Fuzz introspector: fuzz_disasmnext
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
6 10 2 :

['need_zero_prefix', 'SStream_concat0']

6 20 printImm call site: 00000 /src/capstonev5/arch/X86/X86IntelInstPrinter.c:314
6 6 1 :

['need_zero_prefix']

6 22 printImm call site: 00000 /src/capstonev5/arch/X86/X86IntelInstPrinter.c:374
4 4 1 :

['SStream_Close']

8 8 printInst call site: 00000 /src/capstonenext/arch/PowerPC/PPCInstPrinter.c:232
4 4 1 :

['SStream_Open']

4 4 printInst call site: 00000 /src/capstonenext/arch/PowerPC/PPCInstPrinter.c:235
3 3 1 :

['ARM_blx_to_arm_mode']

3 3 t_add_pc call site: 00000 /src/capstonenext/arch/ARM/ARMMapping.c:824
2 17 6 :

['printOperand.15239', 'SStream_concat0', 'cs_strdup', 'SStream_concat1', 'strlen', 'printCustomAliasOperand.15244']

2 17 printAliasInstr call site: 00000 /src/capstonev5/arch/RISCV/RISCVGenAsmWriter.inc:2282
2 17 6 :

['printOperand.15239', 'SStream_concat0', 'cs_strdup', 'SStream_concat1', 'strlen', 'printCustomAliasOperand.15244']

2 17 printAliasInstr call site: 00000 /src/capstonev5/arch/RISCV/RISCVGenAsmWriter.inc:2515
2 2 1 :

['updated_mode']

2 2 Mips_option call site: 00000 /src/capstonev5/arch/Mips/MipsModule.c:44
2 2 1 :

['strncpy']

2 2 X86_ATT_printInst call site: 00000 /src/capstonev5/arch/X86/X86ATTInstPrinter.c:842
2 2 1 :

['strncpy']

2 2 X86_Intel_printInst call site: 00000 /src/capstonev5/arch/X86/X86IntelInstPrinter.c:706
0 208 11 :

['AArch64_get_detail_op', 'detail_is_set.20375', 'MCRegisterInfo_getMatchingSuperReg', 'MCRegisterInfo_getRegClass', 'AArch64_inc_op_count.20486', 'AArch64RPRFM_lookupRPRFMByEncoding', 'printOperand', 'SStream_concat0', 'MCOperand_getImm', 'MCInst_getOperand', 'MCOperand_getReg']

0 208 printRangePrefetchAlias call site: 00000 /src/capstonenext/arch/AArch64/AArch64InstPrinter.c:988
0 132 1 :

['printAlias1']

0 132 printAlias call site: 00000 /src/capstonev5/arch/Mips/MipsInstPrinter.c:364

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 fopen [call site] 00001
1 get_platform_entry [function] [call site] 00002
2 platform_len [function] [call site] 00003
1 cs_open [function] [call site] 00004
1 cs_option [function] [call site] 00005
2 skipdata_size [function] [call site] 00006
2 strncpy [call site] 00007
2 strncpy [call site] 00008
1 cs_option [function] [call site] 00009
1 cs_disasm [function] [call site] 00010
2 MCInst_Init [function] [call site] 00011
2 SStream_Init [function] [call site] 00012
3 __assert_fail [call site] 00013
2 fill_insn [function] [call site] 00014
3 fixup_asm_string [function] [call site] 00015
3 MCInst_getOpcodePub [function] [call site] 00016
3 MCInst_getOpcodePub [function] [call site] 00017
3 cs_insn_name [function] [call site] 00018
3 strncpy [call site] 00019
3 strncpy [call site] 00020
2 strncpy [call site] 00021
2 skipdata_opstr [function] [call site] 00022
3 cs_snprintf [function] [call site] 00023
3 cs_snprintf [function] [call site] 00024
1 cs_insn_name [function] [call site] 00025
1 fprintf [call site] 00026
1 fprintf [call site] 00027
1 cs_reg_name [function] [call site] 00028
1 fprintf [call site] 00029
1 fprintf [call site] 00030
1 cs_reg_name [function] [call site] 00031
1 fprintf [call site] 00032
1 fprintf [call site] 00033
1 cs_group_name [function] [call site] 00034
1 fprintf [call site] 00035
1 fprintf [call site] 00036
1 cs_free [function] [call site] 00037
1 cs_close [function] [call site] 00038