Fuzz introspector: firestore_serializer_fuzzer
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
5 76 2 :

['iter_from_extension', 'pb_release_single_field']

5 76 pb_release_single_field call site: 00031 /src/firebase-ios-sdk/build/external/src/nanopb/pb_decode.c:1178
5 57 2 :

['iter_from_extension', 'pb_field_set_to_default']

5 57 pb_field_set_to_default call site: 00000 /src/firebase-ios-sdk/build/external/src/nanopb/pb_decode.c:844
0 47 2 :

['pb_make_string_substream', 'pb_close_string_substream']

0 47 decode_static_field call site: 00000 /src/firebase-ios-sdk/build/external/src/nanopb/pb_decode.c:414
0 0 None 230 573 pb_decode_noinit call site: 00000 /src/firebase-ios-sdk/build/external/src/nanopb/pb_decode.c:970
0 0 None 230 573 pb_decode_noinit call site: 00000 /src/firebase-ios-sdk/build/external/src/nanopb/pb_decode.c:1015
0 0 None 2 2 allocate_field call site: 00000 /src/firebase-ios-sdk/build/external/src/nanopb/pb_decode.c:514
0 0 None 0 89 pb_release_union_field call site: 00000 /src/firebase-ios-sdk/build/external/src/nanopb/pb_decode.c:1144
0 0 None 0 55 decode_pointer_field call site: 00000 /src/firebase-ios-sdk/build/external/src/nanopb/pb_decode.c:571
0 0 None 0 51 pb_release_single_field call site: 00034 /src/firebase-ios-sdk/build/external/src/nanopb/pb_decode.c:1203
0 0 None 0 24 pb_dec_bytes call site: 00000 /src/firebase-ios-sdk/build/external/src/nanopb/pb_decode.c:1457
0 0 1 :

['std::__1::unique_ptr ::operator=(decltype(nullptr))']

0 0 firebase::firestore::util::Status::SlowCopyFrom(firebase::firestore::util::Status::Stateconst*) call site: 00000 /src/firebase-ios-sdk/Firestore/core/src/util/status.cc:97
0 0 None 0 0 pb_field_iter_next call site: 00037 /src/firebase-ios-sdk/build/external/src/nanopb/pb_common.c:65

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 firebase::firestore::model::DatabaseId::DatabaseId(std::__1::basic_string , std::__1::allocator >, std::__1::basic_string , std::__1::allocator >) [function] [call site] 00001
1 firebase::firestore::remote::Serializer::Serializer(firebase::firestore::model::DatabaseId) [function] [call site] 00002
2 firebase::firestore::model::DatabaseId::DatabaseId(firebase::firestore::model::DatabaseId&&) [function] [call site] 00003
1 firebase::firestore::model::DatabaseId::~DatabaseId() [function] [call site] 00004
1 firebase::firestore::nanopb::StringReader::StringReader(unsigned char const*, unsigned long) [function] [call site] 00005
2 firebase::firestore::nanopb::Reader::Reader() [function] [call site] 00006
3 firebase::firestore::util::ReadContext::ReadContext() [function] [call site] 00007
4 firebase::firestore::util::Status::OK() [function] [call site] 00008
5 firebase::firestore::util::Status::Status() [function] [call site] 00009
2 pb_istream_from_buffer [function] [call site] 00010
3 buf_read [function] [call site] 00011
2 firebase::firestore::nanopb::Reader::~Reader() [function] [call site] 00012
3 firebase::firestore::util::ReadContext::~ReadContext() [function] [call site] 00013
4 firebase::firestore::util::Status::~Status() [function] [call site] 00014
1 firebase::firestore::nanopb::Message ::TryParse(firebase::firestore::nanopb::Reader*) [function] [call site] 00015
2 firebase::firestore::nanopb::Message ::Message() [function] [call site] 00016
2 firebase::firestore::nanopb::Message ::fields() [function] [call site] 00017
3 pb_field_s const* firebase::firestore::nanopb::FieldsArray () [function] [call site] 00018
2 firebase::firestore::nanopb::Reader::ok() const [function] [call site] 00019
3 firebase::firestore::util::ReadContext::ok() const [function] [call site] 00020
4 firebase::firestore::util::Status::ok() const [function] [call site] 00021
2 firebase::firestore::nanopb::Message ::release() [function] [call site] 00022
3 firebase::firestore::nanopb::Message ::get() [function] [call site] 00023
2 firebase::firestore::nanopb::Message ::Message() [function] [call site] 00024
2 firebase::firestore::nanopb::Message ::~Message() [function] [call site] 00025
3 firebase::firestore::nanopb::Message ::Free() [function] [call site] 00026
4 firebase::firestore::nanopb::Message ::fields() [function] [call site] 00027
4 firebase::firestore::nanopb::FreeNanopbMessage(pb_field_s const*, void*) [function] [call site] 00028
5 pb_release [function] [call site] 00029
6 pb_field_iter_begin [function] [call site] 00030
6 pb_release_single_field [function] [call site] 00031
7 iter_from_extension [function] [call site] 00032
8 pb_field_iter_begin [function] [call site] 00033
7 pb_release_single_field [function] [call site] 00034
8 pb_release [function] [call site] 00035
9 pb_field_iter_next [function] [call site] 00036
10 pb_field_iter_begin [function] [call site] 00037
3 __clang_call_terminate [call site] 00038
4 __cxa_begin_catch [call site] 00039
2 firebase::firestore::nanopb::Message ::Message(firebase::firestore::nanopb::Message &&) [function] [call site] 00040
1 firebase::firestore::nanopb::Message ::~Message() [function] [call site] 00041
1 firebase::firestore::nanopb::Reader::~Reader() [function] [call site] 00042
1 __cxa_begin_catch [call site] 00043
1 __cxa_end_catch [call site] 00044
1 firebase::firestore::remote::Serializer::~Serializer() [function] [call site] 00045
2 firebase::firestore::model::DatabaseId::~DatabaseId() [function] [call site] 00046