Fuzz introspector: fuzz_disasmnext
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
10 47 5 :

['SStream_Init', 'MCInst_Init', 'skipdata_opstr', 'fill_insn', 'strncpy']

10 47 cs_disasm call site: 00014 /src/capstonev5/cs.c:962
9 13 2 :

['cs_insn_name', 'str_replace']

13 17 fill_insn call site: 00016 /src/capstonev5/cs.c:604
6 10 2 :

['SStream_concat0', 'need_zero_prefix']

6 20 printImm call site: 00000 /src/capstonev5/arch/X86/X86IntelInstPrinter.c:314
6 6 1 :

['need_zero_prefix']

6 22 printImm call site: 00000 /src/capstonev5/arch/X86/X86IntelInstPrinter.c:374
4 4 1 :

['SStream_Close']

8 8 printInst call site: 00000 /src/capstonenext/arch/PowerPC/PPCInstPrinter.c:232
4 4 1 :

['SStream_Open']

4 4 printInst call site: 00000 /src/capstonenext/arch/PowerPC/PPCInstPrinter.c:235
4 4 1 :

['strncpy']

4 4 cs_option call site: 00005 /src/capstonev5/cs.c:725
3 3 1 :

['ARM_blx_to_arm_mode']

3 3 t_add_pc call site: 00000 /src/capstonenext/arch/ARM/ARMMapping.c:798
2 17 6 :

['printOperand.15239', 'printCustomAliasOperand.15244', 'SStream_concat1', 'SStream_concat0', 'cs_strdup', 'strlen']

2 17 printAliasInstr call site: 00000 /src/capstonev5/arch/RISCV/RISCVGenAsmWriter.inc:2282
2 17 6 :

['printOperand.15239', 'printCustomAliasOperand.15244', 'SStream_concat1', 'SStream_concat0', 'cs_strdup', 'strlen']

2 17 printAliasInstr call site: 00000 /src/capstonev5/arch/RISCV/RISCVGenAsmWriter.inc:2515
2 8 3 :

['arm64_op_addReg', 'MCInst_getOperand', 'MCOperand_getReg']

2 8 AArch64_printInst call site: 00000 /src/capstonev5/arch/AArch64/AArch64InstPrinter.c:849
2 8 3 :

['arm64_op_addReg', 'MCInst_getOperand', 'MCOperand_getReg']

2 8 AArch64_printInst call site: 00000 /src/capstonev5/arch/AArch64/AArch64InstPrinter.c:859

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 fopen [call site] 00001
1 get_platform_entry [function] [call site] 00002
2 platform_len [function] [call site] 00003
1 cs_open [function] [call site] 00004
1 cs_option [function] [call site] 00005
2 skipdata_size [function] [call site] 00006
2 strncpy [call site] 00007
2 strncpy [call site] 00008
1 cs_option [function] [call site] 00009
1 cs_disasm [function] [call site] 00010
2 MCInst_Init [function] [call site] 00011
2 SStream_Init [function] [call site] 00012
3 __assert_fail [call site] 00013
2 fill_insn [function] [call site] 00014
3 MCInst_getOpcodePub [function] [call site] 00015
3 MCInst_getOpcodePub [function] [call site] 00016
3 cs_insn_name [function] [call site] 00017
3 strncpy [call site] 00018
3 strncpy [call site] 00019
2 strncpy [call site] 00020
2 skipdata_opstr [function] [call site] 00021
3 cs_snprintf [function] [call site] 00022
3 cs_snprintf [function] [call site] 00023
1 cs_insn_name [function] [call site] 00024
1 fprintf [call site] 00025
1 fprintf [call site] 00026
1 cs_reg_name [function] [call site] 00027
1 fprintf [call site] 00028
1 fprintf [call site] 00029
1 cs_reg_name [function] [call site] 00030
1 fprintf [call site] 00031
1 fprintf [call site] 00032
1 cs_group_name [function] [call site] 00033
1 fprintf [call site] 00034
1 fprintf [call site] 00035
1 cs_free [function] [call site] 00036
1 cs_close [function] [call site] 00037