Fuzz introspector: tls_client_hello
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
910 1894 90 :

['Botan::SCAN_Name::arg(unsigned long) const', 'std::__1::__unique_if ::__unique_single std::__1::make_unique ()', 'std::__1::__unique_if ::__unique_single std::__1::make_unique ()', 'std::__1::vector >, std::__1::allocator > > >::vector()', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::__unique_if ::__unique_single std::__1::make_unique (unsigned long&&)', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::__unique_if ::__unique_single std::__1::make_unique ()', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::__unique_if ::__unique_single std::__1::make_unique (int&&)', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::__unique_if ::__unique_single std::__1::make_unique ()', 'bool std::__1::operator== , 1>(std::__1::basic_string_view >, std::__1::common_type > >::type)', 'std::__1::vector >, std::__1::allocator > > >::push_back(std::__1::unique_ptr >&&)', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::remove_reference >&>::type&& std::__1::move >&>(std::__1::unique_ptr >&)', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::__unique_if ::__unique_single std::__1::make_unique >, std::__1::allocator > > >&>(std::__1::vector >, std::__1::allocator > > >&)', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'Botan::SCAN_Name::SCAN_Name(std::__1::basic_string_view >)', 'std::__1::__unique_if ::__unique_single std::__1::make_unique ()', 'std::__1::__unique_if ::__unique_single std::__1::make_unique ()', 'std::__1::unique_ptr >::~unique_ptr()', 'bool std::__1::operator== , std::__1::allocator >(std::__1::basic_string , std::__1::allocator > const&, char const*)', 'Botan::SCAN_Name::~SCAN_Name()', 'std::__1::__unique_if ::__unique_single std::__1::make_unique , std::__1::allocator > >(unsigned long&&, std::__1::basic_string , std::__1::allocator >&&)', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'Botan::SCAN_Name::arg_count() const', 'std::__1::unique_ptr >::operator bool() const', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::basic_string , std::__1::allocator >::operator std::__1::basic_string_view >() const', 'std::__1::__unique_if ::__unique_single std::__1::make_unique ()', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::__unique_if ::__unique_single std::__1::make_unique (unsigned long&&)', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::__unique_if ::__unique_single std::__1::make_unique (unsigned long&&)', 'Botan::SCAN_Name::algo_name() const', 'std::__1::__unique_if ::__unique_single std::__1::make_unique (unsigned long&&)', 'std::__1::__unique_if ::__unique_single std::__1::make_unique ()', 'std::__1::basic_string , std::__1::allocator >::~basic_string()', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::__unique_if ::__unique_single std::__1::make_unique ()', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::__unique_if ::__unique_single std::__1::make_unique >, unsigned long>(std::__1::unique_ptr >&&, unsigned long&&)', 'std::__1::__unique_if ::__unique_single std::__1::make_unique ()', 'std::__1::__unique_if ::__unique_single std::__1::make_unique ()', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::unique_ptr >::~unique_ptr()', 'Botan::SCAN_Name::arg_as_integer(unsigned long, unsigned long) const', 'Botan::SCAN_Name::arg(unsigned long, std::__1::basic_string_view >) const', 'std::__1::__unique_if ::__unique_single std::__1::make_unique (unsigned long&&)', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'Botan::HashFunction::create(std::__1::basic_string_view >, std::__1::basic_string_view >)', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::vector >, std::__1::allocator > > >::~vector()', 'std::__1::unique_ptr >::unique_ptr (decltype(nullptr))', 'std::__1::unique_ptr >::~unique_ptr()', 'Botan::SCAN_Name::arg_as_integer(unsigned long) const', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::unique_ptr >::~unique_ptr()', 'std::__1::basic_string_view >::basic_string_view(char const*)', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::__unique_if ::__unique_single std::__1::make_unique ()', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::__unique_if ::__unique_single std::__1::make_unique (unsigned long&&)', 'std::__1::unique_ptr >::unique_ptr , void, void>(std::__1::unique_ptr >&&)', 'std::__1::__unique_if ::__unique_single std::__1::make_unique >, std::__1::unique_ptr > >(std::__1::unique_ptr >&&, std::__1::unique_ptr >&&)', 'std::__1::unique_ptr >::~unique_ptr()']

910 1894 Botan::HashFunction::create(std::__1::basic_string_view >,std::__1::basic_string_view >) call site: 00000 /src/botan/src/lib/hash/hash.cpp:133
82 169 12 :

['__cxa_throw', '__cxa_allocate_exception', 'std::__1::__unique_if ::__unique_single std::__1::make_unique (Botan::TLS::Certificate_Status&&)', 'Botan::TLS::Certificate_Status::~Certificate_Status()', 'Botan::TLS::(anonymous namespace)::RFC6066_Empty_Certificate_Status_Request::RFC6066_Empty_Certificate_Status_Request(unsigned short)', 'std::__1::basic_string_view >::basic_string_view(char const*)', 'Botan::TLS::TLS_Exception::TLS_Exception(Botan::TLS::AlertType, std::__1::basic_string_view >)', 'std::__1::vector > Botan::TLS::TLS_Data_Reader::get_fixed (unsigned long)', 'std::__1::vector >::~vector()', 'std::__1::__unique_if ::__unique_single std::__1::make_unique (Botan::TLS::(anonymous namespace)::RFC6066_Empty_Certificate_Status_Request&&)', '__cxa_free_exception', 'Botan::TLS::Certificate_Status::Certificate_Status(std::__1::vector > const&, Botan::TLS::Connection_Side)']

82 171 Botan::TLS::Certificate_Status_Request::Certificate_Status_Request(Botan::TLS::TLS_Data_Reader&,unsignedshort,Botan::TLS::Handshake_Type,Botan::TLS::Connection_Side) call site: 00000 /src/botan/src/lib/tls/tls_extensions_cert_status_req.cpp:108
70 70 1 :

['Botan::TLS::TLS_Data_Reader::get_uint24_t()']

70 70 Botan::TLS::TLS_Data_Reader::get_length_field(unsignedlong) call site: 00000 /src/botan/build/include/internal/botan/internal/tls_reader.h:137
17 17 9 :

['__cxa_throw', '__cxa_allocate_exception', 'std::__1::unique_ptr >::operator->() const', 'std::__1::basic_string , std::__1::allocator >::~basic_string()', 'std::__1::basic_string , std::__1::allocator >::operator std::__1::basic_string_view >() const', '__cxa_free_exception', 'std::__1::to_string(int)', 'std::__1::basic_string , std::__1::allocator > std::__1::operator+ , std::__1::allocator >(char const*, std::__1::basic_string , std::__1::allocator >&&)', 'Botan::Invalid_Argument::Invalid_Argument(std::__1::basic_string_view >)']

17 17 Botan::TLS::Extensions::add(std::__1::unique_ptr >) call site: 00000 /src/botan/src/lib/tls/tls_extensions.cpp:111
6 6 3 :

['std::__1::__unique_if ::__unique_single std::__1::make_unique (Botan::TLS::(anonymous namespace)::Server_PSK&&)', 'Botan::TLS::(anonymous namespace)::Server_PSK::Server_PSK(unsigned short)', 'Botan::TLS::(anonymous namespace)::Server_PSK::~Server_PSK()']

12 95 Botan::TLS::PSK::PSK(Botan::TLS::TLS_Data_Reader&,unsignedshort,Botan::TLS::Handshake_Type) call site: 00000 /src/botan/src/lib/tls/tls13/tls_extensions_psk.cpp:142
4 4 1 :

['Botan::SHA_256::compress_digest_x86(std::__1::vector >&, std::__1::span , unsigned long)']

4 4 Botan::SHA_256::compress_digest(std::__1::vector >&,std::__1::span ,unsignedlong) call site: 00000 /src/botan/src/lib/hash/sha2_32/sha2_32.cpp:51
0 1870 11 :

['Botan::BufferSlicer::take(unsigned long)', 'unsigned int Botan::sigma<17ul, 19ul, 10ul, unsigned int>(unsigned int)', 'std::__1::vector >::operator[](unsigned long)', 'unsigned int Botan::majority (unsigned int, unsigned int, unsigned int)', 'std::__1::span ::data() const', 'unsigned int Botan::sigma<7ul, 18ul, 3ul, unsigned int>(unsigned int)', 'unsigned int Botan::load_be (unsigned char const*, unsigned long)', 'unsigned int Botan::rho<6ul, 11ul, 25ul, unsigned int>(unsigned int)', 'unsigned int Botan::rho<2ul, 13ul, 22ul, unsigned int>(unsigned int)', 'Botan::BufferSlicer::BufferSlicer(std::__1::span )', 'unsigned int Botan::choose (unsigned int, unsigned int, unsigned int)']

0 1870 Botan::SHA_256::compress_digest(std::__1::vector >&,std::__1::span ,unsignedlong) call site: 00000 /src/botan/src/lib/hash/sha2_32/sha2_32.cpp:57
0 70 1 :

['Botan::TLS::TLS_Data_Reader::get_uint16_t()']

6 91 Botan::TLS::Supported_Versions::Supported_Versions(Botan::TLS::TLS_Data_Reader&,unsignedshort,Botan::TLS::Connection_Side) call site: 00000 /src/botan/src/lib/tls/tls_extensions.cpp:751
0 70 2 :

['std::__1::optional ::optional (unsigned int&&)', 'Botan::TLS::TLS_Data_Reader::get_uint32_t()']

6 89 Botan::TLS::EarlyDataIndication::EarlyDataIndication(Botan::TLS::TLS_Data_Reader&,unsignedshort,Botan::TLS::Handshake_Type) call site: 00000 /src/botan/src/lib/tls/tls_extensions.cpp:946
0 68 2 :

['Botan::TLS::TLS_Data_Reader::get_byte()', 'std::__1::vector >::push_back(Botan::TLS::Certificate_Type&&)']

6 87 Botan::TLS::Certificate_Type_Base::Certificate_Type_Base(Botan::TLS::TLS_Data_Reader&,unsignedshort,Botan::TLS::Connection_Side) call site: 00000 /src/botan/src/lib/tls/tls_extensions.cpp:428
0 11 1 :

['Botan::Invalid_State::Invalid_State(std::__1::basic_string_view >)']

6 17 Botan::BER_Decoder::end_cons() call site: 00000 /src/botan/src/lib/asn1/ber_dec.cpp:296
0 0 None 16 320 Botan::BER_Decoder::get_next_object() call site: 00000 /src/botan/src/lib/asn1/ber_dec.cpp:255

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 fuzz(unsigned char const*, unsigned long) [function] [call site] 00001
2 Botan::TLS::Client_Hello_12::Client_Hello_12(std::__1::vector<unsigned char, std::__1::allocator<unsigned char> > const&) [function] [call site] 00002
3 Botan::TLS::Client_Hello_12::Client_Hello_12(std::__1::unique_ptr<Botan::TLS::Client_Hello_Internal, std::__1::default_delete<Botan::TLS::Client_Hello_Internal> >) [function] [call site] 00003
4 Botan::TLS::Client_Hello::Client_Hello(std::__1::unique_ptr<Botan::TLS::Client_Hello_Internal, std::__1::default_delete<Botan::TLS::Client_Hello_Internal> >) [function] [call site] 00004
5 Botan::TLS::Handshake_Message::Handshake_Message() [function] [call site] 00005
5 Botan::assertion_failure(char const*, char const*, char const*, char const*, int) [function] [call site] 00006
6 __cxa_allocate_exception [call site] 00007
6 Botan::Internal_Error::Internal_Error(std::__1::basic_string_view<char, std::__1::char_traits<char> >) [function] [call site] 00008
7 Botan::Exception::Exception(char const*, std::__1::basic_string_view<char, std::__1::char_traits<char> >) [function] [call site] 00009
8 std::exception::exception() [function] [call site] 00010
8 std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > Botan::fmt<char const*, std::__1::basic_string_view<char, std::__1::char_traits<char> > >(std::__1::basic_string_view<char, std::__1::char_traits<char> >, char const* const&, std::__1::basic_string_view<char, std::__1::char_traits<char> > const&) [function] [call site] 00011
9 void Botan::fmt_detail::do_fmt<char const*, std::__1::basic_string_view<char, std::__1::char_traits<char> > >(std::__1::basic_ostringstream<char, std::__1::char_traits<char>, std::__1::allocator<char> >&, std::__1::basic_string_view<char, std::__1::char_traits<char> >, char const* const&, std::__1::basic_string_view<char, std::__1::char_traits<char> > const&) [function] [call site] 00012
10 void Botan::fmt_detail::do_fmt<std::__1::basic_string_view<char, std::__1::char_traits<char> >>(std::__1::basic_ostringstream<char, std::__1::char_traits<char>, std::__1::allocator<char> >&, std::__1::basic_string_view<char, std::__1::char_traits<char> >, std::__1::basic_string_view<char, std::__1::char_traits<char> > const&) [function] [call site] 00013
8 std::exception::~exception() [call site] 00014
5 Botan::TLS::Handshake_Message::~Handshake_Message() [function] [call site] 00015
4 Botan::TLS::Client_Hello::offered_suite(unsigned short) const [function] [call site] 00016
5 Botan::TLS::Client_Hello_Internal::ciphersuites() const [function] [call site] 00017
5 Botan::TLS::Client_Hello_Internal::ciphersuites() const [function] [call site] 00018
4 Botan::TLS::Client_Hello_Internal::extensions() [function] [call site] 00019
4 Botan::TLS::Renegotiation_Extension* Botan::TLS::Extensions::get<Botan::TLS::Renegotiation_Extension>() const [function] [call site] 00020
5 Botan::TLS::Renegotiation_Extension::static_type() [function] [call site] 00021
5 __dynamic_cast [call site] 00022
4 Botan::TLS::Renegotiation_Extension::renegotiation_info() const [function] [call site] 00023
4 __cxa_allocate_exception [call site] 00024
4 Botan::TLS::TLS_Exception::TLS_Exception(Botan::TLS::AlertType, std::__1::basic_string_view<char, std::__1::char_traits<char> >) [function] [call site] 00025
5 Botan::Exception::Exception(std::__1::basic_string_view<char, std::__1::char_traits<char> >) [function] [call site] 00026
6 std::exception::exception() [function] [call site] 00027
6 std::exception::~exception() [call site] 00028
4 Botan::TLS::Client_Hello_Internal::extensions() [function] [call site] 00029
4 Botan::TLS::Renegotiation_Extension::Renegotiation_Extension() [function] [call site] 00030
5 Botan::TLS::Extension::Extension() [function] [call site] 00031
4 Botan::TLS::Client_Hello::~Client_Hello() [function] [call site] 00032
5 Botan::TLS::Handshake_Message::~Handshake_Message() [function] [call site] 00033
2 Botan::TLS::Client_Hello::~Client_Hello() [function] [call site] 00034
2 __cxa_begin_catch [call site] 00035