Fuzz introspector: jq_fuzz_load_file
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
85 186 3 :

['jv_string_fmt', 'jv_free', 'jv_invalid_with_msg']

85 186 jv_load_file call site: 00511 /src/jq/src/jv_file.c:75
70 239 5 :

['decSetOverflow', 'decCompare', 'decNumberZero', 'decShiftToMost', 'decApplyRound']

70 360 decFinalize call site: 00196 /src/jq/src/decNumber/decNumber.c:7289
25 195 8 :

['jv_invalid', 'jv_is_valid.199', 'parse_is_top_num', 'parser_reset', 'jv_free', 'seq_check_truncation', 'stream_seq_check_truncation', 'stream_is_top_num']

227 1215 scan call site: 00174 /src/jq/src/jv_parse.c:648
2 2 1 :

['decSetMaxValue']

2 2 decSetOverflow call site: 00201 /src/jq/src/decNumber/decNumber.c:7378
2 2 1 :

['abort']

2 2 jv_tsd_dec_ctx_init call site: 00292 /src/jq/src/jv.c:512
2 2 1 :

['abort']

2 2 tsd_dec_ctx_get call site: 00308 /src/jq/src/jv.c:542
0 372 3 :

['jv_array', 'jv_array_append', 'jv_copy']

0 621 jv_parser_next call site: 00502 /src/jq/src/jv_parse.c:848
0 372 3 :

['jv_array', 'jv_array_append', 'jv_copy']

0 372 make_error call site: 00483 /src/jq/src/jv_parse.c:760
0 245 2 :

['make_error', 'jv_free']

0 245 jv_parser_next call site: 00504 /src/jq/src/jv_parse.c:854
0 170 9 :

['jvp_object_ptr', 'jvp_object_buckets', 'jvp_refcnt_unshared', 'jvp_object_get_slot', 'jvp_object_free', 'jv_get_kind', 'jvp_object_size', 'jvp_object_new', 'jv_copy']

0 170 jvp_object_unshare call site: 00000 /src/jq/src/jv.c:1635
0 113 2 :

['jv_string', 'jv_invalid_with_msg']

0 245 jv_array_set call site: 00256 /src/jq/src/jv.c:995
0 41 1 :

['jv_array']

0 309 parser_reset call site: 00142 /src/jq/src/jv_parse.c:99

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 getpid [call site] 00001
1 fopen [call site] 00002
1 fwrite [call site] 00003
1 fclose [call site] 00004
1 jv_load_file [function] [call site] 00005
2 __errno_location [call site] 00006
2 jv_string_fmt [function] [call site] 00007
3 jv_string_vfmt [function] [call site] 00008
4 jv_mem_alloc [function] [call site] 00009
5 memory_exhausted [function] [call site] 00010
6 pthread_once [call site] 00011
6 tsd_init [function] [call site] 00012
7 pthread_key_create [call site] 00013
7 tsd_fini_thread [function] [call site] 00014
7 fprintf [call site] 00015
7 abort [call site] 00016
7 atexit [call site] 00017
7 tsd_fini [function] [call site] 00018
8 pthread_getspecific [call site] 00019
8 pthread_setspecific [call site] 00020
7 fprintf [call site] 00021
7 abort [call site] 00022
6 tsd_init_nomem_handler [function] [call site] 00023
7 pthread_getspecific [call site] 00024
7 calloc [call site] 00025
7 pthread_setspecific [call site] 00026
7 fprintf [call site] 00027
7 abort [call site] 00028
6 pthread_getspecific [call site] 00029
6 fprintf [call site] 00030
6 abort [call site] 00031
4 vsnprintf [call site] 00032
4 jv_string_sized [function] [call site] 00033
5 jvp_utf8_is_valid [function] [call site] 00034
6 jvp_utf8_next [function] [call site] 00035
7 __assert_fail [call site] 00036
5 jvp_string_new [function] [call site] 00037
6 jvp_string_alloc [function] [call site] 00038
7 jv_mem_alloc [function] [call site] 00039
5 jvp_string_copy_replace_bad [function] [call site] 00040
6 jvp_string_alloc [function] [call site] 00041
6 jvp_utf8_next [function] [call site] 00042
6 jvp_utf8_encode [function] [call site] 00043
7 __assert_fail [call site] 00044
7 jvp_utf8_encode_length [function] [call site] 00045
6 __assert_fail [call site] 00046
4 jv_mem_free [function] [call site] 00047
4 jv_mem_free [function] [call site] 00048
2 fstat [call site] 00049
2 close [call site] 00050
2 jv_string_fmt [function] [call site] 00051
2 fdopen [call site] 00052
2 __errno_location [call site] 00053
2 jv_string_fmt [function] [call site] 00054
2 jv_string [function] [call site] 00055
3 strlen [call site] 00056
3 jv_string_sized [function] [call site] 00057
2 jv_array [function] [call site] 00058
3 jv_array_sized [function] [call site] 00059
4 jvp_array_new [function] [call site] 00060
5 jvp_array_alloc [function] [call site] 00061
6 jv_mem_alloc [function] [call site] 00062
2 jv_parser_new [function] [call site] 00063
3 jv_mem_alloc [function] [call site] 00064
3 parser_init [function] [call site] 00065
4 jv_invalid [function] [call site] 00067
4 jv_invalid [function] [call site] 00068
4 jv_invalid [function] [call site] 00069
4 jvp_dtoa_context_init [function] [call site] 00070
2 feof [call site] 00071
2 fread [call site] 00072
2 jvp_utf8_backtrack [function] [call site] 00073
3 __assert_fail [call site] 00074
2 feof [call site] 00075
2 jv_string_append_buf [function] [call site] 00076
3 jvp_utf8_is_valid [function] [call site] 00077
3 jvp_string_append [function] [call site] 00078
4 jvp_string_ptr [function] [call site] 00079
5 __assert_fail [call site] 00080
4 jvp_string_length [function] [call site] 00081
4 jvp_refcnt_unshared [function] [call site] 00082
5 __assert_fail [call site] 00083
4 jvp_string_remaining_space [function] [call site] 00084
5 jvp_string_length [function] [call site] 00085
5 __assert_fail [call site] 00086
5 jvp_string_length [function] [call site] 00087
4 jvp_string_alloc [function] [call site] 00088
4 jvp_string_free [function] [call site] 00089
5 jvp_string_ptr [function] [call site] 00090
5 jvp_refcnt_dec [function] [call site] 00091
5 jv_mem_free [function] [call site] 00092
3 jvp_string_copy_replace_bad [function] [call site] 00093
3 jv_string_concat [function] [call site] 00094
4 jv_string_value [function] [call site] 00095
5 __assert_fail [call site] 00096
5 jvp_string_ptr [function] [call site] 00097
4 jvp_string_ptr [function] [call site] 00098
4 jv_free [function] [call site] 00099
5 jvp_array_free [function] [call site] 00100
6 __assert_fail [call site] 00101
6 jvp_refcnt_dec [function] [call site] 00102
6 jvp_array_ptr [function] [call site] 00103
7 __assert_fail [call site] 00104
6 jv_free [function] [call site] 00105
7 jvp_string_free [function] [call site] 00106
7 jvp_object_free [function] [call site] 00107
8 __assert_fail [call site] 00108
8 jvp_refcnt_dec [function] [call site] 00109
8 jvp_object_size [function] [call site] 00110
9 __assert_fail [call site] 00111
8 jvp_object_get_slot [function] [call site] 00112
9 jvp_object_size [function] [call site] 00113
9 __assert_fail [call site] 00114
9 jvp_object_ptr [function] [call site] 00115
10 __assert_fail [call site] 00116
8 jv_get_kind [function] [call site] 00117
8 jvp_string_free [function] [call site] 00118
8 jv_free [function] [call site] 00119
9 jvp_invalid_free [function] [call site] 00120
10 __assert_fail [call site] 00121
10 jvp_refcnt_dec [function] [call site] 00122
10 jv_free [function] [call site] 00123
11 jvp_number_free [function] [call site] 00124
12 __assert_fail [call site] 00125
12 jvp_refcnt_dec [function] [call site] 00126
12 jvp_literal_number_ptr [function] [call site] 00127
13 __assert_fail [call site] 00128
12 jv_mem_free [function] [call site] 00129
12 jv_mem_free [function] [call site] 00130
10 jv_mem_free [function] [call site] 00131
8 jvp_object_ptr [function] [call site] 00132
8 jv_mem_free [function] [call site] 00133
6 jv_mem_free [function] [call site] 00134
2 feof [call site] 00135
2 jv_parser_set_buf [function] [call site] 00136
3 __assert_fail [call site] 00137
2 jv_parser_next [function] [call site] 00138
3 jv_invalid [function] [call site] 00139
3 jv_invalid [function] [call site] 00140
3 jv_string [function] [call site] 00141
3 jv_invalid [function] [call site] 00150
3 stream_check_done [function] [call site] 00151
4 jv_is_valid [function] [call site] 00152
5 jv_get_kind [function] [call site] 00153
4 jv_invalid [function] [call site] 00155
4 jv_is_valid [function] [call site] 00156
4 jv_copy [function] [call site] 00157
5 jvp_refcnt_inc [function] [call site] 00158
4 jv_array_slice [function] [call site] 00160
5 __assert_fail [call site] 00161
5 jvp_array_slice [function] [call site] 00162
6 __assert_fail [call site] 00163
6 jvp_array_length [function] [call site] 00164
7 __assert_fail [call site] 00165
6 jvp_clamp_slice_params [function] [call site] 00166
6 __assert_fail [call site] 00167
6 jv_array_sized [function] [call site] 00170
4 jv_invalid [function] [call site] 00173
3 scan [function] [call site] 00174
4 stream_seq_check_truncation [function] [call site] 00175
5 jv_get_kind [function] [call site] 00176
4 check_literal [function] [call site] 00177
5 jv_number_with_literal [function] [call site] 00187
6 jvp_literal_number_new [function] [call site] 00188
7 strlen [call site] 00189
7 decContextClearStatus [function] [call site] 00190
7 decNumberFromString [function] [call site] 00191
8 decNumberZero [function] [call site] 00192
8 decSetCoeff [function] [call site] 00195
8 decFinalize [function] [call site] 00196
9 decSetSubnormal [function] [call site] 00197
10 decSetCoeff [function] [call site] 00198
10 decApplyRound [function] [call site] 00199
11 decSetOverflow [function] [call site] 00200
12 decNumberZero [function] [call site] 00201
12 decSetMaxValue [function] [call site] 00202
11 decUnitAddSub [function] [call site] 00203
10 decShiftToMost [function] [call site] 00204
9 decNumberZero [function] [call site] 00205
9 decCompare [function] [call site] 00206
10 decUnitCompare [function] [call site] 00207
11 decUnitAddSub [function] [call site] 00208
9 decApplyRound [function] [call site] 00209
9 decSetSubnormal [function] [call site] 00210
9 decApplyRound [function] [call site] 00211
9 decSetOverflow [function] [call site] 00212
9 decShiftToMost [function] [call site] 00213
8 decFinalize [function] [call site] 00214
8 decStatus [function] [call site] 00215
9 decNumberZero [function] [call site] 00216
9 decContextSetStatus [function] [call site] 00217
10 raise [call site] 00218
7 jv_mem_free [function] [call site] 00219
5 jv_get_kind [function] [call site] 00220
4 check_literal [function] [call site] 00222
4 stream_check_done [function] [call site] 00223
4 jv_is_valid [function] [call site] 00224
4 __assert_fail [call site] 00225
4 parser_reset [function] [call site] 00226
4 jv_invalid [function] [call site] 00228
4 check_literal [function] [call site] 00230
4 stream_check_done [function] [call site] 00231
4 tokenadd [function] [call site] 00232
5 __assert_fail [call site] 00233
5 jv_mem_realloc [function] [call site] 00234
6 realloc [call site] 00235
6 memory_exhausted [function] [call site] 00236
5 __assert_fail [call site] 00237
4 stream_token [function] [call site] 00238
5 jv_is_valid [function] [call site] 00239
5 jv_get_kind [function] [call site] 00241
5 jv_number [function] [call site] 00243
5 jv_get_kind [function] [call site] 00245
5 jv_invalid [function] [call site] 00248
5 jv_is_valid [function] [call site] 00252
5 jv_get_kind [function] [call site] 00253
5 jv_array_set [function] [call site] 00254
6 __assert_fail [call site] 00255
6 jvp_array_length [function] [call site] 00256
6 jv_string [function] [call site] 00259
6 jvp_array_write [function] [call site] 00260
7 __assert_fail [call site] 00261
7 jvp_array_ptr [function] [call site] 00262
7 jvp_array_offset [function] [call site] 00263
8 __assert_fail [call site] 00264
7 jvp_refcnt_unshared [function] [call site] 00265
7 jvp_array_length [function] [call site] 00268
7 jvp_array_alloc [function] [call site] 00269
7 jvp_array_length [function] [call site] 00270
7 jvp_array_offset [function] [call site] 00271
7 jvp_array_free [function] [call site] 00272
5 jv_invalid [function] [call site] 00274
5 jv_get_kind [function] [call site] 00276
5 jv_number_value [function] [call site] 00277
6 __assert_fail [call site] 00278
6 jvp_literal_number_ptr [function] [call site] 00279
6 jvp_literal_number_to_double [function] [call site] 00280
7 __assert_fail [call site] 00281
7 jvp_dec_number_ptr [function] [call site] 00282
8 __assert_fail [call site] 00283
7 tsd_dec_ctx_get [function] [call site] 00284
8 pthread_once [call site] 00285
8 jv_tsd_dec_ctx_init [function] [call site] 00286
9 pthread_key_create [call site] 00287
9 jv_mem_free [function] [call site] 00288
9 fprintf [call site] 00289
9 abort [call site] 00290
9 pthread_key_create [call site] 00291
9 jv_mem_free [function] [call site] 00292
9 fprintf [call site] 00293
9 abort [call site] 00294
9 atexit [call site] 00295
9 jv_tsd_dec_ctx_fini [function] [call site] 00296
10 pthread_getspecific [call site] 00297
10 jv_mem_free [function] [call site] 00298
10 pthread_getspecific [call site] 00299
10 jv_mem_free [function] [call site] 00300
10 pthread_setspecific [call site] 00301
10 pthread_setspecific [call site] 00302
8 pthread_getspecific [call site] 00303
8 decContextDefault [function] [call site] 00304
9 decContextSetStatus [function] [call site] 00305
8 decContextDefault [function] [call site] 00306
8 __assert_fail [call site] 00307
8 pthread_setspecific [call site] 00308
8 fprintf [call site] 00309
8 abort [call site] 00310
7 decNumberReduce [function] [call site] 00311
8 decNaNs [function] [call site] 00312
9 decNumberCopy [function] [call site] 00313
9 decDecap [function] [call site] 00314
10 decGetDigits [function] [call site] 00315
8 decCopyFit [function] [call site] 00316
9 decSetCoeff [function] [call site] 00317
8 decFinalize [function] [call site] 00318
8 decTrim [function] [call site] 00319
9 decShiftToLeast [function] [call site] 00320
8 decStatus [function] [call site] 00321
7 decNumberToString [function] [call site] 00322
8 decToString [function] [call site] 00323
9 strcpy [call site] 00324
9 strcpy [call site] 00325
9 strcpy [call site] 00326
7 tsd_dtoa_context_get [function] [call site] 00327
8 pthread_once [call site] 00328
8 jv_tsd_dtoa_ctx_init [function] [call site] 00329
9 pthread_key_create [call site] 00330
9 tsd_dtoa_ctx_dtor [function] [call site] 00331
10 jvp_dtoa_context_free [function] [call site] 00332
11 jv_mem_free [function] [call site] 00335
10 jv_mem_free [function] [call site] 00336
9 abort [call site] 00337
9 atexit [call site] 00338
9 jv_tsd_dtoa_ctx_fini [function] [call site] 00339
10 pthread_getspecific [call site] 00340
10 tsd_dtoa_ctx_dtor [function] [call site] 00341
10 pthread_setspecific [call site] 00342
8 pthread_getspecific [call site] 00343
8 jvp_dtoa_context_init [function] [call site] 00344
8 pthread_setspecific [call site] 00345
8 fprintf [call site] 00346
7 jvp_strtod [function] [call site] 00347
5 jv_is_valid [function] [call site] 00435
5 jv_invalid [function] [call site] 00437
5 jv_number [function] [call site] 00438
5 jv_is_valid [function] [call site] 00439
5 jv_invalid [function] [call site] 00441
5 __assert_fail [call site] 00443
5 jv_is_valid [function] [call site] 00446
5 __assert_fail [call site] 00447
5 jv_get_kind [function] [call site] 00449
5 jv_is_valid [function] [call site] 00451
5 jv_invalid [function] [call site] 00453
5 jv_array_slice [function] [call site] 00455
5 jv_invalid [function] [call site] 00457
5 jv_is_valid [function] [call site] 00459
5 __assert_fail [call site] 00460
5 jv_get_kind [function] [call site] 00462
5 jv_is_valid [function] [call site] 00464
5 jv_invalid [function] [call site] 00466
5 jv_array_slice [function] [call site] 00468
5 jv_invalid [function] [call site] 00470
4 stream_check_done [function] [call site] 00472
4 found_string [function] [call site] 00473
4 stream_check_done [function] [call site] 00479
3 make_error [function] [call site] 00482
4 jv_string_vfmt [function] [call site] 00483
4 jv_invalid_with_msg [function] [call site] 00485
5 jv_mem_alloc [function] [call site] 00486
3 parser_reset [function] [call site] 00487
3 make_error [function] [call site] 00488
3 parser_reset [function] [call site] 00489
3 __assert_fail [call site] 00490
3 jv_invalid [function] [call site] 00491
3 __assert_fail [call site] 00492
3 make_error [function] [call site] 00494
3 make_error [function] [call site] 00495
3 parser_reset [function] [call site] 00496
3 check_literal [function] [call site] 00497
3 make_error [function] [call site] 00498
3 parser_reset [function] [call site] 00499
3 make_error [function] [call site] 00500
3 parser_reset [function] [call site] 00501
3 jv_is_valid [function] [call site] 00502
3 jv_invalid [function] [call site] 00504
3 make_error [function] [call site] 00505
2 jv_is_valid [function] [call site] 00506
2 jv_array_append [function] [call site] 00507
2 jv_parser_free [function] [call site] 00511
3 parser_free [function] [call site] 00512
4 parser_reset [function] [call site] 00513
4 jv_mem_free [function] [call site] 00516
4 jv_mem_free [function] [call site] 00517
4 jvp_dtoa_context_free [function] [call site] 00518
3 jv_mem_free [function] [call site] 00519
2 jv_string_fmt [function] [call site] 00521
1 jv_load_file [function] [call site] 00523
1 unlink [call site] 00525