Fuzz introspector
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues
Project coverage
Per-fuzzer coverage

Table of contents

Project overview: krb5
High level conclusions
Reachability and coverage overview
Fuzzers overview
Project functions overview
Fuzzer details
Fuzzer: Fuzz_json
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: Fuzz_ndr
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: Fuzz_profile
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: Fuzz_krb5
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: Fuzz_marshal
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: Fuzz_chpw
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: Fuzz_pac
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Analyses and suggestions
Optimal target analysis
Remaining optimal interesting functions
All functions overview
Runtime coverage analysis
Complex functions with low coverage
Files and Directories in report
Files in report
Directories in report
Metadata section
Report generation date: 2022-11-21

Project overview: krb5

High level conclusions

Reachability and coverage overview

Functions statically reachable by fuzzers
19.0%
433/2279
Cyclomatic complexity statically reachable by fuzzers
19.95%
2453/12298
Functions covered at runtime
213

Fuzzers overview

Fuzzer Fuzzer filename Functions Reached Functions unreached Fuzzer depth Files reached Basic blocks reached Cyclomatic complexity Details
Fuzz_json /src/krb5/fuzzing/Fuzz_json.c 34 43 11 2 346 165 Fuzz_json.c
Fuzz_ndr /src/krb5/fuzzing/Fuzz_ndr.c 26 43 6 11 225 112 Fuzz_ndr.c
Fuzz_profile /src/krb5/fuzzing/Fuzz_profile.c 57 116 7 8 560 279 Fuzz_profile.c
Fuzz_krb5 /src/krb5/fuzzing/Fuzz_krb5.c 337 1934 24 59 4348 1922 Fuzz_krb5.c
Fuzz_marshal /src/krb5/fuzzing/Fuzz_marshal.c 336 1935 24 62 3955 1793 Fuzz_marshal.c
Fuzz_chpw /src/krb5/fuzzing/Fuzz_chpw.c 326 1945 24 62 4196 1865 Fuzz_chpw.c
Fuzz_pac /src/krb5/fuzzing/Fuzz_pac.c 307 1964 24 56 3794 1712 Fuzz_pac.c

Project functions overview

The following table shows data about each function in the project. The functions included in this table correspond to all functions that exist in the executables of the fuzzers. As such, there may be functions that are from third-party libraries.

For further technical details on the meaning of columns in the below table, please see the Glossary .

Func name Functions filename Args Function call depth Reached by Fuzzers Fuzzers runtime hit Func lines hit % I Count BB Count Cyclomatic complexity Functions reached Reached by functions Accumulated cyclomatic complexity Undiscovered complexity

Fuzzer details

Fuzzer: Fuzz_json

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 1 1.35%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 73 98.6%
All colors 74 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
0 0 None 0 0 k5_json_bool_create call site /src/krb5/src/util/support/json.c:186
0 0 None 0 0 k5_json_array_add call site /src/krb5/src/util/support/json.c:241
0 0 None 0 0 k5_json_object_set call site /src/krb5/src/util/support/json.c:458
0 0 None 0 0 k5_json_object_set call site /src/krb5/src/util/support/json.c:464
0 0 None 0 0 k5_json_string_create_len call site /src/krb5/src/util/support/json.c:501
0 0 None 0 0 k5_json_number_create call site /src/krb5/src/util/support/json.c:562
0 0 None 0 0 alloc_value call site /src/krb5/src/util/support/json.c:149
0 0 None 0 0 parse_value call site /src/krb5/src/util/support/json.c:1026
0 0 None 0 0 parse_value call site /src/krb5/src/util/support/json.c:1051
0 0 None 0 0 parse_value call site /src/krb5/src/util/support/json.c:1057
0 0 None 0 0 parse_value call site /src/krb5/src/util/support/json.c:1063
0 0 None 0 0 parse_string call site /src/krb5/src/util/support/json.c:818

Runtime coverage analysis

Covered functions
28
Functions that are reachable but not covered
9
Reachable functions
34
Percentage of reachable functions covered
73.53%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/krb5/fuzzing/Fuzz_json.c 1
util/support/json.c 25

Fuzzer: Fuzz_ndr

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 5 8.19%
gold [1:9] 2 3.27%
yellow [10:29] 0 0.0%
greenyellow [30:49] 2 3.27%
lawngreen 50+ 52 85.2%
All colors 61 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2 2 1 :

['explicit_bzero']

2 4 k5_buf_free call site /src/krb5/src/util/support/k5buf.c:268
0 11 1 :

['k5_buf_free']

0 11 k5_utf16le_to_utf8 call site /src/krb5/src/util/support/utf8_conv.c:191
0 2 1 :

['set_error']

0 2 k5_buf_init_dynamic call site /src/krb5/src/util/support/k5buf.c:131
0 0 1 :

['malloc']

4 6 ensure_space call site /src/krb5/src/util/support/k5buf.c:87
0 0 None 2 4 ensure_space call site /src/krb5/src/util/support/k5buf.c:78
0 0 None 0 4 ndr_dec_delegation_info call site /src/krb5/src/kdc/ndr.c:208
0 0 None 0 0 ndr_dec_delegation_info call site /src/krb5/src/kdc/ndr.c:151
0 0 None 0 0 k5_buf_get_space call site /src/krb5/src/util/support/k5buf.c:239
0 0 None 0 0 k5_buf_free call site /src/krb5/src/util/support/k5buf.c:265
0 0 None 0 0 ensure_space call site /src/krb5/src/util/support/k5buf.c:74
0 0 None 0 0 krb5int_ucs4_to_utf8 call site /src/krb5/src/util/support/utf8.c:215
0 0 None 0 0 k5_utf16le_to_utf8 call site /src/krb5/src/util/support/utf8_conv.c:163

Runtime coverage analysis

Covered functions
23
Functions that are reachable but not covered
4
Reachable functions
26
Percentage of reachable functions covered
84.62%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/krb5/fuzzing/Fuzz_ndr.c 1
/src/krb5/fuzzing/./../src/include/k5-int.h 1
kdc/ndr.c 3
kdc/../include/k5-int.h 2
kdc/../include/k5-input.h 6
kdc/../include/k5-platform.h 2
util/support/utf8_conv.c 1
util/support/k5buf.c 6
util/support/../../include/k5-input.h 4
util/support/../../include/k5-platform.h 1
util/support/utf8.c 1

Fuzzer: Fuzz_profile

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 75 68.8%
gold [1:9] 8 7.33%
yellow [10:29] 0 0.0%
greenyellow [30:49] 25 22.9%
lawngreen 50+ 1 0.91%
All colors 109 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
210 210 3 :

['fgets', 'feof', 'parse_line']

210 210 parse_file call site /src/krb5/src/util/profile/prof_parse.c:337
2 14 2 :

['strdup', 'profile_free_node']

2 14 profile_create_node call site /src/krb5/src/util/profile/prof_tree.c:103
2 2 1 :

['strerror']

2 2 k5_mutex_lock call site /src/krb5/src/util/support/../../include/k5-thread.h:371
2 2 1 :

['strerror']

2 2 k5_mutex_unlock call site /src/krb5/src/util/support/../../include/k5-thread.h:383
0 12 1 :

['profile_free_node']

0 12 profile_parse_file call site /src/krb5/src/util/profile/prof_parse.c:417
0 0 None 0 12 profile_free_node call site /src/krb5/src/util/profile/prof_tree.c:59
0 0 None 0 12 profile_create_node call site /src/krb5/src/util/profile/prof_tree.c:99
0 0 None 0 0 add_error_table call site /src/krb5/src/util/et/error_message.c:261
0 0 None 0 0 com_err_initialize call site /src/krb5/src/util/et/error_message.c:42
0 0 None 0 0 com_err_initialize call site /src/krb5/src/util/et/error_message.c:45
0 0 None 0 0 com_err_initialize call site /src/krb5/src/util/et/error_message.c:48
0 0 None 0 0 profile_parse_file call site /src/krb5/src/util/profile/prof_parse.c:413

Runtime coverage analysis

Covered functions
23
Functions that are reachable but not covered
43
Reachable functions
57
Percentage of reachable functions covered
24.56%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/krb5/fuzzing/Fuzz_profile.c 1
util/profile/prof_err.c 1
util/et/error_message.c 1
util/support/threads.c 5
util/et/../../include/k5-thread.h 2
util/profile/prof_parse.c 10
util/profile/prof_tree.c 6
util/support/dir_filenames.c 4

Fuzzer: Fuzz_krb5

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 768 79.1%
gold [1:9] 16 1.64%
yellow [10:29] 4 0.41%
greenyellow [30:49] 6 0.61%
lawngreen 50+ 176 18.1%
All colors 970 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
1300 1300 1 :

['krb5int_trace']

1300 1557 krb5_init_context_profile call site /src/krb5/src/lib/krb5/krb/init_ctx.c:256
567 567 1 :

['profile_copy']

567 567 k5_os_init_context call site /src/krb5/src/lib/krb5/os/init_os_ctx.c:435
418 418 7 :

['profile_process_directory', 'fopen', 'profile_parse_file', 'profile_free_node', 'fclose', 'fcntl', 'fileno']

424 424 profile_update_file_data_locked call site /src/krb5/src/util/profile/prof_file.c:284
106 106 1 :

['write_data_to_file']

106 106 profile_flush_file_data call site /src/krb5/src/util/profile/prof_file.c:473
86 86 1 :

['profile_abandon']

86 86 profile_release call site /src/krb5/src/util/profile/prof_init.c:505
52 80 7 :

['expand_token', 'strchr', 'krb5_set_error_message', 'k5_buf_add_len', 'free', 'strstr', 'dgettext']

52 161 k5_expand_path_tokens_extra call site /src/krb5/src/lib/krb5/os/expand_path.c:496
21 26 5 :

['krb5_free_principal', 'krb5_free_keyblock', 'free', 'krb5_free_authdata', 'krb5_free_addresses']

21 26 krb5_free_enc_tkt_part call site /src/krb5/src/lib/krb5/krb/kfree.c:291
11 11 1 :

['load_int']

11 11 load_count call site /src/krb5/src/lib/krb5/asn.1/asn1_encode.c:506
8 8 5 :

['explicit_bzero', 'realloc', 'malloc', 'free', 'set_error']

8 8 ensure_space call site /src/krb5/src/util/support/k5buf.c:76
6 6 3 :

['getpwuid_r', 'getuid', 'secure_getenv']

15 864 profile_open_file call site /src/krb5/src/util/profile/prof_file.c:184
6 6 1 :

['get_value_vt']

6 6 profile_get_value call site /src/krb5/src/util/profile/prof_get.c:229
4 345 3 :

['k5_mutex_lock', 'profile_update_file_data_locked', 'strcmp']

4 540 profile_node_iterator call site /src/krb5/src/util/profile/prof_tree.c:494

Runtime coverage analysis

Covered functions
122
Functions that are reachable but not covered
241
Reachable functions
337
Percentage of reachable functions covered
28.49%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/krb5/fuzzing/Fuzz_krb5.c 1
/src/krb5/fuzzing/./../src/include/k5-int.h 1
lib/krb5/krb/init_ctx.c 6
lib/krb5/krb5_libinit.c 1
util/support/threads.c 10
lib/krb5/os/init_os_ctx.c 6
util/profile/prof_init.c 9
util/profile/../../include/k5-thread.h 3
util/profile/prof_file.c 13
util/profile/prof_tree.c 12
util/profile/prof_parse.c 15
util/support/dir_filenames.c 4
util/support/strlcpy.c 1
util/support/path.c 2
util/support/plugins.c 15
util/support/errors.c 6
lib/krb5/os/trace.c 12
util/profile/prof_get.c 18
util/support/k5buf.c 10
lib/krb5/os/../../../include/k5-int.h 7
lib/crypto/krb/make_checksum.c 1
lib/crypto/krb/mandatory_sumtype.c 1
lib/crypto/krb/./crypto_int.h 3
lib/crypto/krb/../../../include/k5-int.h 2
lib/krb5/krb/kfree.c 7
util/support/strerror_r.c 1
lib/krb5/krb/kerrs.c 5
util/et/error_message.c 2
util/et/../../include/k5-thread.h 2
util/et/et_name.c 1
util/support/../../include/k5-thread.h 2
lib/krb5/krb/unparse.c 4
lib/krb5/os/hostrealm.c 14
lib/krb5/krb/plugin.c 17
lib/krb5/krb/../../../include/k5-int.h 5
lib/krb5/os/hostrealm_registry.c 3
lib/krb5/os/hostrealm_profile.c 4
lib/krb5/os/hostrealm_dns.c 5
lib/krb5/os/locate_kdc.c 21
lib/krb5/krb/libdef_parse.c 1
lib/krb5/os/dnsglue.c 6
lib/krb5/os/c_ustime.c 2
lib/krb5/os/../../../include/k5-thread.h 2
util/support/fake-addrinfo.c 6
lib/krb5/os/hostrealm_domain.c 3
lib/krb5/krb/parse_host_string.c 2
lib/krb5/os/dnssrv.c 5
lib/krb5/krb/princ_comp.c 2
lib/crypto/krb/enctype_util.c 1
lib/krb5/ccache/ccfns.c 2
lib/krb5/keytab/ktfns.c 1
lib/krb5/os/expand_path.c 5
lib/krb5/krb/preauth2.c 2
lib/krb5/ccache/ccselect.c 2
lib/krb5/os/localauth.c 2
lib/krb5/asn.1/asn1_k_encode.c 2
lib/krb5/asn.1/asn1_encode.c 26
lib/crypto/krb/keyblocks.c 2
lib/krb5/krb/authdata.c 1

Fuzzer: Fuzz_marshal

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 718 77.3%
gold [1:9] 10 1.07%
yellow [10:29] 1 0.10%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 199 21.4%
All colors 928 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
1300 1300 1 :

['krb5int_trace']

1300 1557 krb5_init_context_profile call site /src/krb5/src/lib/krb5/krb/init_ctx.c:256
567 567 1 :

['profile_copy']

567 567 k5_os_init_context call site /src/krb5/src/lib/krb5/os/init_os_ctx.c:435
418 418 7 :

['profile_process_directory', 'fopen', 'profile_parse_file', 'profile_free_node', 'fclose', 'fcntl', 'fileno']

424 424 profile_update_file_data_locked call site /src/krb5/src/util/profile/prof_file.c:284
106 106 1 :

['write_data_to_file']

106 106 profile_flush_file_data call site /src/krb5/src/util/profile/prof_file.c:473
86 86 1 :

['profile_abandon']

86 86 profile_release call site /src/krb5/src/util/profile/prof_init.c:505
52 80 7 :

['expand_token', 'strchr', 'krb5_set_error_message', 'k5_buf_add_len', 'free', 'strstr', 'dgettext']

52 161 k5_expand_path_tokens_extra call site /src/krb5/src/lib/krb5/os/expand_path.c:496
8 8 5 :

['explicit_bzero', 'realloc', 'malloc', 'free', 'set_error']

8 8 ensure_space call site /src/krb5/src/util/support/k5buf.c:76
6 6 3 :

['getpwuid_r', 'getuid', 'secure_getenv']

15 864 profile_open_file call site /src/krb5/src/util/profile/prof_file.c:184
6 6 1 :

['get_value_vt']

6 6 profile_get_value call site /src/krb5/src/util/profile/prof_get.c:229
4 345 3 :

['k5_mutex_lock', 'profile_update_file_data_locked', 'strcmp']

4 540 profile_node_iterator call site /src/krb5/src/util/profile/prof_tree.c:494
4 4 3 :

['explicit_bzero', 'free', 'set_error']

4 4 k5_buf_free call site /src/krb5/src/util/support/k5buf.c:265
2 392 3 :

['strcasecmp', 'free', 'profile_get_string']

2 392 get_tristate call site /src/krb5/src/lib/krb5/krb/init_ctx.c:109

Runtime coverage analysis

Covered functions
127
Functions that are reachable but not covered
228
Reachable functions
336
Percentage of reachable functions covered
32.14%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/krb5/fuzzing/Fuzz_marshal.c 1
lib/krb5/krb/init_ctx.c 6
lib/krb5/krb5_libinit.c 1
util/support/threads.c 10
lib/krb5/os/init_os_ctx.c 6
util/profile/prof_init.c 9
util/profile/../../include/k5-thread.h 3
util/profile/prof_file.c 13
util/profile/prof_tree.c 12
util/profile/prof_parse.c 15
util/support/dir_filenames.c 4
util/support/strlcpy.c 1
util/support/path.c 2
util/support/plugins.c 15
util/support/errors.c 6
lib/krb5/os/trace.c 12
util/profile/prof_get.c 18
util/support/k5buf.c 10
lib/krb5/os/../../../include/k5-int.h 7
lib/crypto/krb/make_checksum.c 1
lib/crypto/krb/mandatory_sumtype.c 1
lib/crypto/krb/./crypto_int.h 3
lib/crypto/krb/../../../include/k5-int.h 2
lib/krb5/krb/kfree.c 7
util/support/strerror_r.c 1
lib/krb5/krb/kerrs.c 5
util/et/error_message.c 2
util/et/../../include/k5-thread.h 2
util/et/et_name.c 1
util/support/../../include/k5-thread.h 2
lib/krb5/krb/unparse.c 4
lib/krb5/os/hostrealm.c 14
lib/krb5/krb/plugin.c 17
lib/krb5/krb/../../../include/k5-int.h 5
lib/krb5/os/hostrealm_registry.c 3
lib/krb5/os/hostrealm_profile.c 4
lib/krb5/os/hostrealm_dns.c 5
lib/krb5/os/locate_kdc.c 21
lib/krb5/krb/libdef_parse.c 1
lib/krb5/os/dnsglue.c 6
lib/krb5/os/c_ustime.c 2
lib/krb5/os/../../../include/k5-thread.h 2
util/support/fake-addrinfo.c 6
lib/krb5/os/hostrealm_domain.c 3
lib/krb5/krb/parse_host_string.c 2
lib/krb5/os/dnssrv.c 5
lib/krb5/krb/princ_comp.c 2
lib/crypto/krb/enctype_util.c 1
lib/krb5/ccache/ccfns.c 2
lib/krb5/keytab/ktfns.c 1
lib/krb5/os/expand_path.c 5
lib/krb5/krb/preauth2.c 2
lib/krb5/ccache/ccselect.c 2
lib/krb5/os/localauth.c 2
/src/krb5/fuzzing/./../src/include/k5-int.h 1
lib/krb5/ccache/ccmarshal.c 13
lib/krb5/ccache/../../../include/k5-int.h 5
lib/krb5/ccache/../../../include/k5-input.h 7
lib/krb5/ccache/../../../include/k5-platform.h 3
/usr/include/x86_64-linux-gnu/bits/byteswap.h 2
lib/crypto/krb/keyblocks.c 1
lib/krb5/krb/authdata.c 1

Fuzzer: Fuzz_chpw

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 737 81.7%
gold [1:9] 13 1.44%
yellow [10:29] 0 0.0%
greenyellow [30:49] 2 0.22%
lawngreen 50+ 150 16.6%
All colors 902 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
1300 1300 1 :

['krb5int_trace']

1300 1557 krb5_init_context_profile call site /src/krb5/src/lib/krb5/krb/init_ctx.c:256
567 567 1 :

['profile_copy']

567 567 k5_os_init_context call site /src/krb5/src/lib/krb5/os/init_os_ctx.c:435
418 418 7 :

['profile_process_directory', 'fopen', 'profile_parse_file', 'profile_free_node', 'fclose', 'fcntl', 'fileno']

424 424 profile_update_file_data_locked call site /src/krb5/src/util/profile/prof_file.c:284
106 106 1 :

['write_data_to_file']

106 106 profile_flush_file_data call site /src/krb5/src/util/profile/prof_file.c:473
86 86 1 :

['profile_abandon']

86 86 profile_release call site /src/krb5/src/util/profile/prof_init.c:505
52 80 7 :

['expand_token', 'strchr', 'krb5_set_error_message', 'k5_buf_add_len', 'free', 'strstr', 'dgettext']

52 161 k5_expand_path_tokens_extra call site /src/krb5/src/lib/krb5/os/expand_path.c:496
6 6 3 :

['getpwuid_r', 'getuid', 'secure_getenv']

15 864 profile_open_file call site /src/krb5/src/util/profile/prof_file.c:184
6 6 1 :

['get_value_vt']

6 6 profile_get_value call site /src/krb5/src/util/profile/prof_get.c:229
4 345 3 :

['k5_mutex_lock', 'profile_update_file_data_locked', 'strcmp']

4 540 profile_node_iterator call site /src/krb5/src/util/profile/prof_tree.c:494
4 4 3 :

['explicit_bzero', 'free', 'strlen']

4 39 k5_buf_add_vfmt call site /src/krb5/src/util/support/k5buf.c:196
2 392 3 :

['strcasecmp', 'free', 'profile_get_string']

2 392 get_tristate call site /src/krb5/src/lib/krb5/krb/init_ctx.c:109
2 2 2 :

['strdup', 'k5calloc.279']

54 163 k5_expand_path_tokens_extra call site /src/krb5/src/lib/krb5/os/expand_path.c:475

Runtime coverage analysis

Covered functions
99
Functions that are reachable but not covered
246
Reachable functions
326
Percentage of reachable functions covered
24.54%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/krb5/fuzzing/Fuzz_chpw.c 1
lib/krb5/krb/init_ctx.c 6
lib/krb5/krb5_libinit.c 1
util/support/threads.c 10
lib/krb5/os/init_os_ctx.c 6
util/profile/prof_init.c 9
util/profile/../../include/k5-thread.h 3
util/profile/prof_file.c 13
util/profile/prof_tree.c 12
util/profile/prof_parse.c 15
util/support/dir_filenames.c 4
util/support/strlcpy.c 1
util/support/path.c 2
util/support/plugins.c 15
util/support/errors.c 6
lib/krb5/os/trace.c 12
util/profile/prof_get.c 18
util/support/k5buf.c 10
lib/krb5/os/../../../include/k5-int.h 7
lib/crypto/krb/make_checksum.c 1
lib/crypto/krb/mandatory_sumtype.c 1
lib/crypto/krb/./crypto_int.h 3
lib/crypto/krb/../../../include/k5-int.h 2
lib/krb5/krb/kfree.c 2
util/support/strerror_r.c 1
lib/krb5/krb/kerrs.c 5
util/et/error_message.c 2
util/et/../../include/k5-thread.h 2
util/et/et_name.c 1
util/support/../../include/k5-thread.h 2
lib/krb5/krb/unparse.c 4
lib/krb5/os/hostrealm.c 14
lib/krb5/krb/plugin.c 17
lib/krb5/krb/../../../include/k5-int.h 5
lib/krb5/os/hostrealm_registry.c 3
lib/krb5/os/hostrealm_profile.c 4
lib/krb5/os/hostrealm_dns.c 5
lib/krb5/os/locate_kdc.c 21
lib/krb5/krb/libdef_parse.c 1
lib/krb5/os/dnsglue.c 6
lib/krb5/os/c_ustime.c 2
lib/krb5/os/../../../include/k5-thread.h 2
util/support/fake-addrinfo.c 6
lib/krb5/os/hostrealm_domain.c 3
lib/krb5/krb/parse_host_string.c 2
lib/krb5/os/dnssrv.c 5
lib/krb5/krb/princ_comp.c 2
lib/crypto/krb/enctype_util.c 1
lib/krb5/ccache/ccfns.c 2
lib/krb5/keytab/ktfns.c 1
lib/krb5/os/expand_path.c 5
lib/krb5/krb/preauth2.c 2
lib/krb5/ccache/ccselect.c 2
lib/krb5/os/localauth.c 2
/src/krb5/fuzzing/./../src/include/k5-int.h 1
lib/krb5/krb/chpw.c 3
lib/krb5/krb/../../../include/k5-platform.h 3
/usr/include/x86_64-linux-gnu/bits/byteswap.h 3
lib/krb5/unicode/ucstr.c 1
lib/krb5/unicode/../../../include/k5-int.h 3
lib/krb5/unicode/ucdata.c 12
util/support/utf8.c 1

Fuzzer: Fuzz_pac

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 720 83.4%
gold [1:9] 10 1.15%
yellow [10:29] 2 0.23%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 131 15.1%
All colors 863 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
1300 1300 1 :

['krb5int_trace']

1300 1557 krb5_init_context_profile call site /src/krb5/src/lib/krb5/krb/init_ctx.c:256
567 567 1 :

['profile_copy']

567 567 k5_os_init_context call site /src/krb5/src/lib/krb5/os/init_os_ctx.c:435
418 418 7 :

['profile_process_directory', 'fopen', 'profile_parse_file', 'profile_free_node', 'fclose', 'fcntl', 'fileno']

424 424 profile_update_file_data_locked call site /src/krb5/src/util/profile/prof_file.c:284
106 106 1 :

['write_data_to_file']

106 106 profile_flush_file_data call site /src/krb5/src/util/profile/prof_file.c:473
86 86 1 :

['profile_abandon']

86 86 profile_release call site /src/krb5/src/util/profile/prof_init.c:505
52 80 7 :

['expand_token', 'strchr', 'krb5_set_error_message', 'k5_buf_add_len', 'free', 'strstr', 'dgettext']

52 161 k5_expand_path_tokens_extra call site /src/krb5/src/lib/krb5/os/expand_path.c:496
8 8 5 :

['explicit_bzero', 'realloc', 'malloc', 'free', 'set_error']

8 8 ensure_space call site /src/krb5/src/util/support/k5buf.c:76
6 6 3 :

['getpwuid_r', 'getuid', 'secure_getenv']

15 864 profile_open_file call site /src/krb5/src/util/profile/prof_file.c:184
6 6 1 :

['get_value_vt']

6 6 profile_get_value call site /src/krb5/src/util/profile/prof_get.c:229
4 345 3 :

['k5_mutex_lock', 'profile_update_file_data_locked', 'strcmp']

4 540 profile_node_iterator call site /src/krb5/src/util/profile/prof_tree.c:494
4 4 3 :

['explicit_bzero', 'free', 'set_error']

4 4 k5_buf_free call site /src/krb5/src/util/support/k5buf.c:265
2 392 3 :

['strcasecmp', 'free', 'profile_get_string']

2 392 get_tristate call site /src/krb5/src/lib/krb5/krb/init_ctx.c:109

Runtime coverage analysis

Covered functions
96
Functions that are reachable but not covered
230
Reachable functions
307
Percentage of reachable functions covered
25.08%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/krb5/fuzzing/Fuzz_pac.c 1
lib/krb5/krb/init_ctx.c 6
lib/krb5/krb5_libinit.c 1
util/support/threads.c 10
lib/krb5/os/init_os_ctx.c 6
util/profile/prof_init.c 9
util/profile/../../include/k5-thread.h 3
util/profile/prof_file.c 13
util/profile/prof_tree.c 12
util/profile/prof_parse.c 15
util/support/dir_filenames.c 4
util/support/strlcpy.c 1
util/support/path.c 2
util/support/plugins.c 15
util/support/errors.c 6
lib/krb5/os/trace.c 12
util/profile/prof_get.c 18
util/support/k5buf.c 10
lib/krb5/os/../../../include/k5-int.h 7
lib/crypto/krb/make_checksum.c 1
lib/crypto/krb/mandatory_sumtype.c 1
lib/crypto/krb/./crypto_int.h 3
lib/crypto/krb/../../../include/k5-int.h 2
lib/krb5/krb/kfree.c 2
util/support/strerror_r.c 1
lib/krb5/krb/kerrs.c 5
util/et/error_message.c 2
util/et/../../include/k5-thread.h 2
util/et/et_name.c 1
util/support/../../include/k5-thread.h 2
lib/krb5/krb/unparse.c 4
lib/krb5/os/hostrealm.c 15
lib/krb5/krb/plugin.c 17
lib/krb5/krb/../../../include/k5-int.h 6
lib/krb5/os/hostrealm_registry.c 3
lib/krb5/os/hostrealm_profile.c 4
lib/krb5/os/hostrealm_dns.c 5
lib/krb5/os/locate_kdc.c 21
lib/krb5/krb/libdef_parse.c 1
lib/krb5/os/dnsglue.c 6
lib/krb5/os/c_ustime.c 2
lib/krb5/os/../../../include/k5-thread.h 2
util/support/fake-addrinfo.c 6
lib/krb5/os/hostrealm_domain.c 3
lib/krb5/krb/parse_host_string.c 2
lib/krb5/os/dnssrv.c 5
lib/krb5/krb/princ_comp.c 2
lib/crypto/krb/enctype_util.c 1
lib/krb5/ccache/ccfns.c 2
lib/krb5/keytab/ktfns.c 1
lib/krb5/os/expand_path.c 5
lib/krb5/krb/preauth2.c 2
lib/krb5/ccache/ccselect.c 2
lib/krb5/os/localauth.c 2
lib/krb5/krb/pac.c 3
lib/krb5/krb/../../../include/k5-platform.h 2

Analyses and suggestions

Optimal target analysis

Remaining optimal interesting functions

The following table shows a list of functions that are optimal targets. Optimal targets are identified by finding the functions that in combination, yield a high code coverage.

Func name Functions filename Arg count Args Function depth hitcount instr count bb count cyclomatic complexity Reachable functions Incoming references total cyclomatic complexity Unreached complexity
krb5_get_init_creds_password /src/krb5/src/lib/krb5/krb/gic_pwd.c 9 ['struct._krb5_context *', 'struct._krb5_creds *', 'struct.krb5_principal_data *', 'char *', 'func_type *', 'char *', 'int ', 'char *', 'struct._krb5_get_init_creds_opt *'] 29 0 689 105 38 966 0 6130 4220
krb5int_aes_decrypt /src/krb5/src/lib/crypto/builtin/enc_provider/aes.c 4 ['struct.krb5_key_st *', 'struct._krb5_data *', 'struct._krb5_fast_armor *', 'size_t '] 3 0 216 23 9 23 0 271 265
kcm_retrieve /src/krb5/src/lib/krb5/ccache/cc_kcm.c 5 ['struct._krb5_context *', 'struct._krb5_ccache.755 *', 'int ', 'struct._krb5_creds *', 'struct._krb5_creds *'] 28 0 170 20 9 346 0 1932 216
krb5_cc_select /src/krb5/src/lib/krb5/ccache/ccselect.c 4 ['struct._krb5_context *', 'struct.krb5_principal_data *', 'struct._krb5_ccache **', 'struct.krb5_principal_data **'] 28 0 365 66 22 318 0 1883 150
krb5_get_credentials_for_user /src/krb5/src/lib/krb5/krb/s4u_creds.c 6 ['struct._krb5_context *', 'int ', 'struct._krb5_ccache *', 'struct._krb5_creds *', 'struct._krb5_data *', 'struct._krb5_creds **'] 31 0 377 62 24 905 0 5762 148
krb5int_aes2_string_to_key /src/krb5/src/lib/crypto/krb/s2k_pbkdf2.c 5 ['struct.krb5_keytypes.3582 *', 'struct._krb5_data *', 'struct._krb5_data *', 'struct._krb5_data *', 'struct._krb5_keyblock *'] 7 0 45 3 2 48 0 240 147
krb5_ktfile_get_entry /src/krb5/src/lib/krb5/keytab/kt_file.c 6 ['struct._krb5_context *', 'struct._krb5_kt.893 *', 'struct.krb5_principal_data *', 'int ', 'int ', 'struct.krb5_keytab_entry_st *'] 28 0 406 67 25 281 0 1683 138

Implementing fuzzers that target the above functions will improve reachability such that it becomes:

Functions statically reachable by fuzzers
53.36%
1216/2279
Cyclomatic complexity statically reachable by fuzzers
62.91%
7737 / 12298

All functions overview

If you implement fuzzers for these functions, the status of all functions in the project will be:

Func name Functions filename Args Function call depth Reached by Fuzzers Fuzzers runtime hit Func lines hit % I Count BB Count Cyclomatic complexity Functions reached Reached by functions Accumulated cyclomatic complexity Undiscovered complexity

Runtime coverage analysis

This section shows analysis of runtime coverage data.

For futher technical details on how this section is generated, please see the Glossary .

Complex functions with low coverage

Func name Function total lines Lines covered at runtime percentage covered Reached by fuzzers
ensure_space 40 19 47.5% ['Fuzz_ndr', 'Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac']
decode_cntype 44 22 50.0% ['Fuzz_krb5']
k5_expand_path_tokens_extra 62 30 48.38% ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac']
profile_open_file 87 32 36.78% ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac']
profile_update_file_data_locked 60 16 26.66% ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac']
profile_iterator 38 19 50.0% ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac']
profile_node_iterator 118 25 21.18% ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac']
k5_buf_add_vfmt 48 25 52.08% ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac']

Files and Directories in report

This section shows which files and directories are considered in this report. The main reason for showing this is fuzz introspector may include more code in the reasoning than is desired. This section helps identify if too many files/directories are included, e.g. third party code, which may be irrelevant for the threat model. In the event too much is included, fuzz introspector supports a configuration file that can exclude data from the report. See the following link for more information on how to create a config file: link

Files in report

Source file Reached by Covered by
[] []
/src/krb5/src/lib/krb5/os/hostrealm_domain.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] []
/src/krb5/src/lib/crypto/builtin/sha2/sha256.c [] []
/src/krb5/src/lib/crypto/krb/checksum_unkeyed.c [] []
/src/krb5/src/lib/krb5/os/../../../include/port-sockets.h [] []
/src/krb5/src/util/profile/prof_get.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac']
/src/krb5/src/lib/krb5/os/trace.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac']
/src/krb5/src/lib/krb5/krb/padata.c [] []
/src/krb5/src/lib/crypto/builtin/des/f_sched.c [] []
/src/krb5/src/lib/crypto/krb/make_random_key.c [] []
/src/krb5/src/lib/crypto/builtin/hash_provider/hash_sha1.c [] []
/src/krb5/src/util/support/../../include/k5-input.h ['Fuzz_ndr'] []
/src/krb5/src/lib/krb5/error_tables/krb5_err.c [] []
/src/krb5/src/lib/crypto/builtin/enc_provider/../../../../include/k5-platform.h [] []
/src/krb5/src/lib/krb5/unicode/ucstr.c ['Fuzz_chpw'] []
/src/krb5/src/lib/krb5/krb/send_tgs.c [] []
/src/krb5/src/lib/crypto/krb/checksum_etm.c [] []
/src/krb5/src/lib/krb5/krb/gc_via_tkt.c [] []
/src/krb5/src/lib/crypto/krb/./crypto_int.h ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] []
/src/krb5/src/lib/krb5/krb/plugin.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac']
/src/krb5/src/lib/krb5/krb/gic_pwd.c [] []
/src/krb5/src/lib/krb5/ccache/cc_dir.c [] []
/src/krb5/src/lib/krb5/error_tables/kv5m_err.c [] []
/src/krb5/src/lib/krb5/rcache/memrcache.c [] []
/src/krb5/src/lib/krb5/krb/addr_comp.c [] []
/src/krb5/src/lib/krb5/keytab/kt_memory.c [] []
/src/krb5/src/lib/krb5/krb/serialize.c [] []
/src/krb5/src/lib/krb5/ccache/cc_file.c [] []
/src/krb5/src/lib/krb5/ccache/cccursor.c [] []
/src/krb5/src/lib/crypto/builtin/enc_provider/rc4.c [] []
/src/krb5/src/lib/krb5/krb/ai_authdata.c [] []
/src/krb5/src/util/support/gmt_mktime.c [] []
/src/krb5/src/util/support/hashtab.c [] []
/src/krb5/fuzzing/Fuzz_profile.c ['Fuzz_profile'] ['Fuzz_profile']
/src/krb5/src/lib/krb5/os/sendto_kdc.c [] []
/src/krb5/src/lib/crypto/builtin/hmac.c [] []
/src/krb5/src/lib/krb5/ccache/../../../include/k5-buf.h [] []
/src/krb5/src/util/profile/prof_file.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac']
/src/krb5/src/lib/krb5/ccache/ccbase.c [] []
/src/krb5/src/kdc/../include/k5-platform.h ['Fuzz_ndr'] []
/src/krb5/src/util/support/utf8.c ['Fuzz_ndr', 'Fuzz_chpw'] ['Fuzz_ndr']
/src/krb5/src/lib/krb5/krb/authdata_exp.c [] []
/src/krb5/src/lib/krb5/krb/gen_seqnum.c [] []
/src/krb5/src/lib/krb5/os/localauth_rule.c [] []
/src/krb5/src/lib/krb5/krb/preauth_encts.c [] []
/src/krb5/src/lib/krb5/krb/str_conv.c [] []
/src/krb5/src/lib/krb5/os/localaddr.c [] []
/src/krb5/src/lib/krb5/krb/get_in_tkt.c [] []
/src/krb5/src/util/support/threads.c ['Fuzz_profile', 'Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] ['Fuzz_profile', 'Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac']
/src/krb5/src/lib/krb5/krb/./../os/os-proto.h [] []
/src/krb5/src/lib/krb5/keytab/ktbase.c [] []
/src/krb5/src/lib/krb5/os/changepw.c [] []
/src/krb5/src/lib/krb5/krb/tgtname.c [] []
/src/krb5/fuzzing/Fuzz_marshal.c ['Fuzz_marshal'] ['Fuzz_marshal']
/src/krb5/src/kdc/ndr.c ['Fuzz_ndr'] ['Fuzz_ndr']
/src/krb5/src/lib/crypto/builtin/enc_provider/des3.c [] []
/src/krb5/src/lib/crypto/krb/keyblocks.c ['Fuzz_krb5', 'Fuzz_marshal'] ['Fuzz_marshal']
/src/krb5/src/lib/crypto/builtin/des/f_aead.c [] []
/src/krb5/src/lib/krb5/krb/etype_list.c [] []
/src/krb5/src/lib/krb5/krb/set_realm.c [] []
/src/krb5/src/lib/krb5/unicode/ucdata.c ['Fuzz_chpw'] []
/src/krb5/src/lib/krb5/rcache/rc_dfl.c [] []
/src/krb5/src/lib/krb5/krb/copy_auth.c [] []
/src/krb5/src/lib/krb5/krb/kerrs.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac']
/src/krb5/src/lib/crypto/krb/crypto_length.c [] []
/src/krb5/src/lib/krb5/rcache/rc_none.c [] []
/src/krb5/src/lib/krb5/krb/rd_error.c [] []
/src/krb5/src/lib/krb5/os/localauth.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac']
/src/krb5/src/util/support/base64.c [] []
/src/krb5/src/lib/krb5/krb/../../../include/k5-int.h ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] []
/src/krb5/src/lib/crypto/builtin/des/../../../../include/k5-platform.h [] []
/src/krb5/src/lib/krb5/os/../../../include/k5-int.h ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] []
/src/krb5/src/lib/crypto/builtin/hash_provider/hash_md4.c [] []
/usr/include/x86_64-linux-gnu/bits/byteswap.h ['Fuzz_marshal', 'Fuzz_chpw'] []
/src/krb5/src/lib/crypto/builtin/hash_provider/hash_md5.c [] []
/src/krb5/src/lib/crypto/krb/nfold.c [] []
/src/krb5/src/lib/krb5/ccache/ccselect_k5identity.c [] []
/src/krb5/src/lib/krb5/krb/authdata.c ['Fuzz_krb5', 'Fuzz_marshal'] ['Fuzz_marshal']
/src/krb5/src/lib/krb5/ccache/ccmarshal.c ['Fuzz_marshal'] ['Fuzz_marshal']
/src/krb5/src/lib/krb5/krb/bld_pr_ext.c [] []
/src/krb5/src/util/support/strlcpy.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac']
/src/krb5/src/lib/crypto/krb/checksum_dk_cmac.c [] []
/src/krb5/fuzzing/Fuzz_chpw.c ['Fuzz_chpw'] ['Fuzz_chpw']
/src/krb5/src/lib/krb5/krb/kfree.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] ['Fuzz_krb5', 'Fuzz_marshal']
/src/krb5/src/lib/krb5/krb/authdata_dec.c [] []
/src/krb5/src/lib/krb5/os/mk_faddr.c [] []
/src/krb5/src/lib/krb5/krb/cammac_util.c [] []
/src/krb5/src/lib/crypto/krb/s2k_rc4.c [] []
/src/krb5/src/lib/krb5/rcache/rc_file2.c [] []
/src/krb5/src/util/support/../../include/k5-platform.h ['Fuzz_ndr'] []
/src/krb5/src/lib/krb5/ccache/ccselect.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac']
/src/krb5/src/lib/crypto/builtin/md5/../../../../include/k5-platform.h [] []
/src/krb5/src/lib/krb5/krb/fast.c [] []
/src/krb5/src/lib/krb5/os/hostaddr.c [] []
/src/krb5/src/lib/krb5/krb/rd_priv.c [] []
/src/krb5/src/util/support/dir_filenames.c ['Fuzz_profile', 'Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] []
/src/krb5/src/lib/krb5/krb/deltat.c [] []
/src/krb5/src/lib/krb5/krb/walk_rtree.c [] []
/src/krb5/src/lib/krb5/krb/sname_match.c [] []
/src/krb5/src/lib/krb5/os/locate_kdc.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] []
/src/krb5/src/util/support/path.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] []
/src/krb5/src/lib/krb5/error_tables/k5e1_err.c [] []
/src/krb5/src/lib/crypto/builtin/sha1/../../../../include/k5-platform.h [] []
/src/krb5/src/lib/krb5/krb/parse_host_string.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] []
/src/krb5/src/lib/krb5/os/c_ustime.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] []
/src/krb5/src/lib/krb5/krb/mk_priv.c [] []
/src/krb5/src/lib/krb5/asn.1/asn1_encode.c ['Fuzz_krb5'] ['Fuzz_krb5']
/src/krb5/src/lib/krb5/krb/x-deltat.y [] []
/src/krb5/src/lib/krb5/os/net_write.c [] []
/src/krb5/src/lib/krb5/krb5_libinit.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac']
/src/krb5/src/lib/crypto/krb/checksum_length.c [] []
/src/krb5/src/lib/crypto/krb/encrypt_length.c [] []
/src/krb5/src/lib/krb5/ccache/ccselect_hostname.c [] []
/src/krb5/src/lib/krb5/krb/princ_comp.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] []
/src/krb5/src/lib/crypto/krb/prf_aes2.c [] []
/src/krb5/src/lib/crypto/krb/s2k_pbkdf2.c [] []
/src/krb5/src/lib/krb5/ccache/ccselect_realm.c [] []
/src/krb5/src/util/support/plugins.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac']
/src/krb5/src/lib/krb5/krb/valid_times.c [] []
/src/krb5/src/lib/krb5/krb/auth_con.c [] []
/src/krb5/src/util/support/../../include/k5-buf.h [] []
/src/krb5/src/lib/krb5/os/dnsglue.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] []
/src/krb5/src/lib/krb5/os/net_read.c [] []
/src/krb5/src/lib/krb5/krb/unparse.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] []
/src/krb5/src/util/profile/prof_tree.c ['Fuzz_profile', 'Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] ['Fuzz_profile', 'Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac']
/src/krb5/src/util/profile/prof_init.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac']
/src/krb5/src/lib/krb5/keytab/ktfns.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] []
/src/krb5/src/lib/krb5/error_tables/kdb5_err.c [] []
/src/krb5/src/lib/krb5/os/localauth_an2ln.c [] []
/src/krb5/src/lib/krb5/os/hostrealm.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac']
/src/krb5/src/lib/krb5/krb/copy_data.c [] []
/src/krb5/src/lib/krb5/krb/response_items.c [] []
/src/krb5/src/lib/krb5/error_tables/krb524_err.c [] []
/src/krb5/src/lib/krb5/rcache/rc_base.c [] []
/src/krb5/src/lib/krb5/krb/decode_kdc.c [] []
/src/krb5/src/lib/krb5/krb/libdef_parse.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] []
/src/krb5/src/lib/crypto/krb/decrypt.c [] []
/src/krb5/src/lib/crypto/krb/state.c [] []
/src/krb5/src/lib/krb5/krb/privsafe.c [] []
/src/krb5/src/lib/crypto/builtin/des/d3_aead.c [] []
/src/krb5/src/lib/krb5/os/localauth_k5login.c [] []
/src/krb5/src/util/profile/prof_err.c ['Fuzz_profile'] ['Fuzz_profile']
/src/krb5/src/lib/krb5/os/localauth_names.c [] []
/src/krb5/src/lib/krb5/ccache/ccfns.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] []
/src/krb5/src/lib/krb5/krb/preauth_sam2.c [] []
/src/krb5/src/lib/crypto/krb/keyed_cksum.c [] []
/src/krb5/src/lib/crypto/builtin/./../krb/crypto_int.h [] []
/src/krb5/src/lib/krb5/asn.1/asn1_k_encode.c ['Fuzz_krb5'] ['Fuzz_krb5']
/src/krb5/src/lib/krb5/krb/bld_princ.c [] []
/src/krb5/src/lib/krb5/krb/s4u_creds.c [] []
/src/krb5/src/lib/krb5/krb/parse.c [] []
/src/krb5/src/lib/krb5/krb/mk_req_ext.c [] []
/src/krb5/src/lib/krb5/os/lock_file.c [] []
/src/krb5/src/lib/krb5/os/sn2princ.c [] []
/src/krb5/src/lib/krb5/krb/copy_addrs.c [] []
/src/krb5/src/lib/krb5/krb/kdc_rep_dc.c [] []
/src/krb5/src/lib/krb5/krb/pr_to_salt.c [] []
/src/krb5/src/lib/crypto/builtin/pbkdf2.c [] []
/src/krb5/src/lib/krb5/krb/../../../include/k5-platform.h ['Fuzz_chpw', 'Fuzz_pac'] []
/src/krb5/src/util/support/fake-addrinfo.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] []
/src/krb5/src/lib/crypto/krb/aead.c [] []
/src/krb5/src/util/support/bcmp.c [] []
/src/krb5/src/lib/krb5/os/ustime.c [] []
/src/krb5/src/lib/krb5/krb/random_str.c [] []
/src/krb5/src/util/support/utf8_conv.c ['Fuzz_ndr'] ['Fuzz_ndr']
/src/krb5/src/util/support/../../include/k5-thread.h ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] []
/src/krb5/src/lib/krb5/keytab/kt_file.c [] []
/src/krb5/src/kdc/../include/k5-input.h ['Fuzz_ndr'] []
/src/krb5/src/lib/crypto/krb/enc_dk_cmac.c [] []
/src/krb5/src/lib/crypto/builtin/aes/aestab.c [] []
/src/krb5/src/lib/crypto/builtin/camellia/camellia.c [] []
/src/krb5/src/lib/krb5/os/prompter.c [] []
/src/krb5/src/lib/krb5/krb/get_creds.c [] []
/src/krb5/src/lib/krb5/krb/preauth_otp.c [] []
/src/krb5/src/kdc/../include/k5-buf.h [] []
/src/krb5/src/lib/krb5/krb/rd_rep.c [] []
/src/krb5/src/lib/crypto/krb/../../../include/k5-int.h ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] []
/src/krb5/src/lib/crypto/builtin/des/weak_key.c [] []
/src/krb5/src/lib/crypto/builtin/md4/md4.c [] []
/src/krb5/src/lib/krb5/krb/gic_opt.c [] []
/src/krb5/src/lib/crypto/krb/checksum_hmac_md5.c [] []
/src/krb5/src/lib/krb5/error_tables/asn1_err.c [] []
/src/krb5/src/lib/crypto/builtin/hash_provider/hash_sha2.c [] []
/src/krb5/src/util/profile/prof_parse.c ['Fuzz_profile', 'Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] ['Fuzz_profile']
/src/krb5/src/lib/crypto/krb/random_to_key.c [] []
/src/krb5/src/lib/krb5/os/hostrealm_dns.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] []
/src/krb5/src/lib/krb5/krb/addr_srch.c [] []
/src/krb5/src/lib/crypto/builtin/md5/md5.c [] []
/src/krb5/src/lib/crypto/krb/enctype_util.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] []
/src/krb5/src/lib/krb5/os/timeofday.c [] []
/src/krb5/src/util/et/error_message.c ['Fuzz_profile', 'Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] ['Fuzz_profile', 'Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac']
/src/krb5/src/lib/krb5/krb/enc_helper.c [] []
/src/krb5/src/lib/krb5/krb/authdata_enc.c [] []
/src/krb5/fuzzing/Fuzz_krb5.c ['Fuzz_krb5'] ['Fuzz_krb5']
/src/krb5/src/lib/crypto/krb/checksum_dk_hmac.c [] []
/src/krb5/src/lib/krb5/os/toffset.c [] []
/src/krb5/src/lib/crypto/builtin/aes/aeskey.c [] []
/src/krb5/src/lib/crypto/krb/prf_rc4.c [] []
/src/krb5/fuzzing/Fuzz_pac.c ['Fuzz_pac'] ['Fuzz_pac']
/src/krb5/src/lib/krb5/os/krbfileio.c [] []
/src/krb5/src/lib/krb5/os/ccdefname.c [] []
/src/krb5/src/lib/crypto/krb/key.c [] []
/src/krb5/src/lib/crypto/krb/prng.c [] []
/src/krb5/src/lib/krb5/ccache/../../../include/k5-input.h ['Fuzz_marshal'] []
/src/krb5/src/util/support/errors.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac']
/src/krb5/src/lib/krb5/krb/gen_subkey.c [] []
/src/krb5/src/lib/crypto/builtin/des/des_keys.c [] []
/src/krb5/src/lib/crypto/builtin/enc_provider/aes.c [] []
/src/krb5/src/lib/krb5/os/expand_path.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac']
/src/krb5/src/lib/crypto/builtin/enc_provider/camellia.c [] []
/src/krb5/src/lib/crypto/builtin/sha2/sha512.c [] []
/src/krb5/src/lib/crypto/builtin/sha1/shs.c [] []
/src/krb5/src/lib/krb5/krb/gen_save_subkey.c [] []
/src/krb5/src/util/et/com_err.c [] []
/src/krb5/src/lib/krb5/os/unlck_file.c [] []
/src/krb5/src/lib/crypto/krb/default_state.c [] []
/src/krb5/src/util/et/et_name.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] []
/src/krb5/src/lib/krb5/krb/cp_key_cnt.c [] []
/src/krb5/src/lib/crypto/krb/enc_etm.c [] []
/src/krb5/src/lib/krb5/ccache/../../../include/k5-platform.h ['Fuzz_marshal'] []
/src/krb5/src/lib/krb5/os/hostrealm_registry.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] []
/src/krb5/src/util/support/strerror_r.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] []
/src/krb5/src/lib/crypto/krb/encrypt.c [] []
/src/krb5/src/lib/crypto/krb/make_checksum.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] []
/src/krb5/src/lib/crypto/krb/prf_cmac.c [] []
/src/krb5/fuzzing/Fuzz_ndr.c ['Fuzz_ndr'] ['Fuzz_ndr']
/src/krb5/src/lib/crypto/krb/prf_dk.c [] []
/src/krb5/src/lib/krb5/krb/preauth_ec.c [] []
/src/krb5/src/lib/crypto/krb/cf2.c [] []
/src/krb5/src/lib/krb5/krb/init_ctx.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac']
/src/krb5/src/lib/crypto/builtin/aes/aescrypt.c [] []
/src/krb5/src/lib/krb5/ccache/cc_kcm.c [] []
/src/krb5/src/lib/krb5/krb/copy_princ.c [] []
/src/krb5/src/lib/crypto/krb/mandatory_sumtype.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] []
/src/krb5/fuzzing/Fuzz_json.c ['Fuzz_json'] ['Fuzz_json']
/src/krb5/src/lib/crypto/builtin/cmac.c [] []
/src/krb5/src/lib/krb5/krb/preauth2.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac']
/src/krb5/src/lib/crypto/krb/prf.c [] []
/src/krb5/src/lib/crypto/krb/string_to_key.c [] []
/src/krb5/src/lib/krb5/krb/copy_creds.c [] []
/src/krb5/src/lib/krb5/os/init_os_ctx.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac']
/src/krb5/src/lib/krb5/krb/chpw.c ['Fuzz_chpw'] ['Fuzz_chpw']
/src/krb5/src/lib/krb5/ccache/cc_memory.c [] []
/src/krb5/src/lib/crypto/builtin/enc_provider/./../../krb/crypto_int.h [] []
/src/krb5/src/lib/crypto/builtin/des/f_parity.c [] []
/src/krb5/src/kdc/../include/k5-int.h ['Fuzz_ndr'] []
/src/krb5/src/lib/crypto/krb/enc_dk_hmac.c [] []
/src/krb5/src/util/support/k5buf.c ['Fuzz_ndr', 'Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] ['Fuzz_ndr', 'Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac']
/src/krb5/src/lib/krb5/os/hostrealm_profile.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] []
/src/krb5/src/lib/krb5/keytab/ktfr_entry.c [] []
/src/krb5/src/lib/crypto/krb/enc_raw.c [] []
/src/krb5/src/lib/krb5/ccache/cc_retr.c [] []
/src/krb5/src/lib/crypto/krb/enc_rc4.c [] []
/src/krb5/src/util/support/json.c ['Fuzz_json'] ['Fuzz_json']
/src/krb5/src/lib/crypto/builtin/kdf.c [] []
/src/krb5/src/lib/krb5/os/dnssrv.c ['Fuzz_krb5', 'Fuzz_marshal', 'Fuzz_chpw', 'Fuzz_pac'] []
/src/krb5/src/lib/crypto/krb/derive.c [] []
/src/krb5/src/lib/krb5/os/../../../include/socket-utils.h [] []
/src/krb5/src/lib/krb5/krb/pac.c ['Fuzz_pac'] ['Fuzz_pac']
/src/krb5/src/lib/crypto/krb/verify_checksum.c [] []
/src/krb5/src/util/support/init-addrinfo.c [] []
/src/krb5/src/lib/crypto/builtin/des/d3_kysched.c [] []

Directories in report

Directory
/src/krb5/src/lib/crypto/builtin/hash_provider/
/src/krb5/src/lib/crypto/builtin/
/src/krb5/src/lib/crypto/builtin/sha1/
/src/krb5/src/kdc/../include/
/src/krb5/src/lib/crypto/builtin/md5/../../../../include/
/src/krb5/src/lib/krb5/keytab/
/src/krb5/src/lib/crypto/builtin/md5/
/src/krb5/src/lib/krb5/
/src/krb5/src/util/et/
/src/krb5/src/lib/krb5/rcache/
/src/krb5/fuzzing/
/src/krb5/src/lib/krb5/ccache/
/src/krb5/src/lib/crypto/builtin/enc_provider/../../../../include/
/src/krb5/src/lib/crypto/krb/./
/src/krb5/src/lib/crypto/krb/../../../include/
/src/krb5/src/util/support/
/src/krb5/src/util/support/../../include/
/src/krb5/src/lib/crypto/builtin/md4/
/src/krb5/src/lib/krb5/ccache/../../../include/
/src/krb5/src/lib/crypto/builtin/enc_provider/./../../krb/
/src/krb5/src/lib/krb5/os/../../../include/
/src/krb5/src/lib/crypto/builtin/./../krb/
/src/krb5/src/lib/krb5/unicode/
/src/krb5/src/lib/crypto/builtin/des/../../../../include/
/src/krb5/src/lib/crypto/builtin/sha2/
/src/krb5/src/lib/krb5/krb/./../os/
/usr/include/x86_64-linux-gnu/bits/
/src/krb5/src/lib/krb5/os/
/src/krb5/src/util/profile/
/src/krb5/src/kdc/
/src/krb5/src/lib/krb5/krb/../../../include/
/src/krb5/src/lib/crypto/builtin/des/
/src/krb5/src/lib/crypto/builtin/sha1/../../../../include/
/src/krb5/src/lib/crypto/builtin/aes/
/src/krb5/src/lib/crypto/krb/
/src/krb5/src/lib/crypto/builtin/camellia/
/src/krb5/src/lib/crypto/builtin/enc_provider/
/src/krb5/src/lib/krb5/asn.1/
/src/krb5/src/lib/krb5/krb/
/src/krb5/src/lib/krb5/error_tables/

Metadata section

This sections shows the raw data that is used to produce this report. This is mainly used for further processing and developer debugging.

Fuzzer Calltree file Program data file Coverage file
Fuzz_json fuzzerLogFile-0-fXGc32fZ0W.data fuzzerLogFile-0-fXGc32fZ0W.data.yaml Fuzz_json.covreport
Fuzz_ndr fuzzerLogFile-0-cFtENKTfEt.data fuzzerLogFile-0-cFtENKTfEt.data.yaml Fuzz_ndr.covreport
Fuzz_profile fuzzerLogFile-0-Yzqhq1ASzq.data fuzzerLogFile-0-Yzqhq1ASzq.data.yaml Fuzz_profile.covreport
Fuzz_krb5 fuzzerLogFile-0-8sABAvgLPK.data fuzzerLogFile-0-8sABAvgLPK.data.yaml Fuzz_krb5.covreport
Fuzz_marshal fuzzerLogFile-0-39eBcVBqBd.data fuzzerLogFile-0-39eBcVBqBd.data.yaml Fuzz_marshal.covreport
Fuzz_chpw fuzzerLogFile-0-sAThHGLg1D.data fuzzerLogFile-0-sAThHGLg1D.data.yaml Fuzz_chpw.covreport
Fuzz_pac fuzzerLogFile-0-47Tdkfkfg6.data fuzzerLogFile-0-47Tdkfkfg6.data.yaml Fuzz_pac.covreport