Fuzz introspector: fuzz_connection
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
0 0 None 2 2 mhd_pool_create call site: 00000 /src/mhd2/src/mhd2/mempool_funcs.c:309
0 0 None 0 0 mhd_pool_create call site: 00000 /src/mhd2/src/mhd2/mempool_funcs.c:304
0 0 1 :

['malloc']

0 0 mhd_pool_create call site: 00000 /src/mhd2/src/mhd2/mempool_funcs.c:342
0 0 1 :

['free']

0 0 mhd_pool_create call site: 00000 /src/mhd2/src/mhd2/mempool_funcs.c:346
0 0 None 0 0 mhd_pool_destroy call site: 00000 /src/mhd2/src/mhd2/mempool_funcs.c:365
0 0 None 0 0 mhd_pool_destroy call site: 00000 /src/mhd2/src/mhd2/mempool_funcs.c:373

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 mhd_pool_reset [function] [call site] 00001
1 init_daemon_connection(FuzzedDataProvider&, MHD_Daemon&, MHD_Connection&) [function] [call site] 00002
1 init_connection_buffer(FuzzedDataProvider&, MHD_Connection&) [function] [call site] 00003
2 mhd_pool_try_alloc [function] [call site] 00004
1 init_parsing_configuration(FuzzedDataProvider&, MHD_Connection&, bool) [function] [call site] 00005
1 mhd_stream_prepare_for_post_parse [function] [call site] 00006
2 detect_post_enc [function] [call site] 00007
3 mhd_request_get_value_n [function] [call site] 00008
4 mhd_str_equal_caseless_bin_n [function] [call site] 00009
5 charsequalcaseless [function] [call site] 00010
6 isasciiupper [function] [call site] 00011
4 mhd_str_equal_caseless_bin_n [function] [call site] 00012
3 mhd_logger [function] [call site] 00013
3 mhd_str_equal_caseless_bin_n [function] [call site] 00014
3 process_mpart_header [function] [call site] 00015
4 mhd_str_starts_with_token_req_param [function] [call site] 00016
5 mhd_str_equal_caseless_bin_n [function] [call site] 00017
5 charsequalcaseless [function] [call site] 00018
4 mhd_logger [function] [call site] 00019
4 mhd_logger [function] [call site] 00020
4 mhd_stream_alloc_memory [function] [call site] 00021
5 mhd_pool_try_alloc [function] [call site] 00022
5 mhd_pool_is_resizable_inplace [function] [call site] 00023
5 mhd_pool_reallocate [function] [call site] 00024
5 mhd_pool_is_resizable_inplace [function] [call site] 00025
5 mhd_pool_reallocate [function] [call site] 00026
5 mhd_pool_allocate [function] [call site] 00027
4 mhd_logger [function] [call site] 00028
4 mhd_str_unquote [function] [call site] 00029
3 mhd_str_starts_with_token_opt_param [function] [call site] 00030
4 mhd_str_equal_caseless_bin_n [function] [call site] 00031
3 mhd_logger [function] [call site] 00032
2 detect_mpart_boundary_from_the_header [function] [call site] 00033
3 mhd_request_get_value_n [function] [call site] 00034
3 mhd_logger [function] [call site] 00035
3 process_mpart_header [function] [call site] 00036
3 mhd_logger [function] [call site] 00037
2 init_post_parse_data [function] [call site] 00038
3 reset_parse_field_data_urlenc [function] [call site] 00039
3 reset_parse_field_data_mpart_init [function] [call site] 00040
3 reset_parse_field_data_text [function] [call site] 00041
1 mhd_stream_post_parse [function] [call site] 00042
2 extend_lbuf_up_to [function] [call site] 00043
3 mhd_daemon_extend_lbuf_up_to [function] [call site] 00044
4 mhd_daemon_claim_lbuf_up_to [function] [call site] 00045
5 mhd_daemon_get_master_daemon [function] [call site] 00046
5 pthread_mutex_lock [call site] 00047
5 mhd_panic [function] [call site] 00048
6 fprintf [call site] 00049
6 fprintf [call site] 00050
6 fprintf [call site] 00051
6 abort [call site] 00052
5 pthread_mutex_unlock [call site] 00053
5 mhd_panic [function] [call site] 00054
4 mhd_daemon_reclaim_lbuf [function] [call site] 00055
5 mhd_daemon_get_master_daemon [function] [call site] 00056
5 pthread_mutex_lock [call site] 00057
5 mhd_panic [function] [call site] 00058
5 pthread_mutex_unlock [call site] 00059
5 mhd_panic [function] [call site] 00060
4 realloc [call site] 00061
4 mhd_daemon_reclaim_lbuf [function] [call site] 00062
2 parse_post_urlenc [function] [call site] 00063
3 process_partial_value [function] [call site] 00064
4 process_partial_value_all [function] [call site] 00065
5 make_post_strings_from_buf_and_indices [function] [call site] 00066
5 mhd_stream_process_upload_action [function] [call site] 00067
6 mhd_response_dec_use_count [function] [call site] 00068
7 mhd_panic [function] [call site] 00069
7 response_full_deinit [function] [call site] 00070
8 mhd_response_remove_auth_digest_headers [function] [call site] 00071
8 mhd_response_remove_all_headers [function] [call site] 00072
8 mhd_response_deinit_reusable [function] [call site] 00073
9 pthread_mutex_destroy [call site] 00074
9 mhd_panic [function] [call site] 00075
8 mhd_response_deinit_content_data [function] [call site] 00076
9 close [call site] 00077
6 mhd_logger [function] [call site] 00078
6 mhd_conn_start_closing [function] [call site] 00079
7 mhd_socket_set_hard_close [function] [call site] 00080
8 setsockopt [call site] 00081
7 mhd_tls_gnu_conn_shutdown [function] [call site] 00082
8 gnutls_bye [call site] 00083
8 gnutls_record_get_direction [call site] 00084
7 mhd_socket_shut_wr [function] [call site] 00085
8 shutdown [call site] 00086
7 mhd_logger [function] [call site] 00087
7 mhd_conn_remove_from_timeout_lists [function] [call site] 00088
3 mhd_str_pct_decode_lenient_n [function] [call site] 00089
4 xdigittovalue [function] [call site] 00090
4 xdigittovalue [function] [call site] 00091
4 xdigittovalue [function] [call site] 00092
4 xdigittovalue [function] [call site] 00093
3 mhd_str_pct_decode_lenient_n [function] [call site] 00094
3 mhd_str_pct_decode_lenient_n [function] [call site] 00095
3 process_complete_field [function] [call site] 00096
4 process_complete_field_all [function] [call site] 00097
5 is_value_streaming_needed [function] [call site] 00098
5 make_post_strings_from_buf_and_indices [function] [call site] 00099
5 mhd_stream_process_upload_action [function] [call site] 00100
5 add_parsed_post_field [function] [call site] 00101
6 mhd_stream_alloc_memory [function] [call site] 00102
5 mhd_logger [function] [call site] 00103
3 reset_parse_field_data_urlenc [function] [call site] 00104
3 reset_parse_field_data_urlenc [function] [call site] 00105
3 is_value_streaming_needed [function] [call site] 00106
3 mhd_str_pct_decode_lenient_n [function] [call site] 00107
3 process_partial_value [function] [call site] 00108
2 parse_post_mpart [function] [call site] 00109
3 memmem [call site] 00110
3 memmem [call site] 00111
3 memchr [call site] 00112
3 memcmp [call site] 00113
3 memcmp [call site] 00114
3 memcmp [call site] 00115
3 memcmp [call site] 00116
3 mhd_str_equal_caseless_bin_n [function] [call site] 00117
3 mhd_str_starts_with_token_req_param [function] [call site] 00118
3 mhd_str_starts_with_token_req_param [function] [call site] 00119
3 mhd_str_unquote [function] [call site] 00120
3 mhd_str_pct_decode_lenient_n [function] [call site] 00121
3 mhd_str_unquote [function] [call site] 00122
3 mhd_str_pct_decode_lenient_n [function] [call site] 00123
3 mhd_logger [function] [call site] 00124
3 memmem [call site] 00125
3 memmem [call site] 00126
3 memchr [call site] 00127
3 memcmp [call site] 00128
3 memcmp [call site] 00129
3 memcmp [call site] 00130
3 process_complete_field_all [function] [call site] 00131
3 reset_parse_field_data_mpart_cont [function] [call site] 00132
3 mhd_logger [function] [call site] 00133
3 mhd_logger [function] [call site] 00134
3 is_value_streaming_needed [function] [call site] 00135
3 is_value_streaming_needed [function] [call site] 00136
3 process_partial_value_all [function] [call site] 00137
2 parse_post_text [function] [call site] 00138
3 reset_parse_field_data_text [function] [call site] 00139
3 process_complete_field [function] [call site] 00140
3 reset_parse_field_data_text [function] [call site] 00141
3 reset_parse_field_data_text [function] [call site] 00142
3 mhd_logger [function] [call site] 00143
3 mhd_logger [function] [call site] 00144
3 is_value_streaming_needed [function] [call site] 00145
3 process_partial_value [function] [call site] 00146
2 report_low_lbuf_mem [function] [call site] 00147
3 mhd_logger [function] [call site] 00148
1 mhd_stream_is_timeout_expired [function] [call site] 00149
2 mhd_monotonic_msec_counter [function] [call site] 00150
3 clock_gettime [call site] 00151
3 timespec_get [call site] 00152
3 time [call site] 00153
2 mhd_logger [function] [call site] 00154
2 mhd_logger [function] [call site] 00155
1 mhd_stream_get_request_line [function] [call site] 00156
2 get_request_line_inner [function] [call site] 00157
3 mhd_conn_start_closing [function] [call site] 00158
3 respond_with_error_len [function] [call site] 00159
4 mhd_daemon_free_lbuf [function] [call site] 00160
5 mhd_daemon_reclaim_lbuf [function] [call site] 00161
4 mhd_pool_deallocate [function] [call site] 00162
4 mhd_logger [function] [call site] 00163
4 mhd_response_dec_use_count [function] [call site] 00164
4 mhd_response_special_for_error [function] [call site] 00165
5 calloc [call site] 00166
4 mhd_conn_start_closing [function] [call site] 00167
3 mhd_conn_start_closing [function] [call site] 00168
3 respond_with_error_len [function] [call site] 00169
3 mhd_conn_start_closing [function] [call site] 00170
3 parse_http_version [function] [call site] 00171
4 respond_with_error_len [function] [call site] 00172
4 respond_with_error_len [function] [call site] 00173
4 respond_with_error_len [function] [call site] 00174
3 respond_with_error_len [function] [call site] 00175
3 mhd_conn_start_closing [function] [call site] 00176
3 mhd_conn_start_closing [function] [call site] 00177
3 parse_http_std_method [function] [call site] 00178
4 memcmp [call site] 00179
4 memcmp [call site] 00180
4 memcmp [call site] 00181
4 memcmp [call site] 00182
4 memcmp [call site] 00183
4 memcmp [call site] 00184
4 memcmp [call site] 00185
4 memcmp [call site] 00186
3 respond_with_error_len [function] [call site] 00187
3 mhd_conn_start_closing [function] [call site] 00188
3 mhd_conn_start_closing [function] [call site] 00189
3 mhd_conn_start_closing [function] [call site] 00190
2 respond_with_error_len [function] [call site] 00191
2 respond_with_error_len [function] [call site] 00192
2 send_redirect_fixed_rq_target [function] [call site] 00193
3 mhd_conn_start_closing [function] [call site] 00194
3 respond_with_error_len [function] [call site] 00195
2 process_request_target [function] [call site] 00196
3 mhd_parse_get_args [function] [call site] 00197
4 mhd_str_pct_decode_lenient_n [function] [call site] 00198
4 mhd_str_pct_decode_lenient_n [function] [call site] 00199
3 request_add_get_arg [function] [call site] 00200
4 mhd_stream_add_field_nullable [function] [call site] 00201
5 mhd_stream_alloc_memory [function] [call site] 00202
3 mhd_logger [function] [call site] 00203
3 mhd_stream_get_no_space_err_status_code [function] [call site] 00204
4 mhd_str_equal_caseless_bin_n [function] [call site] 00205
4 mhd_request_get_value_n [function] [call site] 00206
3 respond_with_error_len [function] [call site] 00207
3 mhd_str_pct_decode_lenient_n [function] [call site] 00208
1 mhd_stream_switch_to_rq_headers_proc [function] [call site] 00209
2 mhd_stream_reset_rq_hdr_proc_state [function] [call site] 00210
1 init_parsing_configuration(FuzzedDataProvider&, MHD_Connection&, bool) [function] [call site] 00211
1 mhd_stream_prepare_for_post_parse [function] [call site] 00212
1 mhd_stream_post_parse [function] [call site] 00213
1 mhd_stream_process_request_body [function] [call site] 00214
2 process_request_chunked_body [function] [call site] 00215
3 respond_with_error_len [function] [call site] 00216
3 mhd_strx_to_uint64_n [function] [call site] 00217
4 xdigittovalue [function] [call site] 00218
3 respond_with_error_len [function] [call site] 00219
3 respond_with_error_len [function] [call site] 00220
3 mhd_stream_post_parse [function] [call site] 00221
3 mhd_daemon_grow_lbuf [function] [call site] 00222
4 mhd_daemon_claim_lbuf [function] [call site] 00223
5 mhd_daemon_get_master_daemon [function] [call site] 00224
5 pthread_mutex_lock [call site] 00225
5 mhd_panic [function] [call site] 00226
5 pthread_mutex_unlock [call site] 00227
5 mhd_panic [function] [call site] 00228
4 realloc [call site] 00229
4 mhd_daemon_reclaim_lbuf [function] [call site] 00230
3 respond_with_error_len [function] [call site] 00231
3 mhd_daemon_free_lbuf [function] [call site] 00232
3 mhd_stream_process_upload_action [function] [call site] 00233
3 mhd_stream_process_upload_action [function] [call site] 00234
2 process_request_nonchunked_body [function] [call site] 00235
3 mhd_stream_post_parse [function] [call site] 00236
3 mhd_stream_process_upload_action [function] [call site] 00237
1 mhd_stream_process_upload_action [function] [call site] 00238
1 mhd_stream_process_upload_action [function] [call site] 00239
1 mhd_stream_process_upload_action [function] [call site] 00240
1 mhd_stream_process_req_recv_finished [function] [call site] 00241
2 mhd_daemon_free_lbuf [function] [call site] 00242
1 mhd_stream_reset_rq_hdr_proc_state [function] [call site] 00243
1 mhd_stream_alloc_memory [function] [call site] 00244
1 mhd_stream_maximize_write_buffer [function] [call site] 00245
2 mhd_pool_get_free [function] [call site] 00246
2 mhd_pool_reallocate [function] [call site] 00247
1 mhd_stream_release_write_buffer [function] [call site] 00248
2 mhd_pool_deallocate [function] [call site] 00249
1 mhd_stream_shrink_read_buffer [function] [call site] 00250
2 mhd_pool_deallocate [function] [call site] 00251
2 mhd_pool_reallocate [function] [call site] 00252
1 mhd_stream_switch_from_recv_to_send [function] [call site] 00253
2 mhd_stream_shrink_read_buffer [function] [call site] 00254
1 mhd_daemon_free_lbuf [function] [call site] 00255