Fuzz introspector: gdbm_fuzzer
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
712 712 3 :

['free', 'gdbm_open', 'tildexpand']

712 1118 opendb call site: 00000 /src/gdbm/tools/gdbmshell.c:140
238 238 1 :

['_gdbm_avail_list_size']

238 238 avail_begin call site: 00000 /src/gdbm/tools/gdbmshell.c:807
236 236 1 :

['gdbm_avail_verify']

240 244 gdbm_fd_open call site: 00000 /src/gdbm/src/gdbmopen.c:677
236 236 3 :

['strtoul', 'lerror', 'strcmp']

238 1404 recover_handler call site: 00000 /src/gdbm/tools/gdbmshell.c:674
176 382 3 :

['cache_tab_lookup_slot', 'cache_lru_free', 'cache_tab_resize']

176 553 cache_lookup call site: 00000 /src/gdbm/src/bucket.c:319
118 118 2 :

['fputc', 'format_arg']

167 252 run_command call site: 00273 /src/gdbm/tools/gdbmshell.c:3099
56 164 8 :

['__errno_location', 'ioctl', 'fchmod', '_gdbmsync_done.1388', 'gdbm_errno_location', 'gdbm_set_errno', 'fsync', '_gdbmsync_init.1389']

56 164 _gdbm_snapshot call site: 00446 /src/gdbm/src/gdbmsync.c:82
44 44 5 :

['strcmp', 'strlen', 'strtok', 'terror', 'str2errcode']

44 44 errormask_sethook call site: 00000 /src/gdbm/tools/var.c:750
33 33 4 :

['terror', '__errno_location', 'strerror', 'popen']

35 115 run_command call site: 00298 /src/gdbm/tools/gdbmshell.c:3122
27 32 2 :

['lerror', 'interactive']

27 32 command_lookup call site: 00125 /src/gdbm/tools/gdbmshell.c:2546
27 27 1 :

['lerror']

27 27 dsconv call site: 00000 /src/gdbm/tools/datconv.c:382
27 27 1 :

['lerror']

27 27 print_bucket_begin call site: 00000 /src/gdbm/tools/gdbmshell.c:890

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 syscall [call site] 00001
1 perror [call site] 00002
1 exit [call site] 00003
1 write [call site] 00004
1 close [call site] 00005
1 perror [call site] 00006
1 exit [call site] 00007
1 lseek [call site] 00008
1 close [call site] 00009
1 perror [call site] 00010
1 exit [call site] 00011
1 variable_set [function] [call site] 00012
2 varfind [function] [call site] 00013
3 strcmp [call site] 00014
1 variable_set [function] [call site] 00015
1 gdbmshell [function] [call site] 00016
2 gdbmshell_run [function] [call site] 00017
3 strlen [call site] 00018
3 qsort [call site] 00019
3 cmdcmp [function] [call site] 00020
4 strcmp [call site] 00021
3 datadef_lookup [function] [call site] 00022
4 strcmp [call site] 00023
3 datadef_lookup [function] [call site] 00024
3 variables_init [function] [call site] 00025
4 variable_set [function] [call site] 00026
4 variable_set [function] [call site] 00027
3 variable_set [function] [call site] 00028
3 getenv [call site] 00029
3 variable_set [function] [call site] 00030
3 gdbmarglist_init [function] [call site] 00031
3 lex_trace [function] [call site] 00032
3 input_context_push [function] [call site] 00033
4 input_context_lookup [function] [call site] 00034
5 instream_eq [function] [call site] 00035
4 terror [function] [call site] 00036
5 vlerror [function] [call site] 00037
6 interactive [function] [call site] 00038
7 instream_interactive [function] [call site] 00039
6 fprintf [call site] 00040
6 locus_print [function] [call site] 00041
7 fprintf [call site] 00042
7 strcmp [call site] 00043
7 fprintf [call site] 00044
7 fprintf [call site] 00045
7 fprintf [call site] 00046
7 fprintf [call site] 00047
6 fprintf [call site] 00048
6 vfprintf [call site] 00049
6 fputc [call site] 00050
4 instream_name [function] [call site] 00051
4 lerror [function] [call site] 00052
5 vlerror [function] [call site] 00053
4 yy_create_buffer [function] [call site] 00054
5 yyalloc [function] [call site] 00055
5 yy_fatal_error [function] [call site] 00056
6 fprintf [call site] 00057
6 exit [call site] 00058
5 yyalloc [function] [call site] 00059
5 yy_fatal_error [function] [call site] 00060
5 yy_init_buffer [function] [call site] 00061
6 __errno_location [call site] 00062
6 yy_flush_buffer [function] [call site] 00063
7 yy_load_buffer_state [function] [call site] 00064
6 fileno [call site] 00065
6 __errno_location [call site] 00066
4 ecalloc [function] [call site] 00067
5 calloc [call site] 00068
5 ealloc_die [function] [call site] 00069
6 strerror [call site] 00070
6 error [function] [call site] 00071
7 verror [function] [call site] 00072
8 prerror [function] [call site] 00073
9 fprintf [call site] 00074
9 vfprintf [call site] 00075
9 fprintf [call site] 00076
9 fprintf [call site] 00077
9 fputc [call site] 00078
6 exit [call site] 00079
4 instream_name [function] [call site] 00080
4 file_name_alloc [function] [call site] 00081
5 strlen [call site] 00082
5 emalloc [function] [call site] 00083
6 ealloc_die [function] [call site] 00084
5 strcpy [call site] 00085
5 atexit [call site] 00086
5 file_names_free [function] [call site] 00087
3 sigemptyset [call site] 00088
3 sigaction [call site] 00089
3 instream_interactive [function] [call site] 00090
3 variable_is_true [function] [call site] 00091
4 variable_get [function] [call site] 00092
5 varfind [function] [call site] 00093
3 printf [call site] 00094
3 yyparse [function] [call site] 00095
4 yylex [function] [call site] 00096
5 yyalloc [function] [call site] 00097
5 yy_fatal_error [function] [call site] 00098
5 yyensure_buffer_stack [function] [call site] 00099
6 yyalloc [function] [call site] 00100
6 yy_fatal_error [function] [call site] 00101
6 yyrealloc [function] [call site] 00102
7 realloc [call site] 00103
6 yy_fatal_error [function] [call site] 00104
5 yy_create_buffer [function] [call site] 00105
5 yy_load_buffer_state [function] [call site] 00106
5 setbeg [function] [call site] 00107
5 strchr [call site] 00108
5 strtol [call site] 00109
5 strcspn [call site] 00110
5 yyerror [function] [call site] 00111
6 terror [function] [call site] 00112
5 emalloc [function] [call site] 00113
5 yyerror [function] [call site] 00114
5 setbeg [function] [call site] 00115
5 advance_line [function] [call site] 00116
5 setbeg [function] [call site] 00117
5 command_lookup [function] [call site] 00118
6 strlen [call site] 00119
6 memcmp [call site] 00120
6 interactive [function] [call site] 00121
6 fprintf [call site] 00122
6 fprintf [call site] 00123
6 fprintf [call site] 00124
6 abort [call site] 00125
6 interactive [function] [call site] 00126
5 setbeg [function] [call site] 00127
5 command_lookup [function] [call site] 00128
5 setbeg [function] [call site] 00129
5 command_lookup [function] [call site] 00130
5 setbeg [function] [call site] 00131
5 setbeg [function] [call site] 00132
5 setbeg [function] [call site] 00133
5 setbeg [function] [call site] 00134
5 t_num [function] [call site] 00135
6 __errno_location [call site] 00136
6 strtol [call site] 00137
6 __errno_location [call site] 00138
6 __errno_location [call site] 00139
6 lerror [function] [call site] 00140
6 lerror [function] [call site] 00141
5 setbeg [function] [call site] 00142
5 setbeg [function] [call site] 00143
5 setbeg [function] [call site] 00144
5 datadef_lookup [function] [call site] 00145
5 estrdup [function] [call site] 00146
6 strlen [call site] 00147
6 emalloc [function] [call site] 00148
6 strcpy [call site] 00149
5 setbeg [function] [call site] 00150
5 estrdup [function] [call site] 00151
5 setbeg [function] [call site] 00152
5 advance_line [function] [call site] 00153
5 setbeg [function] [call site] 00154
5 setbeg [function] [call site] 00155
5 estrdup [function] [call site] 00156
5 setbeg [function] [call site] 00157
5 estrdup [function] [call site] 00158
5 setbeg [function] [call site] 00159
5 emalloc [function] [call site] 00160
5 setbeg [function] [call site] 00161
5 advance_line [function] [call site] 00162
5 string_begin [function] [call site] 00163
5 setbeg [function] [call site] 00164
5 string_begin [function] [call site] 00165
5 unescape [function] [call site] 00166
5 setbeg [function] [call site] 00167
5 setbeg [function] [call site] 00168
5 setbeg [function] [call site] 00169
5 string_end [function] [call site] 00170
6 emalloc [function] [call site] 00171
5 setbeg [function] [call site] 00172
5 advance_line [function] [call site] 00173
5 string_add [function] [call site] 00174
6 emalloc [function] [call site] 00175
6 strseg_attach [function] [call site] 00176
5 setbeg [function] [call site] 00177
5 string_add [function] [call site] 00178
5 setbeg [function] [call site] 00179
5 setbeg [function] [call site] 00180
5 advance_line [function] [call site] 00181
5 setbeg [function] [call site] 00182
5 advance_line [function] [call site] 00183
5 setbeg [function] [call site] 00184
5 string_add [function] [call site] 00185
5 setbeg [function] [call site] 00186
5 setbeg [function] [call site] 00187
5 setbeg [function] [call site] 00188
5 setbeg [function] [call site] 00189
5 advance_line [function] [call site] 00190
5 setbeg [function] [call site] 00191
5 setbeg [function] [call site] 00192
5 advance_line [function] [call site] 00193
5 string_end [function] [call site] 00194
5 setbeg [function] [call site] 00195
5 string_addc [function] [call site] 00196
6 emalloc [function] [call site] 00197
6 strseg_attach [function] [call site] 00198
5 setbeg [function] [call site] 00199
5 string_add [function] [call site] 00200
5 setbeg [function] [call site] 00201
5 string_add [function] [call site] 00202
5 setbeg [function] [call site] 00203
5 advance_line [function] [call site] 00204
5 string_add [function] [call site] 00205
5 setbeg [function] [call site] 00206
5 setbeg [function] [call site] 00207
5 advance_line [function] [call site] 00208
5 setbeg [function] [call site] 00209
5 setbeg [function] [call site] 00210
5 yy_fatal_error [function] [call site] 00211
5 yy_get_previous_state [function] [call site] 00212
5 yy_try_NUL_trans [function] [call site] 00213
5 yy_get_next_buffer [function] [call site] 00214
6 yy_fatal_error [function] [call site] 00215
6 yy_fatal_error [function] [call site] 00216
6 instream_read [function] [call site] 00217
6 yyrestart [function] [call site] 00218
7 yyensure_buffer_stack [function] [call site] 00219
7 yy_create_buffer [function] [call site] 00220
7 yy_init_buffer [function] [call site] 00221
7 yy_load_buffer_state [function] [call site] 00222
6 yyrealloc [function] [call site] 00223
6 yy_fatal_error [function] [call site] 00224
5 yywrap [function] [call site] 00225
6 input_context_pop [function] [call site] 00226
7 instream_close [function] [call site] 00227
7 yy_delete_buffer [function] [call site] 00228
8 yyfree [function] [call site] 00229
8 yyfree [function] [call site] 00230
7 yy_switch_to_buffer [function] [call site] 00231
8 yyensure_buffer_stack [function] [call site] 00232
8 yy_load_buffer_state [function] [call site] 00233
5 yyrestart [function] [call site] 00234
5 yy_get_previous_state [function] [call site] 00235
5 yy_get_previous_state [function] [call site] 00236
5 yy_fatal_error [function] [call site] 00237
4 run_last_command [function] [call site] 00238
5 interactive [function] [call site] 00239
5 gdbmarglist_free [function] [call site] 00240
6 gdbmarg_free [function] [call site] 00241
7 kvlist_free [function] [call site] 00242
8 slist_free [function] [call site] 00243
5 run_command [function] [call site] 00244
6 argsprep [function] [call site] 00245
7 param_push_arg [function] [call site] 00246
8 param_expand [function] [call site] 00247
9 e2nrealloc [function] [call site] 00248
10 ealloc_die [function] [call site] 00249
10 erealloc [function] [call site] 00250
11 realloc [call site] 00251
11 ealloc_die [function] [call site] 00252
8 coerce [function] [call site] 00253
9 lerror [function] [call site] 00254
7 interactive [function] [call site] 00255
7 terror [function] [call site] 00256
7 printf [call site] 00257
7 fflush [call site] 00258
7 __errno_location [call site] 00259
7 getline [call site] 00260
7 __errno_location [call site] 00261
7 terror [function] [call site] 00262
7 trimnl [function] [call site] 00263
8 strlen [call site] 00264
7 gdbmarg_string [function] [call site] 00265
8 ecalloc [function] [call site] 00266
7 param_push_arg [function] [call site] 00267
7 gdbmarg_free [function] [call site] 00268
7 terror [function] [call site] 00269
7 param_term [function] [call site] 00270
8 param_expand [function] [call site] 00271
6 variable_get [function] [call site] 00272
6 variable_is_true [function] [call site] 00273
6 fprintf [call site] 00274
6 format_arg [function] [call site] 00275
7 fprintf [call site] 00276
7 fputc [call site] 00277
7 datum_format [function] [call site] 00278
8 fprintf [call site] 00279
8 variable_get [function] [call site] 00280
8 abort [call site] 00281
8 variable_get [function] [call site] 00282
8 abort [call site] 00283
8 strlen [call site] 00284
8 fprintf [call site] 00285
8 fprintf [call site] 00286
8 strlen [call site] 00287
8 fprintf [call site] 00288
8 fprintf [call site] 00289
7 terror [function] [call site] 00290
7 fprintf [call site] 00291
7 fprintf [call site] 00292
7 fprintf [call site] 00293
7 fprintf [call site] 00294
6 format_arg [function] [call site] 00295
6 fputc [call site] 00296
6 interactive [function] [call site] 00297
6 get_screen_lines [function] [call site] 00298
7 isatty [call site] 00299
7 ioctl [call site] 00300
7 getenv [call site] 00301
7 strtol [call site] 00302
6 popen [call site] 00303
6 __errno_location [call site] 00304
6 terror [function] [call site] 00305
6 timing_start [function] [call site] 00306
7 gettimeofday [call site] 00307
7 getrusage [call site] 00308
6 timing_stop [function] [call site] 00309
7 gettimeofday [call site] 00310
7 getrusage [call site] 00311
7 timeval_sub [function] [call site] 00312
7 timeval_sub [function] [call site] 00313
7 timeval_sub [function] [call site] 00314
6 variable_is_true [function] [call site] 00315
6 fprintf [call site] 00316
6 pclose [call site] 00317
6 param_free [function] [call site] 00318
7 param_free_argv [function] [call site] 00319
8 gdbmarg_destroy [function] [call site] 00320
9 gdbmarg_free [function] [call site] 00321
6 gdbmarglist_free [function] [call site] 00322
6 gdbmarglist_free [function] [call site] 00323
6 gdbm_errno_location [function] [call site] 00324
6 variable_has_errno [function] [call site] 00325
7 variable_get [function] [call site] 00326
6 gdbmarglist_free [function] [call site] 00327
5 abort [call site] 00328
4 run_command [function] [call site] 00329
4 interactive [function] [call site] 00330
4 end_def [function] [call site] 00331
4 interactive [function] [call site] 00332
4 gdbmarglist_init [function] [call site] 00333
4 gdbmarglist_init [function] [call site] 00334
4 gdbmarglist_add [function] [call site] 00335
4 gdbmarg_string [function] [call site] 00336
4 kvpair_string [function] [call site] 00337
5 ecalloc [function] [call site] 00338
4 gdbmarg_kvpair [function] [call site] 00339
5 ecalloc [function] [call site] 00340
4 gdbmarg_kvpair [function] [call site] 00341
4 kvlist_find [function] [call site] 00342
5 strcmp [call site] 00343
4 lerror [function] [call site] 00344
4 kvlist_free [function] [call site] 00345
4 kvpair_string [function] [call site] 00346
4 kvpair_list [function] [call site] 00347
5 ecalloc [function] [call site] 00348
4 slist_new_s [function] [call site] 00349
5 emalloc [function] [call site] 00350
4 slist_new_s [function] [call site] 00351
4 slist_insert [function] [call site] 00352
4 begin_def [function] [call site] 00353
4 end_def [function] [call site] 00354
4 dsegm_list_free [function] [call site] 00355
4 dsegm_new_field [function] [call site] 00356
5 dsegm_new [function] [call site] 00357
6 emalloc [function] [call site] 00358
4 strcmp [call site] 00359
4 strcmp [call site] 00360
4 terror [function] [call site] 00361
4 dsegm_new_field [function] [call site] 00362
4 dsegm_new_field [function] [call site] 00363
4 dsegm_new [function] [call site] 00364
4 dsegm_new [function] [call site] 00365
4 variable_print_all [function] [call site] 00366
5 qsort [call site] 00367
5 varcmp [function] [call site] 00368
6 strcmp [call site] 00369
5 fprintf [call site] 00370
5 fprintf [call site] 00371
5 fprintf [call site] 00372
5 fprintf [call site] 00373
5 __ctype_b_loc [call site] 00374
5 fputc [call site] 00375
5 escape [function] [call site] 00376
5 fprintf [call site] 00377
5 fprintf [call site] 00378
5 fprintf [call site] 00379
5 fputc [call site] 00380
4 variable_set [function] [call site] 00381
4 strncmp [call site] 00382
4 lerror [function] [call site] 00383
4 dberror [function] [call site] 00384
5 __errno_location [call site] 00385
5 gdbm_errno_location [function] [call site] 00386
5 gdbm_error_is_masked [function] [call site] 00387
6 variable_has_errno [function] [call site] 00388
5 interactive [function] [call site] 00389
5 fprintf [call site] 00390
5 locus_print [function] [call site] 00391
5 fprintf [call site] 00392
5 gdbm_errno_location [function] [call site] 00393
5 fprintf [call site] 00394
5 gdbm_errno_location [function] [call site] 00395
5 strerror [call site] 00396
5 fputc [call site] 00397
4 variable_set [function] [call site] 00398
4 lerror [function] [call site] 00399
4 lerror [function] [call site] 00400
4 lerror [function] [call site] 00401
4 variable_unset [function] [call site] 00402
5 varfind [function] [call site] 00403
4 yysyntax_error [function] [call site] 00404
5 yytnamerr [function] [call site] 00405
6 yystpcpy [function] [call site] 00406
6 strlen [call site] 00407
5 yytnamerr [function] [call site] 00408
5 strlen [call site] 00409
5 yytnamerr [function] [call site] 00410
4 yysyntax_error [function] [call site] 00411
4 yyerror [function] [call site] 00412
4 yydestruct [function] [call site] 00413
5 gdbmarglist_free [function] [call site] 00414
5 gdbmarg_free [function] [call site] 00415
5 kvlist_free [function] [call site] 00416
5 kvlist_free [function] [call site] 00417
5 slist_free [function] [call site] 00418
5 dsegm_list_free [function] [call site] 00419
5 dsegm_list_free [function] [call site] 00420
4 yydestruct [function] [call site] 00421
4 yyerror [function] [call site] 00422
4 yydestruct [function] [call site] 00423
4 yydestruct [function] [call site] 00424
3 input_context_drain [function] [call site] 00425
4 input_context_pop [function] [call site] 00426
3 yylex_destroy [function] [call site] 00427
4 yy_delete_buffer [function] [call site] 00428
4 yypop_buffer_state [function] [call site] 00429
5 yy_delete_buffer [function] [call site] 00430
5 yy_load_buffer_state [function] [call site] 00431
4 yyfree [function] [call site] 00432
4 yyfree [function] [call site] 00433
4 yy_init_globals [function] [call site] 00434
3 closedb [function] [call site] 00435
4 gdbm_close [function] [call site] 00436
5 gdbm_set_errno [function] [call site] 00437
6 __errno_location [call site] 00438
6 gdbm_errno_location [function] [call site] 00439
5 gdbm_file_sync [function] [call site] 00440
6 _gdbm_mapped_sync [function] [call site] 00441
7 msync [call site] 00442
7 fsync [call site] 00443
7 gdbm_errno_location [function] [call site] 00444
7 __errno_location [call site] 00445
6 _gdbm_snapshot [function] [call site] 00446
7 _gdbmsync_done [function] [call site] 00447
8 close [call site] 00448
8 close [call site] 00449
7 _gdbmsync_init [function] [call site] 00450
7 gdbm_errno_location [function] [call site] 00451
7 __errno_location [call site] 00452
7 fchmod [call site] 00453
7 gdbm_errno_location [function] [call site] 00454
7 __errno_location [call site] 00455
7 fsync [call site] 00456
7 gdbm_errno_location [function] [call site] 00457
7 __errno_location [call site] 00458
7 ioctl [call site] 00459
7 __errno_location [call site] 00460
7 _gdbmsync_done [function] [call site] 00461
7 _gdbmsync_init [function] [call site] 00462
7 gdbm_errno_location [function] [call site] 00463
7 __errno_location [call site] 00464
7 fsync [call site] 00465
7 gdbm_errno_location [function] [call site] 00466
7 __errno_location [call site] 00467
7 fchmod [call site] 00468
7 gdbm_errno_location [function] [call site] 00469
7 __errno_location [call site] 00470
7 fsync [call site] 00471
7 gdbm_errno_location [function] [call site] 00472
7 __errno_location [call site] 00473
7 fchmod [call site] 00474
7 gdbm_errno_location [function] [call site] 00475
7 __errno_location [call site] 00476
7 fsync [call site] 00477
7 gdbm_errno_location [function] [call site] 00478
7 __errno_location [call site] 00479
5 _gdbmsync_done [function] [call site] 00480
5 _gdbm_mapped_unmap [function] [call site] 00481
5 _gdbm_unlock_file [function] [call site] 00482
5 close [call site] 00483
5 gdbm_errno_location [function] [call site] 00484
5 gdbm_last_syserr [function] [call site] 00485
6 __errno_location [call site] 00486
5 gdbm_clear_error [function] [call site] 00487
5 _gdbm_cache_free [function] [call site] 00488
6 cache_elem_free [function] [call site] 00489
7 adrhash [function] [call site] 00490
7 lru_unlink_elem [function] [call site] 00491
5 gdbm_errno_location [function] [call site] 00492
5 __errno_location [call site] 00493
4 variable_unset [function] [call site] 00494
4 datum_free [function] [call site] 00495
4 datum_free [function] [call site] 00496
3 sigaction [call site] 00497
3 instream_close [function] [call site] 00498
3 gdbmarglist_free [function] [call site] 00499
3 dsegm_list_free [function] [call site] 00500
3 variables_free [function] [call site] 00501