Fuzz introspector: TestFuzzCryptoCertificateDataSetPEM
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
465 496 4 :

['GetEnvironmentVariableA', 'free', 'malloc', 'WLog_AddStringLogFilters_int']

465 496 WLog_ParseFilters call site: 00236 /src/FreeRDP/winpr/libwinpr/utils/wlog/wlog.c:725
465 465 1 :

['log_recursion']

465 930 WLog_Write call site: 00037 /src/FreeRDP/winpr/libwinpr/utils/wlog/wlog.c:245
465 465 1 :

['WaitForCriticalSection']

465 473 EnterCriticalSection call site: 00038 /src/FreeRDP/winpr/libwinpr/synch/critical.c:186
465 465 1 :

['UnWaitCriticalSection']

465 465 LeaveCriticalSection call site: 00074 /src/FreeRDP/winpr/libwinpr/synch/critical.c:241
29 29 1 :

['Pcap_Close']

29 29 WLog_ConsoleAppender_Free call site: 00000 /src/FreeRDP/winpr/libwinpr/utils/wlog/ConsoleAppender.c:243
20 51 4 :

['malloc', 'GetEnvironmentVariableA', 'free', '_stricmp']

22 1448 WLog_InitializeRoot call site: 00182 /src/FreeRDP/winpr/libwinpr/utils/wlog/wlog.c:127
18 483 2 :

['WLog_SetLogLevel', 'WLog_Free']

18 948 WLog_New call site: 00156 /src/FreeRDP/winpr/libwinpr/utils/wlog/wlog.c:897
10 475 4 :

['WLog_Print_dbg_tag', 'sk_X509_num', 'PEM_write_bio_X509', 'sk_X509_value']

12 958 freerdp_certificate_get_pem_ex call site: 00339 /src/FreeRDP/libfreerdp/crypto/certificate.c:1525
4 469 3 :

['WLog_Print_dbg_tag.2054', 'Sleep', 'InterlockedCompareExchangePointer']

4 469 winpr_InitOnceExecuteOnce call site: 00013 /src/FreeRDP/winpr/libwinpr/synch/init.c:67
4 4 1 :

['sk_X509_deep_copy']

4 4 freerdp_certificate_new_from_x509 call site: 00264 /src/FreeRDP/libfreerdp/crypto/certificate.c:1329
3 3 1 :

['cert_blob_free']

3 3 certificate_free_x509_certificate_chain call site: 00300 /src/FreeRDP/libfreerdp/crypto/certificate.c:464
2 2 1 :

['BIO_new_file']

6 6 x509_utils_from_pem call site: 00006 /src/FreeRDP/libfreerdp/crypto/x509_utils.c:628

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 calloc [call site] 00001
1 freerdp_certificate_data_new_from_pem [function] [call site] 00002
2 freerdp_certificate_new_from_pem [function] [call site] 00003
3 freerdp_certificate_new_from [function] [call site] 00004
4 strlen [call site] 00005
4 x509_utils_from_pem [function] [call site] 00006
5 BIO_new_file [call site] 00007
5 BIO_new_mem_buf [call site] 00008
5 WLog_Print_dbg_tag [function] [call site] 00009
6 WLog_Get [function] [call site] 00010
7 WLog_GetRoot [function] [call site] 00011
8 winpr_InitOnceExecuteOnce [function] [call site] 00012
9 InterlockedCompareExchangePointer [function] [call site] 00013
10 winpr_int_assert [function] [call site] 00014
11 WLog_Get [function] [call site] 00015
12 WLog_Get_int [function] [call site] 00016
13 WLog_FindChild [function] [call site] 00017
14 WLog_Lock [function] [call site] 00018
15 winpr_int_assert [function] [call site] 00019
16 WLog_IsLevelActive [function] [call site] 00020
17 WLog_GetLogLevel [function] [call site] 00021
18 WLog_GetFilterLogLevel [function] [call site] 00022
19 _stricmp [function] [call site] 00023
20 strcasecmp [call site] 00024
19 __assert_fail [call site] 00025
19 _stricmp [function] [call site] 00026
19 __assert_fail [call site] 00027
18 WLog_GetLogLevel [function] [call site] 00028
16 WLog_PrintMessage [function] [call site] 00029
17 WLog_PrintMessageVA [function] [call site] 00030
18 strchr [call site] 00031
18 WLog_Write [function] [call site] 00032
19 WLog_GetLogAppender [function] [call site] 00033
20 WLog_GetLogAppender [function] [call site] 00034
19 WLog_OpenAppender [function] [call site] 00035
20 WLog_GetLogAppender [function] [call site] 00036
19 EnterCriticalSection [function] [call site] 00037
20 winpr_int_assert [function] [call site] 00038
21 winpr_log_backtrace_ex [function] [call site] 00039
22 winpr_backtrace [function] [call site] 00040
23 winpr_unwind_backtrace [function] [call site] 00041
24 calloc [call site] 00042
24 calloc [call site] 00043
24 _Unwind_Backtrace [call site] 00044
24 unwind_backtrace_callback [function] [call site] 00045
25 __assert_fail [call site] 00046
25 _Unwind_GetIP [call site] 00047
25 _Unwind_GetLanguageSpecificData [call site] 00048
24 unwind_reason_str_buffer [function] [call site] 00049
25 unwind_reason_str [function] [call site] 00050
25 snprintf [call site] 00051
24 WLog_Print_dbg_tag [function] [call site] 00052
25 WLog_IsLevelActive [function] [call site] 00053
25 WLog_PrintMessageVA [function] [call site] 00054
26 vsnprintf [call site] 00055
26 WLog_Write [function] [call site] 00056
27 log_recursion [function] [call site] 00057
28 winpr_backtrace [function] [call site] 00058
28 winpr_backtrace_symbols [function] [call site] 00059
29 WLog_Print_dbg_tag [function] [call site] 00060
29 winpr_unwind_backtrace_symbols [function] [call site] 00061
30 calloc [call site] 00062
30 dladdr [call site] 00063
30 snprintf [call site] 00064
30 snprintf [call site] 00065
28 fprintf [call site] 00066
28 fprintf [call site] 00067
28 fprintf [call site] 00068
28 winpr_backtrace_free [function] [call site] 00069
29 winpr_unwind_backtrace_free [function] [call site] 00070
27 LeaveCriticalSection [function] [call site] 00071
28 winpr_int_assert [function] [call site] 00072
29 abort [call site] 00073
28 InterlockedDecrement [function] [call site] 00074
29 winpr_int_assert [function] [call site] 00075
28 UnWaitCriticalSection [function] [call site] 00076
29 winpr_int_assert [function] [call site] 00077
29 sem_post [call site] 00078
28 InterlockedDecrement [function] [call site] 00079
26 WLog_WriteData [function] [call site] 00080
27 WLog_GetLogAppender [function] [call site] 00081
27 WLog_OpenAppender [function] [call site] 00082
27 EnterCriticalSection [function] [call site] 00083
28 InterlockedIncrement [function] [call site] 00084
29 winpr_int_assert [function] [call site] 00085
28 GetCurrentThreadId [function] [call site] 00086
29 pthread_self [call site] 00087
28 WaitForCriticalSection [function] [call site] 00088
29 winpr_int_assert [function] [call site] 00089
29 sem_wait [call site] 00090
28 GetCurrentThreadId [function] [call site] 00091
27 log_recursion [function] [call site] 00092
27 LeaveCriticalSection [function] [call site] 00093
26 WLog_WriteImage [function] [call site] 00094
27 WLog_GetLogAppender [function] [call site] 00095
27 WLog_OpenAppender [function] [call site] 00096
27 EnterCriticalSection [function] [call site] 00097
27 log_recursion [function] [call site] 00098
27 LeaveCriticalSection [function] [call site] 00099
26 WLog_WritePacket [function] [call site] 00100
27 WLog_GetLogAppender [function] [call site] 00101
27 WLog_OpenAppender [function] [call site] 00102
27 EnterCriticalSection [function] [call site] 00103
27 log_recursion [function] [call site] 00104
27 LeaveCriticalSection [function] [call site] 00105
24 winpr_unwind_backtrace_free [function] [call site] 00106
22 WLog_IsLevelActive [function] [call site] 00107
22 WLog_PrintMessage [function] [call site] 00108
22 winpr_backtrace_symbols [function] [call site] 00109
22 WLog_IsLevelActive [function] [call site] 00110
22 WLog_PrintMessage [function] [call site] 00111
22 winpr_backtrace_free [function] [call site] 00112
15 EnterCriticalSection [function] [call site] 00113
14 strcmp [call site] 00114
14 WLog_Unlock [function] [call site] 00115
15 winpr_int_assert [function] [call site] 00116
15 LeaveCriticalSection [function] [call site] 00117
13 WLog_New [function] [call site] 00118
14 calloc [call site] 00119
14 _strdup [function] [call site] 00120
15 strdup [call site] 00121
15 WLog_Print_dbg_tag [function] [call site] 00122
14 WLog_ParseName [function] [call site] 00123
15 strchr [call site] 00124
15 _strdup [function] [call site] 00125
15 calloc [call site] 00126
15 strchr [call site] 00127
14 calloc [call site] 00128
14 GetEnvironmentVariableA [function] [call site] 00129
15 getenv [call site] 00130
15 SetLastError [function] [call site] 00131
16 NtCurrentTeb [function] [call site] 00132
17 pthread_once [call site] 00133
17 sTebInitOnce [function] [call site] 00134
18 pthread_key_create [call site] 00135
18 sTebDestruct [function] [call site] 00136
17 pthread_getspecific [call site] 00137
17 calloc [call site] 00138
17 pthread_setspecific [call site] 00139
15 strlen [call site] 00140
14 GetEnvironmentVariableA [function] [call site] 00141
14 fprintf [call site] 00142
14 WLog_ParseLogLevel [function] [call site] 00143
15 _stricmp [function] [call site] 00144
15 _stricmp [function] [call site] 00145
15 _stricmp [function] [call site] 00146
15 _stricmp [function] [call site] 00147
15 _stricmp [function] [call site] 00148
15 _stricmp [function] [call site] 00149
15 _stricmp [function] [call site] 00150
14 WLog_SetLogLevel [function] [call site] 00151
15 WLog_UpdateInheritLevel [function] [call site] 00152
16 WLog_UpdateInheritLevel [function] [call site] 00153
15 WLog_reset_log_filters [function] [call site] 00154
16 WLog_reset_log_filters [function] [call site] 00155
14 WLog_GetFilterLogLevel [function] [call site] 00156
14 WLog_SetLogLevel [function] [call site] 00157
14 InitializeCriticalSectionAndSpinCount [function] [call site] 00158
15 InitializeCriticalSectionEx [function] [call site] 00159
16 winpr_int_assert [function] [call site] 00160
16 WLog_Print_dbg_tag [function] [call site] 00161
16 sem_init [call site] 00162
16 SetCriticalSectionSpinCount [function] [call site] 00163
17 winpr_int_assert [function] [call site] 00164
14 WLog_Free [function] [call site] 00165
15 WLog_Appender_Free [function] [call site] 00166
16 WLog_Layout_Free [function] [call site] 00167
16 DeleteCriticalSection [function] [call site] 00168
17 winpr_int_assert [function] [call site] 00169
17 sem_destroy [call site] 00170
15 DeleteCriticalSection [function] [call site] 00171
13 WLog_AddChild [function] [call site] 00172
14 WLog_Lock [function] [call site] 00173
14 realloc [call site] 00174
14 WLog_Unlock [function] [call site] 00175
13 WLog_Free [function] [call site] 00176
9 WLog_Print_dbg_tag [function] [call site] 00177
9 Sleep [function] [call site] 00178
10 usleep [call site] 00179
8 WLog_InitializeRoot [function] [call site] 00180
9 WLog_New [function] [call site] 00181
9 GetEnvironmentVariableA [function] [call site] 00182
9 GetEnvironmentVariableA [function] [call site] 00183
9 fprintf [call site] 00184
9 _stricmp [function] [call site] 00185
9 _stricmp [function] [call site] 00186
9 _stricmp [function] [call site] 00187
9 _stricmp [function] [call site] 00188
9 _stricmp [function] [call site] 00189
9 WLog_SetLogAppenderType [function] [call site] 00190
10 WLog_Appender_Free [function] [call site] 00191
10 WLog_Appender_New [function] [call site] 00192
11 WLog_ConsoleAppender_New [function] [call site] 00193
12 calloc [call site] 00194
11 WLog_FileAppender_New [function] [call site] 00195
12 calloc [call site] 00196
12 GetEnvironmentVariableA [function] [call site] 00197
12 GetEnvironmentVariableA [function] [call site] 00198
12 WLog_FileAppender_SetOutputFilePath [function] [call site] 00199
13 _strdup [function] [call site] 00200
12 GetEnvironmentVariableA [function] [call site] 00201
12 GetEnvironmentVariableA [function] [call site] 00202
12 WLog_FileAppender_SetOutputFileName [function] [call site] 00203
13 _strdup [function] [call site] 00204
11 WLog_BinaryAppender_New [function] [call site] 00205
12 calloc [call site] 00206
11 WLog_CallbackAppender_New [function] [call site] 00207
12 calloc [call site] 00208
11 WLog_SyslogAppender_New [function] [call site] 00209
12 calloc [call site] 00210
11 WLog_UdpAppender_New [function] [call site] 00211
12 calloc [call site] 00212
12 _socket [function] [call site] 00213
13 socket [call site] 00214
12 GetEnvironmentVariableA [function] [call site] 00215
12 GetEnvironmentVariableA [function] [call site] 00216
12 WLog_UdpAppender_Open [function] [call site] 00217
13 strchr [call site] 00218
13 winpr_int_assert [function] [call site] 00219
13 getaddrinfo [call site] 00220
13 freeaddrinfo [call site] 00221
13 freeaddrinfo [call site] 00222
12 _strdup [function] [call site] 00223
12 closesocket [function] [call site] 00224
13 close [call site] 00225
11 fprintf [call site] 00226
11 WLog_ConsoleAppender_New [function] [call site] 00227
11 WLog_Layout_New [function] [call site] 00228
12 calloc [call site] 00229
12 GetEnvironmentVariableA [function] [call site] 00230
12 GetEnvironmentVariableA [function] [call site] 00231
12 _strdup [function] [call site] 00232
11 WLog_Appender_Free [function] [call site] 00233
11 InitializeCriticalSectionAndSpinCount [function] [call site] 00234
9 WLog_ParseFilters [function] [call site] 00235
10 GetEnvironmentVariableA [function] [call site] 00236
10 GetEnvironmentVariableA [function] [call site] 00237
10 WLog_AddStringLogFilters_int [function] [call site] 00238
11 strchr [call site] 00239
11 realloc [call site] 00240
11 _strdup [function] [call site] 00241
11 strchr [call site] 00242
11 WLog_ParseFilter [function] [call site] 00243
12 strchr [call site] 00244
12 _strdup [function] [call site] 00245
12 calloc [call site] 00246
12 strrchr [call site] 00247
12 WLog_ParseLogLevel [function] [call site] 00248
12 strchr [call site] 00249
11 WLog_reset_log_filters [function] [call site] 00250
9 atexit [call site] 00251
9 WLog_Uninit_ [function] [call site] 00252
10 WLog_Free [function] [call site] 00253
10 WLog_Free [function] [call site] 00254
9 WLog_Uninit_ [function] [call site] 00255
5 PEM_read_bio_X509 [call site] 00256
5 BIO_free_all [call site] 00257
5 WLog_Print_dbg_tag [function] [call site] 00258
4 freerdp_certificate_new_from_x509 [function] [call site] 00259
5 winpr_int_assert [function] [call site] 00260
5 freerdp_certificate_new [function] [call site] 00261
6 calloc [call site] 00262
5 X509_dup [call site] 00263
5 freerdp_rsa_from_x509 [function] [call site] 00264
6 winpr_int_assert [function] [call site] 00265
6 freerdp_certificate_is_rsa [function] [call site] 00266
7 winpr_int_assert [function] [call site] 00267
7 is_rsa_key [function] [call site] 00268
8 X509_get0_pubkey [call site] 00269
8 EVP_PKEY_id [call site] 00270
6 X509_get0_pubkey [call site] 00271
6 EVP_PKEY_get1_RSA [call site] 00272
6 RSA_get0_key [call site] 00273
6 cert_info_create [function] [call site] 00274
7 winpr_int_assert [function] [call site] 00275
7 winpr_int_assert [function] [call site] 00276
7 read_bignum [function] [call site] 00277
8 winpr_int_assert [function] [call site] 00278
8 winpr_int_assert [function] [call site] 00279
8 winpr_int_assert [function] [call site] 00280
8 BN_num_bits [call site] 00281
8 BN_bn2bin [call site] 00282
8 crypto_reverse [function] [call site] 00283
7 read_bignum [function] [call site] 00284
7 cert_info_free [function] [call site] 00285
8 winpr_int_assert [function] [call site] 00286
6 RSA_free [call site] 00287
5 sk_X509_deep_copy [function] [call site] 00288
6 OPENSSL_sk_deep_copy [call site] 00289
5 X509_const_dup [function] [call site] 00290
6 X509_dup [call site] 00291
5 X509_free [call site] 00292
5 freerdp_certificate_free [function] [call site] 00293
6 certificate_free_int [function] [call site] 00294
7 winpr_int_assert [function] [call site] 00295
7 X509_free [call site] 00296
7 sk_X509_pop_free [function] [call site] 00297
8 OPENSSL_sk_pop_free [call site] 00298
7 X509_free [call site] 00299
7 certificate_free_x509_certificate_chain [function] [call site] 00300
8 cert_blob_free [function] [call site] 00301
7 cert_info_free [function] [call site] 00302
4 X509_free [call site] 00303
2 freerdp_certificate_data_new_nocopy [function] [call site] 00304
3 calloc [call site] 00305
3 _strdup [function] [call site] 00306
3 strlen [call site] 00307
3 ensure_lowercase [function] [call site] 00308
4 strnlen [call site] 00309
4 tolower [call site] 00310
3 freerdp_certificate_data_load_cache [function] [call site] 00311
4 winpr_int_assert [function] [call site] 00312
4 freerdp_certificate_data_hash_ [function] [call site] 00313
5 snprintf [call site] 00314
5 ensure_lowercase [function] [call site] 00315
4 strnlen [call site] 00316
4 freerdp_certificate_get_subject [function] [call site] 00317
5 winpr_int_assert [function] [call site] 00318
5 x509_utils_get_subject [function] [call site] 00319
6 WLog_Print_dbg_tag [function] [call site] 00320
6 X509_get_subject_name [call site] 00321
6 crypto_print_name [function] [call site] 00322
7 BIO_s_mem [call site] 00323
7 BIO_new [call site] 00324
7 X509_NAME_print_ex [call site] 00325
7 BIO_number_written [call site] 00326
7 calloc [call site] 00327
7 ERR_clear_error [call site] 00328
7 BIO_read [call site] 00329
7 BIO_free_all [call site] 00330
6 WLog_Print_dbg_tag [function] [call site] 00331
4 calloc [call site] 00332
4 freerdp_certificate_get_pem_ex [function] [call site] 00333
5 winpr_int_assert [function] [call site] 00334
5 BIO_s_mem [call site] 00335
5 BIO_new [call site] 00336
5 WLog_Print_dbg_tag [function] [call site] 00337
5 PEM_write_bio_X509 [call site] 00338
5 WLog_Print_dbg_tag [function] [call site] 00339
5 sk_X509_num [function] [call site] 00340
6 OPENSSL_sk_num [call site] 00341
5 sk_X509_value [function] [call site] 00342
6 OPENSSL_sk_value [call site] 00343
5 PEM_write_bio_X509 [call site] 00344
5 WLog_Print_dbg_tag [function] [call site] 00345
5 bio_read_pem [function] [call site] 00346
6 winpr_int_assert [function] [call site] 00347
6 winpr_int_assert [function] [call site] 00348
6 realloc [call site] 00349
6 ERR_clear_error [call site] 00350
6 BIO_read [call site] 00351
6 WLog_Print_dbg_tag [function] [call site] 00352
5 BIO_free_all [call site] 00353
4 freerdp_certificate_get_pem_ex [function] [call site] 00354
4 freerdp_certificate_get_fingerprint [function] [call site] 00355
5 freerdp_certificate_get_fingerprint_by_hash [function] [call site] 00356
6 freerdp_certificate_get_fingerprint_by_hash_ex [function] [call site] 00357
7 WLog_Print_dbg_tag [function] [call site] 00358
7 WLog_Print_dbg_tag [function] [call site] 00359
7 x509_utils_get_hash [function] [call site] 00360
8 EVP_get_digestbyname [call site] 00361
8 WLog_Print_dbg_tag [function] [call site] 00362
8 WLog_Print_dbg_tag [function] [call site] 00363
8 calloc [call site] 00364
8 WLog_Print_dbg_tag [function] [call site] 00365
8 X509_digest [call site] 00366
8 WLog_Print_dbg_tag [function] [call site] 00367
7 calloc [call site] 00368
7 snprintf [call site] 00369
7 snprintf [call site] 00370
7 snprintf [call site] 00371
4 freerdp_certificate_get_issuer [function] [call site] 00372
5 winpr_int_assert [function] [call site] 00373
5 x509_utils_get_issuer [function] [call site] 00374
6 WLog_Print_dbg_tag [function] [call site] 00375
6 X509_get_issuer_name [call site] 00376
6 crypto_print_name [function] [call site] 00377
6 WLog_Print_dbg_tag [function] [call site] 00378
4 calloc [call site] 00379
3 freerdp_certificate_data_free [function] [call site] 00380
4 freerdp_certificate_free [function] [call site] 00381
2 freerdp_certificate_free [function] [call site] 00382
1 freerdp_certificate_data_free [function] [call site] 00383