Fuzz introspector: bn_div
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
58 60 2 :

['ERR_put_error', 'bn_fits_in_words']

58 60 bn_resize_words call site: 00156 /src/boringssl/crypto/fipsmodule/bn/bn.cc.inc:333
58 58 1 :

['ERR_put_error']

58 58 bn_usub_consttime call site: 00226 /src/boringssl/crypto/fipsmodule/bn/add.cc.inc:203
58 58 1 :

['ERR_put_error']

58 58 bn_wexpand call site: 00055 /src/boringssl/crypto/fipsmodule/bn/bn.cc.inc:305
58 58 1 :

['ERR_put_error']

58 58 BN_div call site: 00101 /src/boringssl/crypto/fipsmodule/bn/div.cc.inc:164
58 58 1 :

['ERR_put_error']

58 58 BN_lshift call site: 00146 /src/boringssl/crypto/fipsmodule/bn/shift.cc.inc:30
58 58 1 :

['ERR_put_error']

58 58 BN_rshift call site: 00171 /src/boringssl/crypto/fipsmodule/bn/shift.cc.inc:115
58 58 1 :

['ERR_put_error']

58 58 OPENSSL_malloc call site: 00024 /src/boringssl/crypto/mem.cc:206
58 58 1 :

['ERR_put_error']

58 58 bssl::Vector ::MaybeGrow() call site: 00000 /src/boringssl/crypto/fipsmodule/bn/../../mem_internal.h:338
58 58 1 :

['ERR_put_error']

58 58 bssl::Vector >::MaybeGrow() call site: 00000 /src/boringssl/crypto/fipsmodule/bn/../../mem_internal.h:338
2 2 1 :

['OPENSSL_memory_alloc']

60 60 OPENSSL_malloc call site: 00021 /src/boringssl/crypto/mem.cc:191
2 2 1 :

['OPENSSL_memory_free']

2 2 OPENSSL_free call site: 00063 /src/boringssl/crypto/mem.cc:243
0 2 1 :

['bn_fits_in_words']

116 222 bn_usub_consttime call site: 00221 /src/boringssl/crypto/fipsmodule/bn/add.cc.inc:186

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 CBS_get_u16_length_prefixed [function] [call site] 00002
2 cbs_get_length_prefixed(cbs_st*, cbs_st*, unsigned long) [function] [call site] 00003
3 cbs_get_u(cbs_st*, unsigned long*, unsigned long) [function] [call site] 00004
4 cbs_get(cbs_st*, unsigned char const**, unsigned long) [function] [call site] 00005
3 __assert_fail [call site] 00006
3 CBS_get_bytes [function] [call site] 00007
4 cbs_get(cbs_st*, unsigned char const**, unsigned long) [function] [call site] 00008
1 CBS_get_u8 [function] [call site] 00010
2 cbs_get(cbs_st*, unsigned char const**, unsigned long) [function] [call site] 00011
1 CBS_get_u16_length_prefixed [function] [call site] 00013
1 CBS_get_u8 [function] [call site] 00014
1 BN_bin2bn [function] [call site] 00018
2 BN_new [function] [call site] 00019
3 OPENSSL_malloc [function] [call site] 00020
4 should_fail_allocation() [function] [call site] 00021
4 __assert_fail [call site] 00022
4 __assert_fail [call site] 00023
4 OPENSSL_memory_alloc [call site] 00024
4 __asan_poison_memory_region(void const*, unsigned long) [function] [call site] 00025
4 ERR_put_error [function] [call site] 00026
5 err_get_state() [function] [call site] 00027
6 CRYPTO_get_thread_local [function] [call site] 00028
7 CRYPTO_once [function] [call site] 00029
8 pthread_once [call site] 00030
8 abort [call site] 00031
7 thread_local_init() [function] [call site] 00032
8 pthread_key_create [call site] 00033
8 thread_local_destructor(void*) [function] [call site] 00034
9 pthread_mutex_lock [call site] 00035
9 OPENSSL_memcpy(void*, void const*, unsigned long) [function] [call site] 00036
9 pthread_mutex_unlock [call site] 00037
7 pthread_getspecific [call site] 00038
6 OPENSSL_memset(void*, int, unsigned long) [function] [call site] 00039
6 CRYPTO_set_thread_local [function] [call site] 00040
7 CRYPTO_once [function] [call site] 00041
7 thread_local_init() [function] [call site] 00042
7 pthread_getspecific [call site] 00043
7 OPENSSL_memset(void*, int, unsigned long) [function] [call site] 00044
7 pthread_setspecific [call site] 00045
7 pthread_mutex_lock [call site] 00046
7 pthread_mutex_unlock [call site] 00047
6 err_state_free(void*) [function] [call site] 00048
7 err_clear((anonymous namespace)::err_error_st*) [function] [call site] 00049
8 OPENSSL_memset(void*, int, unsigned long) [function] [call site] 00050
5 __errno_location [call site] 00051
5 err_clear((anonymous namespace)::err_error_st*) [function] [call site] 00052
3 OPENSSL_memset(void*, int, unsigned long) [function] [call site] 00053
2 bn_wexpand [function] [call site] 00054
3 ERR_put_error [function] [call site] 00055
3 ERR_put_error [function] [call site] 00056
3 OPENSSL_calloc [function] [call site] 00057
4 ERR_put_error [function] [call site] 00058
4 OPENSSL_zalloc [function] [call site] 00059
5 OPENSSL_malloc [function] [call site] 00060
5 OPENSSL_memset(void*, int, unsigned long) [function] [call site] 00061
3 OPENSSL_memcpy(void*, void const*, unsigned long) [function] [call site] 00062
3 OPENSSL_free [function] [call site] 00063
4 OPENSSL_memory_free [call site] 00064
4 __asan_unpoison_memory_region(void const*, unsigned long) [function] [call site] 00065
4 OPENSSL_cleanse [function] [call site] 00066
5 OPENSSL_memset(void*, int, unsigned long) [function] [call site] 00067
2 BN_free [function] [call site] 00068
3 OPENSSL_free [function] [call site] 00069
3 OPENSSL_free [function] [call site] 00070
2 __assert_fail [call site] 00071
2 bn_big_endian_to_words [function] [call site] 00072
3 abort [call site] 00073
3 CRYPTO_load_word_be(void const*) [function] [call site] 00074
4 OPENSSL_memcpy(void*, void const*, unsigned long) [function] [call site] 00075
4 CRYPTO_bswap8(unsigned long) [function] [call site] 00076
3 OPENSSL_memset(void*, int, unsigned long) [function] [call site] 00077
1 BN_set_negative [function] [call site] 00078
2 BN_is_zero [function] [call site] 00079
3 bn_fits_in_words [function] [call site] 00080
1 BN_bin2bn [function] [call site] 00083
1 BN_set_negative [function] [call site] 00084
1 BN_is_zero [function] [call site] 00085
1 BN_CTX_new [function] [call site] 00086
2 bignum_ctx* bssl::New<bignum_ctx>() [function] [call site] 00087
3 OPENSSL_malloc [function] [call site] 00088
3 bignum_ctx::bignum_ctx() [function] [call site] 00089
4 bssl::Vector<std::__1::unique_ptr<bignum_st, bssl::internal::Deleter> >::Vector() [function] [call site] 00090
4 bssl::Vector<unsigned long>::Vector() [function] [call site] 00091
1 printf [call site] 00094
1 abort [call site] 00095
1 printf [call site] 00096
1 abort [call site] 00097
1 printf [call site] 00098
1 abort [call site] 00099
1 BN_div [function] [call site] 00100
2 BN_is_zero [function] [call site] 00101
2 ERR_put_error [function] [call site] 00102
2 bssl::BN_CTXScope::BN_CTXScope(bignum_ctx*) [function] [call site] 00103
3 BN_CTX_start [function] [call site] 00104
4 bssl::Vector<unsigned long>::Push(unsigned long) [function] [call site] 00105
5 bssl::Vector<unsigned long>::MaybeGrow() [function] [call site] 00106
6 ERR_put_error [function] [call site] 00107
6 ERR_put_error [function] [call site] 00108
6 OPENSSL_malloc [function] [call site] 00109
6 bssl::Vector<unsigned long>::begin() [function] [call site] 00110
6 bssl::Vector<unsigned long>::end() [function] [call site] 00111
6 bssl::Vector<unsigned long>::clear() [function] [call site] 00112
7 OPENSSL_free [function] [call site] 00113
4 ERR_clear_error [function] [call site] 00114
5 err_get_state() [function] [call site] 00115
5 err_clear((anonymous namespace)::err_error_st*) [function] [call site] 00116
2 BN_CTX_get [function] [call site] 00117
3 ERR_put_error [function] [call site] 00118
3 bssl::Vector<std::__1::unique_ptr<bignum_st, bssl::internal::Deleter> >::size() const [function] [call site] 00119
3 bssl::Vector<std::__1::unique_ptr<bignum_st, bssl::internal::Deleter> >::Push(std::__1::unique_ptr<bignum_st, bssl::internal::Deleter>) [function] [call site] 00121
4 bssl::Vector<std::__1::unique_ptr<bignum_st, bssl::internal::Deleter> >::MaybeGrow() [function] [call site] 00122
5 bssl::Vector<std::__1::unique_ptr<bignum_st, bssl::internal::Deleter> >::begin() [function] [call site] 00123
5 bssl::Vector<std::__1::unique_ptr<bignum_st, bssl::internal::Deleter> >::end() [function] [call site] 00124
5 bssl::Vector<std::__1::unique_ptr<bignum_st, bssl::internal::Deleter> >::clear() [function] [call site] 00125
3 ERR_put_error [function] [call site] 00126
3 bssl::Vector<std::__1::unique_ptr<bignum_st, bssl::internal::Deleter> >::operator[](unsigned long) [function] [call site] 00127
4 abort [call site] 00128
2 BN_CTX_get [function] [call site] 00130
2 BN_CTX_get [function] [call site] 00131
2 BN_CTX_get [function] [call site] 00132
2 bssl::BN_CTXScope::~BN_CTXScope() [function] [call site] 00133
3 BN_CTX_end [function] [call site] 00134
4 bssl::Vector<unsigned long>::empty() const [function] [call site] 00135
4 __assert_fail [call site] 00136
4 bssl::Vector<unsigned long>::back() [function] [call site] 00137
5 abort [call site] 00138
4 bssl::Vector<unsigned long>::pop_back() [function] [call site] 00139
5 abort [call site] 00140
3 __clang_call_terminate [call site] 00141
4 __cxa_begin_catch [call site] 00142
2 BN_num_bits [function] [call site] 00143
3 bn_minimal_width [function] [call site] 00144
3 BN_num_bits_word [function] [call site] 00145
2 BN_lshift [function] [call site] 00146
3 ERR_put_error [function] [call site] 00147
3 bn_wexpand [function] [call site] 00148
3 OPENSSL_memset(void*, int, unsigned long) [function] [call site] 00149
3 bn_set_minimal_width [function] [call site] 00150
4 bn_minimal_width [function] [call site] 00151
2 BN_lshift [function] [call site] 00152
2 bn_set_minimal_width [function] [call site] 00153
2 bn_set_minimal_width [function] [call site] 00154
2 __assert_fail [call site] 00155
2 bn_resize_words [function] [call site] 00156
3 bn_wexpand [function] [call site] 00157
3 OPENSSL_memset(void*, int, unsigned long) [function] [call site] 00158
3 bn_fits_in_words [function] [call site] 00159
3 ERR_put_error [function] [call site] 00160
2 bn_wexpand [function] [call site] 00161
2 bn_wexpand [function] [call site] 00162
2 __assert_fail [call site] 00163
2 bn_div_rem_words(unsigned long*, unsigned long*, unsigned long, unsigned long, unsigned long) [function] [call site] 00164
3 __assert_fail [call site] 00165
2 bn_mul_words [function] [call site] 00166
2 bn_sub_words [function] [call site] 00167
2 bn_add_words [function] [call site] 00168
2 bn_set_minimal_width [function] [call site] 00169
2 bn_set_minimal_width [function] [call site] 00170
2 BN_rshift [function] [call site] 00171
3 ERR_put_error [function] [call site] 00172
3 bn_wexpand [function] [call site] 00173
3 bn_rshift_words [function] [call site] 00174
4 OPENSSL_memset(void*, int, unsigned long) [function] [call site] 00175
4 OPENSSL_memmove(void*, void const*, unsigned long) [function] [call site] 00176
4 OPENSSL_memset(void*, int, unsigned long) [function] [call site] 00177
3 bn_set_minimal_width [function] [call site] 00178
1 printf [call site] 00179
1 abort [call site] 00180
1 BN_ucmp [function] [call site] 00181
2 bn_cmp_words_consttime(unsigned long const*, unsigned long, unsigned long const*, unsigned long) [function] [call site] 00182
3 constant_time_eq_w(unsigned long, unsigned long) [function] [call site] 00183
4 constant_time_is_zero_w(unsigned long) [function] [call site] 00184
5 constant_time_msb_w(unsigned long) [function] [call site] 00185
3 constant_time_lt_w(unsigned long, unsigned long) [function] [call site] 00186
4 constant_time_msb_w(unsigned long) [function] [call site] 00187
3 constant_time_select_int(unsigned long, int, int) [function] [call site] 00188
4 constant_time_select_w(unsigned long, unsigned long, unsigned long) [function] [call site] 00189
5 value_barrier_w(unsigned long) [function] [call site] 00190
3 constant_time_is_zero_w(unsigned long) [function] [call site] 00191
3 constant_time_select_int(unsigned long, int, int) [function] [call site] 00192
3 constant_time_is_zero_w(unsigned long) [function] [call site] 00193
3 constant_time_select_int(unsigned long, int, int) [function] [call site] 00194
1 printf [call site] 00195
1 abort [call site] 00196
1 BN_mul [function] [call site] 00197
2 bn_mul_impl(bignum_st*, bignum_st const*, bignum_st const*, bignum_ctx*) [function] [call site] 00198
3 bssl::BN_CTXScope::BN_CTXScope(bignum_ctx*) [function] [call site] 00200
3 BN_CTX_get [function] [call site] 00201
3 bssl::BN_CTXScope::~BN_CTXScope() [function] [call site] 00202
3 bn_wexpand [function] [call site] 00203
3 bn_mul_comba8 [function] [call site] 00204
3 bn_wexpand [function] [call site] 00205
3 bn_mul_normal(unsigned long*, unsigned long const*, unsigned long, unsigned long const*, unsigned long) [function] [call site] 00206
4 bn_mul_words [function] [call site] 00207
4 bn_mul_add_words [function] [call site] 00208
4 bn_mul_add_words [function] [call site] 00209
4 bn_mul_add_words [function] [call site] 00210
4 bn_mul_add_words [function] [call site] 00211
3 BN_copy [function] [call site] 00212
4 bn_wexpand [function] [call site] 00213
4 OPENSSL_memcpy(void*, void const*, unsigned long) [function] [call site] 00214
2 bn_set_minimal_width [function] [call site] 00215
1 printf [call site] 00216
1 abort [call site] 00217
1 BN_add [function] [call site] 00218
2 BN_usub [function] [call site] 00220
3 bn_usub_consttime [function] [call site] 00221
4 bn_fits_in_words [function] [call site] 00222
4 ERR_put_error [function] [call site] 00223
4 bn_wexpand [function] [call site] 00224
4 bn_sub_words [function] [call site] 00225
4 CRYPTO_subc_u64(unsigned long, unsigned long, unsigned long, unsigned long*) [function] [call site] 00226
5 CRYPTO_subc_impl(unsigned long, unsigned long, unsigned long, unsigned long*) [function] [call site] 00227
4 ERR_put_error [function] [call site] 00228
3 bn_set_minimal_width [function] [call site] 00229
2 BN_uadd [function] [call site] 00231
3 bn_uadd_consttime [function] [call site] 00232
4 bn_wexpand [function] [call site] 00233
4 bn_add_words [function] [call site] 00234
4 CRYPTO_addc_u64(unsigned long, unsigned long, unsigned long, unsigned long*) [function] [call site] 00235
5 CRYPTO_addc_impl(unsigned long, unsigned long, unsigned long, unsigned long*) [function] [call site] 00236
3 bn_set_minimal_width [function] [call site] 00237
1 printf [call site] 00238
1 abort [call site] 00239
1 printf [call site] 00242
1 abort [call site] 00243