g_markup_parse_context_free [call site] 00007
2 sdp_record_free [function] [call site] 00008
3 sdp_list_free [function] [call site] 00009
3 sdp_list_free [function] [call site] 00010
2 g_markup_parse_context_free [call site] 00011
1 convert_sdp_record_to_xml [function] [call site] 00012
2 sdp_list_foreach [function] [call site] 00013
2 convert_raw_attr_to_xml_func [function] [call site] 00014
3 snprintf [call site] 00015
3 convert_raw_data_to_xml [function] [call site] 00016
4 snprintf [call site] 00017
4 snprintf [call site] 00018
4 snprintf [call site] 00019
4 snprintf [call site] 00020
4 sprintf [call site] 00021
4 snprintf [call site] 00022
4 snprintf [call site] 00023
4 snprintf [call site] 00024
4 snprintf [call site] 00025
4 sprintf [call site] 00026
4 snprintf [call site] 00027
4 snprintf [call site] 00028
4 snprintf [call site] 00029
4 __ctype_b_loc [call site] 00030
4 sprintf [call site] 00031
4 strndup [call site] 00032
4 convert_raw_data_to_xml [function] [call site] 00033
5 convert_raw_data_to_xml [function] [call site] 00034
6 convert_raw_data_to_xml [function] [call site] 00035
1 empty_func [function] [call site] 00036
1 sdp_record_free [function] [call site] 00037