Fuzz introspector: fuzz_cfg_parser
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
216 216 3 :

['startup_logs_init', 'ring_write', 'strlen']

218 218 print_message call site: 00047 /src/haproxy/src/errors.c:390
0 0 None 2897 14771 readcfgfile call site: 00135 /src/haproxy/src/cfgparse.c:1810
0 0 None 2897 14771 readcfgfile call site: 00177 /src/haproxy/src/cfgparse.c:1936
0 0 None 2897 14771 readcfgfile call site: 00603 /src/haproxy/src/cfgparse.c:2469
0 0 None 2897 14771 readcfgfile call site: 00603 /src/haproxy/src/cfgparse.c:2482
0 0 None 490 1116 cfg_parse_cond_term call site: 00442 /src/haproxy/src/cfgcond.c:102
0 0 None 218 335 print_message call site: 00020 /src/haproxy/src/errors.c:381
0 0 None 18 18 cfg_apply_default_path call site: 00116 /src/haproxy/src/cfgparse.c:1615
0 0 None 12 12 generate_usermsgs_ctx_str call site: 00026 /src/haproxy/src/errors.c:326
0 0 None 8 600 readcfgfile call site: 00608 /src/haproxy/src/cfgparse.c:2506
0 0 None 8 8 generate_usermsgs_ctx_str call site: 00030 /src/haproxy/src/errors.c:332
0 0 None 6 302 readcfgfile call site: 00610 /src/haproxy/src/cfgparse.c:2514

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 getpid [call site] 00001
1 fopen [call site] 00002
1 fwrite [call site] 00003
1 fclose [call site] 00004
1 readcfgfile [function] [call site] 00005
2 ha_alert [function] [call site] 00006
3 get_exec_path [function] [call site] 00007
4 getauxval [call site] 00008
3 print_message_args [function] [call site] 00009
4 print_message [function] [call site] 00010
5 strncpy [call site] 00011
5 strlen [call site] 00012
5 getpid [call site] 00013
5 memprintf [function] [call site] 00014
6 memvprintf [function] [call site] 00015
7 vsnprintf [call site] 00016
7 my_realloc2 [function] [call site] 00017
8 realloc [call site] 00018
5 memvprintf [function] [call site] 00019
5 strlen [call site] 00020
5 generate_usermsgs_ctx_str [function] [call site] 00021
5 reset_usermsgs_ctx [function] [call site] 00047
5 strlen [call site] 00056
5 strlen [call site] 00057
5 ring_write [function] [call site] 00058
6 varint_bytes [function] [call site] 00059
6 complain [function] [call site] 00070
7 strlen [call site] 00071
7 mark_tainted [function] [call site] 00072
7 mark_tainted [function] [call site] 00073
6 __b_putblk [function] [call site] 00089
6 _task_wakeup [function] [call site] 00091
7 __task_wakeup [function] [call site] 00093
8 now_mono_time [function] [call site] 00094
9 clock_gettime [call site] 00095
8 eb32_insert [function] [call site] 00096
9 eb_insert_dup [function] [call site] 00098
10 eb_dotag [function] [call site] 00099
5 fprintf [call site] 00110
5 fflush [call site] 00111
3 print_message_args [function] [call site] 00112
3 print_message [function] [call site] 00113
2 fopen [call site] 00114
2 cfg_apply_default_path [function] [call site] 00115
3 strrchr [call site] 00116
3 getcwd [call site] 00117
3 __errno_location [call site] 00118
3 memprintf [function] [call site] 00119
3 chdir [call site] 00120
3 __errno_location [call site] 00121
3 memprintf [function] [call site] 00122
3 snprintf [call site] 00123
3 memprintf [function] [call site] 00124
3 memprintf [function] [call site] 00125
3 memprintf [function] [call site] 00126
3 chdir [call site] 00127
3 __errno_location [call site] 00128
3 memprintf [function] [call site] 00129
2 fgets [call site] 00131
2 strlen [call site] 00134
2 realloc [call site] 00135
2 __ctype_b_loc [call site] 00137
2 cfg_parse_scope [function] [call site] 00138
3 strchr [call site] 00139
3 my_strndup [function] [call site] 00141
3 invalid_char [function] [call site] 00142
4 __ctype_b_loc [call site] 00143
3 __ctype_b_loc [call site] 00145
2 parse_line [function] [call site] 00147
3 toupper [call site] 00149
3 toupper [call site] 00150
3 __ctype_b_loc [call site] 00151
3 __ctype_b_loc [call site] 00152
3 __ctype_b_loc [call site] 00153
3 __ctype_b_loc [call site] 00154
3 strcmp [call site] 00155
3 strcmp [call site] 00158
3 strcmp [call site] 00159
3 getenv [call site] 00160
3 __ctype_b_loc [call site] 00161
3 __ctype_b_loc [call site] 00162
2 sanitize_for_printing [function] [call site] 00163
3 __ctype_b_loc [call site] 00164
3 __ctype_b_loc [call site] 00165
2 sanitize_for_printing [function] [call site] 00167
2 sanitize_for_printing [function] [call site] 00169
2 sanitize_for_printing [function] [call site] 00171
2 sanitize_for_printing [function] [call site] 00173
2 my_realloc2 [function] [call site] 00175
2 qfprintf [function] [call site] 00178
3 vfprintf [call site] 00179
3 fflush [call site] 00180
2 strcmp [call site] 00181
2 hash_anon [function] [call site] 00185
3 strlen [call site] 00186
3 XXH_INLINE_XXH32 [function] [call site] 00187
4 XXH32_endian_align [function] [call site] 00188
5 XXH_readLE32_align [function] [call site] 00189
6 XXH_readLE32 [function] [call site] 00190
7 XXH_read32 [function] [call site] 00191
8 XXH_memcpy [function] [call site] 00192
5 XXH_readLE32_align [function] [call site] 00193
5 XXH_readLE32_align [function] [call site] 00194
5 XXH_readLE32_align [function] [call site] 00195
5 XXH32_finalize [function] [call site] 00196
6 XXH_readLE32_align [function] [call site] 00197
6 XXH32_avalanche [function] [call site] 00198
3 snprintf [call site] 00199
2 strcmp [call site] 00204
2 strcmp [call site] 00206
2 strcmp [call site] 00208
2 strcmp [call site] 00209
2 strcmp [call site] 00211
2 hash_ipanon [function] [call site] 00213
3 strcmp [call site] 00214
3 strcmp [call site] 00215
3 strcmp [call site] 00216
3 strncmp [call site] 00217
3 strncmp [call site] 00218
3 str2ip2 [function] [call site] 00219
4 get_host_port [function] [call site] 00220
5 ntohs [call site] 00221
5 ntohs [call site] 00222
4 strlen [call site] 00223
4 set_host_port [function] [call site] 00224
5 htons [call site] 00225
5 htons [call site] 00226
4 set_host_port [function] [call site] 00227
4 inet_pton [call site] 00228
4 set_host_port [function] [call site] 00229
4 inet_pton [call site] 00230
4 set_host_port [function] [call site] 00231
4 resolv_hostname_validation [function] [call site] 00232
5 strlen [call site] 00233
4 gethostbyname [call site] 00234
4 set_host_port [function] [call site] 00235
4 set_host_port [function] [call site] 00236
3 hash_anon [function] [call site] 00237
3 str2sa_range [function] [call site] 00238
4 strdup [call site] 00239
4 env_expand [function] [call site] 00240
5 __ctype_b_loc [call site] 00241
5 getenv [call site] 00242
5 strlen [call site] 00243
5 my_realloc2 [function] [call site] 00244
4 memprintf [function] [call site] 00245
4 memprintf [function] [call site] 00246
4 strncmp [call site] 00247
4 strncmp [call site] 00248
4 strncmp [call site] 00249
4 strncmp [call site] 00250
4 strncmp [call site] 00251
4 strncmp [call site] 00252
4 strncmp [call site] 00253
4 strncmp [call site] 00254
4 strncmp [call site] 00255
4 strncmp [call site] 00256
4 strncmp [call site] 00257
4 strncmp [call site] 00258
4 strncmp [call site] 00259
4 strncmp [call site] 00260
4 strncmp [call site] 00261
4 strncmp [call site] 00262
4 strncmp [call site] 00263
4 strncmp [call site] 00264
4 strncmp [call site] 00265
4 strncmp [call site] 00266
4 strtol [call site] 00267
4 memprintf [function] [call site] 00268
4 getsockname [call site] 00269
4 __errno_location [call site] 00270
4 memprintf [function] [call site] 00271
4 strtol [call site] 00272
4 memprintf [function] [call site] 00273
4 getsockname [call site] 00274
4 __errno_location [call site] 00275
4 memprintf [function] [call site] 00276
4 getsockopt [call site] 00277
4 memprintf [function] [call site] 00278
4 get_host_port [function] [call site] 00279
4 memprintf [function] [call site] 00280
4 strlen [call site] 00281
4 strlen [call site] 00282
4 memprintf [function] [call site] 00283
4 strlen [call site] 00284
4 memprintf [function] [call site] 00285
4 memprintf [function] [call site] 00286
4 __ctype_b_loc [call site] 00287
4 strchr [call site] 00288
4 memprintf [function] [call site] 00289
4 atoi [call site] 00290
4 atoi [call site] 00291
4 memprintf [function] [call site] 00292
4 memprintf [function] [call site] 00293
4 memprintf [function] [call site] 00294
4 memprintf [function] [call site] 00295
4 atoi [call site] 00296
4 memprintf [function] [call site] 00297
4 atoi [call site] 00298
4 memprintf [function] [call site] 00299
4 memprintf [function] [call site] 00300
4 memprintf [function] [call site] 00303
4 strlen [call site] 00304
4 set_host_port [function] [call site] 00305
4 memprintf [function] [call site] 00306
4 memprintf [function] [call site] 00307
4 protocol_lookup [function] [call site] 00308
4 memprintf [function] [call site] 00309
4 memprintf [function] [call site] 00310
3 hash_anon [function] [call site] 00311
3 addr_to_str [function] [call site] 00312
4 inet_ntop [call site] 00313
3 get_host_port [function] [call site] 00314
3 strncmp [call site] 00315
3 strlen [call site] 00316
3 XXH_INLINE_XXH32 [function] [call site] 00317
3 strlen [call site] 00318
3 XXH_INLINE_XXH32 [function] [call site] 00319
3 strcmp [call site] 00320
3 strlen [call site] 00321
3 XXH_INLINE_XXH32 [function] [call site] 00322
3 strlen [call site] 00323
3 XXH_INLINE_XXH32 [function] [call site] 00324
3 hash_anon [function] [call site] 00325
2 strcmp [call site] 00330
2 strcmp [call site] 00332
2 strcmp [call site] 00334
2 hash_anon [function] [call site] 00335
2 strcmp [call site] 00339
2 hash_ipanon [function] [call site] 00341
2 strcmp [call site] 00345
2 hash_anon [function] [call site] 00346
2 hash_ipanon [function] [call site] 00348
2 strcmp [call site] 00352
2 strcmp [call site] 00354
2 hash_anon [function] [call site] 00355
2 strcmp [call site] 00360
2 hash_anon [function] [call site] 00361
2 strcmp [call site] 00365
2 strcmp [call site] 00367
2 hash_ipanon [function] [call site] 00369
2 strcmp [call site] 00373
2 hash_anon [function] [call site] 00374
2 hash_ipanon [function] [call site] 00376
2 strcmp [call site] 00380
2 hash_anon [function] [call site] 00381
2 strcmp [call site] 00385
2 hash_anon [function] [call site] 00386
2 strcmp [call site] 00388
2 hash_ipanon [function] [call site] 00389
2 strcmp [call site] 00393
2 hash_anon [function] [call site] 00394
2 strcmp [call site] 00398
2 strcmp [call site] 00402
2 strcmp [call site] 00406
2 strcmp [call site] 00410
2 strcmp [call site] 00414
2 hash_anon [function] [call site] 00415
2 strcmp [call site] 00417
2 hash_anon [function] [call site] 00418
2 strcmp [call site] 00423
2 hash_anon [function] [call site] 00424
2 strcmp [call site] 00429
2 strlen [call site] 00430
2 cfg_eval_condition [function] [call site] 00432
3 cfg_parse_cond_expr [function] [call site] 00433
4 memprintf [function] [call site] 00434
4 calloc [call site] 00435
4 memprintf [function] [call site] 00436
4 cfg_parse_cond_and [function] [call site] 00437
5 memprintf [function] [call site] 00438
5 calloc [call site] 00439
5 memprintf [function] [call site] 00440
5 cfg_parse_cond_term [function] [call site] 00441
6 calloc [call site] 00442
6 memprintf [function] [call site] 00443
6 strtol [call site] 00444
6 cfg_parse_cond_expr [function] [call site] 00445
7 memprintf [function] [call site] 00446
7 cfg_parse_cond_expr [function] [call site] 00447
8 cfg_free_cond_expr [function] [call site] 00448
9 cfg_free_cond_and [function] [call site] 00449
10 cfg_free_cond_term [function] [call site] 00450
11 cfg_free_cond_expr [function] [call site] 00451
11 free_args [function] [call site] 00452
12 chunk_destroy [function] [call site] 00453
13 chunk_drop [function] [call site] 00454
12 regex_free [function] [call site] 00455
13 regfree [call site] 00456
6 memprintf [function] [call site] 00457
6 cfg_lookup_cond_pred [function] [call site] 00458
7 strcspn [call site] 00459
7 strlen [call site] 00460
7 strncmp [call site] 00461
6 strlen [call site] 00462
6 make_arg_list [function] [call site] 00463
7 calloc [call site] 00464
7 chunk_reset [function] [call site] 00465
7 read_int64 [function] [call site] 00466
8 read_uint64 [function] [call site] 00467
7 arg_list_add [function] [call site] 00468
8 arg_list_clone [function] [call site] 00469
9 calloc [call site] 00470
7 my_strndup [function] [call site] 00471
7 inet_pton [call site] 00472
7 str2mask [function] [call site] 00473
8 strchr [call site] 00474
8 inet_pton [call site] 00475
8 strtol [call site] 00476
8 len2mask4 [function] [call site] 00477
9 htonl [call site] 00478
7 inet_pton [call site] 00479
7 str2mask6 [function] [call site] 00480
8 strchr [call site] 00481
8 inet_pton [call site] 00482
8 strtol [call site] 00483
7 parse_time_err [function] [call site] 00489
8 __ctype_b_loc [call site] 00490
8 ha_warning [function] [call site] 00491
9 get_exec_path [function] [call site] 00492
9 print_message_args [function] [call site] 00493
9 print_message_args [function] [call site] 00494
9 print_message [function] [call site] 00495
7 parse_size_err [function] [call site] 00496
8 __ctype_b_loc [call site] 00497
7 parse_dotted_uints [function] [call site] 00498
8 strlen [call site] 00499
8 read_uint [function] [call site] 00500
9 __read_uint [function] [call site] 00501
8 my_realloc2 [function] [call site] 00502
7 memprintf [function] [call site] 00503
7 my_strndup [function] [call site] 00504
7 memprintf [function] [call site] 00505
7 free_args [function] [call site] 00506
7 memprintf [function] [call site] 00507
7 memprintf [function] [call site] 00508
7 memprintf [function] [call site] 00509
7 memprintf [function] [call site] 00510
7 memprintf [function] [call site] 00511
7 memprintf [function] [call site] 00512
7 memprintf [function] [call site] 00513
6 memprintf [function] [call site] 00514
6 memprintf [function] [call site] 00515
6 cfg_free_cond_term [function] [call site] 00516
5 memprintf [function] [call site] 00517
5 cfg_parse_cond_and [function] [call site] 00518
6 cfg_free_cond_and [function] [call site] 00519
3 memprintf [function] [call site] 00520
3 cfg_eval_cond_expr [function] [call site] 00521
4 cfg_eval_cond_and [function] [call site] 00522
5 cfg_eval_cond_term [function] [call site] 00523
6 getenv [call site] 00524
6 strstr [call site] 00525
6 strcmp [call site] 00526
6 strcmp [call site] 00527
6 strstr [call site] 00528
6 compare_current_version [function] [call site] 00529
7 split_version [function] [call site] 00530
8 strtol [call site] 00531
8 strtol [call site] 00532
8 strtol [call site] 00533
8 strtol [call site] 00534
8 strncmp [call site] 00535
8 strncmp [call site] 00536
8 strncmp [call site] 00537
8 strtol [call site] 00538
8 strrchr [call site] 00539
8 strtol [call site] 00540
8 strtol [call site] 00541
7 split_version [function] [call site] 00542
6 compare_current_version [function] [call site] 00543
6 openssl_compare_current_version [function] [call site] 00544
6 openssl_compare_current_version [function] [call site] 00545
6 openssl_compare_current_name [function] [call site] 00546
6 cfg_eval_cond_enabled [function] [call site] 00547
7 strcmp [call site] 00548
7 strcmp [call site] 00549
7 strcmp [call site] 00550
7 strcmp [call site] 00551
7 strcmp [call site] 00552
7 strcmp [call site] 00553
7 strcmp [call site] 00554
7 strcmp [call site] 00555
7 strcmp [call site] 00556
6 memprintf [function] [call site] 00557
6 cfg_eval_cond_expr [function] [call site] 00558
3 memprintf [function] [call site] 00559
3 cfg_free_cond_expr [function] [call site] 00560
2 sanitize_for_printing [function] [call site] 00561
2 strcmp [call site] 00563
2 strlen [call site] 00564
2 cfg_eval_condition [function] [call site] 00567
2 sanitize_for_printing [function] [call site] 00568
2 strcmp [call site] 00570
2 strcmp [call site] 00574
2 strcmp [call site] 00577
2 strcmp [call site] 00580
2 ha_warning [function] [call site] 00582
2 strcmp [call site] 00583
2 ha_notice [function] [call site] 00585
3 print_message [function] [call site] 00586
2 strcmp [call site] 00587
2 ha_diag_warning [function] [call site] 00589
3 _ha_vdiag_warning [function] [call site] 00590
4 print_message [function] [call site] 00591
2 strcmp [call site] 00593
2 strcmp [call site] 00594
2 strcmp [call site] 00595
2 strcmp [call site] 00596
2 strcmp [call site] 00597
2 strcmp [call site] 00598
2 strcmp [call site] 00599
2 strcmp [call site] 00601
2 strdup [call site] 00602
2 check_section_position [function] [call site] 00603
3 strcmp [call site] 00604
3 _ha_diag_warning [function] [call site] 00605
4 _ha_vdiag_warning [function] [call site] 00606
2 chdir [call site] 00610
2 __errno_location [call site] 00611
2 fclose [call site] 00613
1 unlink [call site] 00614