Fuzz introspector: json_load_dump_fuzzer
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2 2 1 :

['sched_yield']

2 2 json_object_seed call site: 00142 /src/jansson/src/hashtable_seed.c:203
2 2 1 :

['strchr']

2 2 to_locale call site: 00102 /src/jansson/src/strconv.c:35
0 600 11 :

['mult', 'dshift', 'cmp', 'Balloc', 'diff', 'pow5mult', 'lshift', 'multadd', 'd2b', 'i2b', 'quorem']

0 642 dtoa_r call site: 00267 /src/jansson/src/dtoa.c:5715
0 21 1 :

['error_set']

0 21 json_loadb call site: 00007 /src/jansson/src/load.c:950
0 16 2 :

['Bfree', 'Balloc']

0 16 multadd call site: 00276 /src/jansson/src/dtoa.c:1707
0 6 1 :

['jsonp_strndup']

0 14 string_create call site: 00124 /src/jansson/src/value.c:712
0 3 1 :

['jsonp_free']

0 3 Bfree call site: 00278 /src/jansson/src/dtoa.c:1645
0 3 1 :

['jsonp_malloc']

0 3 Balloc call site: 00263 /src/jansson/src/dtoa.c:1616
0 3 1 :

['jsonp_free']

0 3 json_object call site: 00154 /src/jansson/src/value.c:76
0 0 None 12 654 dtoa_r call site: 00266 /src/jansson/src/dtoa.c:5291
0 0 None 12 654 dtoa_r call site: 00266 /src/jansson/src/dtoa.c:5304
0 0 None 12 654 dtoa_r call site: 00266 /src/jansson/src/dtoa.c:5323

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 getenv [call site] 00001
1 fprintf [call site] 00002
1 fprintf [call site] 00003
1 fprintf [call site] 00004
1 fprintf [call site] 00005
1 json_loadb [function] [call site] 00006
2 jsonp_error_init [function] [call site] 00007
3 jsonp_error_set_source [function] [call site] 00008
4 strlen [call site] 00009
4 strncpy [call site] 00010
4 strncpy [call site] 00011
2 error_set [function] [call site] 00012
3 vsnprintf [call site] 00013
3 strbuffer_value [function] [call site] 00014
3 snprintf [call site] 00015
3 snprintf [call site] 00016
3 jsonp_error_set [function] [call site] 00017
4 jsonp_error_vset [function] [call site] 00018
5 vsnprintf [call site] 00019
2 lex_init [function] [call site] 00020
3 stream_init [function] [call site] 00021
3 strbuffer_init [function] [call site] 00022
4 jsonp_malloc [function] [call site] 00023
2 buffer_get [function] [call site] 00024
2 parse_json [function] [call site] 00025
3 lex_scan [function] [call site] 00026
4 strbuffer_clear [function] [call site] 00027
4 lex_free_string [function] [call site] 00028
5 jsonp_free [function] [call site] 00029
4 lex_get [function] [call site] 00030
5 stream_get [function] [call site] 00031
6 utf8_check_first [function] [call site] 00032
6 __assert_fail [call site] 00033
6 utf8_check_full [function] [call site] 00034
6 utf8_check_first [function] [call site] 00035
6 error_set [function] [call site] 00036
4 lex_save [function] [call site] 00037
5 strbuffer_append_byte [function] [call site] 00038
6 strbuffer_append_bytes [function] [call site] 00039
7 jsonp_realloc [function] [call site] 00040
4 lex_scan_string [function] [call site] 00041
5 lex_get_save [function] [call site] 00042
6 stream_get [function] [call site] 00043
6 lex_save [function] [call site] 00044
5 error_set [function] [call site] 00045
5 lex_unget_unsave [function] [call site] 00046
6 stream_unget [function] [call site] 00047
7 utf8_check_first [function] [call site] 00048
7 __assert_fail [call site] 00049
7 __assert_fail [call site] 00050
6 strbuffer_pop [function] [call site] 00051
6 __assert_fail [call site] 00052
5 error_set [function] [call site] 00053
5 error_set [function] [call site] 00054
5 lex_get_save [function] [call site] 00055
5 lex_get_save [function] [call site] 00056
5 error_set [function] [call site] 00057
5 lex_get_save [function] [call site] 00058
5 lex_get_save [function] [call site] 00059
5 error_set [function] [call site] 00060
5 lex_get_save [function] [call site] 00061
5 jsonp_malloc [function] [call site] 00062
5 strbuffer_value [function] [call site] 00063
5 decode_unicode_escape [function] [call site] 00064
6 __assert_fail [call site] 00065
5 error_set [function] [call site] 00066
5 decode_unicode_escape [function] [call site] 00067
5 error_set [function] [call site] 00068
5 error_set [function] [call site] 00069
5 error_set [function] [call site] 00070
5 error_set [function] [call site] 00071
5 utf8_encode [function] [call site] 00072
5 __assert_fail [call site] 00073
5 __assert_fail [call site] 00074
5 lex_free_string [function] [call site] 00075
4 lex_scan_number [function] [call site] 00076
5 lex_get_save [function] [call site] 00077
5 lex_get_save [function] [call site] 00078
5 lex_unget_unsave [function] [call site] 00079
5 lex_get_save [function] [call site] 00080
5 lex_unget_unsave [function] [call site] 00081
5 lex_unget_unsave [function] [call site] 00082
5 strbuffer_value [function] [call site] 00083
5 __errno_location [call site] 00084
5 strtoll [call site] 00085
5 __errno_location [call site] 00086
5 error_set [function] [call site] 00087
5 error_set [function] [call site] 00088
5 __assert_fail [call site] 00089
5 lex_get [function] [call site] 00090
5 lex_unget [function] [call site] 00091
6 stream_unget [function] [call site] 00092
5 lex_save [function] [call site] 00093
5 lex_get_save [function] [call site] 00094
5 lex_get_save [function] [call site] 00095
5 lex_get_save [function] [call site] 00096
5 lex_unget_unsave [function] [call site] 00097
5 lex_get_save [function] [call site] 00098
5 lex_unget_unsave [function] [call site] 00099
5 jsonp_strtod [function] [call site] 00100
6 to_locale [function] [call site] 00101
7 get_decimal_point [function] [call site] 00102
8 sprintf [call site] 00103
7 strchr [call site] 00104
6 __errno_location [call site] 00105
6 strtod [call site] 00106
6 __assert_fail [call site] 00107
6 __errno_location [call site] 00108
5 error_set [function] [call site] 00109
4 lex_get_save [function] [call site] 00110
4 lex_unget_unsave [function] [call site] 00111
4 strbuffer_value [function] [call site] 00112
4 strcmp [call site] 00113
4 strcmp [call site] 00114
4 strcmp [call site] 00115
4 lex_save_cached [function] [call site] 00116
5 lex_save [function] [call site] 00117
3 error_set [function] [call site] 00118
3 parse_value [function] [call site] 00119
4 error_set [function] [call site] 00120
4 memchr [call site] 00121
4 error_set [function] [call site] 00122
4 jsonp_stringn_nocheck_own [function] [call site] 00123
5 string_create [function] [call site] 00124
6 jsonp_strndup [function] [call site] 00125
7 jsonp_malloc [function] [call site] 00126
6 jsonp_malloc [function] [call site] 00127
6 jsonp_free [function] [call site] 00128
6 json_init [function] [call site] 00129
4 json_integer [function] [call site] 00130
5 jsonp_malloc [function] [call site] 00131
5 json_init [function] [call site] 00132
4 json_real [function] [call site] 00133
5 jsonp_malloc [function] [call site] 00134
5 json_init [function] [call site] 00135
4 json_true [function] [call site] 00136
4 json_false [function] [call site] 00137
4 json_null [function] [call site] 00138
4 parse_object [function] [call site] 00139
5 json_object [function] [call site] 00140
6 jsonp_malloc [function] [call site] 00141
6 json_object_seed [function] [call site] 00142
7 generate_seed [function] [call site] 00143
8 seed_from_urandom [function] [call site] 00144
9 open [call site] 00145
9 read [call site] 00146
9 close [call site] 00147
9 buf_to_uint32 [function] [call site] 00148
8 seed_from_timestamp_and_pid [function] [call site] 00149
9 gettimeofday [call site] 00150
9 getpid [call site] 00151
7 sched_yield [call site] 00152
6 json_init [function] [call site] 00153
6 hashtable_init [function] [call site] 00154
7 jsonp_malloc [function] [call site] 00155
7 list_init [function] [call site] 00156
7 list_init [function] [call site] 00157
6 jsonp_free [function] [call site] 00158
5 lex_scan [function] [call site] 00159
5 error_set [function] [call site] 00160
5 lex_steal_string [function] [call site] 00161
5 memchr [call site] 00162
5 jsonp_free [function] [call site] 00163
5 error_set [function] [call site] 00164
5 json_object_getn [function] [call site] 00165
6 hashtable_get [function] [call site] 00166
7 hashlittle [function] [call site] 00167
7 hashtable_find_pair [function] [call site] 00168
8 bucket_is_empty [function] [call site] 00169
8 memcmp [call site] 00170
5 jsonp_free [function] [call site] 00171
5 error_set [function] [call site] 00172
5 lex_scan [function] [call site] 00173
5 jsonp_free [function] [call site] 00174
5 error_set [function] [call site] 00175
5 lex_scan [function] [call site] 00176
5 parse_value [function] [call site] 00177
6 parse_array [function] [call site] 00178
7 json_array [function] [call site] 00179
8 jsonp_malloc [function] [call site] 00180
8 json_init [function] [call site] 00181
8 jsonp_malloc [function] [call site] 00182
8 jsonp_free [function] [call site] 00183
7 lex_scan [function] [call site] 00184
7 parse_value [function] [call site] 00185
8 error_set [function] [call site] 00186
8 error_set [function] [call site] 00187
7 json_array_append_new [function] [call site] 00188
8 json_decref [function] [call site] 00189
9 json_delete [function] [call site] 00190
10 json_delete_object [function] [call site] 00191
11 hashtable_close [function] [call site] 00192
12 hashtable_do_clear [function] [call site] 00193
13 json_decref [function] [call site] 00194
13 jsonp_free [function] [call site] 00195
12 jsonp_free [function] [call site] 00196
11 jsonp_free [function] [call site] 00197
10 json_delete_array [function] [call site] 00198
11 json_decref [function] [call site] 00199
11 jsonp_free [function] [call site] 00200
11 jsonp_free [function] [call site] 00201
10 json_delete_string [function] [call site] 00202
11 jsonp_free [function] [call site] 00203
11 jsonp_free [function] [call site] 00204
10 json_delete_integer [function] [call site] 00205
11 jsonp_free [function] [call site] 00206
10 json_delete_real [function] [call site] 00207
11 jsonp_free [function] [call site] 00208
8 json_array_grow [function] [call site] 00209
9 jsonp_realloc [function] [call site] 00210
8 json_decref [function] [call site] 00211
7 lex_scan [function] [call site] 00212
7 lex_scan [function] [call site] 00213
7 error_set [function] [call site] 00214
7 json_decref [function] [call site] 00215
5 jsonp_free [function] [call site] 00216
5 json_object_setn_new_nocheck [function] [call site] 00217
6 json_decref [function] [call site] 00218
6 hashtable_set [function] [call site] 00219
7 hashtable_do_rehash [function] [call site] 00220
8 jsonp_malloc [function] [call site] 00221
8 jsonp_free [function] [call site] 00222
8 list_init [function] [call site] 00223
8 insert_to_bucket [function] [call site] 00224
9 bucket_is_empty [function] [call site] 00225
9 list_insert [function] [call site] 00226
9 list_insert [function] [call site] 00227
7 hashlittle [function] [call site] 00228
7 hashtable_find_pair [function] [call site] 00229
7 json_decref [function] [call site] 00230
7 init_pair [function] [call site] 00231
8 jsonp_malloc [function] [call site] 00232
8 list_init [function] [call site] 00233
8 list_init [function] [call site] 00234
7 insert_to_bucket [function] [call site] 00235
7 list_insert [function] [call site] 00236
6 json_decref [function] [call site] 00237
5 jsonp_free [function] [call site] 00238
5 jsonp_free [function] [call site] 00239
5 lex_scan [function] [call site] 00240
5 lex_scan [function] [call site] 00241
5 error_set [function] [call site] 00242
5 json_decref [function] [call site] 00243
3 lex_scan [function] [call site] 00244
3 error_set [function] [call site] 00245
3 json_decref [function] [call site] 00246
2 lex_close [function] [call site] 00247
3 lex_free_string [function] [call site] 00248
3 strbuffer_close [function] [call site] 00249
4 jsonp_free [function] [call site] 00250
1 json_dumps [function] [call site] 00251
2 strbuffer_init [function] [call site] 00252
2 json_dump_callback [function] [call site] 00253
3 hashtable_init [function] [call site] 00254
3 do_dump [function] [call site] 00255
4 json_integer_value [function] [call site] 00256
4 snprintf [call site] 00257
4 json_real_value [function] [call site] 00258
4 jsonp_dtostr [function] [call site] 00259
5 dtoa_r [function] [call site] 00260
6 nrv_alloc [function] [call site] 00261
7 rv_alloc [function] [call site] 00262
8 Balloc [function] [call site] 00263
9 jsonp_malloc [function] [call site] 00264
6 nrv_alloc [function] [call site] 00265
6 nrv_alloc [function] [call site] 00266
6 rv_alloc [function] [call site] 00267
6 d2b [function] [call site] 00268
7 Balloc [function] [call site] 00269
7 lo0bits [function] [call site] 00270
7 lo0bits [function] [call site] 00271
7 hi0bits [function] [call site] 00272
6 i2b [function] [call site] 00273
7 Balloc [function] [call site] 00274
6 pow5mult [function] [call site] 00275
7 multadd [function] [call site] 00276
8 Balloc [function] [call site] 00277
8 Bfree [function] [call site] 00278
9 jsonp_free [function] [call site] 00279
7 i2b [function] [call site] 00280
7 mult [function] [call site] 00281
8 Balloc [function] [call site] 00282
7 Bfree [function] [call site] 00283
7 mult [function] [call site] 00284
6 mult [function] [call site] 00285
6 Bfree [function] [call site] 00286
6 pow5mult [function] [call site] 00287
6 pow5mult [function] [call site] 00288
6 i2b [function] [call site] 00289
6 pow5mult [function] [call site] 00290
6 dshift [function] [call site] 00291
7 hi0bits [function] [call site] 00292
6 lshift [function] [call site] 00293
7 Balloc [function] [call site] 00294
7 Bfree [function] [call site] 00295
6 lshift [function] [call site] 00296
6 multadd [function] [call site] 00297
6 cmp [function] [call site] 00298
6 lshift [function] [call site] 00299
6 Balloc [function] [call site] 00300
6 lshift [function] [call site] 00301
6 quorem [function] [call site] 00302
7 cmp [function] [call site] 00303
6 cmp [function] [call site] 00304
6 diff [function] [call site] 00305
7 cmp [function] [call site] 00306
7 Balloc [function] [call site] 00307
7 Balloc [function] [call site] 00308
6 cmp [function] [call site] 00309
6 Bfree [function] [call site] 00310
6 lshift [function] [call site] 00311
6 cmp [function] [call site] 00312
6 multadd [function] [call site] 00313
6 multadd [function] [call site] 00314
6 multadd [function] [call site] 00315
6 multadd [function] [call site] 00316
6 quorem [function] [call site] 00317
6 multadd [function] [call site] 00318
6 lshift [function] [call site] 00319
6 cmp [function] [call site] 00320
6 Bfree [function] [call site] 00321
6 Bfree [function] [call site] 00322
6 Bfree [function] [call site] 00323
6 Bfree [function] [call site] 00324
5 strncpy [call site] 00325
5 strncpy [call site] 00326
5 strncpy [call site] 00327
5 sprintf [call site] 00328
4 json_string_value [function] [call site] 00329
4 json_string_length [function] [call site] 00330
4 dump_string [function] [call site] 00331
5 utf8_iterate [function] [call site] 00332
6 utf8_check_first [function] [call site] 00333
6 utf8_check_full [function] [call site] 00334
5 snprintf [call site] 00335
5 snprintf [call site] 00336
4 jsonp_loop_check [function] [call site] 00337
5 snprintf [call site] 00338
5 hashtable_get [function] [call site] 00339
5 json_null [function] [call site] 00340
5 hashtable_set [function] [call site] 00341
4 json_array_size [function] [call site] 00342
4 hashtable_del [function] [call site] 00343
5 hashlittle [function] [call site] 00344
5 hashtable_do_del [function] [call site] 00345
6 hashtable_find_pair [function] [call site] 00346
6 list_remove [function] [call site] 00347
6 list_remove [function] [call site] 00348
6 json_decref [function] [call site] 00349
6 jsonp_free [function] [call site] 00350
4 dump_indent [function] [call site] 00351
4 json_array_get [function] [call site] 00352
4 do_dump [function] [call site] 00353
5 dump_indent [function] [call site] 00354
5 json_array_get [function] [call site] 00355
5 do_dump [function] [call site] 00356
6 dump_indent [function] [call site] 00357
6 hashtable_del [function] [call site] 00358
6 jsonp_loop_check [function] [call site] 00359
6 json_object_iter [function] [call site] 00360
7 hashtable_iter [function] [call site] 00361
8 hashtable_iter_next [function] [call site] 00362
6 hashtable_del [function] [call site] 00363
6 dump_indent [function] [call site] 00364
6 json_object_size [function] [call site] 00365
6 jsonp_malloc [function] [call site] 00366
6 json_object_iter_key [function] [call site] 00367
7 hashtable_iter_key [function] [call site] 00368
6 json_object_iter_key_len [function] [call site] 00369
7 hashtable_iter_key_len [function] [call site] 00370
6 json_object_iter_next [function] [call site] 00371
7 hashtable_iter_next [function] [call site] 00372
6 __assert_fail [call site] 00373
6 qsort [call site] 00374
6 compare_keys [function] [call site] 00375
7 memcmp [call site] 00376
6 json_object_getn [function] [call site] 00377
6 __assert_fail [call site] 00378
6 dump_string [function] [call site] 00379
6 do_dump [function] [call site] 00380
7 jsonp_free [function] [call site] 00381
7 dump_indent [function] [call site] 00382
7 jsonp_free [function] [call site] 00383
7 dump_indent [function] [call site] 00384
7 jsonp_free [function] [call site] 00385
7 jsonp_free [function] [call site] 00386
7 json_object_iter_next [function] [call site] 00387
7 json_object_iter_key [function] [call site] 00388
7 json_object_iter_key_len [function] [call site] 00389
7 dump_string [function] [call site] 00390
7 json_object_iter_value [function] [call site] 00391
8 hashtable_iter_value [function] [call site] 00392
7 do_dump [function] [call site] 00393
8 dump_indent [function] [call site] 00394
8 dump_indent [function] [call site] 00395
8 hashtable_del [function] [call site] 00396
3 hashtable_close [function] [call site] 00397
2 dump_to_strbuffer [function] [call site] 00398
3 strbuffer_append_bytes [function] [call site] 00399
2 strbuffer_value [function] [call site] 00400
2 jsonp_strdup [function] [call site] 00401
3 strlen [call site] 00402
3 jsonp_strndup [function] [call site] 00403
2 strbuffer_close [function] [call site] 00404
1 json_dump_callback [function] [call site] 00405
1 json_dump_counter(char const*, unsigned long, void*) [function] [call site] 00406
1 fprintf [call site] 00407
1 json_decref(json_t*) [function] [call site] 00408