Fuzz introspector: fuzz_disasmv5
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
10 47 5 :

['strncpy', 'fill_insn', 'MCInst_Init', 'SStream_Init', 'skipdata_opstr']

10 47 cs_disasm call site: 00013 /src/capstonev5/cs.c:962
9 13 2 :

['cs_insn_name', 'str_replace']

13 17 fill_insn call site: 00015 /src/capstonev5/cs.c:604
6 10 2 :

['need_zero_prefix', 'SStream_concat0']

6 20 printImm call site: 00000 /src/capstonev5/arch/X86/X86IntelInstPrinter.c:314
6 6 1 :

['need_zero_prefix']

6 22 printImm call site: 00000 /src/capstonev5/arch/X86/X86IntelInstPrinter.c:374
2 17 6 :

['printOperand.15239', 'SStream_concat0', 'cs_strdup', 'SStream_concat1', 'strlen', 'printCustomAliasOperand.15244']

2 17 printAliasInstr call site: 00000 /src/capstonev5/arch/RISCV/RISCVGenAsmWriter.inc:2282
2 17 6 :

['printOperand.15239', 'SStream_concat0', 'cs_strdup', 'SStream_concat1', 'strlen', 'printCustomAliasOperand.15244']

2 17 printAliasInstr call site: 00000 /src/capstonev5/arch/RISCV/RISCVGenAsmWriter.inc:2515
2 8 3 :

['MCOperand_getReg', 'MCInst_getOperand', 'arm64_op_addReg']

2 8 AArch64_printInst call site: 00000 /src/capstonev5/arch/AArch64/AArch64InstPrinter.c:849
2 8 3 :

['MCOperand_getReg', 'MCInst_getOperand', 'arm64_op_addReg']

2 8 AArch64_printInst call site: 00000 /src/capstonev5/arch/AArch64/AArch64InstPrinter.c:859
2 8 3 :

['MCOperand_getReg', 'MCInst_getOperand', 'arm64_op_addReg']

2 8 AArch64_printInst call site: 00000 /src/capstonev5/arch/AArch64/AArch64InstPrinter.c:869
2 8 3 :

['MCOperand_getReg', 'MCInst_getOperand', 'arm64_op_addReg']

2 8 AArch64_printInst call site: 00000 /src/capstonev5/arch/AArch64/AArch64InstPrinter.c:879
2 8 3 :

['MCOperand_getReg', 'MCInst_getOperand', 'arm64_op_addReg']

2 8 AArch64_printInst call site: 00000 /src/capstonev5/arch/AArch64/AArch64InstPrinter.c:889
2 2 1 :

['lookupTSBByEncoding']

2 15 printBarrierOption call site: 00000 /src/capstonev5/arch/AArch64/AArch64InstPrinter.c:2047

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 fopen [call site] 00001
1 get_platform_entry [function] [call site] 00002
2 platform_len [function] [call site] 00003
1 cs_open [function] [call site] 00004
1 cs_option [function] [call site] 00005
2 skipdata_size [function] [call site] 00006
2 strncpy [call site] 00007
2 strncpy [call site] 00008
1 cs_option [function] [call site] 00009
1 cs_disasm [function] [call site] 00010
2 MCInst_Init [function] [call site] 00011
2 SStream_Init [function] [call site] 00012
2 fill_insn [function] [call site] 00013
3 MCInst_getOpcodePub [function] [call site] 00014
3 MCInst_getOpcodePub [function] [call site] 00015
3 cs_insn_name [function] [call site] 00016
3 strncpy [call site] 00017
3 strncpy [call site] 00018
2 strncpy [call site] 00019
2 skipdata_opstr [function] [call site] 00020
3 cs_snprintf [function] [call site] 00021
3 cs_snprintf [function] [call site] 00022
1 cs_insn_name [function] [call site] 00023
1 fprintf [call site] 00024
1 fprintf [call site] 00025
1 cs_reg_name [function] [call site] 00026
1 fprintf [call site] 00027
1 fprintf [call site] 00028
1 cs_reg_name [function] [call site] 00029
1 fprintf [call site] 00030
1 fprintf [call site] 00031
1 cs_group_name [function] [call site] 00032
1 fprintf [call site] 00033
1 fprintf [call site] 00034
1 cs_free [function] [call site] 00035
1 cs_close [function] [call site] 00036