Fuzz introspector: TestFuzzCryptoCertificateDataSetPEM
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
467 498 4 :

['malloc', 'GetEnvironmentVariableA', 'free', 'WLog_AddStringLogFilters_int']

467 498 WLog_ParseFilters call site: 00113 /src/FreeRDP/winpr/libwinpr/utils/wlog/wlog.c:721
464 464 1 :

['log_recursion']

464 476 WLog_Write call site: 00000 /src/FreeRDP/winpr/libwinpr/utils/wlog/wlog.c:244
29 29 1 :

['Pcap_Close']

29 29 WLog_ConsoleAppender_Free call site: 00000 /src/FreeRDP/winpr/libwinpr/utils/wlog/ConsoleAppender.c:239
20 51 4 :

['malloc', 'GetEnvironmentVariableA', '_stricmp', 'free']

22 997 WLog_InitializeRoot call site: 00102 /src/FreeRDP/winpr/libwinpr/utils/wlog/wlog.c:126
18 18 2 :

['WLog_SetLogLevel', 'free']

18 476 WLog_New call site: 00076 /src/FreeRDP/winpr/libwinpr/utils/wlog/wlog.c:889
10 951 6 :

['WLog_PrintMessage', 'WLog_IsLevelActive', 'WLog_Get', 'PEM_write_bio_X509', 'sk_X509_num', 'sk_X509_value']

12 1423 freerdp_certificate_get_pem_ex call site: 00203 /src/FreeRDP/libfreerdp/crypto/certificate.c:1467
6 947 6 :

['WLog_Get', 'WLog_PrintMessage', 'BIO_read', 'ERR_clear_error', 'realloc', 'WLog_IsLevelActive']

6 947 bio_read_pem call site: 00214 /src/FreeRDP/libfreerdp/crypto/certificate.c:1417
6 6 1 :

['WaitForCriticalSection']

6 14 EnterCriticalSection call site: 00020 /src/FreeRDP/winpr/libwinpr/synch/critical.c:184
6 6 1 :

['UnWaitCriticalSection']

6 6 LeaveCriticalSection call site: 00032 /src/FreeRDP/winpr/libwinpr/synch/critical.c:239
4 947 5 :

['WLog_Get', 'WLog_PrintMessage', 'Sleep', 'InterlockedCompareExchangePointer', 'WLog_IsLevelActive']

4 947 winpr_InitOnceExecuteOnce call site: 00012 /src/FreeRDP/winpr/libwinpr/synch/init.c:64
4 4 1 :

['sk_X509_dup']

4 4 freerdp_certificate_new_from_x509 call site: 00141 /src/FreeRDP/libfreerdp/crypto/certificate.c:1282
3 3 1 :

['cert_blob_free']

3 3 certificate_free_x509_certificate_chain call site: 00169 /src/FreeRDP/libfreerdp/crypto/certificate.c:463

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 calloc [call site] 00001
1 freerdp_certificate_data_new_from_pem [function] [call site] 00002
2 freerdp_certificate_new_from_pem [function] [call site] 00003
3 freerdp_certificate_new_from [function] [call site] 00004
4 strlen [call site] 00005
4 x509_utils_from_pem [function] [call site] 00006
5 BIO_new_file [call site] 00007
5 BIO_new_mem_buf [call site] 00008
5 WLog_Get [function] [call site] 00009
6 WLog_GetRoot [function] [call site] 00010
7 winpr_InitOnceExecuteOnce [function] [call site] 00011
8 InterlockedCompareExchangePointer [function] [call site] 00012
8 WLog_Get [function] [call site] 00013
9 WLog_Get_int [function] [call site] 00014
10 WLog_FindChild [function] [call site] 00015
11 WLog_Lock [function] [call site] 00016
12 __assert_fail [call site] 00017
12 EnterCriticalSection [function] [call site] 00018
13 __assert_fail [call site] 00019
13 InterlockedIncrement [function] [call site] 00020
13 GetCurrentThreadId [function] [call site] 00021
14 pthread_self [call site] 00022
13 WaitForCriticalSection [function] [call site] 00023
14 __assert_fail [call site] 00024
14 sem_wait [call site] 00025
13 GetCurrentThreadId [function] [call site] 00026
11 strcmp [call site] 00027
11 WLog_Unlock [function] [call site] 00028
12 __assert_fail [call site] 00029
12 LeaveCriticalSection [function] [call site] 00030
13 __assert_fail [call site] 00031
13 InterlockedDecrement [function] [call site] 00032
13 UnWaitCriticalSection [function] [call site] 00033
14 __assert_fail [call site] 00034
14 sem_post [call site] 00035
13 InterlockedDecrement [function] [call site] 00036
10 WLog_New [function] [call site] 00037
11 calloc [call site] 00038
11 _strdup [function] [call site] 00039
12 strdup [call site] 00040
12 WLog_Get [function] [call site] 00041
11 WLog_ParseName [function] [call site] 00042
12 strchr [call site] 00043
12 _strdup [function] [call site] 00044
12 calloc [call site] 00045
12 strchr [call site] 00046
11 calloc [call site] 00047
11 GetEnvironmentVariableA [function] [call site] 00048
12 getenv [call site] 00049
12 SetLastError [function] [call site] 00050
13 NtCurrentTeb [function] [call site] 00051
14 pthread_once [call site] 00052
14 sTebInitOnce [function] [call site] 00053
15 pthread_key_create [call site] 00054
15 sTebDestruct [function] [call site] 00055
14 pthread_getspecific [call site] 00056
14 calloc [call site] 00057
14 pthread_setspecific [call site] 00058
12 strlen [call site] 00059
11 GetEnvironmentVariableA [function] [call site] 00060
11 fprintf [call site] 00061
11 WLog_ParseLogLevel [function] [call site] 00062
12 _stricmp [function] [call site] 00063
13 strcasecmp [call site] 00064
12 _stricmp [function] [call site] 00065
12 _stricmp [function] [call site] 00066
12 _stricmp [function] [call site] 00067
12 _stricmp [function] [call site] 00068
12 _stricmp [function] [call site] 00069
12 _stricmp [function] [call site] 00070
11 WLog_SetLogLevel [function] [call site] 00071
12 WLog_UpdateInheritLevel [function] [call site] 00072
13 WLog_UpdateInheritLevel [function] [call site] 00073
12 WLog_reset_log_filters [function] [call site] 00074
13 WLog_reset_log_filters [function] [call site] 00075
11 WLog_GetFilterLogLevel [function] [call site] 00076
12 _stricmp [function] [call site] 00077
12 _stricmp [function] [call site] 00078
11 WLog_SetLogLevel [function] [call site] 00079
11 InitializeCriticalSectionAndSpinCount [function] [call site] 00080
12 InitializeCriticalSectionEx [function] [call site] 00081
13 __assert_fail [call site] 00082
13 WLog_Get [function] [call site] 00083
13 sem_init [call site] 00084
13 SetCriticalSectionSpinCount [function] [call site] 00085
14 __assert_fail [call site] 00086
10 WLog_AddChild [function] [call site] 00087
11 WLog_Lock [function] [call site] 00088
11 realloc [call site] 00089
11 WLog_Unlock [function] [call site] 00090
10 WLog_Free [function] [call site] 00091
11 WLog_Appender_Free [function] [call site] 00092
12 WLog_Layout_Free [function] [call site] 00093
12 DeleteCriticalSection [function] [call site] 00094
13 __assert_fail [call site] 00095
13 sem_destroy [call site] 00096
11 DeleteCriticalSection [function] [call site] 00097
8 Sleep [function] [call site] 00098
9 usleep [call site] 00099
7 WLog_InitializeRoot [function] [call site] 00100
8 WLog_New [function] [call site] 00101
8 GetEnvironmentVariableA [function] [call site] 00102
8 GetEnvironmentVariableA [function] [call site] 00103
8 fprintf [call site] 00104
8 _stricmp [function] [call site] 00105
8 _stricmp [function] [call site] 00106
8 _stricmp [function] [call site] 00107
8 _stricmp [function] [call site] 00108
8 _stricmp [function] [call site] 00109
8 WLog_SetLogAppenderType [function] [call site] 00110
9 WLog_Appender_Free [function] [call site] 00111
8 WLog_ParseFilters [function] [call site] 00112
9 GetEnvironmentVariableA [function] [call site] 00113
9 GetEnvironmentVariableA [function] [call site] 00114
9 WLog_AddStringLogFilters_int [function] [call site] 00115
10 strchr [call site] 00116
10 realloc [call site] 00117
10 _strdup [function] [call site] 00118
10 strchr [call site] 00119
10 WLog_ParseFilter [function] [call site] 00120
11 strchr [call site] 00121
11 _strdup [function] [call site] 00122
11 calloc [call site] 00123
11 strrchr [call site] 00124
11 WLog_ParseLogLevel [function] [call site] 00125
11 strchr [call site] 00126
10 WLog_reset_log_filters [function] [call site] 00127
8 atexit [call site] 00128
8 WLog_Uninit_ [function] [call site] 00129
9 WLog_Free [function] [call site] 00130
9 WLog_Free [function] [call site] 00131
8 WLog_Uninit_ [function] [call site] 00132
5 PEM_read_bio_X509 [call site] 00133
5 BIO_free_all [call site] 00134
5 WLog_Get [function] [call site] 00135
4 freerdp_certificate_new_from_x509 [function] [call site] 00136
5 __assert_fail [call site] 00137
5 freerdp_certificate_new [function] [call site] 00138
6 calloc [call site] 00139
5 X509_dup [call site] 00140
5 freerdp_rsa_from_x509 [function] [call site] 00141
6 __assert_fail [call site] 00142
6 freerdp_certificate_is_rsa [function] [call site] 00143
7 __assert_fail [call site] 00144
7 is_rsa_key [function] [call site] 00145
8 X509_get0_pubkey [call site] 00146
8 EVP_PKEY_id [call site] 00147
6 X509_get0_pubkey [call site] 00148
6 EVP_PKEY_get1_RSA [call site] 00149
6 RSA_get0_key [call site] 00150
6 cert_info_create [function] [call site] 00151
7 __assert_fail [call site] 00152
7 __assert_fail [call site] 00153
7 read_bignum [function] [call site] 00154
8 __assert_fail [call site] 00155
8 BN_bn2bin [call site] 00156
8 crypto_reverse [function] [call site] 00157
7 read_bignum [function] [call site] 00158
7 cert_info_free [function] [call site] 00159
8 __assert_fail [call site] 00160
6 RSA_free [call site] 00161
5 sk_X509_dup [function] [call site] 00162
6 OPENSSL_sk_dup [call site] 00163
5 freerdp_certificate_free [function] [call site] 00164
6 certificate_free_int [function] [call site] 00165
7 __assert_fail [call site] 00166
7 X509_free [call site] 00167
7 sk_X509_free [function] [call site] 00168
7 certificate_free_x509_certificate_chain [function] [call site] 00169
8 cert_blob_free [function] [call site] 00170
7 cert_info_free [function] [call site] 00171
4 X509_free [call site] 00172
2 freerdp_certificate_data_new_nocopy [function] [call site] 00173
3 calloc [call site] 00174
3 _strdup [function] [call site] 00175
3 strlen [call site] 00176
3 ensure_lowercase [function] [call site] 00177
4 strnlen [call site] 00178
4 tolower [call site] 00179
3 freerdp_certificate_data_load_cache [function] [call site] 00180
4 __assert_fail [call site] 00181
4 freerdp_certificate_data_hash_ [function] [call site] 00182
5 snprintf [call site] 00183
5 ensure_lowercase [function] [call site] 00184
4 strnlen [call site] 00185
4 freerdp_certificate_get_subject [function] [call site] 00186
5 __assert_fail [call site] 00187
5 x509_utils_get_subject [function] [call site] 00188
6 WLog_Get [function] [call site] 00189
6 X509_get_subject_name [call site] 00190
6 crypto_print_name [function] [call site] 00191
7 BIO_s_mem [call site] 00192
7 X509_NAME_print_ex [call site] 00193
7 calloc [call site] 00194
7 ERR_clear_error [call site] 00195
6 WLog_Get [function] [call site] 00196
4 calloc [call site] 00197
4 freerdp_certificate_get_pem_ex [function] [call site] 00198
5 __assert_fail [call site] 00199
5 BIO_s_mem [call site] 00200
5 WLog_Get [function] [call site] 00201
5 PEM_write_bio_X509 [call site] 00202
5 WLog_Get [function] [call site] 00203
5 sk_X509_num [function] [call site] 00204
5 sk_X509_value [function] [call site] 00205
5 PEM_write_bio_X509 [call site] 00206
5 WLog_Get [function] [call site] 00207
5 bio_read_pem [function] [call site] 00208
6 __assert_fail [call site] 00209
6 __assert_fail [call site] 00210
6 realloc [call site] 00211
6 ERR_clear_error [call site] 00212
6 BIO_read [call site] 00213
6 WLog_Get [function] [call site] 00214
5 BIO_free_all [call site] 00215
4 freerdp_certificate_get_pem_ex [function] [call site] 00216
4 freerdp_certificate_get_fingerprint [function] [call site] 00217
5 freerdp_certificate_get_fingerprint_by_hash [function] [call site] 00218
6 freerdp_certificate_get_fingerprint_by_hash_ex [function] [call site] 00219
7 WLog_Get [function] [call site] 00220
7 WLog_Get [function] [call site] 00221
7 x509_utils_get_hash [function] [call site] 00222
8 EVP_get_digestbyname [call site] 00223
8 WLog_Get [function] [call site] 00224
8 WLog_Get [function] [call site] 00225
8 WLog_Get [function] [call site] 00226
8 WLog_Get [function] [call site] 00227
7 calloc [call site] 00228
7 snprintf [call site] 00229
7 snprintf [call site] 00230
7 snprintf [call site] 00231
4 freerdp_certificate_get_issuer [function] [call site] 00232
5 __assert_fail [call site] 00233
5 x509_utils_get_issuer [function] [call site] 00234
6 WLog_Get [function] [call site] 00235
6 X509_get_issuer_name [call site] 00236
6 crypto_print_name [function] [call site] 00237
6 WLog_Get [function] [call site] 00238
4 calloc [call site] 00239
3 freerdp_certificate_data_free [function] [call site] 00240
4 freerdp_certificate_free [function] [call site] 00241
2 freerdp_certificate_free [function] [call site] 00242
1 freerdp_certificate_data_free [function] [call site] 00243