Fuzz introspector: /src/connectedhomeip/out/fuzz_targets/../../src/setup_payload/tests/FuzzBase38.cpp
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
3678 3707 4 :

['chip::app::reporting::Engine::ScheduleBufferPressureEventDelivery(unsigned int)', 'chip::Logging::IsCategoryEnabled(unsigned char)', 'chip::Logging::Log(unsigned char, unsigned char, char const*, ...)', 'chip::Loop chip::HeapObjectPool ::ForEachActiveObject (chip::app::reporting::Engine::ScheduleEventDelivery(chip::app::ConcreteEventPath&, unsigned int)::$_0&&)']

3678 3709 chip::app::reporting::Engine::ScheduleEventDelivery(chip::app::ConcreteEventPath&,unsignedint) call site: 00000 /src/connectedhomeip/out/fuzz_targets/../../src/app/reporting/Engine.cpp:1137
1979 1979 5 :

['unsigned char* std::__1::copy[abi:nn180100] (unsigned char const*, unsigned char const*, unsigned char*)', 'chip::Span ::end() const', 'chip::Span ::begin() const', 'chip::CASESession::SendSigma2Resume()', 'std::__1::array ::begin[abi:nn180100]()']

2035 5561 chip::CASESession::HandleSigma1(chip::System::PacketBufferHandle&&) call site: 00000 /src/connectedhomeip/out/fuzz_targets/../../src/protocols/secure_channel/CASESession.cpp:1003
1951 1985 11 :

['chip::CASESession::GetState()', 'chip::ChipError::Format() const', 'chip::PairingSession::GetRemoteMRPConfig() const', 'bool std::__1::chrono::operator<[abi:nn180100] , unsigned short, std::__1::ratio<1l, 1000l> >(std::__1::chrono::duration > const&, std::__1::chrono::duration > const&)', 'chip::CASEServer::SendBusyStatusReport(chip::Messaging::ExchangeContext*, std::__1::chrono::duration >)', 'std::__1::chrono::duration >::max[abi:nn180100]()', 'chip::CASESession::InvokeBackgroundWorkWatchdog()', '_ZNSt3__16chrono8durationItNS_5ratioILl1ELl1000EEEEC2B8nn180100IiTnNS_9enable_ifIXaasr14is_convertibleIRKT_tEE5valueooL_ZNS_17integral_constantIbLb0EE5valueEEntsr23treat_as_floating_pointIS7_EE5valueEiE4typeELi0EEES9_', 'chip::CASESession::ComputeSigma2ResponseTimeout(chip::ReliableMessageProtocolConfig const&)', '_ZNSt3__16chrono13duration_castB8nn180100INS0_8durationItNS_5ratioILl1ELl1000EEEEEjS4_TnNS_9enable_ifIXsr13__is_durationIT_EE5valueEiE4typeELi0EEES7_RKNS2_IT0_T1_EE', 'chip::ChipError::operator!=(chip::ChipError const&) const']

1951 2202 chip::CASEServer::OnMessageReceived(chip::Messaging::ExchangeContext*,chip::PayloadHeaderconst&,chip::System::PacketBufferHandle&&) call site: 00000 /src/connectedhomeip/out/fuzz_targets/../../src/protocols/secure_channel/CASEServer.cpp:86
1718 1718 2 :

['chip::Messaging::ExchangeContext::SetResponseExpected(bool)', 'chip::Messaging::ExchangeContext::CancelResponseTimer()']

1800 1952 chip::Messaging::ExchangeContext::SendMessage(chip::Protocols::Id,unsignedchar,chip::System::PacketBufferHandle&&,chip::BitFlags const&) call site: 00000 /src/connectedhomeip/out/fuzz_targets/../../src/messaging/ExchangeContext.cpp:182
1718 1718 2 :

['chip::Messaging::ExchangeContext::SetResponseExpected(bool)', 'chip::Messaging::ExchangeContext::CancelResponseTimer()']

1760 3543 chip::Messaging::ExchangeContext::HandleMessage(unsignedint,chip::PayloadHeaderconst&,chip::BitFlags ,chip::System::PacketBufferHandle&&) call site: 00000 /src/connectedhomeip/out/fuzz_targets/../../src/messaging/ExchangeContext.cpp:605
1706 1708 2 :

['chip::Messaging::ExchangeManager::GetReliableMessageMgr()', 'chip::Messaging::ReliableMessageMgr::ClearRetransTable(chip::Messaging::ReliableMessageContext*)']

3413 3419 chip::Messaging::ExchangeContext::DoClose(bool) call site: 00000 /src/connectedhomeip/out/fuzz_targets/../../src/messaging/ExchangeContext.cpp:241
1428 1451 4 :

['chip::FabricTable::ReadFabricInfo(chip::TLV::ContiguousBufferTLVReader&)', 'chip::TLV::ContiguousBufferTLVReader::Init(unsigned char const*, unsigned long)', 'chip::TLV::ContiguousBufferTLVReader::ContiguousBufferTLVReader()', 'chip::ChipError::IsSuccess(chip::ChipError)']

2047 2485 chip::FabricTable::Init(chip::FabricTable::InitParamsconst&) call site: 00000 /src/connectedhomeip/out/fuzz_targets/../../src/credentials/FabricTable.cpp:1103
619 619 1 :

['chip::FabricTable::Delete(unsigned char)']

619 650 chip::FabricTable::Init(chip::FabricTable::InitParamsconst&) call site: 00000 /src/connectedhomeip/out/fuzz_targets/../../src/credentials/FabricTable.cpp:1126
559 559 1 :

['chip::app::Clusters::TimeSynchronization::TimeSynchronizationServer::AttemptToGetTimeFromTrustedNode()']

4381 4385 chip::app::Clusters::TimeSynchronization::TimeSynchronizationServer::AttemptToGetTime() call site: 00000 /src/connectedhomeip/out/fuzz_targets/../../src/app/clusters/time-synchronization-server/time-synchronization-server.cpp:431
405 641 7 :

['chip::app::DataModel::Nullable ::Value()', 'chip::app::DataModel::Nullable ::IsNull() const', 'chip::app::Clusters::ModeSelect::Attributes::CurrentMode::Set(unsigned short, unsigned char)', 'chip::app::Clusters::ModeSelect::Attributes::OnMode::Get(unsigned short, chip::app::DataModel::Nullable &)', 'chip::Logging::Log(unsigned char, unsigned char, char const*, ...)', 'chip::app::DataModel::Nullable ::Nullable()', 'chip::Logging::IsCategoryEnabled(unsigned char)']

405 643 OnOffServer::initOnOffServer(unsignedshort) call site: 00000 /src/connectedhomeip/out/fuzz_targets/../../src/app/clusters/on-off-server/on-off-server.cpp:531
402 402 1 :

['chip::app::Clusters::LevelControl::Attributes::CurrentLevel::SetNull(unsigned short, chip::app::MarkAttributeDirty)']

402 402 chip::app::Clusters::LevelControl::Attributes::CurrentLevel::Set(unsignedshort,chip::app::DataModel::Nullable const&,chip::app::MarkAttributeDirty) call site: 00000 /src/connectedhomeip/out/fuzz_targets/../../zzz_generated/app-common/app-common/zap-generated/attributes/Accessors.cpp:824
318 318 1 :

['chip::Transport::SecureSessionTable::EvictAndAllocate(unsigned short, chip::Transport::SecureSession::Type, chip::ScopedNodeId const&)']

318 490 chip::Transport::SecureSessionTable::CreateNewSecureSession(chip::Transport::SecureSession::Type,chip::ScopedNodeId) call site: 00000 /src/connectedhomeip/out/fuzz_targets/../../src/transport/SecureSessionTable.cpp:74

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 chip::base38EncodedLength(unsigned long) [function] [call site] 00001
1 chip::Span<unsigned char const>::Span(unsigned char const*, unsigned long) [function] [call site] 00002
2 chip::Logging::IsCategoryEnabled(unsigned char) [function] [call site] 00003
3 chip::Logging::GetLogFilter() [function] [call site] 00004
2 chip::Logging::Log(unsigned char, unsigned char, char const*, ...) [function] [call site] 00005
3 chip::Logging::LogV(unsigned char, unsigned char, char const*, __va_list_tag*) [function] [call site] 00006
4 chip::Logging::GetModuleName(chip::Logging::LogModule) [function] [call site] 00007
4 chip::Logging::Platform::LogV(char const*, unsigned char, char const*, __va_list_tag*) [function] [call site] 00008
5 flockfile [call site] 00009
5 printf [call site] 00010
5 printf [call site] 00011
5 printf [call site] 00012
5 timespec_get [call site] 00013
5 printf [call site] 00014
5 syscall [call site] 00015
5 printf [call site] 00016
5 printf [call site] 00017
5 vprintf [call site] 00018
5 printf [call site] 00019
5 fflush [call site] 00020
5 funlockfile [call site] 00021
2 abort [call site] 00022
1 _ZN4chip4SpanIcEC2IcLm512ETnNSt3__19enable_ifIXaaaantsr3stdE9is_same_vIT_KcEeqstS5_Lm1Esr3stdE16is_convertible_vIPS5_PcEEbE4typeELb1EEERAT0__S5_ [function] [call site] 00023
1 chip::base38Encode(chip::Span<unsigned char const>, chip::Span<char>&) [function] [call site] 00024
2 chip::Span<unsigned char const>::data() const [function] [call site] 00025
2 chip::Span<unsigned char const>::size() const [function] [call site] 00026
2 chip::Span<char>::size() const [function] [call site] 00027
2 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00028
2 chip::Span<char>::data() const [function] [call site] 00029
2 chip::Span<char>::size() const [function] [call site] 00030
2 chip::Span<char>::data() const [function] [call site] 00031
2 chip::Span<char>::reduce_size(unsigned long) [function] [call site] 00032
3 chip::Span<char>::size() const [function] [call site] 00033
3 chip::Logging::IsCategoryEnabled(unsigned char) [function] [call site] 00034
3 chip::Logging::Log(unsigned char, unsigned char, char const*, ...) [function] [call site] 00035
3 abort [call site] 00036
2 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00037
1 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00038
1 chip::ChipError::operator!=(chip::ChipError const&) const [function] [call site] 00039
1 chip::Span<char>::data() const [function] [call site] 00040
1 chip::Span<char>::size() const [function] [call site] 00041
1 chip::base38Decode(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::vector<unsigned char, std::__1::allocator<unsigned char> >&) [function] [call site] 00042
2 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00043
2 (anonymous namespace)::decodeChar(char, unsigned char&) [function] [call site] 00044
3 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00045
3 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00046
3 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00047
2 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00048
2 chip::ChipError::operator!=(chip::ChipError const&) const [function] [call site] 00049
2 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00050
2 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00051
1 chip::ChipError::ChipError(unsigned int, char const*, unsigned int) [function] [call site] 00052
1 chip::ChipError::operator==(chip::ChipError const&) const [function] [call site] 00053
1 memcmp [call site] 00054