Fuzz introspector: fuzz_xfer
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
26 152 5 :

['g_free', 'cac_create_tl_file', 'simpletlv_free', 'cac_create_val_file', 'simpletlv_parse']

26 274 cac_passthrough_container_process_apdu call site: 00000 /work/meson/../../src/libcacard/src/cac.c:727
8 19 4 :

['acr_applet_object_encode', 'g_free', 'memcmp', 'g_malloc_n']

8 19 cac_aca_get_applet_acr_coid call site: 00000 /work/meson/../../src/libcacard/src/cac-aca.c:827
6 12 2 :

['vcard_get_login_count', 'vcard_response_new_status_bytes']

8 30 vcard7816_vm_process_apdu call site: 00096 /work/meson/../../src/libcacard/src/card_7816.c:705
4 49 4 :

['strcmp', 'vreader_list_get_reader', 'vreader_list_get_next', 'vreader_free']

4 53 vreader_get_reader_by_name call site: 00000 /work/meson/../../src/libcacard/src/vreader.c:499
2 47 3 :

['vreader_list_get_reader', 'vreader_free', 'vreader_list_get_next']

2 51 vreader_get_reader_by_id call site: 00027 /work/meson/../../src/libcacard/src/vreader.c:479
2 27 2 :

['PORT_GetError', 'vcard_emul_map_error']

6 31 vcard_emul_rsa_op call site: 00000 /work/meson/../../src/libcacard/src/vcard_emul_nss.c:355
2 2 1 :

['g_malloc']

20 95 vcard_emul_rsa_op call site: 00000 /work/meson/../../src/libcacard/src/vcard_emul_nss.c:275
2 2 1 :

['g_log']

6 14 get_properties call site: 00000 /work/meson/../../src/libcacard/src/cac.c:230
2 2 1 :

['g_log']

2 2 LLVMFuzzerInitialize call site: 00000 /work/meson/../../src/libcacard/fuzz/fuzz_xfer.c:127
2 2 1 :

['g_log']

2 2 cac_card_init call site: 00000 /work/meson/../../src/libcacard/src/cac.c:2273
2 2 1 :

['g_free']

2 2 cac_create_file call site: 00000 /work/meson/../../src/libcacard/src/cac.c:142
2 2 1 :

['PK11_IsLoggedIn']

2 2 vcard_emul_is_logged_in call site: 00099 /work/meson/../../src/libcacard/src/vcard_emul_nss.c:468

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 g_log [call site] 00001
1 vreader_get_reader_by_id [function] [call site] 00002
2 vreader_list_lock [function] [call site] 00003
3 g_mutex_lock [call site] 00004
2 vreader_list_get_first [function] [call site] 00005
2 vreader_list_get_reader [function] [call site] 00006
3 vreader_reference [function] [call site] 00007
4 vreader_lock [function] [call site] 00008
5 g_mutex_lock [call site] 00009
4 vreader_unlock [function] [call site] 00010
5 g_mutex_unlock [call site] 00011
2 vreader_free [function] [call site] 00012
3 vreader_lock [function] [call site] 00013
3 vreader_unlock [function] [call site] 00014
3 vreader_unlock [function] [call site] 00015
3 g_mutex_clear [call site] 00016
3 vcard_free [function] [call site] 00017
4 vcard_delete_applet [function] [call site] 00018
5 g_free [call site] 00019
5 g_free [call site] 00020
4 vcard_buffer_response_delete [function] [call site] 00021
5 g_free [call site] 00022
5 g_free [call site] 00023
4 g_free [call site] 00024
3 g_free [call site] 00025
3 g_free [call site] 00026
2 vreader_list_get_next [function] [call site] 00027
2 vreader_list_unlock [function] [call site] 00028
3 g_mutex_unlock [call site] 00029
1 g_assertion_message [call site] 00030
1 g_log [call site] 00031
1 vreader_xfr_bytes [function] [call site] 00032
2 vreader_get_card [function] [call site] 00033
3 vreader_lock [function] [call site] 00034
3 vcard_reference [function] [call site] 00035
3 vreader_unlock [function] [call site] 00036
2 g_log [call site] 00037
2 vcard_apdu_new [function] [call site] 00038
3 g_malloc_n [call site] 00039
3 g_memdup2 [function] [call site] 00040
4 g_malloc [call site] 00041
3 vcard_apdu_set_class [function] [call site] 00042
3 vcard_apdu_delete [function] [call site] 00043
4 g_free [call site] 00044
4 g_free [call site] 00045
3 vcard_apdu_set_length [function] [call site] 00046
3 vcard_apdu_delete [function] [call site] 00047
2 vcard_make_response [function] [call site] 00048
3 vcard_response_new_status [function] [call site] 00049
4 g_malloc_n [call site] 00050
4 vcard_response_set_status [function] [call site] 00051
2 apdu_ins_to_string [function] [call site] 00052
2 g_log [call site] 00053
2 vcard_process_apdu [function] [call site] 00054
3 vcard_response_new_data [function] [call site] 00055
4 g_malloc_n [call site] 00056
4 g_malloc [call site] 00057
3 vcard_get_buffer_response [function] [call site] 00058
3 vcard_set_buffer_response [function] [call site] 00059
3 vcard_buffer_response_delete [function] [call site] 00060
3 vcard_process_applet_apdu [function] [call site] 00061
3 vcard_get_type [function] [call site] 00062
3 vcard7816_file_system_process_apdu [function] [call site] 00063
4 vcard_make_response [function] [call site] 00064
3 vcard7816_vm_process_apdu [function] [call site] 00065
4 vcard_make_response [function] [call site] 00066
4 vcard_make_response [function] [call site] 00067
4 vcard_make_response [function] [call site] 00068
4 vcard_make_response [function] [call site] 00069
4 hex_dump [function] [call site] 00070
5 sprintf [call site] 00071
4 g_log [call site] 00072
4 vcard_find_applet [function] [call site] 00073
5 memcmp [call site] 00074
4 vcard_select_applet [function] [call site] 00075
4 vcard_find_applet [function] [call site] 00076
4 vcard_response_new [function] [call site] 00077
5 g_log [call site] 00078
5 vcard_init_buffer_response [function] [call site] 00079
6 vcard_get_buffer_response [function] [call site] 00080
6 vcard_set_buffer_response [function] [call site] 00081
6 vcard_buffer_response_delete [function] [call site] 00082
6 vcard_buffer_response_new [function] [call site] 00083
7 g_malloc_n [call site] 00084
7 g_memdup2 [function] [call site] 00085
6 vcard_response_new_status_bytes [function] [call site] 00086
7 g_malloc_n [call site] 00087
7 vcard_response_set_status_bytes [function] [call site] 00088
6 vcard_set_buffer_response [function] [call site] 00089
5 vcard_response_new_data [function] [call site] 00090
5 vcard_response_set_status [function] [call site] 00091
4 g_assertion_message_cmpnum [call site] 00092
4 vcard_response_new [function] [call site] 00093
4 vcard_make_response [function] [call site] 00094
4 vcard_make_response [function] [call site] 00095
4 vcard_emul_is_logged_in [function] [call site] 00096
5 vcard_emul_card_get_slot [function] [call site] 00097
6 vcard_get_private [function] [call site] 00098
5 PK11_NeedLogin [call site] 00099
5 PK11_IsLoggedIn [call site] 00100
4 vcard_make_response [function] [call site] 00101
4 vcard_get_login_count [function] [call site] 00102
5 vcard_emul_get_login_count [function] [call site] 00103
4 vcard_make_response [function] [call site] 00104
4 vcard_response_new_status_bytes [function] [call site] 00105
4 vcard_make_response [function] [call site] 00106
4 vcard_emul_login [function] [call site] 00107
5 vcard_emul_card_get_slot [function] [call site] 00108
5 g_malloc [call site] 00109
5 vcard_emul_logout [function] [call site] 00110
6 vcard_emul_card_get_slot [function] [call site] 00111
6 PK11_IsLoggedIn [call site] 00112
6 PK11_Logout [call site] 00113
5 PK11_Authenticate [call site] 00114
5 g_free [call site] 00115
4 vcard_make_response [function] [call site] 00116
4 vcard_get_buffer_response [function] [call site] 00117
4 vcard_make_response [function] [call site] 00118
4 vcard_response_new_bytes [function] [call site] 00119
5 g_log [call site] 00120
5 vcard_init_buffer_response [function] [call site] 00121
5 vcard_response_new_data [function] [call site] 00122
5 vcard_response_set_status_bytes [function] [call site] 00123
4 vcard_set_buffer_response [function] [call site] 00124
4 vcard_buffer_response_delete [function] [call site] 00125
4 vcard_make_response [function] [call site] 00126
4 vcard_make_response [function] [call site] 00127
4 vcard_make_response [function] [call site] 00128
4 g_assertion_message_expr [call site] 00129
3 g_assertion_message_expr [call site] 00130
3 g_warn_message [call site] 00131
3 vcard_make_response [function] [call site] 00132
2 g_log [call site] 00133
2 __assert_fail [call site] 00134
2 vcard_response_delete [function] [call site] 00135
3 g_free [call site] 00136
3 g_free [call site] 00137
3 g_free [call site] 00138
3 g_free [call site] 00139
3 g_warn_message [call site] 00140
2 vcard_apdu_delete [function] [call site] 00141
2 vcard_free [function] [call site] 00142
1 g_log [call site] 00143
1 g_log [call site] 00144
1 vreader_free [function] [call site] 00145