Fuzz introspector: fuzz_ndr
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2 2 1 :

['explicit_bzero']

2 4 k5_buf_free call site: 00055 /src/krb5/src/util/support/k5buf.c:271
0 11 1 :

['k5_buf_free']

0 11 k5_utf16le_to_utf8 call site: 00050 /src/krb5/src/util/support/utf8_conv.c:191
0 2 1 :

['set_error']

2 4 ensure_space call site: 00044 /src/krb5/src/util/support/k5buf.c:90
0 2 1 :

['set_error']

0 2 k5_buf_init_dynamic call site: 00033 /src/krb5/src/util/support/k5buf.c:129
0 0 None 2 4 ensure_space call site: 00043 /src/krb5/src/util/support/k5buf.c:78
0 0 None 2 4 ensure_space call site: 00044 /src/krb5/src/util/support/k5buf.c:83
0 0 None 0 11 k5_utf8_to_utf16le call site: 00067 /src/krb5/src/util/support/utf8_conv.c:109
0 0 None 0 11 k5_utf8_to_utf16le call site: 00067 /src/krb5/src/util/support/utf8_conv.c:117
0 0 None 0 4 ndr_dec_delegation_info call site: 00061 /src/krb5/src/tests/fuzzing/./../../kdc/ndr.c:207
0 0 None 0 2 k5_buf_add_len call site: 00082 /src/krb5/src/util/support/k5buf.c:153
0 0 None 0 2 k5_buf_cstring call site: 00052 /src/krb5/src/util/support/k5buf.c:235
0 0 None 0 2 k5_buf_get_space call site: 00043 /src/krb5/src/util/support/k5buf.c:244

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 empty_data [function] [call site] 00001
2 make_data [function] [call site] 00002
1 make_data [function] [call site] 00003
1 ndr_dec_delegation_info [function] [call site] 00004
2 k5alloc [function] [call site] 00005
3 k5calloc [function] [call site] 00006
4 calloc [call site] 00007
2 k5_input_init [function] [call site] 00008
2 k5_input_get_byte [function] [call site] 00009
3 k5_input_get_bytes [function] [call site] 00010
4 k5_input_set_status [function] [call site] 00011
2 k5_input_get_byte [function] [call site] 00012
2 k5_input_get_uint16_le [function] [call site] 00013
3 k5_input_get_bytes [function] [call site] 00014
3 load_16_le [function] [call site] 00015
2 k5_input_get_uint32_le [function] [call site] 00016
3 k5_input_get_bytes [function] [call site] 00017
3 load_32_le [function] [call site] 00018
2 k5_input_get_uint32_le [function] [call site] 00019
2 k5_input_get_uint32_le [function] [call site] 00020
2 k5_input_get_uint32_le [function] [call site] 00021
2 k5_input_get_uint16_le [function] [call site] 00022
2 k5_input_get_uint16_le [function] [call site] 00023
2 k5_input_get_uint32_le [function] [call site] 00024
2 k5_input_get_uint32_le [function] [call site] 00025
2 k5_input_get_uint32_le [function] [call site] 00026
2 dec_wchar_pointer [function] [call site] 00027
3 k5_input_get_uint32_le [function] [call site] 00028
3 k5_input_get_uint32_le [function] [call site] 00029
3 k5_input_get_uint32_le [function] [call site] 00030
3 k5_input_get_bytes [function] [call site] 00031
3 k5_utf16le_to_utf8 [function] [call site] 00032
4 k5_buf_init_dynamic [function] [call site] 00033
5 set_error [function] [call site] 00034
4 k5_input_init [function] [call site] 00035
4 k5_input_get_uint16_le [function] [call site] 00036
5 k5_input_get_bytes [function] [call site] 00037
6 k5_input_set_status [function] [call site] 00038
5 load_16_le [function] [call site] 00039
4 k5_input_get_uint16_le [function] [call site] 00040
4 krb5int_ucs4_to_utf8 [function] [call site] 00041
4 k5_buf_get_space [function] [call site] 00042
5 ensure_space [function] [call site] 00043
6 __assert_fail [call site] 00044
6 explicit_bzero [call site] 00045
6 realloc [call site] 00046
6 explicit_bzero [call site] 00047
6 set_error [function] [call site] 00048
5 endptr [function] [call site] 00049
4 krb5int_ucs4_to_utf8 [function] [call site] 00050
4 k5_buf_cstring [function] [call site] 00051
5 ensure_space [function] [call site] 00052
5 endptr [function] [call site] 00053
4 k5_buf_free [function] [call site] 00054
5 __assert_fail [call site] 00055
5 explicit_bzero [call site] 00056
5 set_error [function] [call site] 00057
3 k5_input_get_uint16_le [function] [call site] 00058
2 k5_input_get_uint32_le [function] [call site] 00059
2 k5_input_get_bytes [function] [call site] 00060
2 k5calloc [function] [call site] 00061
2 dec_wchar_pointer [function] [call site] 00062
2 ndr_free_delegation_info [function] [call site] 00063
1 ndr_enc_delegation_info [function] [call site] 00064
2 enc_wchar_pointer [function] [call site] 00065
3 k5_utf8_to_utf16le [function] [call site] 00066
4 k5_buf_init_dynamic_zap [function] [call site] 00067
5 k5_buf_init_dynamic [function] [call site] 00068
4 k5_buf_add_uint16_le [function] [call site] 00069
5 k5_buf_get_space [function] [call site] 00070
5 store_16_le [function] [call site] 00071
4 k5_buf_add_uint16_le [function] [call site] 00072
4 k5_buf_add_uint16_le [function] [call site] 00073
4 k5_buf_free [function] [call site] 00074
3 k5_buf_init_dynamic [function] [call site] 00075
3 k5_buf_add_uint32_le [function] [call site] 00076
4 k5_buf_get_space [function] [call site] 00077
4 store_32_le [function] [call site] 00078
3 k5_buf_add_uint32_le [function] [call site] 00079
3 k5_buf_add_uint32_le [function] [call site] 00080
3 k5_buf_add_len [function] [call site] 00081
4 ensure_space [function] [call site] 00082
4 endptr [function] [call site] 00083
3 k5_buf_add_uint16_le [function] [call site] 00084
4 store_16_le [function] [call site] 00085
3 k5_buf_status [function] [call site] 00086
2 k5calloc [function] [call site] 00087
2 k5_buf_init_dynamic [function] [call site] 00088
2 k5_buf_add_len [function] [call site] 00089
2 k5_buf_add_uint32_le [function] [call site] 00090
2 k5_buf_add_uint32_le [function] [call site] 00091
2 k5_buf_add_uint32_le [function] [call site] 00092
2 write_ptr [function] [call site] 00093
3 k5_buf_add_uint32_le [function] [call site] 00094
2 k5_buf_add_uint16_le [function] [call site] 00095
2 k5_buf_add_uint16_le [function] [call site] 00096
2 write_ptr [function] [call site] 00097
2 k5_buf_add_uint32_le [function] [call site] 00098
2 write_ptr [function] [call site] 00099
2 k5_buf_add_len [function] [call site] 00100
2 k5_buf_add_uint32_le [function] [call site] 00101
2 enc_wchar_pointer [function] [call site] 00102
2 k5_buf_add_uint16_le [function] [call site] 00103
2 k5_buf_add_uint16_le [function] [call site] 00104
2 write_ptr [function] [call site] 00105
2 k5_buf_add_len [function] [call site] 00106
2 k5_buf_add_uint32_le [function] [call site] 00107
2 store_32_le [function] [call site] 00108
2 k5_buf_status [function] [call site] 00109
2 make_data [function] [call site] 00110
1 ndr_free_delegation_info [function] [call site] 00111
1 krb5_free_data_contents [function] [call site] 00112