Fuzz introspector: fuzz_sdp
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2 2 1 :

['syslog']

2 2 sdp_data_alloc_with_length call site: 00102 /src/bluez/lib/sdp.c:424
2 2 1 :

['syslog']

2 2 sdp_uuid_extract call site: 00038 /src/bluez/lib/sdp.c:1008
2 2 1 :

['syslog']

2 2 sdp_uuid_extract call site: 00041 /src/bluez/lib/sdp.c:1015
2 2 1 :

['syslog']

2 2 sdp_extract_seqtype call site: 00007 /src/bluez/lib/sdp.c:1230
2 2 1 :

['syslog']

2 2 sdp_extract_seqtype call site: 00008 /src/bluez/lib/sdp.c:1239
2 2 1 :

['syslog']

2 2 sdp_extract_seqtype call site: 00010 /src/bluez/lib/sdp.c:1248
2 2 2 :

['free', 'syslog']

2 2 extract_int call site: 00022 /src/bluez/lib/sdp.c:1057
2 2 2 :

['free', 'syslog']

2 2 extract_int call site: 00023 /src/bluez/lib/sdp.c:1067
2 2 2 :

['free', 'syslog']

2 2 extract_int call site: 00025 /src/bluez/lib/sdp.c:1077
2 2 2 :

['free', 'syslog']

2 2 extract_int call site: 00027 /src/bluez/lib/sdp.c:1087
2 2 2 :

['free', 'syslog']

2 2 extract_seq call site: 00072 /src/bluez/lib/sdp.c:1279
0 0 None 10 26 extract_int call site: 00022 /src/bluez/lib/sdp.c:1042

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 openlog [call site] 00001
1 sdp_extract_pdu [function] [call site] 00002
2 sdp_record_alloc [function] [call site] 00003
3 bt_malloc0 [function] [call site] 00004
4 calloc [call site] 00005
2 sdp_extract_seqtype [function] [call site] 00006
3 syslog [call site] 00007
3 syslog [call site] 00008
3 syslog [call site] 00009
3 bt_get_be16 [function] [call site] 00010
4 __bswap_16 [function] [call site] 00011
3 syslog [call site] 00012
3 bt_get_be32 [function] [call site] 00013
4 __bswap_32 [function] [call site] 00014
3 syslog [call site] 00015
2 syslog [call site] 00016
2 bt_get_be16 [function] [call site] 00017
2 sdp_extract_attr [function] [call site] 00018
3 syslog [call site] 00019
3 extract_int [function] [call site] 00020
4 syslog [call site] 00021
4 bt_malloc0 [function] [call site] 00022
4 syslog [call site] 00023
4 syslog [call site] 00024
4 bt_get_be16 [function] [call site] 00025
4 syslog [call site] 00026
4 bt_get_be32 [function] [call site] 00027
4 syslog [call site] 00028
4 bt_get_be64 [function] [call site] 00029
5 __bswap_64 [function] [call site] 00030
4 syslog [call site] 00031
4 ntoh128 [function] [call site] 00032
5 bswap_128 [function] [call site] 00033
3 extract_uuid [function] [call site] 00034
4 bt_malloc0 [function] [call site] 00035
4 sdp_uuid_extract [function] [call site] 00036
5 syslog [call site] 00037
5 syslog [call site] 00038
5 syslog [call site] 00039
5 bt_get_be16 [function] [call site] 00040
5 sdp_uuid16_create [function] [call site] 00041
5 syslog [call site] 00042
5 bt_get_be32 [function] [call site] 00043
5 sdp_uuid32_create [function] [call site] 00044
5 syslog [call site] 00045
5 sdp_uuid128_create [function] [call site] 00046
4 sdp_pattern_add_uuid [function] [call site] 00047
5 sdp_uuid_to_uuid128 [function] [call site] 00048
6 bt_malloc0 [function] [call site] 00049
6 sdp_uuid32_to_uuid128 [function] [call site] 00050
7 htonl [call site] 00051
6 sdp_uuid16_to_uuid128 [function] [call site] 00052
7 htons [call site] 00053
5 sdp_list_find [function] [call site] 00054
5 sdp_uuid128_cmp [function] [call site] 00055
6 memcmp [call site] 00056
5 sdp_list_insert_sorted [function] [call site] 00057
5 sdp_uuid128_cmp [function] [call site] 00058
5 bt_free [function] [call site] 00059
3 extract_str [function] [call site] 00060
4 syslog [call site] 00061
4 bt_malloc0 [function] [call site] 00062
4 syslog [call site] 00063
4 syslog [call site] 00064
4 bt_get_be16 [function] [call site] 00065
4 syslog [call site] 00066
4 syslog [call site] 00067
4 bt_malloc0 [function] [call site] 00068
4 syslog [call site] 00069
3 extract_seq [function] [call site] 00070
4 bt_malloc0 [function] [call site] 00071
4 sdp_extract_seqtype [function] [call site] 00072
4 syslog [call site] 00073
4 sdp_extract_attr [function] [call site] 00074
5 syslog [call site] 00075
2 extract_svclass_uuid [function] [call site] 00076
2 sdp_attr_replace [function] [call site] 00077
3 sdp_data_get [function] [call site] 00078
4 sdp_list_find [function] [call site] 00079
4 sdp_attrid_comp_func [function] [call site] 00080
3 sdp_list_remove [function] [call site] 00081
3 sdp_data_free [function] [call site] 00082
4 data_seq_free [function] [call site] 00083
5 sdp_data_free [function] [call site] 00084
3 sdp_list_insert_sorted [function] [call site] 00085
3 sdp_attrid_comp_func [function] [call site] 00086
3 extract_svclass_uuid [function] [call site] 00087
1 sdp_copy_record [function] [call site] 00088
2 sdp_record_alloc [function] [call site] 00089
2 sdp_list_foreach [function] [call site] 00090
2 sdp_copy_pattern [function] [call site] 00091
3 sdp_pattern_add_uuid [function] [call site] 00092
2 sdp_list_foreach [function] [call site] 00093
2 sdp_copy_attrlist [function] [call site] 00094
3 sdp_data_value [function] [call site] 00095
4 sdp_copy_seq [function] [call site] 00096
5 sdp_data_value [function] [call site] 00097
5 sdp_data_alloc_with_length [function] [call site] 00098
6 bt_malloc0 [function] [call site] 00099
6 sdp_uuid16_create [function] [call site] 00100
6 sdp_uuid32_create [function] [call site] 00101
6 sdp_uuid128_create [function] [call site] 00102
6 bt_malloc0 [function] [call site] 00103
6 syslog [call site] 00104
6 syslog [call site] 00105
5 sdp_data_free [function] [call site] 00106
3 sdp_attr_add_new [function] [call site] 00107
4 sdp_data_alloc [function] [call site] 00108
5 strlen [call site] 00109
5 sdp_data_alloc_with_length [function] [call site] 00110
4 sdp_attr_replace [function] [call site] 00111
3 sdp_attr_add_new_with_length [function] [call site] 00112
4 sdp_data_alloc_with_length [function] [call site] 00113
4 sdp_attr_replace [function] [call site] 00114
1 sdp_record_free [function] [call site] 00115
2 sdp_list_free [function] [call site] 00116
2 sdp_data_free [function] [call site] 00117
2 sdp_list_free [function] [call site] 00118
1 sdp_record_free [function] [call site] 00119
1 closelog [call site] 00120