Fuzz introspector: /src/connectedhomeip/out/fuzz_targets/../../src/lib/core/tests/FuzzTlvReader.cpp
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
3678 3707 4 :

['chip::app::reporting::Engine::ScheduleBufferPressureEventDelivery(unsigned int)', 'chip::Logging::IsCategoryEnabled(unsigned char)', 'chip::Logging::Log(unsigned char, unsigned char, char const*, ...)', 'chip::Loop chip::HeapObjectPool ::ForEachActiveObject (chip::app::reporting::Engine::ScheduleEventDelivery(chip::app::ConcreteEventPath&, unsigned int)::$_0&&)']

3678 3709 chip::app::reporting::Engine::ScheduleEventDelivery(chip::app::ConcreteEventPath&,unsignedint) call site: 00000 /src/connectedhomeip/out/fuzz_targets/../../src/app/reporting/Engine.cpp:1137
1979 1979 5 :

['unsigned char* std::__1::copy[abi:nn180100] (unsigned char const*, unsigned char const*, unsigned char*)', 'chip::Span ::end() const', 'chip::Span ::begin() const', 'chip::CASESession::SendSigma2Resume()', 'std::__1::array ::begin[abi:nn180100]()']

2035 5561 chip::CASESession::HandleSigma1(chip::System::PacketBufferHandle&&) call site: 00000 /src/connectedhomeip/out/fuzz_targets/../../src/protocols/secure_channel/CASESession.cpp:1003
1951 1985 11 :

['chip::CASESession::GetState()', 'chip::ChipError::Format() const', 'chip::PairingSession::GetRemoteMRPConfig() const', 'bool std::__1::chrono::operator<[abi:nn180100] , unsigned short, std::__1::ratio<1l, 1000l> >(std::__1::chrono::duration > const&, std::__1::chrono::duration > const&)', 'chip::CASEServer::SendBusyStatusReport(chip::Messaging::ExchangeContext*, std::__1::chrono::duration >)', 'std::__1::chrono::duration >::max[abi:nn180100]()', 'chip::CASESession::InvokeBackgroundWorkWatchdog()', '_ZNSt3__16chrono8durationItNS_5ratioILl1ELl1000EEEEC2B8nn180100IiTnNS_9enable_ifIXaasr14is_convertibleIRKT_tEE5valueooL_ZNS_17integral_constantIbLb0EE5valueEEntsr23treat_as_floating_pointIS7_EE5valueEiE4typeELi0EEES9_', 'chip::CASESession::ComputeSigma2ResponseTimeout(chip::ReliableMessageProtocolConfig const&)', '_ZNSt3__16chrono13duration_castB8nn180100INS0_8durationItNS_5ratioILl1ELl1000EEEEEjS4_TnNS_9enable_ifIXsr13__is_durationIT_EE5valueEiE4typeELi0EEES7_RKNS2_IT0_T1_EE', 'chip::ChipError::operator!=(chip::ChipError const&) const']

1951 2202 chip::CASEServer::OnMessageReceived(chip::Messaging::ExchangeContext*,chip::PayloadHeaderconst&,chip::System::PacketBufferHandle&&) call site: 00000 /src/connectedhomeip/out/fuzz_targets/../../src/protocols/secure_channel/CASEServer.cpp:86
1718 1718 2 :

['chip::Messaging::ExchangeContext::SetResponseExpected(bool)', 'chip::Messaging::ExchangeContext::CancelResponseTimer()']

1800 1952 chip::Messaging::ExchangeContext::SendMessage(chip::Protocols::Id,unsignedchar,chip::System::PacketBufferHandle&&,chip::BitFlags const&) call site: 00000 /src/connectedhomeip/out/fuzz_targets/../../src/messaging/ExchangeContext.cpp:182
1718 1718 2 :

['chip::Messaging::ExchangeContext::SetResponseExpected(bool)', 'chip::Messaging::ExchangeContext::CancelResponseTimer()']

1760 3543 chip::Messaging::ExchangeContext::HandleMessage(unsignedint,chip::PayloadHeaderconst&,chip::BitFlags ,chip::System::PacketBufferHandle&&) call site: 00000 /src/connectedhomeip/out/fuzz_targets/../../src/messaging/ExchangeContext.cpp:605
1706 1708 2 :

['chip::Messaging::ExchangeManager::GetReliableMessageMgr()', 'chip::Messaging::ReliableMessageMgr::ClearRetransTable(chip::Messaging::ReliableMessageContext*)']

3413 3419 chip::Messaging::ExchangeContext::DoClose(bool) call site: 00000 /src/connectedhomeip/out/fuzz_targets/../../src/messaging/ExchangeContext.cpp:241
1428 1451 4 :

['chip::FabricTable::ReadFabricInfo(chip::TLV::ContiguousBufferTLVReader&)', 'chip::TLV::ContiguousBufferTLVReader::Init(unsigned char const*, unsigned long)', 'chip::TLV::ContiguousBufferTLVReader::ContiguousBufferTLVReader()', 'chip::ChipError::IsSuccess(chip::ChipError)']

2047 2485 chip::FabricTable::Init(chip::FabricTable::InitParamsconst&) call site: 00000 /src/connectedhomeip/out/fuzz_targets/../../src/credentials/FabricTable.cpp:1103
619 619 1 :

['chip::FabricTable::Delete(unsigned char)']

619 650 chip::FabricTable::Init(chip::FabricTable::InitParamsconst&) call site: 00000 /src/connectedhomeip/out/fuzz_targets/../../src/credentials/FabricTable.cpp:1126
559 559 1 :

['chip::app::Clusters::TimeSynchronization::TimeSynchronizationServer::AttemptToGetTimeFromTrustedNode()']

4381 4385 chip::app::Clusters::TimeSynchronization::TimeSynchronizationServer::AttemptToGetTime() call site: 00000 /src/connectedhomeip/out/fuzz_targets/../../src/app/clusters/time-synchronization-server/time-synchronization-server.cpp:431
405 641 7 :

['chip::app::DataModel::Nullable ::Value()', 'chip::app::DataModel::Nullable ::IsNull() const', 'chip::app::Clusters::ModeSelect::Attributes::CurrentMode::Set(unsigned short, unsigned char)', 'chip::app::Clusters::ModeSelect::Attributes::OnMode::Get(unsigned short, chip::app::DataModel::Nullable &)', 'chip::Logging::Log(unsigned char, unsigned char, char const*, ...)', 'chip::app::DataModel::Nullable ::Nullable()', 'chip::Logging::IsCategoryEnabled(unsigned char)']

405 643 OnOffServer::initOnOffServer(unsignedshort) call site: 00000 /src/connectedhomeip/out/fuzz_targets/../../src/app/clusters/on-off-server/on-off-server.cpp:531
402 402 1 :

['chip::app::Clusters::LevelControl::Attributes::CurrentLevel::SetNull(unsigned short, chip::app::MarkAttributeDirty)']

402 402 chip::app::Clusters::LevelControl::Attributes::CurrentLevel::Set(unsignedshort,chip::app::DataModel::Nullable const&,chip::app::MarkAttributeDirty) call site: 00000 /src/connectedhomeip/out/fuzz_targets/../../zzz_generated/app-common/app-common/zap-generated/attributes/Accessors.cpp:824
318 318 1 :

['chip::Transport::SecureSessionTable::EvictAndAllocate(unsigned short, chip::Transport::SecureSession::Type, chip::ScopedNodeId const&)']

318 490 chip::Transport::SecureSessionTable::CreateNewSecureSession(chip::Transport::SecureSession::Type,chip::ScopedNodeId) call site: 00000 /src/connectedhomeip/out/fuzz_targets/../../src/transport/SecureSessionTable.cpp:74

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 chip::TLV::TLVReader::TLVReader() [function] [call site] 00001
1 chip::TLV::TLVReader::Init(unsigned char const*, unsigned long) [function] [call site] 00002
2 chip::TLV::TLVReader::ClearElementState() [function] [call site] 00003
3 chip::TLV::AnonymousTag() [function] [call site] 00004
4 chip::TLV::ProfileTag(unsigned int, unsigned int) [function] [call site] 00005
5 chip::TLV::Tag::Tag(unsigned long) [function] [call site] 00006
2 chip::TLV::TLVReader::SetContainerOpen(bool) [function] [call site] 00007
1 chip::TLV::Utilities::Iterate(chip::TLV::TLVReader const&, chip::ChipError (*)(chip::TLV::TLVReader const&, unsigned long, void*), void*) [function] [call site] 00008
2 chip::TLV::Utilities::Iterate(chip::TLV::TLVReader const&, chip::ChipError (*)(chip::TLV::TLVReader const&, unsigned long, void*), void*, bool) [function] [call site] 00009
3 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00010
3 chip::TLV::TLVReader::TLVReader() [function] [call site] 00011
3 chip::TLV::TLVReader::Init(chip::TLV::TLVReader const&) [function] [call site] 00012
4 chip::TLV::TLVReader::IsContainerOpen() const [function] [call site] 00013
4 chip::TLV::TLVReader::SetContainerOpen(bool) [function] [call site] 00014
3 chip::TLV::Utilities::Iterate(chip::TLV::TLVReader&, unsigned long, chip::ChipError (*)(chip::TLV::TLVReader const&, unsigned long, void*), void*, bool) [function] [call site] 00015
4 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00016
4 chip::TLV::TLVReader::GetType() const [function] [call site] 00017
5 chip::TLV::TLVReader::ElementType() const [function] [call site] 00018
4 chip::TLV::TLVReader::Next() [function] [call site] 00019
5 chip::TLV::TLVReader::Skip() [function] [call site] 00020
6 chip::TLV::TLVReader::ElementType() const [function] [call site] 00021
6 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00022
6 chip::TLV::TLVTypeIsContainer(chip::TLV::TLVElementType) [function] [call site] 00023
6 chip::TLV::TLVReader::EnterContainer(chip::TLV::TLVType&) [function] [call site] 00024
7 chip::TLV::TLVReader::ElementType() const [function] [call site] 00025
7 chip::TLV::TLVTypeIsContainer(chip::TLV::TLVElementType) [function] [call site] 00026
7 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00027
7 chip::TLV::TLVReader::ClearElementState() [function] [call site] 00028
7 chip::TLV::TLVReader::SetContainerOpen(bool) [function] [call site] 00029
7 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00030
6 chip::ChipError::IsSuccess(chip::ChipError) [function] [call site] 00031
6 chip::TLV::TLVReader::ExitContainer(chip::TLV::TLVType) [function] [call site] 00032
7 chip::TLV::TLVReader::SkipToEndOfContainer() [function] [call site] 00033
8 chip::TLV::TLVReader::SetContainerOpen(bool) [function] [call site] 00034
8 chip::TLV::TLVReader::ElementType() const [function] [call site] 00035
8 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00036
8 chip::TLV::TLVTypeIsContainer(chip::TLV::TLVElementType) [function] [call site] 00037
8 chip::TLV::TLVReader::SkipData() [function] [call site] 00038
9 chip::TLV::TLVReader::ElementType() const [function] [call site] 00039
9 chip::TLV::TLVTypeHasLength(chip::TLV::TLVElementType) [function] [call site] 00040
9 chip::TLV::TLVReader::ReadData(unsigned char*, unsigned int) [function] [call site] 00041
10 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00042
10 chip::TLV::TLVReader::EnsureData(chip::ChipError) [function] [call site] 00043
11 chip::ChipError::IsSuccess(chip::ChipError) [function] [call site] 00044
11 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00045
10 chip::ChipError::IsSuccess(chip::ChipError) [function] [call site] 00046
10 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00047
8 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00048
8 chip::ChipError::operator!=(chip::ChipError const&) const [function] [call site] 00049
8 chip::TLV::TLVReader::ReadElement() [function] [call site] 00050
9 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00051
9 chip::TLV::TLVReader::EnsureData(chip::ChipError) [function] [call site] 00052
9 chip::ChipError::IsSuccess(chip::ChipError) [function] [call site] 00053
9 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00054
9 chip::TLV::TLVReader::ElementType() const [function] [call site] 00055
9 chip::TLV::IsValidTLVType(chip::TLV::TLVElementType) [function] [call site] 00056
9 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00057
9 unsigned char chip::TLV::operator>><chip::TLV::$_0>(chip::TLV::TLVTagControl, chip::TLV::$_0 const&) [function] [call site] 00058
9 chip::TLV::GetTLVFieldSize(chip::TLV::TLVElementType) [function] [call site] 00059
10 chip::TLV::TLVTypeHasValue(chip::TLV::TLVElementType) [function] [call site] 00060
9 chip::TLV::TLVFieldSizeToBytes(chip::TLV::TLVFieldSize) [function] [call site] 00061
9 chip::TLV::TLVReader::ReadData(unsigned char*, unsigned int) [function] [call site] 00062
9 chip::ChipError::IsSuccess(chip::ChipError) [function] [call site] 00063
9 chip::TLV::TLVReader::ReadTag(chip::TLV::TLVTagControl, unsigned char const*&) const [function] [call site] 00064
10 chip::Encoding::Read8(unsigned char const*&) [function] [call site] 00065
11 nl::IO::Read8(void const*&) [function] [call site] 00066
12 nlIORead8(void const**) [function] [call site] 00067
13 nlIOReadAligned8(void const**) [function] [call site] 00068
14 nlIOGetAligned8(void const*) [function] [call site] 00069
10 chip::TLV::ContextTag(unsigned char) [function] [call site] 00070
11 chip::TLV::ProfileTag(unsigned int, unsigned int) [function] [call site] 00071
10 chip::Encoding::LittleEndian::Read16(unsigned char const*&) [function] [call site] 00072
11 nl::IO::LittleEndian::ReadUnaligned16(void const*&) [function] [call site] 00073
12 nl::IO::ReadUnaligned16(void const*&) [function] [call site] 00074
13 nlIOReadUnaligned16(void const**) [function] [call site] 00075
14 nlIOGetUnaligned16(void const*) [function] [call site] 00076
12 nl::ByteOrder::Swap16LittleToHost(unsigned short) [function] [call site] 00077
13 nlByteOrderSwap16LittleToHost(unsigned short) [function] [call site] 00078
10 chip::TLV::CommonTag(unsigned int) [function] [call site] 00079
11 chip::TLV::ProfileTag(unsigned int, unsigned int) [function] [call site] 00080
10 chip::Encoding::LittleEndian::Read32(unsigned char const*&) [function] [call site] 00081
11 nl::IO::LittleEndian::ReadUnaligned32(void const*&) [function] [call site] 00082
12 nl::IO::ReadUnaligned32(void const*&) [function] [call site] 00083
13 nlIOReadUnaligned32(void const**) [function] [call site] 00084
14 nlIOGetUnaligned32(void const*) [function] [call site] 00085
12 nl::ByteOrder::Swap32LittleToHost(unsigned int) [function] [call site] 00086
13 nlByteOrderSwap32LittleToHost(unsigned int) [function] [call site] 00087
10 chip::TLV::CommonTag(unsigned int) [function] [call site] 00088
10 chip::TLV::UnknownImplicitTag() [function] [call site] 00089
11 chip::TLV::ProfileTag(unsigned int, unsigned int) [function] [call site] 00090
10 chip::Encoding::LittleEndian::Read16(unsigned char const*&) [function] [call site] 00091
10 chip::TLV::ProfileTag(unsigned int, unsigned int) [function] [call site] 00092
10 chip::TLV::UnknownImplicitTag() [function] [call site] 00093
10 chip::Encoding::LittleEndian::Read32(unsigned char const*&) [function] [call site] 00094
10 chip::TLV::ProfileTag(unsigned int, unsigned int) [function] [call site] 00095
10 chip::Encoding::LittleEndian::Read16(unsigned char const*&) [function] [call site] 00096
10 chip::Encoding::LittleEndian::Read16(unsigned char const*&) [function] [call site] 00097
10 chip::Encoding::LittleEndian::Read16(unsigned char const*&) [function] [call site] 00098
10 chip::TLV::ProfileTag(unsigned short, unsigned short, unsigned int) [function] [call site] 00099
11 chip::TLV::ProfileTag(unsigned int, unsigned int) [function] [call site] 00100
10 chip::Encoding::LittleEndian::Read16(unsigned char const*&) [function] [call site] 00101
10 chip::Encoding::LittleEndian::Read16(unsigned char const*&) [function] [call site] 00102
10 chip::Encoding::LittleEndian::Read32(unsigned char const*&) [function] [call site] 00103
10 chip::TLV::ProfileTag(unsigned short, unsigned short, unsigned int) [function] [call site] 00104
10 chip::TLV::AnonymousTag() [function] [call site] 00105
9 unsigned long chip::Encoding::LittleEndian::HostSwap<unsigned long>(unsigned long) [function] [call site] 00106
10 chip::Encoding::LittleEndian::HostSwap64(unsigned long) [function] [call site] 00107
11 nl::ByteOrder::Swap64LittleToHost(unsigned long) [function] [call site] 00108
12 nlByteOrderSwap64LittleToHost(unsigned long) [function] [call site] 00109
9 chip::TLV::TLVTypeHasLength(chip::TLV::TLVElementType) [function] [call site] 00110
9 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00111
9 chip::TLV::TLVReader::VerifyElement() [function] [call site] 00112
10 chip::TLV::TLVReader::ElementType() const [function] [call site] 00113
10 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00114
10 chip::TLV::AnonymousTag() [function] [call site] 00115
10 chip::TLV::Tag::operator!=(chip::TLV::Tag const&) const [function] [call site] 00116
10 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00117
10 chip::TLV::UnknownImplicitTag() [function] [call site] 00118
10 chip::TLV::Tag::operator==(chip::TLV::Tag const&) const [function] [call site] 00119
10 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00120
10 chip::TLV::IsContextTag(chip::TLV::Tag) [function] [call site] 00121
11 chip::TLV::ProfileIdFromTag(chip::TLV::Tag) [function] [call site] 00122
11 chip::TLV::TagNumFromTag(chip::TLV::Tag) [function] [call site] 00123
10 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00124
10 chip::TLV::AnonymousTag() [function] [call site] 00125
10 chip::TLV::Tag::operator==(chip::TLV::Tag const&) const [function] [call site] 00126
10 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00127
10 chip::TLV::AnonymousTag() [function] [call site] 00128
10 chip::TLV::Tag::operator!=(chip::TLV::Tag const&) const [function] [call site] 00129
10 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00130
10 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00131
10 chip::TLV::TLVReader::ElementType() const [function] [call site] 00132
10 chip::TLV::TLVTypeHasLength(chip::TLV::TLVElementType) [function] [call site] 00133
10 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00134
10 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00135
8 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00136
8 chip::ChipError::operator!=(chip::ChipError const&) const [function] [call site] 00137
7 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00138
7 chip::ChipError::operator!=(chip::ChipError const&) const [function] [call site] 00139
7 chip::TLV::TLVReader::ClearElementState() [function] [call site] 00140
7 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00141
6 chip::TLV::TLVReader::SkipData() [function] [call site] 00142
6 chip::ChipError::IsSuccess(chip::ChipError) [function] [call site] 00143
6 chip::TLV::TLVReader::ClearElementState() [function] [call site] 00144
6 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00145
5 chip::ChipError::IsSuccess(chip::ChipError) [function] [call site] 00146
5 chip::TLV::TLVReader::ReadElement() [function] [call site] 00147
5 chip::ChipError::IsSuccess(chip::ChipError) [function] [call site] 00148
5 chip::TLV::TLVReader::ElementType() const [function] [call site] 00149
5 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00150
5 chip::TLV::TLVTypeIsString(chip::TLV::TLVElementType) [function] [call site] 00151
5 chip::TLV::TLVReader::GetLength() const [function] [call site] 00152
6 chip::TLV::TLVReader::ElementType() const [function] [call site] 00153
6 chip::TLV::TLVTypeHasLength(chip::TLV::TLVElementType) [function] [call site] 00154
5 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00155
5 chip::TLV::TLVReader::EnsureData(chip::ChipError) [function] [call site] 00156
5 chip::ChipError::IsSuccess(chip::ChipError) [function] [call site] 00157
5 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00158
4 chip::ChipError::IsSuccess(chip::ChipError) [function] [call site] 00159
4 chip::TLV::TLVReader::GetType() const [function] [call site] 00160
4 chip::ChipError::IsSuccess(chip::ChipError) [function] [call site] 00161
4 chip::TLV::TLVTypeIsContainer(chip::TLV::TLVType) [function] [call site] 00162
4 chip::TLV::TLVReader::EnterContainer(chip::TLV::TLVType&) [function] [call site] 00163
4 chip::ChipError::IsSuccess(chip::ChipError) [function] [call site] 00164
4 chip::TLV::Utilities::Iterate(chip::TLV::TLVReader&, unsigned long, chip::ChipError (*)(chip::TLV::TLVReader const&, unsigned long, void*), void*, bool) [function] [call site] 00165
5 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00166
5 chip::ChipError::operator!=(chip::ChipError const&) const [function] [call site] 00167
5 chip::TLV::TLVReader::ExitContainer(chip::TLV::TLVType) [function] [call site] 00168
5 chip::ChipError::IsSuccess(chip::ChipError) [function] [call site] 00169
5 chip::TLV::TLVReader::Next() [function] [call site] 00170
5 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00171
5 chip::ChipError::operator==(chip::ChipError const&) const [function] [call site] 00172
1 FuzzIterator(chip::TLV::TLVReader const&, unsigned long, void*) [function] [call site] 00173
2 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00174