Fuzz introspector: civetweb_fuzz1
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
207 207 6 :

['mg_cry_internal_wrap', 'setgid', 'strerror', 'setuid', 'setgroups', '__errno_location']

207 207 set_uid_option call site: 00000 /src/civetweb/src/civetweb.c:16677
106 106 1 :

['initialize_openssl']

106 110 mg_init_library call site: 00000 /src/civetweb/src/civetweb.c:23129
63 63 1 :

['mg_cry_internal_wrap']

63 63 mg_vsnprintf call site: 00012 /src/civetweb/src/civetweb.c:3195
4 4 2 :

['pthread_mutexattr_destroy', 'pthread_key_delete']

6 10 mg_init_library call site: 00000 /src/civetweb/src/civetweb.c:23074
4 4 2 :

['strchr', 'strlen']

6 6 next_option call site: 00000 /src/civetweb/src/civetweb.c:4003
2 2 1 :

['htonl']

4 6 parse_port_string call site: 00000 /src/civetweb/src/civetweb.c:15862
2 2 1 :

['abort']

2 2 civetweb_init call site: 00000 /src/civetweb/fuzztest/fuzzmain.c:92
2 2 1 :

['memchr']

2 2 next_option call site: 00000 /src/civetweb/src/civetweb.c:4008
0 8 1 :

['close_all_listening_sockets']

0 8 set_ports_option call site: 00000 /src/civetweb/src/civetweb.c:16428
0 0 None 3181 4497 mg_start2 call site: 00000 /src/civetweb/src/civetweb.c:21137
0 0 None 3104 4146 mg_start2 call site: 00000 /src/civetweb/src/civetweb.c:21214
0 0 None 3104 4146 mg_start2 call site: 00000 /src/civetweb/src/civetweb.c:21292

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 LLVMFuzzerTestOneInput_URI [function] [call site] 00001
2 test_civetweb_client [function] [call site] 00002
3 mg_connect_client [function] [call site] 00003
4 mg_connect_client_impl [function] [call site] 00004
5 atoi [call site] 00005
5 mg_calloc [function] [call site] 00006
6 calloc [call site] 00007
5 __errno_location [call site] 00008
5 strerror [call site] 00009
5 mg_snprintf [function] [call site] 00010
6 mg_vsnprintf [function] [call site] 00011
7 vsnprintf [call site] 00012
7 mg_cry_internal_wrap [function] [call site] 00013
8 fake_connection [function] [call site] 00014
8 mg_cry_internal_impl [function] [call site] 00015
9 vsnprintf [call site] 00016
9 fputs [call site] 00017
9 mg_fopen [function] [call site] 00018
10 mg_path_suspicious [function] [call site] 00019
10 mg_stat [function] [call site] 00020
11 mg_path_suspicious [function] [call site] 00021
11 stat64 [call site] 00022
10 fopen64 [call site] 00023
10 fopen64 [call site] 00024
10 fopen64 [call site] 00025
10 mg_stat [function] [call site] 00026
9 flockfile [call site] 00027
9 time [call site] 00028
9 sockaddr_to_string [function] [call site] 00029
10 getnameinfo [call site] 00030
9 fprintf [call site] 00031
9 fprintf [call site] 00032
9 fprintf [call site] 00033
9 fputc [call site] 00034
9 fflush [call site] 00035
9 funlockfile [call site] 00036
9 mg_fclose [function] [call site] 00037
10 fclose [call site] 00038
8 mg_cry_internal_impl [function] [call site] 00039
5 connect_socket [function] [call site] 00040
6 mg_snprintf [function] [call site] 00041
6 is_valid_port [function] [call site] 00042
6 mg_snprintf [function] [call site] 00043
6 mg_snprintf [function] [call site] 00044
6 mg_inet_pton [function] [call site] 00045
7 getaddrinfo [call site] 00046
7 freeaddrinfo [call site] 00047
6 htons [call site] 00048
6 mg_snprintf [function] [call site] 00049
6 socket [call site] 00050
6 __errno_location [call site] 00051
6 __errno_location [call site] 00052
6 strerror [call site] 00053
6 mg_snprintf [function] [call site] 00054
6 set_non_blocking_mode [function] [call site] 00055
7 fcntl64 [call site] 00056
7 fcntl64 [call site] 00057
6 __errno_location [call site] 00058
6 __errno_location [call site] 00059
6 strerror [call site] 00060
6 mg_snprintf [function] [call site] 00061
6 close [call site] 00062
6 set_close_on_exec [function] [call site] 00063
7 fcntl64 [call site] 00064
7 fake_connection [function] [call site] 00065
7 __errno_location [call site] 00066
7 strerror [call site] 00067
7 mg_cry_internal_wrap [function] [call site] 00068
6 connect [call site] 00069
6 __errno_location [call site] 00070
6 mg_poll [function] [call site] 00071
7 poll [call site] 00072
7 __errno_location [call site] 00073
6 mg_snprintf [function] [call site] 00074
6 close [call site] 00075
6 getsockopt [call site] 00076
6 __errno_location [call site] 00077
6 strerror [call site] 00078
6 mg_snprintf [function] [call site] 00079
6 close [call site] 00080
5 mg_free [function] [call site] 00081
5 ssl_error [function] [call site] 00082
5 mg_snprintf [function] [call site] 00083
5 close [call site] 00084
5 mg_free [function] [call site] 00085
5 getsockname [call site] 00086
5 __errno_location [call site] 00087
5 strerror [call site] 00088
5 mg_cry_internal_wrap [function] [call site] 00089
5 pthread_mutex_init [call site] 00090
5 __errno_location [call site] 00091
5 mg_snprintf [function] [call site] 00092
5 close [call site] 00093
5 mg_free [function] [call site] 00094
5 ssl_use_pem_file [function] [call site] 00095
6 ssl_error [function] [call site] 00096
6 mg_cry_internal_wrap [function] [call site] 00097
6 ssl_error [function] [call site] 00098
6 mg_cry_internal_wrap [function] [call site] 00099
6 mg_cry_internal_wrap [function] [call site] 00100
6 ssl_error [function] [call site] 00101
6 mg_cry_internal_wrap [function] [call site] 00102
5 mg_snprintf [function] [call site] 00103
5 close [call site] 00104
5 mg_free [function] [call site] 00105
5 ssl_error [function] [call site] 00106
5 mg_snprintf [function] [call site] 00107
5 close [call site] 00108
5 mg_free [function] [call site] 00109
5 sslize [function] [call site] 00110
6 mg_strcasecmp [function] [call site] 00111
7 lowercase [function] [call site] 00112
8 tolower [call site] 00113
6 refresh_trust [function] [call site] 00114
7 stat64 [call site] 00115
7 mg_lock_context [function] [call site] 00116
8 pthread_mutex_lock [call site] 00117
7 mg_strcasecmp [function] [call site] 00118
7 mg_strcasecmp [function] [call site] 00119
7 mg_unlock_context [function] [call site] 00120
8 pthread_mutex_unlock [call site] 00121
7 ssl_error [function] [call site] 00122
7 mg_cry_internal_wrap [function] [call site] 00123
7 ssl_use_pem_file [function] [call site] 00124
7 mg_unlock_context [function] [call site] 00125
7 mg_unlock_context [function] [call site] 00126
6 mg_lock_context [function] [call site] 00127
6 mg_unlock_context [function] [call site] 00128
6 ssl_error [function] [call site] 00129
6 mg_cry_internal_wrap [function] [call site] 00130
6 ssl_error [function] [call site] 00131
6 mg_cry_internal_wrap [function] [call site] 00132
6 atoi [call site] 00133
6 usleep [call site] 00134
6 mg_poll [function] [call site] 00135
6 __errno_location [call site] 00136
6 mg_cry_internal_wrap [function] [call site] 00137
6 ssl_error [function] [call site] 00138
6 mg_cry_internal_wrap [function] [call site] 00139
5 mg_snprintf [function] [call site] 00140
5 close [call site] 00141
5 mg_free [function] [call site] 00142
3 strcmp [call site] 00143
3 fprintf [call site] 00144
3 mg_close_connection [function] [call site] 00145
4 close_connection [function] [call site] 00146
5 mg_lock_connection [function] [call site] 00147
6 pthread_mutex_lock [call site] 00148
5 mg_set_user_connection_data [function] [call site] 00149
5 close_socket_gracefully [function] [call site] 00150
6 set_blocking_mode [function] [call site] 00151
7 fcntl64 [call site] 00152
7 fcntl64 [call site] 00153
6 shutdown [call site] 00154
6 atoi [call site] 00155
6 getsockopt [call site] 00156
6 __errno_location [call site] 00157
6 strerror [call site] 00158
6 mg_cry_internal_wrap [function] [call site] 00159
6 setsockopt [call site] 00160
6 __errno_location [call site] 00161
6 strerror [call site] 00162
6 mg_cry_internal_wrap [function] [call site] 00163
6 close [call site] 00164
5 mg_unlock_connection [function] [call site] 00165
6 pthread_mutex_unlock [call site] 00166
4 pthread_mutex_destroy [call site] 00167
4 mg_free [function] [call site] 00168
3 sleep [call site] 00169
3 mg_connect_client [function] [call site] 00170
3 fprintf [call site] 00171
3 fprintf [call site] 00172
3 mg_printf [function] [call site] 00173
4 mg_vprintf [function] [call site] 00174
5 alloc_vprintf [function] [call site] 00175
6 vsnprintf [call site] 00176
6 alloc_vprintf2 [function] [call site] 00177
7 mg_free [function] [call site] 00178
7 mg_malloc [function] [call site] 00179
7 vsnprintf [call site] 00180
6 mg_malloc [function] [call site] 00181
6 vsnprintf [call site] 00182
6 vsnprintf [call site] 00183
5 mg_write [function] [call site] 00184
6 time [call site] 00185
6 push_all [function] [call site] 00186
7 atoi [call site] 00187
7 strtod [call site] 00188
7 push_inner [function] [call site] 00189
8 mg_get_current_time_ns [function] [call site] 00190
9 clock_gettime [call site] 00191
8 __errno_location [call site] 00192
8 fwrite [call site] 00193
8 ferror [call site] 00194
8 __errno_location [call site] 00195
8 send [call site] 00196
8 __errno_location [call site] 00197
8 usleep [call site] 00198
8 mg_poll [function] [call site] 00199
8 mg_get_current_time_ns [function] [call site] 00200
6 push_all [function] [call site] 00201
6 sleep [call site] 00202
6 time [call site] 00203
6 push_all [function] [call site] 00204
5 mg_free [function] [call site] 00205
3 mg_get_response [function] [call site] 00206
4 mg_snprintf [function] [call site] 00207
4 mg_snprintf [function] [call site] 00208
4 get_response [function] [call site] 00209
5 get_message [function] [call site] 00210
6 reset_per_request_attributes [function] [call site] 00211
7 mg_free [function] [call site] 00212
6 mg_snprintf [function] [call site] 00213
6 clock_gettime [call site] 00214
6 read_message [function] [call site] 00215
7 strtod [call site] 00216
7 strtod [call site] 00217
7 strtod [call site] 00218
7 get_http_header_len [function] [call site] 00219
8 __ctype_b_loc [call site] 00220
7 pull_inner [function] [call site] 00221
8 fileno [call site] 00222
8 read [call site] 00223
8 __errno_location [call site] 00224
8 mg_poll [function] [call site] 00225
8 __errno_location [call site] 00226
8 mg_poll [function] [call site] 00227
8 recv [call site] 00228
8 __errno_location [call site] 00229
7 clock_gettime [call site] 00230
7 get_http_header_len [function] [call site] 00231
7 mg_difftimespec [function] [call site] 00232
6 mg_snprintf [function] [call site] 00233
6 mg_snprintf [function] [call site] 00234
6 mg_snprintf [function] [call site] 00235
6 mg_snprintf [function] [call site] 00236
5 parse_http_response [function] [call site] 00237
6 __ctype_b_loc [call site] 00238
6 __ctype_b_loc [call site] 00239
6 get_http_header_len [function] [call site] 00240
6 strncmp [call site] 00241
6 __ctype_b_loc [call site] 00242
6 skip_to_end_of_word_and_terminate [function] [call site] 00243
7 __ctype_b_loc [call site] 00244
7 __ctype_b_loc [call site] 00245
7 __ctype_b_loc [call site] 00246
6 skip_to_end_of_word_and_terminate [function] [call site] 00247
6 strtol [call site] 00248
6 __ctype_b_loc [call site] 00249
6 __ctype_b_loc [call site] 00250
6 parse_http_headers [function] [call site] 00251
5 mg_snprintf [function] [call site] 00252
5 get_header [function] [call site] 00253
6 mg_strcasecmp [function] [call site] 00254
5 mg_strcasecmp [function] [call site] 00255
5 mg_strcasecmp [function] [call site] 00256
5 mg_snprintf [function] [call site] 00257
5 get_header [function] [call site] 00258
5 strtoll [call site] 00259
5 mg_snprintf [function] [call site] 00260
3 strcmp [call site] 00261
3 mg_close_connection [function] [call site] 00262
3 mg_get_response_info [function] [call site] 00263
3 mg_close_connection [function] [call site] 00264
3 mg_read [function] [call site] 00265
4 mg_read_inner [function] [call site] 00266
5 pull_all [function] [call site] 00267
6 atoi [call site] 00268
6 strtod [call site] 00269
6 mg_get_current_time_ns [function] [call site] 00270
6 pull_inner [function] [call site] 00271
6 mg_get_current_time_ns [function] [call site] 00272
4 mg_read_inner [function] [call site] 00273
4 mg_read_inner [function] [call site] 00274
4 mg_read_inner [function] [call site] 00275
4 strtoul [call site] 00276
4 __ctype_b_loc [call site] 00277
4 mg_read_inner [function] [call site] 00278
4 mg_read_inner [function] [call site] 00279
3 mg_read [function] [call site] 00280
3 mg_read [function] [call site] 00281
3 mg_close_connection [function] [call site] 00282
3 mg_close_connection [function] [call site] 00283