Fuzz introspector: fuzz_marshal_princ
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2 2 1 :

['explicit_bzero']

2 4 k5_buf_free call site: 00055 /src/krb5/src/util/support/k5buf.c:271
0 7 2 :

['krb5_free_principal', 'k5_input_set_status']

0 7 unmarshal_princ call site: 00018 /src/krb5/src/lib/krb5/ccache/ccmarshal.c:181
0 2 1 :

['k5_input_set_status']

0 2 get_len_bytes call site: 00023 /src/krb5/src/lib/krb5/ccache/ccmarshal.c:138
0 2 1 :

['set_error']

0 2 k5_buf_init_dynamic call site: 00033 /src/krb5/src/util/support/k5buf.c:129
0 0 1 :

['malloc']

4 6 ensure_space call site: 00042 /src/krb5/src/util/support/k5buf.c:87
0 0 None 2 4 ensure_space call site: 00041 /src/krb5/src/util/support/k5buf.c:78
0 0 None 2 4 ensure_space call site: 00042 /src/krb5/src/util/support/k5buf.c:83
0 0 None 0 2 unmarshal_princ call site: 00004 /src/krb5/src/lib/krb5/ccache/ccmarshal.c:164
0 0 None 0 2 k5_buf_add_len call site: 00041 /src/krb5/src/util/support/k5buf.c:153
0 0 None 0 0 k5_buf_free call site: 00054 /src/krb5/src/util/support/k5buf.c:268
0 0 None 0 0 ensure_space call site: 00041 /src/krb5/src/util/support/k5buf.c:74

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 k5_unmarshal_princ [function] [call site] 00001
2 k5_input_init [function] [call site] 00002
2 unmarshal_princ [function] [call site] 00003
3 k5alloc [function] [call site] 00004
4 k5calloc [function] [call site] 00005
5 calloc [call site] 00006
3 k5_input_set_status [function] [call site] 00007
3 get32 [function] [call site] 00008
4 k5_input_get_uint32_n [function] [call site] 00009
5 k5_input_get_bytes [function] [call site] 00010
6 k5_input_set_status [function] [call site] 00011
5 load_32_n [function] [call site] 00012
4 k5_input_get_uint32_be [function] [call site] 00013
5 k5_input_get_bytes [function] [call site] 00014
5 load_32_be [function] [call site] 00015
6 __bswap_32 [function] [call site] 00016
3 get32 [function] [call site] 00017
3 k5calloc [function] [call site] 00018
3 get_data [function] [call site] 00019
4 get_len_bytes [function] [call site] 00020
5 get32 [function] [call site] 00021
5 k5_input_get_bytes [function] [call site] 00022
5 k5memdup0 [function] [call site] 00023
6 k5alloc [function] [call site] 00024
5 k5_input_set_status [function] [call site] 00025
4 empty_data [function] [call site] 00026
5 make_data [function] [call site] 00027
4 make_data [function] [call site] 00028
3 get_data [function] [call site] 00029
3 k5_input_set_status [function] [call site] 00030
3 krb5_free_principal [function] [call site] 00031
2 krb5_free_principal [function] [call site] 00032
1 k5_buf_init_dynamic [function] [call site] 00033
2 set_error [function] [call site] 00034
1 k5_marshal_princ [function] [call site] 00035
2 put32 [function] [call site] 00036
3 store_32_n [function] [call site] 00037
3 store_32_be [function] [call site] 00038
4 __bswap_32 [function] [call site] 00039
3 k5_buf_add_len [function] [call site] 00040
4 ensure_space [function] [call site] 00041
5 __assert_fail [call site] 00042
5 explicit_bzero [call site] 00043
5 realloc [call site] 00044
5 explicit_bzero [call site] 00045
5 set_error [function] [call site] 00046
4 endptr [function] [call site] 00047
2 put32 [function] [call site] 00048
2 put_data [function] [call site] 00049
3 put_len_bytes [function] [call site] 00050
4 put32 [function] [call site] 00051
4 k5_buf_add_len [function] [call site] 00052
2 put_data [function] [call site] 00053
1 k5_buf_free [function] [call site] 00054
2 __assert_fail [call site] 00055
2 explicit_bzero [call site] 00056
2 set_error [function] [call site] 00057
1 krb5_free_principal [function] [call site] 00058