Fuzz introspector: /src/connectedhomeip/out/fuzz_targets/../../src/lib/dnssd/minimal_mdns/tests/FuzzPacketParsing.cpp
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
3678 3707 4 :

['chip::app::reporting::Engine::ScheduleBufferPressureEventDelivery(unsigned int)', 'chip::Logging::IsCategoryEnabled(unsigned char)', 'chip::Logging::Log(unsigned char, unsigned char, char const*, ...)', 'chip::Loop chip::HeapObjectPool ::ForEachActiveObject (chip::app::reporting::Engine::ScheduleEventDelivery(chip::app::ConcreteEventPath&, unsigned int)::$_0&&)']

3678 3709 chip::app::reporting::Engine::ScheduleEventDelivery(chip::app::ConcreteEventPath&,unsignedint) call site: 00000 /src/connectedhomeip/out/fuzz_targets/../../src/app/reporting/Engine.cpp:1137
1979 1979 5 :

['unsigned char* std::__1::copy[abi:nn180100] (unsigned char const*, unsigned char const*, unsigned char*)', 'chip::Span ::end() const', 'chip::Span ::begin() const', 'chip::CASESession::SendSigma2Resume()', 'std::__1::array ::begin[abi:nn180100]()']

2035 5561 chip::CASESession::HandleSigma1(chip::System::PacketBufferHandle&&) call site: 00000 /src/connectedhomeip/out/fuzz_targets/../../src/protocols/secure_channel/CASESession.cpp:1003
1951 1985 11 :

['chip::CASESession::GetState()', 'chip::ChipError::Format() const', 'chip::PairingSession::GetRemoteMRPConfig() const', 'bool std::__1::chrono::operator<[abi:nn180100] , unsigned short, std::__1::ratio<1l, 1000l> >(std::__1::chrono::duration > const&, std::__1::chrono::duration > const&)', 'chip::CASEServer::SendBusyStatusReport(chip::Messaging::ExchangeContext*, std::__1::chrono::duration >)', 'std::__1::chrono::duration >::max[abi:nn180100]()', 'chip::CASESession::InvokeBackgroundWorkWatchdog()', '_ZNSt3__16chrono8durationItNS_5ratioILl1ELl1000EEEEC2B8nn180100IiTnNS_9enable_ifIXaasr14is_convertibleIRKT_tEE5valueooL_ZNS_17integral_constantIbLb0EE5valueEEntsr23treat_as_floating_pointIS7_EE5valueEiE4typeELi0EEES9_', 'chip::CASESession::ComputeSigma2ResponseTimeout(chip::ReliableMessageProtocolConfig const&)', '_ZNSt3__16chrono13duration_castB8nn180100INS0_8durationItNS_5ratioILl1ELl1000EEEEEjS4_TnNS_9enable_ifIXsr13__is_durationIT_EE5valueEiE4typeELi0EEES7_RKNS2_IT0_T1_EE', 'chip::ChipError::operator!=(chip::ChipError const&) const']

1951 2202 chip::CASEServer::OnMessageReceived(chip::Messaging::ExchangeContext*,chip::PayloadHeaderconst&,chip::System::PacketBufferHandle&&) call site: 00000 /src/connectedhomeip/out/fuzz_targets/../../src/protocols/secure_channel/CASEServer.cpp:86
1718 1718 2 :

['chip::Messaging::ExchangeContext::SetResponseExpected(bool)', 'chip::Messaging::ExchangeContext::CancelResponseTimer()']

1800 1952 chip::Messaging::ExchangeContext::SendMessage(chip::Protocols::Id,unsignedchar,chip::System::PacketBufferHandle&&,chip::BitFlags const&) call site: 00000 /src/connectedhomeip/out/fuzz_targets/../../src/messaging/ExchangeContext.cpp:182
1718 1718 2 :

['chip::Messaging::ExchangeContext::SetResponseExpected(bool)', 'chip::Messaging::ExchangeContext::CancelResponseTimer()']

1760 3543 chip::Messaging::ExchangeContext::HandleMessage(unsignedint,chip::PayloadHeaderconst&,chip::BitFlags ,chip::System::PacketBufferHandle&&) call site: 00000 /src/connectedhomeip/out/fuzz_targets/../../src/messaging/ExchangeContext.cpp:605
1706 1708 2 :

['chip::Messaging::ExchangeManager::GetReliableMessageMgr()', 'chip::Messaging::ReliableMessageMgr::ClearRetransTable(chip::Messaging::ReliableMessageContext*)']

3413 3419 chip::Messaging::ExchangeContext::DoClose(bool) call site: 00000 /src/connectedhomeip/out/fuzz_targets/../../src/messaging/ExchangeContext.cpp:241
1428 1451 4 :

['chip::FabricTable::ReadFabricInfo(chip::TLV::ContiguousBufferTLVReader&)', 'chip::TLV::ContiguousBufferTLVReader::Init(unsigned char const*, unsigned long)', 'chip::TLV::ContiguousBufferTLVReader::ContiguousBufferTLVReader()', 'chip::ChipError::IsSuccess(chip::ChipError)']

2047 2485 chip::FabricTable::Init(chip::FabricTable::InitParamsconst&) call site: 00000 /src/connectedhomeip/out/fuzz_targets/../../src/credentials/FabricTable.cpp:1103
619 619 1 :

['chip::FabricTable::Delete(unsigned char)']

619 650 chip::FabricTable::Init(chip::FabricTable::InitParamsconst&) call site: 00000 /src/connectedhomeip/out/fuzz_targets/../../src/credentials/FabricTable.cpp:1126
559 559 1 :

['chip::app::Clusters::TimeSynchronization::TimeSynchronizationServer::AttemptToGetTimeFromTrustedNode()']

4381 4385 chip::app::Clusters::TimeSynchronization::TimeSynchronizationServer::AttemptToGetTime() call site: 00000 /src/connectedhomeip/out/fuzz_targets/../../src/app/clusters/time-synchronization-server/time-synchronization-server.cpp:431
405 641 7 :

['chip::app::DataModel::Nullable ::Value()', 'chip::app::DataModel::Nullable ::IsNull() const', 'chip::app::Clusters::ModeSelect::Attributes::CurrentMode::Set(unsigned short, unsigned char)', 'chip::app::Clusters::ModeSelect::Attributes::OnMode::Get(unsigned short, chip::app::DataModel::Nullable &)', 'chip::Logging::Log(unsigned char, unsigned char, char const*, ...)', 'chip::app::DataModel::Nullable ::Nullable()', 'chip::Logging::IsCategoryEnabled(unsigned char)']

405 643 OnOffServer::initOnOffServer(unsignedshort) call site: 00000 /src/connectedhomeip/out/fuzz_targets/../../src/app/clusters/on-off-server/on-off-server.cpp:531
402 402 1 :

['chip::app::Clusters::LevelControl::Attributes::CurrentLevel::SetNull(unsigned short, chip::app::MarkAttributeDirty)']

402 402 chip::app::Clusters::LevelControl::Attributes::CurrentLevel::Set(unsignedshort,chip::app::DataModel::Nullable const&,chip::app::MarkAttributeDirty) call site: 00000 /src/connectedhomeip/out/fuzz_targets/../../zzz_generated/app-common/app-common/zap-generated/attributes/Accessors.cpp:824
318 318 1 :

['chip::Transport::SecureSessionTable::EvictAndAllocate(unsigned short, chip::Transport::SecureSession::Type, chip::ScopedNodeId const&)']

318 490 chip::Transport::SecureSessionTable::CreateNewSecureSession(chip::Transport::SecureSession::Type,chip::ScopedNodeId) call site: 00000 /src/connectedhomeip/out/fuzz_targets/../../src/transport/SecureSessionTable.cpp:74

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 mdns::Minimal::BytesRange::BytesRange(unsigned char const*, unsigned char const*) [function] [call site] 00001
1 (anonymous namespace)::FuzzDelegate::FuzzDelegate(mdns::Minimal::BytesRange const&) [function] [call site] 00002
2 mdns::Minimal::ParserDelegate::ParserDelegate() [function] [call site] 00003
1 mdns::Minimal::ParsePacket(mdns::Minimal::BytesRange const&, mdns::Minimal::ParserDelegate*) [function] [call site] 00004
2 mdns::Minimal::BytesRange::Size() const [function] [call site] 00005
2 mdns::Minimal::BytesRange::Start() const [function] [call site] 00006
2 mdns::Minimal::ConstHeaderRef::ConstHeaderRef(unsigned char const*) [function] [call site] 00007
2 mdns::Minimal::ConstHeaderRef::GetFlags() const [function] [call site] 00008
3 mdns::Minimal::ConstHeaderRef::Get16At(unsigned long) const [function] [call site] 00009
4 chip::Encoding::BigEndian::Get16(unsigned char const*) [function] [call site] 00010
5 nl::IO::BigEndian::GetUnaligned16(void const*) [function] [call site] 00011
6 nl::IO::GetUnaligned16(void const*) [function] [call site] 00012
7 nlIOGetUnaligned16(void const*) [function] [call site] 00013
6 nl::ByteOrder::Swap16BigToHost(unsigned short) [function] [call site] 00014
7 nlByteOrderSwap16BigToHost(unsigned short) [function] [call site] 00015
8 nlByteOrderValueSwap16(unsigned short) [function] [call site] 00016
3 mdns::Minimal::BitPackedFlags::BitPackedFlags(unsigned short) [function] [call site] 00017
2 mdns::Minimal::BitPackedFlags::IsValidMdns() const [function] [call site] 00018
2 mdns::Minimal::BytesRange::Start() const [function] [call site] 00019
2 mdns::Minimal::QueryData::QueryData() [function] [call site] 00020
3 mdns::Minimal::SerializedQNameIterator::SerializedQNameIterator() [function] [call site] 00021
4 mdns::Minimal::BytesRange::BytesRange() [function] [call site] 00022
2 mdns::Minimal::ConstHeaderRef::GetQueryCount() const [function] [call site] 00023
3 mdns::Minimal::ConstHeaderRef::Get16At(unsigned long) const [function] [call site] 00024
2 mdns::Minimal::QueryData::Parse(mdns::Minimal::BytesRange const&, unsigned char const**) [function] [call site] 00025
3 mdns::Minimal::BytesRange::Contains(unsigned char const*) const [function] [call site] 00026
3 mdns::Minimal::SerializedQNameIterator::SerializedQNameIterator(mdns::Minimal::BytesRange, unsigned char const*) [function] [call site] 00027
4 mdns::Minimal::BytesRange::Start() const [function] [call site] 00028
3 mdns::Minimal::SerializedQNameIterator::FindDataEnd() [function] [call site] 00029
4 mdns::Minimal::SerializedQNameIterator::Next(bool) [function] [call site] 00030
5 mdns::Minimal::BytesRange::Contains(unsigned char const*) const [function] [call site] 00031
5 __assert_fail [call site] 00032
5 mdns::Minimal::BytesRange::Contains(unsigned char const*) const [function] [call site] 00033
5 mdns::Minimal::BytesRange::Size() const [function] [call site] 00034
5 mdns::Minimal::BytesRange::Start() const [function] [call site] 00035
5 mdns::Minimal::BytesRange::Start() const [function] [call site] 00036
5 mdns::Minimal::BytesRange::Contains(unsigned char const*) const [function] [call site] 00037
4 mdns::Minimal::SerializedQNameIterator::IsValid() const [function] [call site] 00038
4 mdns::Minimal::BytesRange::Contains(unsigned char const*) const [function] [call site] 00039
3 mdns::Minimal::BytesRange::Contains(unsigned char const*) const [function] [call site] 00040
3 chip::Encoding::BigEndian::Read16(unsigned char const*&) [function] [call site] 00041
4 nl::IO::BigEndian::ReadUnaligned16(void const*&) [function] [call site] 00042
5 nl::IO::ReadUnaligned16(void const*&) [function] [call site] 00043
6 nlIOReadUnaligned16(void const**) [function] [call site] 00044
7 nlIOGetUnaligned16(void const*) [function] [call site] 00045
5 nl::ByteOrder::Swap16BigToHost(unsigned short) [function] [call site] 00046
3 chip::Encoding::BigEndian::Read16(unsigned char const*&) [function] [call site] 00047
3 mdns::Minimal::SerializedQNameIterator::SerializedQNameIterator(mdns::Minimal::BytesRange, unsigned char const*) [function] [call site] 00048
2 mdns::Minimal::ResourceData::ResourceData() [function] [call site] 00049
3 mdns::Minimal::SerializedQNameIterator::SerializedQNameIterator() [function] [call site] 00050
3 mdns::Minimal::BytesRange::BytesRange() [function] [call site] 00051
2 mdns::Minimal::ConstHeaderRef::GetAnswerCount() const [function] [call site] 00052
3 mdns::Minimal::ConstHeaderRef::Get16At(unsigned long) const [function] [call site] 00053
2 mdns::Minimal::ResourceData::Parse(mdns::Minimal::BytesRange const&, unsigned char const**) [function] [call site] 00054
3 mdns::Minimal::SerializedQNameIterator::SerializedQNameIterator(mdns::Minimal::BytesRange, unsigned char const*) [function] [call site] 00055
3 mdns::Minimal::SerializedQNameIterator::FindDataEnd() [function] [call site] 00056
3 mdns::Minimal::BytesRange::Contains(unsigned char const*) const [function] [call site] 00057
3 chip::Encoding::BigEndian::Read16(unsigned char const*&) [function] [call site] 00058
3 chip::Encoding::BigEndian::Read16(unsigned char const*&) [function] [call site] 00059
3 chip::Encoding::BigEndian::Read32(unsigned char const*&) [function] [call site] 00060
4 nl::IO::BigEndian::ReadUnaligned32(void const*&) [function] [call site] 00061
5 nl::IO::ReadUnaligned32(void const*&) [function] [call site] 00062
6 nlIOReadUnaligned32(void const**) [function] [call site] 00063
7 nlIOGetUnaligned32(void const*) [function] [call site] 00064
5 nl::ByteOrder::Swap32BigToHost(unsigned int) [function] [call site] 00065
6 nlByteOrderSwap32BigToHost(unsigned int) [function] [call site] 00066
7 nlByteOrderValueSwap32(unsigned int) [function] [call site] 00067
3 chip::Encoding::BigEndian::Read16(unsigned char const*&) [function] [call site] 00068
3 mdns::Minimal::BytesRange::Contains(unsigned char const*) const [function] [call site] 00069
3 mdns::Minimal::BytesRange::BytesRange(unsigned char const*, unsigned char const*) [function] [call site] 00070
3 mdns::Minimal::SerializedQNameIterator::SerializedQNameIterator(mdns::Minimal::BytesRange, unsigned char const*) [function] [call site] 00071
2 mdns::Minimal::ConstHeaderRef::GetAuthorityCount() const [function] [call site] 00072
3 mdns::Minimal::ConstHeaderRef::Get16At(unsigned long) const [function] [call site] 00073
2 mdns::Minimal::ResourceData::Parse(mdns::Minimal::BytesRange const&, unsigned char const**) [function] [call site] 00074
2 mdns::Minimal::ConstHeaderRef::GetAdditionalCount() const [function] [call site] 00075
3 mdns::Minimal::ConstHeaderRef::Get16At(unsigned long) const [function] [call site] 00076
2 mdns::Minimal::ResourceData::Parse(mdns::Minimal::BytesRange const&, unsigned char const**) [function] [call site] 00077
1 (anonymous namespace)::FuzzDelegate::~FuzzDelegate() [function] [call site] 00078
2 mdns::Minimal::ParserDelegate::~ParserDelegate() [function] [call site] 00079