Fuzz introspector: xml_parser_fuzzer
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
135 1709 13 :

['reportComment', 'poolClear', 'processInternalEntity', 'getContext', 'XmlUtf8Encode', 'memcmp', 'freeBindings', 'storeAtts', 'reportDefault', 'reportProcessingInstruction', 'lookup', 'poolStoreString', 'doCdataSection']

135 1839 doContent call site: 00000 /src/CMake/Utilities/cmexpat/lib/xmlparse.c:3078
135 1709 13 :

['reportComment', 'poolClear', 'processInternalEntity', 'getContext', 'XmlUtf8Encode', 'memcmp', 'freeBindings', 'storeAtts', 'reportDefault', 'reportProcessingInstruction', 'lookup', 'poolStoreString', 'doCdataSection']

135 1839 doContent call site: 00000 /src/CMake/Utilities/cmexpat/lib/xmlparse.c:3139
7 73 3 :

['normalizeLines', 'poolStoreString', 'poolClear']

7 73 reportProcessingInstruction call site: 00000 /src/CMake/Utilities/cmexpat/lib/xmlparse.c:6422
7 42 3 :

['normalizeLines', 'poolStoreString', 'poolClear']

7 42 reportComment call site: 00000 /src/CMake/Utilities/cmexpat/lib/xmlparse.c:6447
4 4 2 :

['__errno_location', 'strtoul']

4 4 getDebugLevel call site: 00016 /src/CMake/Utilities/cmexpat/lib/xmlparse.c:8526
0 180 2 :

['poolGrow', 'lookup']

0 180 getAttributeId call site: 00000 /src/CMake/Utilities/cmexpat/lib/xmlparse.c:6621
0 124 1 :

['little2_prologTok']

0 124 initScan call site: 00000 /src/CMake/Utilities/cmexpat/lib/xmltok.c:1621
0 34 1 :

['XML_ParserFree']

0 34 parserCreate call site: 00000 /src/CMake/Utilities/cmexpat/lib/xmlparse.c:1161
0 0 None 579 1158 cdataSectionProcessor call site: 00000 /src/CMake/Utilities/cmexpat/lib/xmlparse.c:4073
0 0 None 135 1839 doContent call site: 00000 /src/CMake/Utilities/cmexpat/lib/xmlparse.c:2910
0 0 None 135 1839 doContent call site: 00000 /src/CMake/Utilities/cmexpat/lib/xmlparse.c:2932
0 0 None 135 1839 doContent call site: 00000 /src/CMake/Utilities/cmexpat/lib/xmlparse.c:2944

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 fopen [call site] 00001
1 fwrite [call site] 00002
1 fclose [call site] 00003
1 cmXMLParser::cmXMLParser() [function] [call site] 00004
1 cmXMLParser::ParseFile(char const*) [function] [call site] 00005
1 cmXMLParser::~cmXMLParser() [function] [call site] 00006
2 cmXMLParser::CleanupParser() [function] [call site] 00007
3 XML_Parse [function] [call site] 00008
4 startParsing [function] [call site] 00009
5 generate_hash_secret_salt [function] [call site] 00010
6 writeRandomBytes_getrandom_nonblock [function] [call site] 00011
7 getrandom [call site] 00012
7 __errno_location [call site] 00013
6 ENTROPY_DEBUG [function] [call site] 00014
7 getDebugLevel [function] [call site] 00015
8 getenv [call site] 00016
8 __errno_location [call site] 00017
8 strtoul [call site] 00018
7 fprintf [call site] 00019
6 writeRandomBytes_dev_urandom [function] [call site] 00020
7 open [call site] 00021
7 read [call site] 00022
7 __errno_location [call site] 00023
7 close [call site] 00024
6 ENTROPY_DEBUG [function] [call site] 00025
6 gather_time_entropy [function] [call site] 00026
7 gettimeofday [call site] 00027
6 getpid [call site] 00028
6 ENTROPY_DEBUG [function] [call site] 00029
5 setContext [function] [call site] 00030
6 poolGrow [function] [call site] 00031
7 poolBytesToAllocateFor [function] [call site] 00032
7 poolBytesToAllocateFor [function] [call site] 00033
6 lookup [function] [call site] 00034
7 hash [function] [call site] 00035
8 copy_salt_to_sipkey [function] [call site] 00036
9 get_hash_secret_salt [function] [call site] 00037
8 sip24_init [function] [call site] 00038
8 keylen [function] [call site] 00039
8 sip24_update [function] [call site] 00040
9 sip_round [function] [call site] 00041
8 sip24_final [function] [call site] 00042
9 sip_round [function] [call site] 00043
9 sip_round [function] [call site] 00044
7 hash [function] [call site] 00045
7 keyeq [function] [call site] 00046
7 hash [function] [call site] 00047
6 poolGrow [function] [call site] 00048
6 lookup [function] [call site] 00049
6 poolCopyString [function] [call site] 00050
7 poolGrow [function] [call site] 00051
6 poolGrow [function] [call site] 00052
6 poolGrow [function] [call site] 00053
6 addBinding [function] [call site] 00054
7 is_rfc3986_uri_char [function] [call site] 00055
6 poolGrow [function] [call site] 00056
4 XML_GetBuffer [function] [call site] 00057
4 XML_ParseBuffer [function] [call site] 00058
5 startParsing [function] [call site] 00059
5 callProcessor [function] [call site] 00060
3 XML_ParserFree [function] [call site] 00061
4 destroyBindings [function] [call site] 00062
4 destroyBindings [function] [call site] 00063
4 destroyBindings [function] [call site] 00064
4 poolDestroy [function] [call site] 00065
4 poolDestroy [function] [call site] 00066
4 dtdDestroy [function] [call site] 00067
5 hashTableIterInit [function] [call site] 00068
5 hashTableIterNext [function] [call site] 00069
5 hashTableDestroy [function] [call site] 00070
5 hashTableDestroy [function] [call site] 00071
5 hashTableDestroy [function] [call site] 00072
5 hashTableDestroy [function] [call site] 00073
5 poolDestroy [function] [call site] 00074
5 poolDestroy [function] [call site] 00075
2 __clang_call_terminate [call site] 00076
3 __cxa_begin_catch [call site] 00077
1 remove [call site] 00078