Fuzz introspector: civetweb_fuzz3
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
238 244 5 :

['ssl_use_pem_file', 'ssl_error', 'sslize', 'close', 'mg_free']

238 244 mg_connect_client_impl call site: 00135 /src/civetweb/src/civetweb.c:18153
65 65 2 :

['mg_cry_internal_wrap', 'strerror']

311 319 mg_connect_client_impl call site: 00128 /src/civetweb/src/civetweb.c:18126
63 63 1 :

['mg_cry_internal_wrap']

63 63 mg_vsnprintf call site: 00059 /src/civetweb/src/civetweb.c:3124
14 38 7 :

['mg_get_current_time_ns', 'fwrite', '__errno_location', 'send', 'usleep', 'mg_poll', 'ferror']

14 38 push_inner call site: 00203 /src/civetweb/src/civetweb.c:6105
11 11 1 :

['alloc_vprintf2']

11 11 alloc_vprintf call site: 00182 /src/civetweb/src/civetweb.c:6960
8 8 4 :

['close', 'abort', 'strerror', '__errno_location']

8 8 mock_server_init call site: 00041 /src/civetweb/fuzztest/fuzzmain.c:438
8 8 1 :

['mg_strcasecmp']

8 8 get_response call site: 00258 /src/civetweb/src/civetweb.c:18753
6 6 3 :

['htons', 'bind', 'inet_addr']

48 48 mock_server_init call site: 00009 /src/civetweb/fuzztest/fuzzmain.c:394
6 6 2 :

['time', 'sleep']

6 152 mg_write call site: 00190 /src/civetweb/src/civetweb.c:6801
6 6 3 :

['close', 'strerror', '__errno_location']

6 6 connect_socket call site: 00118 /src/civetweb/src/civetweb.c:9549
4 4 2 :

['read', 'fileno']

6 6 pull_inner call site: 00227 /src/civetweb/src/civetweb.c:6229
2 2 1 :

['atoi']

142 142 close_socket_gracefully call site: 00276 /src/civetweb/src/civetweb.c:17766

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 LLVMFuzzerTestOneInput_RESPONSE [function] [call site] 00001
2 mock_server_init [function] [call site] 00002
3 socket [call site] 00003
3 __errno_location [call site] 00004
3 strerror [call site] 00005
3 fprintf [call site] 00006
3 inet_addr [call site] 00007
3 htons [call site] 00008
3 bind [call site] 00009
3 __errno_location [call site] 00010
3 strerror [call site] 00011
3 fprintf [call site] 00012
3 close [call site] 00013
3 fprintf [call site] 00014
3 printf [call site] 00015
3 listen [call site] 00016
3 __errno_location [call site] 00017
3 strerror [call site] 00018
3 close [call site] 00019
3 fprintf [call site] 00020
3 fprintf [call site] 00021
3 close [call site] 00022
3 fprintf [call site] 00023
3 pthread_attr_init [call site] 00024
3 pthread_attr_setdetachstate [call site] 00025
3 pthread_create [call site] 00026
3 mock_server_thread [function] [call site] 00027
4 printf [call site] 00028
4 accept [call site] 00029
4 __errno_location [call site] 00030
4 strerror [call site] 00031
4 sleep [call site] 00032
4 recv [call site] 00033
4 strstr [call site] 00034
4 __errno_location [call site] 00035
4 strerror [call site] 00036
4 sleep [call site] 00037
4 send [call site] 00038
4 shutdown [call site] 00039
4 close [call site] 00040
3 pthread_attr_destroy [call site] 00041
3 __errno_location [call site] 00042
3 strerror [call site] 00043
3 close [call site] 00044
3 fprintf [call site] 00045
3 sleep [call site] 00046
3 atexit [call site] 00047
3 mock_server_exit [function] [call site] 00048
4 printf [call site] 00049
4 sleep [call site] 00050
2 mg_connect_client [function] [call site] 00051
3 mg_connect_client_impl [function] [call site] 00052
4 atoi [call site] 00053
4 mg_calloc [function] [call site] 00054
5 calloc [call site] 00055
4 __errno_location [call site] 00056
4 mg_snprintf [function] [call site] 00057
5 mg_vsnprintf [function] [call site] 00058
6 vsnprintf [call site] 00059
6 mg_cry_internal_wrap [function] [call site] 00060
7 fake_connection [function] [call site] 00061
7 mg_cry_internal_impl [function] [call site] 00062
8 vsnprintf [call site] 00063
8 puts [call site] 00064
8 mg_fopen [function] [call site] 00065
9 mg_path_suspicious [function] [call site] 00066
9 mg_stat [function] [call site] 00067
10 mg_path_suspicious [function] [call site] 00068
10 stat64 [call site] 00069
9 fopen64 [call site] 00070
9 fopen64 [call site] 00071
9 fopen64 [call site] 00072
9 mg_stat [function] [call site] 00073
8 flockfile [call site] 00074
8 time [call site] 00075
8 sockaddr_to_string [function] [call site] 00076
9 getnameinfo [call site] 00077
8 fprintf [call site] 00078
8 fprintf [call site] 00079
8 fprintf [call site] 00080
8 fputc [call site] 00081
8 fflush [call site] 00082
8 funlockfile [call site] 00083
8 mg_fclose [function] [call site] 00084
9 fclose [call site] 00085
4 connect_socket [function] [call site] 00086
5 mg_snprintf [function] [call site] 00087
5 is_valid_port [function] [call site] 00088
5 mg_snprintf [function] [call site] 00089
5 mg_snprintf [function] [call site] 00090
5 mg_inet_pton [function] [call site] 00091
6 getaddrinfo [call site] 00092
6 freeaddrinfo [call site] 00093
5 htons [call site] 00094
5 mg_snprintf [function] [call site] 00095
5 socket [call site] 00096
5 __errno_location [call site] 00097
5 __errno_location [call site] 00098
5 mg_snprintf [function] [call site] 00099
5 set_non_blocking_mode [function] [call site] 00100
6 fcntl64 [call site] 00101
6 fcntl64 [call site] 00102
5 __errno_location [call site] 00103
5 __errno_location [call site] 00104
5 mg_snprintf [function] [call site] 00105
5 close [call site] 00106
5 set_close_on_exec [function] [call site] 00107
6 fcntl64 [call site] 00108
6 fake_connection [function] [call site] 00109
6 __errno_location [call site] 00110
5 connect [call site] 00111
5 __errno_location [call site] 00112
5 mg_poll [function] [call site] 00113
6 poll [call site] 00114
6 __errno_location [call site] 00115
5 mg_snprintf [function] [call site] 00116
5 close [call site] 00117
5 getsockopt [call site] 00118
5 __errno_location [call site] 00119
5 strerror [call site] 00120
5 mg_snprintf [function] [call site] 00121
5 close [call site] 00122
4 mg_free [function] [call site] 00123
4 ssl_error [function] [call site] 00124
4 mg_snprintf [function] [call site] 00125
4 close [call site] 00126
4 mg_free [function] [call site] 00127
4 getsockname [call site] 00128
4 __errno_location [call site] 00129
4 mg_cry_internal_wrap [function] [call site] 00130
4 pthread_mutex_init [call site] 00131
4 __errno_location [call site] 00132
4 mg_snprintf [function] [call site] 00133
4 close [call site] 00134
4 mg_free [function] [call site] 00135
4 ssl_use_pem_file [function] [call site] 00136
5 ssl_error [function] [call site] 00137
5 ssl_error [function] [call site] 00138
5 mg_cry_internal_wrap [function] [call site] 00139
5 ssl_error [function] [call site] 00140
4 mg_snprintf [function] [call site] 00141
4 close [call site] 00142
4 mg_free [function] [call site] 00143
4 ssl_error [function] [call site] 00144
4 mg_snprintf [function] [call site] 00145
4 close [call site] 00146
4 mg_free [function] [call site] 00147
4 sslize [function] [call site] 00148
5 mg_strcasecmp [function] [call site] 00149
6 lowercase [function] [call site] 00150
7 tolower [call site] 00151
5 refresh_trust [function] [call site] 00152
6 stat64 [call site] 00153
6 mg_lock_context [function] [call site] 00154
7 pthread_mutex_lock [call site] 00155
6 mg_strcasecmp [function] [call site] 00156
6 mg_strcasecmp [function] [call site] 00157
6 mg_unlock_context [function] [call site] 00158
7 pthread_mutex_unlock [call site] 00159
6 ssl_error [function] [call site] 00160
6 ssl_use_pem_file [function] [call site] 00161
6 mg_unlock_context [function] [call site] 00162
6 mg_unlock_context [function] [call site] 00163
5 mg_lock_context [function] [call site] 00164
5 mg_unlock_context [function] [call site] 00165
5 ssl_error [function] [call site] 00166
5 ssl_error [function] [call site] 00167
5 atoi [call site] 00168
5 usleep [call site] 00169
5 mg_poll [function] [call site] 00170
5 __errno_location [call site] 00171
5 mg_cry_internal_wrap [function] [call site] 00172
5 ssl_error [function] [call site] 00173
4 mg_snprintf [function] [call site] 00174
4 close [call site] 00175
4 mg_free [function] [call site] 00176
2 printf [call site] 00177
2 sleep [call site] 00178
2 mg_printf [function] [call site] 00179
3 mg_vprintf [function] [call site] 00180
4 alloc_vprintf [function] [call site] 00181
5 vsnprintf [call site] 00182
5 alloc_vprintf2 [function] [call site] 00183
6 mg_free [function] [call site] 00184
6 mg_malloc [function] [call site] 00185
6 vsnprintf [call site] 00186
5 mg_malloc [function] [call site] 00187
5 vsnprintf [call site] 00188
5 vsnprintf [call site] 00189
4 mg_write [function] [call site] 00190
5 time [call site] 00191
5 push_all [function] [call site] 00192
6 atoi [call site] 00193
6 strtod [call site] 00194
6 push_inner [function] [call site] 00195
7 mg_get_current_time_ns [function] [call site] 00196
8 clock_gettime [call site] 00197
7 __errno_location [call site] 00198
7 fwrite [call site] 00199
7 ferror [call site] 00200
7 __errno_location [call site] 00201
7 send [call site] 00202
7 __errno_location [call site] 00203
7 usleep [call site] 00204
7 mg_poll [function] [call site] 00205
7 mg_get_current_time_ns [function] [call site] 00206
5 push_all [function] [call site] 00207
5 sleep [call site] 00208
5 time [call site] 00209
5 push_all [function] [call site] 00210
4 mg_free [function] [call site] 00211
2 mg_get_response [function] [call site] 00212
3 mg_snprintf [function] [call site] 00213
3 mg_snprintf [function] [call site] 00214
3 get_response [function] [call site] 00215
4 get_message [function] [call site] 00216
5 reset_per_request_attributes [function] [call site] 00217
6 mg_free [function] [call site] 00218
5 mg_snprintf [function] [call site] 00219
5 clock_gettime [call site] 00220
5 read_message [function] [call site] 00221
6 strtod [call site] 00222
6 strtod [call site] 00223
6 strtod [call site] 00224
6 get_http_header_len [function] [call site] 00225
7 __ctype_b_loc [call site] 00226
6 pull_inner [function] [call site] 00227
7 fileno [call site] 00228
7 __errno_location [call site] 00229
7 mg_poll [function] [call site] 00230
7 __errno_location [call site] 00231
7 mg_poll [function] [call site] 00232
7 recv [call site] 00233
7 __errno_location [call site] 00234
6 clock_gettime [call site] 00235
6 get_http_header_len [function] [call site] 00236
6 mg_difftimespec [function] [call site] 00237
5 mg_snprintf [function] [call site] 00238
5 mg_snprintf [function] [call site] 00239
5 mg_snprintf [function] [call site] 00240
5 mg_snprintf [function] [call site] 00241
4 parse_http_response [function] [call site] 00242
5 __ctype_b_loc [call site] 00243
5 __ctype_b_loc [call site] 00244
5 get_http_header_len [function] [call site] 00245
5 strncmp [call site] 00246
5 __ctype_b_loc [call site] 00247
5 skip_to_end_of_word_and_terminate [function] [call site] 00248
6 __ctype_b_loc [call site] 00249
6 __ctype_b_loc [call site] 00250
6 __ctype_b_loc [call site] 00251
5 skip_to_end_of_word_and_terminate [function] [call site] 00252
5 strtol [call site] 00253
5 __ctype_b_loc [call site] 00254
5 __ctype_b_loc [call site] 00255
5 parse_http_headers [function] [call site] 00256
4 mg_snprintf [function] [call site] 00257
4 get_header [function] [call site] 00258
5 mg_strcasecmp [function] [call site] 00259
4 mg_strcasecmp [function] [call site] 00260
4 mg_strcasecmp [function] [call site] 00261
4 mg_snprintf [function] [call site] 00262
4 get_header [function] [call site] 00263
4 strtoll [call site] 00264
4 mg_snprintf [function] [call site] 00265
2 mg_get_response_info [function] [call site] 00266
2 mg_close_connection [function] [call site] 00267
3 close_connection [function] [call site] 00268
4 mg_lock_connection [function] [call site] 00269
5 pthread_mutex_lock [call site] 00270
4 mg_set_user_connection_data [function] [call site] 00271
4 close_socket_gracefully [function] [call site] 00272
5 set_blocking_mode [function] [call site] 00273
6 fcntl64 [call site] 00274
6 fcntl64 [call site] 00275
5 shutdown [call site] 00276
5 atoi [call site] 00277
5 getsockopt [call site] 00278
5 __errno_location [call site] 00279
5 mg_cry_internal_wrap [function] [call site] 00280
5 setsockopt [call site] 00281
5 __errno_location [call site] 00282
5 mg_cry_internal_wrap [function] [call site] 00283
5 close [call site] 00284
4 mg_unlock_connection [function] [call site] 00285
5 pthread_mutex_unlock [call site] 00286
3 pthread_mutex_destroy [call site] 00287
3 mg_free [function] [call site] 00288