Fuzz introspector: sig_fuzz
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
34 31 sshlog call site: 00031 do_log
19 69 sshbuf_free call site: 00069 sshkey_free
10 11 sshkey_is_cert call site: 00011 cert_new
8 22 sshbuf_free call site: 00022 ssh_signal
1 7 sshkey_generate call site: 00007 sshkey_impl_from_type
1 66 sshbuf_free call site: 00066 freezero
1 115 LLVMFuzzerTestOneInput call site: 00115 sshkey_verify

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 __cxa_guard_acquire [call site] 00001
1 generate_or_die(int, unsigned int) [function] [call site] 00002
2 sshkey_generate [function] [call site] 00003
3 sshkey_type_is_cert [function] [call site] 00004
4 sshkey_impl_from_type [function] [call site] 00005
3 sshkey_impl_from_type [function] [call site] 00006
3 sshkey_new [function] [call site] 00007
4 sshkey_impl_from_type [function] [call site] 00008
4 calloc [call site] 00009
4 sshkey_is_cert [function] [call site] 00010
5 sshkey_type_is_cert [function] [call site] 00011
4 cert_new [function] [call site] 00012
5 calloc [call site] 00013
5 sshbuf_new_label [function] [call site] 00014
6 calloc [call site] 00015
6 strncpy [call site] 00016
6 calloc [call site] 00017
5 sshbuf_new_label [function] [call site] 00018
5 sshbuf_new_label [function] [call site] 00019
5 cert_free [function] [call site] 00020
6 sshbuf_free [function] [call site] 00021
7 sshbuf_check_sanity [function] [call site] 00022
8 ssh_signal [function] [call site] 00023
9 memset [call site] 00024
9 sigfillset [call site] 00025
9 sigaction [call site] 00026
9 strsignal [call site] 00027
9 __errno_location [call site] 00028
9 strerror [call site] 00029
9 sshlog [function] [call site] 00030
10 sshlogv [function] [call site] 00031
11 strrchr [call site] 00032
11 getpid [call site] 00033
11 snprintf [call site] 00034
11 match_pattern_list [function] [call site] 00035
12 strlen [call site] 00036
12 __ctype_b_loc [call site] 00037
12 tolower [call site] 00038
12 match_pattern [function] [call site] 00039
13 match_pattern [function] [call site] 00040
14 match_pattern [function] [call site] 00041
11 snprintf [call site] 00042
11 snprintf [call site] 00043
11 strlcpy [function] [call site] 00044
11 do_log [function] [call site] 00045
12 __errno_location [call site] 00046
12 snprintf [call site] 00047
12 vsnprintf [call site] 00048
12 vsnprintf [call site] 00049
12 snprintf [call site] 00050
12 strlcpy [function] [call site] 00051
12 strnvis [function] [call site] 00052
13 __ctype_b_loc [call site] 00053
13 vis [function] [call site] 00054
14 __ctype_b_loc [call site] 00055
14 __ctype_b_loc [call site] 00056
13 vis [function] [call site] 00057
12 snprintf [call site] 00058
12 strlen [call site] 00059
12 write [call site] 00060
12 openlog [call site] 00061
12 syslog [call site] 00062
12 closelog [call site] 00063
12 __errno_location [call site] 00064
8 raise [call site] 00065
7 sshbuf_free [function] [call site] 00066
8 freezero [function] [call site] 00067
9 explicit_bzero [call site] 00068
8 freezero [function] [call site] 00069
6 sshbuf_free [function] [call site] 00070
6 sshbuf_free [function] [call site] 00071
6 sshkey_free [function] [call site] 00072
7 sshkey_free_contents [function] [call site] 00073
8 sshkey_impl_from_type [function] [call site] 00074
8 sshkey_is_cert [function] [call site] 00075
8 cert_free [function] [call site] 00076
9 freezero [function] [call site] 00077
8 freezero [function] [call site] 00078
8 sshkey_prekey_free [function] [call site] 00079
9 munmap [call site] 00080
7 freezero [function] [call site] 00081
4 sshkey_free [function] [call site] 00082
3 sshkey_free [function] [call site] 00083
2 ssh_err [function] [call site] 00084
3 __errno_location [call site] 00085
3 strerror [call site] 00086
2 fprintf [call site] 00087
2 abort [call site] 00088
1 __cxa_guard_release [call site] 00089
1 __cxa_guard_acquire [call site] 00090
1 generate_or_die(int, unsigned int) [function] [call site] 00091
1 __cxa_guard_release [call site] 00092
1 __cxa_guard_acquire [call site] 00093
1 generate_or_die(int, unsigned int) [function] [call site] 00094
1 __cxa_guard_release [call site] 00095
1 __cxa_guard_acquire [call site] 00096
1 generate_or_die(int, unsigned int) [function] [call site] 00097
1 __cxa_guard_release [call site] 00098
1 __cxa_guard_acquire [call site] 00099
1 generate_or_die(int, unsigned int) [function] [call site] 00100
1 __cxa_guard_release [call site] 00101
1 __cxa_guard_acquire [call site] 00102
1 strlen [call site] 00103
1 __cxa_guard_release [call site] 00104
1 sshkey_verify [function] [call site] 00105
2 sshkey_impl_from_key [function] [call site] 00106
3 sshkey_impl_from_type_nid [function] [call site] 00107
1 sshkey_sig_details_free [function] [call site] 00108
2 freezero [function] [call site] 00109
1 sshkey_verify [function] [call site] 00110
1 sshkey_sig_details_free [function] [call site] 00111
1 sshkey_verify [function] [call site] 00112
1 sshkey_sig_details_free [function] [call site] 00113
1 sshkey_verify [function] [call site] 00114
1 sshkey_sig_details_free [function] [call site] 00115
1 sshkey_verify [function] [call site] 00116
1 sshkey_sig_details_free [function] [call site] 00117
1 __cxa_guard_abort [call site] 00118
1 __cxa_guard_abort [call site] 00119
1 __cxa_guard_abort [call site] 00120
1 __cxa_guard_abort [call site] 00121
1 __cxa_guard_abort [call site] 00122