Fuzz introspector: tls_client_hello
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
859 1787 87 :

['std::__1::remove_reference >&>::type&& std::__1::move >&>(std::__1::unique_ptr >&)', 'Botan::SCAN_Name::arg_as_integer(unsigned long, unsigned long) const', 'std::__1::__unique_if ::__unique_single std::__1::make_unique ()', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::unique_ptr >::~unique_ptr()', 'bool std::__1::operator== , 1>(std::__1::basic_string_view >, std::__1::common_type > >::type)', 'std::__1::__unique_if ::__unique_single std::__1::make_unique >, unsigned long>(std::__1::unique_ptr >&&, unsigned long&&)', 'Botan::SCAN_Name::arg(unsigned long, std::__1::basic_string_view >) const', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::__unique_if ::__unique_single std::__1::make_unique >, std::__1::unique_ptr > >(std::__1::unique_ptr >&&, std::__1::unique_ptr >&&)', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::__unique_if ::__unique_single std::__1::make_unique (unsigned long&&)', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::unique_ptr >::unique_ptr (decltype(nullptr))', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::__unique_if ::__unique_single std::__1::make_unique , std::__1::allocator > >(unsigned long&&, std::__1::basic_string , std::__1::allocator >&&)', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::__unique_if ::__unique_single std::__1::make_unique (unsigned long&&)', 'std::__1::__unique_if ::__unique_single std::__1::make_unique ()', 'bool std::__1::operator== , std::__1::allocator >(std::__1::basic_string , std::__1::allocator > const&, char const*)', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::__unique_if ::__unique_single std::__1::make_unique (int&&)', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::vector >, std::__1::allocator > > >::push_back(std::__1::unique_ptr >&&)', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::__unique_if ::__unique_single std::__1::make_unique (unsigned long&&)', 'std::__1::__unique_if ::__unique_single std::__1::make_unique ()', 'std::__1::__unique_if ::__unique_single std::__1::make_unique ()', 'std::__1::__unique_if ::__unique_single std::__1::make_unique ()', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::__unique_if ::__unique_single std::__1::make_unique ()', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::basic_string_view >::basic_string_view(char const*)', 'Botan::SCAN_Name::SCAN_Name(std::__1::basic_string_view >)', 'Botan::SCAN_Name::arg(unsigned long) const', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::basic_string , std::__1::allocator >::~basic_string()', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::__unique_if ::__unique_single std::__1::make_unique ()', 'std::__1::vector >, std::__1::allocator > > >::~vector()', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::__unique_if ::__unique_single std::__1::make_unique ()', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::__unique_if ::__unique_single std::__1::make_unique ()', 'std::__1::__unique_if ::__unique_single std::__1::make_unique (unsigned long&&)', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'Botan::SCAN_Name::~SCAN_Name()', 'std::__1::__unique_if ::__unique_single std::__1::make_unique ()', 'std::__1::__unique_if ::__unique_single std::__1::make_unique ()', 'std::__1::__unique_if ::__unique_single std::__1::make_unique (unsigned long&&)', 'std::__1::unique_ptr >::~unique_ptr()', 'Botan::HashFunction::create(std::__1::basic_string_view >, std::__1::basic_string_view >)', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'Botan::SCAN_Name::algo_name() const', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::__unique_if ::__unique_single std::__1::make_unique ()', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::unique_ptr >::~unique_ptr()', 'Botan::SCAN_Name::arg_as_integer(unsigned long) const', 'std::__1::__unique_if ::__unique_single std::__1::make_unique >, std::__1::allocator > > >&>(std::__1::vector >, std::__1::allocator > > >&)', 'std::__1::vector >, std::__1::allocator > > >::vector()', 'std::__1::basic_string , std::__1::allocator >::operator std::__1::basic_string_view >() const', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::unique_ptr >::~unique_ptr()', 'Botan::SCAN_Name::arg_count() const', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::unique_ptr >::operator bool() const']

859 1787 Botan::HashFunction::create(std::__1::basic_string_view >,std::__1::basic_string_view >) call site: 00000 /src/botan/src/lib/hash/hash.cpp:129
82 167 12 :

['__cxa_free_exception', 'Botan::TLS::Certificate_Status::~Certificate_Status()', '__cxa_throw', 'std::__1::__unique_if ::__unique_single std::__1::make_unique (Botan::TLS::(anonymous namespace)::RFC6066_Empty_Certificate_Status_Request&&)', 'Botan::TLS::TLS_Exception::TLS_Exception(Botan::TLS::AlertType, std::__1::basic_string_view >)', 'std::__1::vector >::~vector()', 'std::__1::__unique_if ::__unique_single std::__1::make_unique (Botan::TLS::Certificate_Status&&)', 'std::__1::basic_string_view >::basic_string_view(char const*)', 'Botan::TLS::(anonymous namespace)::RFC6066_Empty_Certificate_Status_Request::RFC6066_Empty_Certificate_Status_Request(unsigned short)', 'Botan::TLS::Certificate_Status::Certificate_Status(std::__1::vector > const&, Botan::TLS::Connection_Side)', '__cxa_allocate_exception', 'std::__1::vector > Botan::TLS::TLS_Data_Reader::get_fixed (unsigned long)']

82 169 Botan::TLS::Certificate_Status_Request::Certificate_Status_Request(Botan::TLS::TLS_Data_Reader&,unsignedshort,Botan::TLS::Handshake_Type,Botan::TLS::Connection_Side) call site: 00000 /src/botan/src/lib/tls/tls_extensions_cert_status_req.cpp:108
70 70 1 :

['Botan::TLS::TLS_Data_Reader::get_uint24_t()']

70 70 Botan::TLS::TLS_Data_Reader::get_length_field(unsignedlong) call site: 00000 /src/botan/build/include/botan/internal/tls_reader.h:137
17 17 9 :

['__cxa_free_exception', 'std::__1::basic_string , std::__1::allocator >::operator std::__1::basic_string_view >() const', '__cxa_throw', 'Botan::Invalid_Argument::Invalid_Argument(std::__1::basic_string_view >)', 'std::__1::to_string(int)', 'std::__1::unique_ptr >::operator->() const', 'std::__1::basic_string , std::__1::allocator >::~basic_string()', '__cxa_allocate_exception', 'std::__1::basic_string , std::__1::allocator > std::__1::operator+ , std::__1::allocator >(char const*, std::__1::basic_string , std::__1::allocator >&&)']

17 17 Botan::TLS::Extensions::add(std::__1::unique_ptr >) call site: 00000 /src/botan/src/lib/tls/tls_extensions.cpp:102
11 11 1 :

['Botan::Invalid_Argument::Invalid_Argument(std::__1::basic_string_view >)']

17 19 Botan::MDx_HashFunction::MDx_HashFunction(unsignedlong,bool,bool,unsignedchar) call site: 00000 /src/botan/src/lib/hash/mdx_hash/mdx_hash.cpp:30
6 19 7 :

['__cxa_free_exception', '__cxa_throw', 'Botan::Invalid_State::Invalid_State(std::__1::basic_string_view >)', 'std::__1::vector >::~vector()', 'std::__1::basic_string_view >::basic_string_view(char const*)', 'Botan::Buffered_Computation::~Buffered_Computation()', '__cxa_allocate_exception']

6 19 Botan::MDx_HashFunction::MDx_HashFunction(unsignedlong,bool,bool,unsignedchar) call site: 00000 /src/botan/src/lib/hash/mdx_hash/mdx_hash.cpp:33
4 4 3 :

['Botan::TLS::(anonymous namespace)::Server_PSK::~Server_PSK()', 'std::__1::optional ::optional(std::__1::nullopt_t)', 'std::__1::__unique_if ::__unique_single std::__1::make_unique (Botan::TLS::(anonymous namespace)::Server_PSK&&)']

10 93 Botan::TLS::PSK::PSK(Botan::TLS::TLS_Data_Reader&,unsignedshort,Botan::TLS::Handshake_Type) call site: 00000 /src/botan/src/lib/tls/tls13/tls_extensions_psk.cpp:57
4 4 1 :

['Botan::SHA_256::compress_digest_x86(std::__1::vector >&, unsigned char const*, unsigned long)']

4 4 Botan::SHA_256::compress_digest(std::__1::vector >&,unsignedcharconst*,unsignedlong) call site: 00000 /src/botan/src/lib/hash/sha2_32/sha2_32.cpp:54
0 1536 8 :

['unsigned int Botan::majority (unsigned int, unsigned int, unsigned int)', 'unsigned int Botan::load_be (unsigned char const*, unsigned long)', 'unsigned int Botan::sigma<7ul, 18ul, 3ul, unsigned int>(unsigned int)', 'unsigned int Botan::sigma<17ul, 19ul, 10ul, unsigned int>(unsigned int)', 'unsigned int Botan::rho<2ul, 13ul, 22ul, unsigned int>(unsigned int)', 'std::__1::vector >::operator[](unsigned long)', 'unsigned int Botan::choose (unsigned int, unsigned int, unsigned int)', 'unsigned int Botan::rho<6ul, 11ul, 25ul, unsigned int>(unsigned int)']

0 1536 Botan::SHA_256::compress_digest(std::__1::vector >&,unsignedcharconst*,unsignedlong) call site: 00000 /src/botan/src/lib/hash/sha2_32/sha2_32.cpp:60
0 70 1 :

['Botan::TLS::TLS_Data_Reader::get_uint16_t()']

6 91 Botan::TLS::Supported_Versions::Supported_Versions(Botan::TLS::TLS_Data_Reader&,unsignedshort,Botan::TLS::Connection_Side) call site: 00000 /src/botan/src/lib/tls/tls_extensions.cpp:616
0 70 2 :

['Botan::TLS::TLS_Data_Reader::get_uint32_t()', 'std::__1::optional ::optional (unsigned int&&)']

6 89 Botan::TLS::EarlyDataIndication::EarlyDataIndication(Botan::TLS::TLS_Data_Reader&,unsignedshort,Botan::TLS::Handshake_Type) call site: 00000 /src/botan/src/lib/tls/tls_extensions.cpp:799
0 11 1 :

['Botan::Invalid_State::Invalid_State(std::__1::basic_string_view >)']

6 17 Botan::BER_Decoder::end_cons() call site: 00000 /src/botan/src/lib/asn1/ber_dec.cpp:294

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 fuzz(unsigned char const*, unsigned long) [function] [call site] 00001
2 Botan::TLS::Client_Hello_12::Client_Hello_12(std::__1::vector > const&) [function] [call site] 00002
3 Botan::TLS::Client_Hello_12::Client_Hello_12(std::__1::unique_ptr >) [function] [call site] 00003
4 Botan::TLS::Client_Hello::Client_Hello(std::__1::unique_ptr >) [function] [call site] 00004
5 Botan::TLS::Handshake_Message::Handshake_Message() [function] [call site] 00005
5 Botan::assertion_failure(char const*, char const*, char const*, char const*, int) [function] [call site] 00006
6 __cxa_allocate_exception [call site] 00007
6 Botan::Internal_Error::Internal_Error(std::__1::basic_string_view >) [function] [call site] 00008
7 Botan::Exception::Exception(char const*, std::__1::basic_string_view >) [function] [call site] 00009
8 std::exception::exception() [function] [call site] 00010
8 std::__1::basic_string , std::__1::allocator > Botan::fmt > >(std::__1::basic_string_view >, char const* const&, std::__1::basic_string_view > const&) [function] [call site] 00011
9 void Botan::fmt_detail::do_fmt > >(std::__1::basic_ostringstream , std::__1::allocator >&, std::__1::basic_string_view >, char const* const&, std::__1::basic_string_view > const&) [function] [call site] 00012
10 void Botan::fmt_detail::do_fmt >>(std::__1::basic_ostringstream , std::__1::allocator >&, std::__1::basic_string_view >, std::__1::basic_string_view > const&) [function] [call site] 00013
8 std::exception::~exception() [call site] 00014
5 Botan::TLS::Handshake_Message::~Handshake_Message() [function] [call site] 00015
4 Botan::TLS::Client_Hello::offered_suite(unsigned short) const [function] [call site] 00016
5 Botan::TLS::Client_Hello_Internal::ciphersuites() const [function] [call site] 00017
5 Botan::TLS::Client_Hello_Internal::ciphersuites() const [function] [call site] 00018
4 Botan::TLS::Client_Hello_Internal::extensions() [function] [call site] 00019
4 Botan::TLS::Renegotiation_Extension* Botan::TLS::Extensions::get () const [function] [call site] 00020
5 Botan::TLS::Renegotiation_Extension::static_type() [function] [call site] 00021
5 __dynamic_cast [call site] 00022
4 Botan::TLS::Renegotiation_Extension::renegotiation_info() const [function] [call site] 00023
4 __cxa_allocate_exception [call site] 00024
4 Botan::TLS::TLS_Exception::TLS_Exception(Botan::TLS::AlertType, std::__1::basic_string_view >) [function] [call site] 00025
5 Botan::Exception::Exception(std::__1::basic_string_view >) [function] [call site] 00026
6 std::exception::exception() [function] [call site] 00027
6 std::exception::~exception() [call site] 00028
4 Botan::TLS::Client_Hello_Internal::extensions() [function] [call site] 00029
4 Botan::TLS::Renegotiation_Extension::Renegotiation_Extension() [function] [call site] 00030
5 Botan::TLS::Extension::Extension() [function] [call site] 00031
4 Botan::TLS::Client_Hello::~Client_Hello() [function] [call site] 00032
5 Botan::TLS::Handshake_Message::~Handshake_Message() [function] [call site] 00033
2 Botan::TLS::Client_Hello::~Client_Hello() [function] [call site] 00034
2 __cxa_begin_catch [call site] 00035