Fuzz introspector: fuzz_hpack_decode
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
0 0 None 0 16 hpack_dht_insert call site: 00053 /src/haproxy/include/../src/hpack-tbl.c:293
0 0 None 0 16 hpack_dht_insert call site: 00057 /src/haproxy/include/../src/hpack-tbl.c:306
0 0 None 0 4 hpack_dht_defrag call site: 00054 /src/haproxy/include/../src/hpack-tbl.c:169
0 0 None 0 2 hpack_idx_to_value call site: 00008 /src/haproxy/include/haproxy/hpack-tbl.h:128
0 0 None 0 2 hpack_idx_to_name call site: 00018 /src/haproxy/include/haproxy/hpack-tbl.h:113
0 0 None 0 0 hpack_get_dte call site: 00008 /src/haproxy/include/haproxy/hpack-tbl.h:67

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 hpack_dht_alloc [function] [call site] 00001
2 hpack_dht_init [function] [call site] 00002
1 hpack_decode_frame [function] [call site] 00003
2 chunk_reset [function] [call site] 00004
2 get_var_int [function] [call site] 00005
2 hpack_valid_idx [function] [call site] 00006
2 hpack_idx_to_value [function] [call site] 00007
3 hpack_get_dte [function] [call site] 00008
3 strlen [call site] 00009
3 hpack_get_value [function] [call site] 00010
2 hpack_alloc_string [function] [call site] 00011
3 chunk_newstr [function] [call site] 00012
3 isttest [function] [call site] 00013
2 isttest [function] [call site] 00014
2 hpack_idx_to_phdr [function] [call site] 00015
2 ist2 [function] [call site] 00016
2 hpack_idx_to_name [function] [call site] 00017
3 hpack_get_dte [function] [call site] 00018
3 strlen [call site] 00019
3 hpack_get_name [function] [call site] 00020
2 hpack_alloc_string [function] [call site] 00021
2 isttest [function] [call site] 00022
2 get_var_int [function] [call site] 00023
2 get_var_int [function] [call site] 00024
2 ist2 [function] [call site] 00025
2 chunk_newstr [function] [call site] 00026
2 huff_dec [function] [call site] 00027
3 read_n32 [function] [call site] 00028
4 read_u32 [function] [call site] 00029
4 ntohl [call site] 00030
2 ist2 [function] [call site] 00031
2 get_var_int [function] [call site] 00032
2 ist2 [function] [call site] 00033
2 chunk_newstr [function] [call site] 00034
2 huff_dec [function] [call site] 00035
2 ist2 [function] [call site] 00036
2 get_var_int [function] [call site] 00037
2 get_var_int [function] [call site] 00038
2 hpack_valid_idx [function] [call site] 00039
2 get_var_int [function] [call site] 00040
2 ist2 [function] [call site] 00041
2 chunk_newstr [function] [call site] 00042
2 huff_dec [function] [call site] 00043
2 ist2 [function] [call site] 00044
2 hpack_idx_to_phdr [function] [call site] 00045
2 hpack_idx_to_name [function] [call site] 00046
2 hpack_alloc_string [function] [call site] 00047
2 isttest [function] [call site] 00048
2 hpack_dht_insert [function] [call site] 00049
3 hpack_dht_make_room [function] [call site] 00050
4 __hpack_dht_make_room [function] [call site] 00051
3 hpack_dht_get_tail [function] [call site] 00052
3 hpack_dht_defrag [function] [call site] 00053
4 hpack_dht_alloc [function] [call site] 00054
4 hpack_dht_get_tail [function] [call site] 00055
4 hpack_dht_free [function] [call site] 00056
3 hpack_dht_defrag [function] [call site] 00057
3 hpack_dht_defrag [function] [call site] 00058