The followings are the branches where fuzzer fails to bypass.
| Unique non-covered Complexity | Unique Reachable Complexities | Unique Reachable Functions | All non-covered Complexity | All Reachable Complexity | Function Name | Function Callsite | Blocked Branch |
|---|---|---|---|---|---|---|---|
| 453 | 453 |
2 :
['cert_new', 'sshkey_free'] |
453 | 453 | sshkey_new | call site: 00010 | /src/hpn-ssh/sshkey.c:629 |
| 220 | 220 |
1 :
['sshkey_free'] |
220 | 220 | sshkey_generate | call site: 00007 | /src/hpn-ssh/sshkey.c:1414 |
| 164 | 164 |
1 :
['_getentropy_fail'] |
168 | 229 | _rs_stir | call site: 00000 | /src/hpn-ssh/openbsd-compat/arc4random.c:116 |
| 164 | 164 |
2 :
['ERR_get_error', 'sshfatal'] |
164 | 164 | _ssh_compat_getentropy | call site: 00000 | /src/hpn-ssh/openbsd-compat/bsd-getentropy.c:45 |
| 158 | 158 |
5 :
['match_pattern_list', 'getpid', 'do_log', 'strrchr', 'strlcpy'] |
158 | 158 | sshlogv | call site: 00029 | /src/hpn-ssh/log.c:480 |
| 73 | 73 |
2 :
['abort', 'ssh_err'] |
73 | 73 | generate_or_die(int,unsignedint) | call site: 00000 | /src/hpn-ssh/regress/misc/fuzz-harness/sig_fuzz.cc:18 |
| 13 | 13 |
1 :
['rsa_hash_id_from_keyname'] |
21 | 703 | ssh_rsa_verify | call site: 00000 | /src/hpn-ssh/ssh-rsa.c:508 |
| 4 | 4 |
1 :
['timingsafe_bcmp'] |
4 | 9 | openssh_RSA_verify | call site: 00000 | /src/hpn-ssh/ssh-rsa.c:659 |
| 2 | 2 |
1 :
['_exit'] |
2 | 2 | _rs_init | call site: 00000 | /src/hpn-ssh/openbsd-compat/arc4random.c:102 |
| 2 | 2 |
1 :
['memset'] |
2 | 2 | _rs_forkdetect | call site: 00000 | /src/hpn-ssh/openbsd-compat/./arc4random.h:58 |
| 2 | 2 |
1 :
['munmap'] |
2 | 2 | _rs_allocate | call site: 00000 | /src/hpn-ssh/openbsd-compat/./arc4random.h:71 |
| 2 | 2 |
1 :
['EC_KEY_free'] |
2 | 2 | ssh_ecdsa_generate | call site: 00000 | /src/hpn-ssh/ssh-ecdsa.c:135 |
LLVMFuzzerTestOneInput
[function]
[call site]
00000
__cxa_guard_acquire
[call site]
00001
generate_or_die(int, unsigned int)
[function]
[call site]
00002
sshkey_generate
[function]
[call site]
00003
sshkey_type_is_cert
[function]
[call site]
00004
sshkey_impl_from_type
[function]
[call site]
00005
sshkey_impl_from_type
[function]
[call site]
00006
sshkey_new
[function]
[call site]
00007
sshkey_impl_from_type
[function]
[call site]
00008
calloc
[call site]
00009
sshkey_is_cert
[function]
[call site]
00010
sshkey_type_is_cert
[function]
[call site]
00011
cert_new
[function]
[call site]
00012
calloc
[call site]
00013
sshbuf_new_label
[function]
[call site]
00014
sshbuf_new_label
[function]
[call site]
00018
sshbuf_new_label
[function]
[call site]
00019
cert_free
[function]
[call site]
00020
sshbuf_free
[function]
[call site]
00021
sshbuf_check_sanity
[function]
[call site]
00022
ssh_signal
[function]
[call site]
00023
memset
[call site]
00024
sigfillset
[call site]
00025
sigaction
[call site]
00026
strsignal
[call site]
00027
sshlog
[function]
[call site]
00028
sshlogv
[function]
[call site]
00029
strrchr
[call site]
00030
getpid
[call site]
00031
snprintf
[call site]
00032
match_pattern_list
[function]
[call site]
00033
strlen
[call site]
00034
__ctype_b_loc
[call site]
00035
tolower
[call site]
00036
match_pattern
[function]
[call site]
00037
match_pattern
[function]
[call site]
00038
match_pattern
[function]
[call site]
00039
snprintf
[call site]
00040
snprintf
[call site]
00041
strlcpy
[function]
[call site]
00042
do_log
[function]
[call site]
00043
__errno_location
[call site]
00044
snprintf
[call site]
00045
vsnprintf
[call site]
00046
vsnprintf
[call site]
00047
snprintf
[call site]
00048
strlcpy
[function]
[call site]
00049
strnvis
[function]
[call site]
00050
__ctype_b_loc
[call site]
00051
vis
[function]
[call site]
00052
__ctype_b_loc
[call site]
00053
__ctype_b_loc
[call site]
00054
vis
[function]
[call site]
00055
snprintf
[call site]
00056
strlen
[call site]
00057
openlog
[call site]
00058
syslog
[call site]
00059
closelog
[call site]
00060
__errno_location
[call site]
00061
raise
[call site]
00062
sshbuf_free
[function]
[call site]
00063
explicit_bzero
[call site]
00064
freezero
[function]
[call site]
00065
explicit_bzero
[call site]
00066
sshbuf_free
[function]
[call site]
00067
sshbuf_free
[function]
[call site]
00068
sshkey_free
[function]
[call site]
00069
sshkey_free_contents
[function]
[call site]
00070
sshkey_impl_from_type
[function]
[call site]
00071
sshkey_is_cert
[function]
[call site]
00072
cert_free
[function]
[call site]
00073
freezero
[function]
[call site]
00074
freezero
[function]
[call site]
00075
freezero
[function]
[call site]
00076
freezero
[function]
[call site]
00077
sshkey_free
[function]
[call site]
00078
sshkey_free
[function]
[call site]
00079
ssh_err
[function]
[call site]
00080
__errno_location
[call site]
00081
fprintf
[call site]
00082
abort
[call site]
00083
generate_or_die(int, unsigned int)
[function]
[call site]
00084
__cxa_guard_acquire
[call site]
00085
generate_or_die(int, unsigned int)
[function]
[call site]
00086
__cxa_guard_acquire
[call site]
00087
generate_or_die(int, unsigned int)
[function]
[call site]
00088
__cxa_guard_acquire
[call site]
00089
generate_or_die(int, unsigned int)
[function]
[call site]
00090
__cxa_guard_acquire
[call site]
00091
generate_or_die(int, unsigned int)
[function]
[call site]
00092
__cxa_guard_acquire
[call site]
00093
sshkey_verify
[function]
[call site]
00094
sshkey_impl_from_key
[function]
[call site]
00095
sshkey_impl_from_type_nid
[function]
[call site]
00096
sshkey_sig_details_free
[function]
[call site]
00097
freezero
[function]
[call site]
00098
sshkey_verify
[function]
[call site]
00099
sshkey_sig_details_free
[function]
[call site]
00100
sshkey_verify
[function]
[call site]
00101
sshkey_sig_details_free
[function]
[call site]
00102
sshkey_verify
[function]
[call site]
00103
sshkey_sig_details_free
[function]
[call site]
00104
sshkey_verify
[function]
[call site]
00105
sshkey_sig_details_free
[function]
[call site]
00106
sshkey_verify
[function]
[call site]
00107
sshkey_sig_details_free
[function]
[call site]
00108