Fuzz introspector: fuzz_disasmnext
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
39 39 1 :

['sme_reg_to_vas']

39 90 AArch64_set_detail_op_reg call site: 00000 /src/capstonenext/arch/AArch64/AArch64Mapping.c:2413
30 30 1 :

['AArch64_insert_detail_op_float_at']

30 30 AArch64_add_not_defined_ops call site: 00000 /src/capstonenext/arch/AArch64/AArch64Mapping.c:636
20 20 1 :

['is_feature_of']

20 20 PPC_getFeatureBits call site: 00000 /src/capstonenext/arch/PowerPC/PPCMapping.c:357
11 13 3 :

['MCOperand_isExpr', 'MCOperand_getExpr', 'printExpr']

11 13 printMCOperandMAI call site: 00000 /src/capstonenext/arch/SystemZ/SystemZInstPrinter.c:117
9 9 1 :

['printUInt8']

9 9 printInt8 call site: 00000 /src/capstonenext/SStream.c:334
9 9 1 :

['printUInt16']

9 9 printInt16 call site: 00000 /src/capstonenext/SStream.c:358
9 9 1 :

['printUInt16']

9 9 printInt16HexOffset call site: 00000 /src/capstonenext/SStream.c:382
6 10 2 :

['need_zero_prefix', 'SStream_concat0']

6 20 printImm call site: 00000 /src/capstonev5/arch/X86/X86IntelInstPrinter.c:314
6 6 1 :

['need_zero_prefix']

6 22 printImm call site: 00000 /src/capstonev5/arch/X86/X86IntelInstPrinter.c:374
3 3 1 :

['ARM_blx_to_arm_mode']

3 3 t_add_pc call site: 00000 /src/capstonenext/arch/ARM/ARMMapping.c:934
2 2 1 :

['BitsToDouble']

2 36 AArch64_add_cs_detail_0 call site: 00000 /src/capstonenext/arch/AArch64/AArch64Mapping.c:1580
0 309 8 :

['MCOperand_getReg', 'MCOperand_isImm', 'MCInst_getNumOperands', 'MCRegisterInfo_getRegClass', 'MCOperand_getImm', 'MCOperand_isReg', 'MCInst_getOperand', 'MCRegisterClass_contains']

7 326 printAliasInstr call site: 00000 /src/capstonev5/arch/RISCV/RISCVGenAsmWriter.inc:1629

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 fopen [call site] 00001
1 get_platform_entry [function] [call site] 00002
2 platform_len [function] [call site] 00003
1 cs_open [function] [call site] 00004
1 cs_option [function] [call site] 00005
2 skipdata_size [function] [call site] 00006
2 strncpy [call site] 00007
2 strncpy [call site] 00008
1 cs_option [function] [call site] 00009
1 cs_disasm [function] [call site] 00010
2 MCInst_Init [function] [call site] 00011
2 SStream_Init [function] [call site] 00012
3 __assert_fail [call site] 00013
2 SStream_opt_unum [function] [call site] 00014
3 __assert_fail [call site] 00015
2 fill_insn [function] [call site] 00016
3 SStream_trimls [function] [call site] 00017
4 __assert_fail [call site] 00018
3 MCInst_getOpcodePub [function] [call site] 00019
3 MCInst_getOpcodePub [function] [call site] 00020
3 SStream_extract_mnem_opstr [function] [call site] 00021
4 __assert_fail [call site] 00022
3 cs_insn_name [function] [call site] 00023
3 str_replace [function] [call site] 00024
4 strlen [call site] 00025
4 strlen [call site] 00026
4 strlen [call site] 00027
4 snprintf [call site] 00028
2 strncpy [call site] 00029
2 skipdata_opstr [function] [call site] 00030
3 cs_snprintf [function] [call site] 00031
3 cs_snprintf [function] [call site] 00032
1 cs_insn_name [function] [call site] 00033
1 fprintf [call site] 00034
1 fprintf [call site] 00035
1 cs_reg_name [function] [call site] 00036
1 fprintf [call site] 00037
1 fprintf [call site] 00038
1 cs_reg_name [function] [call site] 00039
1 fprintf [call site] 00040
1 fprintf [call site] 00041
1 cs_group_name [function] [call site] 00042
1 fprintf [call site] 00043
1 fprintf [call site] 00044
1 cs_free [function] [call site] 00045
1 cs_close [function] [call site] 00046