Fuzz introspector: bplist_fuzzer
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
0 38 2 :

['node_destroy', 'node_attach']

0 38 node_create call site: 00040 /src/libplist/libcnary/node.c:64
0 0 None 16 1084 parse_dict_node call site: 00141 /src/libplist/src/bplist.c:488
0 0 None 10 293 plist_from_bin call site: 00001 /src/libplist/src/bplist.c:799
0 0 None 8 1100 parse_bin_node call site: 00033 /src/libplist/src/bplist.c:579
0 0 None 4 4 plist_utf16be_to_utf8 call site: 00089 /src/libplist/src/bplist.c:340
0 0 None 2 41 parse_string_node call site: 00080 /src/libplist/src/bplist.c:314
0 0 None 0 280 plist_from_bin call site: 00017 /src/libplist/src/bplist.c:880
0 0 None 0 39 parse_data_node call site: 00072 /src/libplist/src/bplist.c:421
0 0 None 0 0 node_create call site: 00040 /src/libplist/libcnary/node.c:52
0 0 None 0 0 node_list_create call site: 00043 /src/libplist/libcnary/node_list.c:39
0 0 None 0 0 node_list_remove call site: 00047 /src/libplist/libcnary/node_list.c:135
0 0 None 0 0 node_list_remove call site: 00047 /src/libplist/libcnary/node_list.c:137

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 plist_from_bin [function] [call site] 00001
2 fprintf [call site] 00002
2 memcmp [call site] 00003
2 fprintf [call site] 00004
2 memcmp [call site] 00005
2 fprintf [call site] 00006
2 __bswap_64 [function] [call site] 00007
2 __bswap_64 [function] [call site] 00008
2 __bswap_64 [function] [call site] 00009
2 fprintf [call site] 00010
2 fprintf [call site] 00011
2 fprintf [call site] 00012
2 fprintf [call site] 00013
2 fprintf [call site] 00014
2 fprintf [call site] 00015
2 fprintf [call site] 00016
2 ptr_array_new [function] [call site] 00017
2 fprintf [call site] 00018
2 parse_bin_node_at_index [function] [call site] 00019
3 fprintf [call site] 00020
3 fprintf [call site] 00021
3 __bswap_64 [function] [call site] 00022
3 fprintf [call site] 00023
3 ptr_array_size [function] [call site] 00024
3 ptr_array_size [function] [call site] 00025
3 ptr_array_add [function] [call site] 00026
4 ptr_array_insert [function] [call site] 00027
5 realloc [call site] 00028
3 ptr_array_set [function] [call site] 00029
3 ptr_array_index [function] [call site] 00030
3 ptr_array_index [function] [call site] 00031
3 fprintf [call site] 00032
3 parse_bin_node [function] [call site] 00033
4 fprintf [call site] 00034
4 fprintf [call site] 00035
4 __bswap_64 [function] [call site] 00036
4 plist_new_plist_data [function] [call site] 00037
5 calloc [call site] 00038
4 node_create [function] [call site] 00039
5 calloc [call site] 00040
5 node_attach [function] [call site] 00041
6 node_list_create [function] [call site] 00042
7 calloc [call site] 00043
6 node_list_add [function] [call site] 00044
5 printf [call site] 00045
5 node_destroy [function] [call site] 00046
6 node_list_remove [function] [call site] 00047
6 node_destroy [function] [call site] 00048
7 node_list_destroy [function] [call site] 00049
4 plist_new_plist_data [function] [call site] 00050
4 node_create [function] [call site] 00051
4 plist_new_plist_data [function] [call site] 00052
4 node_create [function] [call site] 00053
4 fprintf [call site] 00054
4 parse_int_node [function] [call site] 00055
5 plist_new_plist_data [function] [call site] 00056
5 fprintf [call site] 00057
5 __bswap_64 [function] [call site] 00058
5 node_create [function] [call site] 00059
4 fprintf [call site] 00060
4 parse_real_node [function] [call site] 00061
5 plist_new_plist_data [function] [call site] 00062
5 fprintf [call site] 00063
5 node_create [function] [call site] 00064
4 fprintf [call site] 00065
4 fprintf [call site] 00066
4 parse_date_node [function] [call site] 00067
5 parse_real_node [function] [call site] 00068
5 plist_get_data [function] [call site] 00069
4 fprintf [call site] 00070
4 parse_data_node [function] [call site] 00071
5 plist_new_plist_data [function] [call site] 00072
5 plist_free_data [function] [call site] 00073
6 ptr_array_free [function] [call site] 00074
6 hash_table_destroy [function] [call site] 00075
5 fprintf [call site] 00076
5 node_create [function] [call site] 00077
4 fprintf [call site] 00078
4 parse_string_node [function] [call site] 00079
5 plist_new_plist_data [function] [call site] 00080
5 plist_free_data [function] [call site] 00081
5 fprintf [call site] 00082
5 strlen [call site] 00083
5 node_create [function] [call site] 00084
4 fprintf [call site] 00085
4 fprintf [call site] 00086
4 parse_unicode_node [function] [call site] 00087
5 plist_new_plist_data [function] [call site] 00088
5 plist_utf16be_to_utf8 [function] [call site] 00089
6 fprintf [call site] 00090
6 __bswap_16 [function] [call site] 00091
6 realloc [call site] 00092
5 plist_free_data [function] [call site] 00093
5 node_create [function] [call site] 00094
4 fprintf [call site] 00095
4 parse_array_node [function] [call site] 00096
5 plist_new_plist_data [function] [call site] 00097
5 node_create [function] [call site] 00098
5 plist_free [function] [call site] 00099
6 plist_free_node [function] [call site] 00100
7 node_detach [function] [call site] 00101
8 node_list_remove [function] [call site] 00102
7 plist_get_data [function] [call site] 00103
7 plist_free_data [function] [call site] 00104
7 node_first_child [function] [call site] 00105
7 node_next_sibling [function] [call site] 00106
7 plist_free_node [function] [call site] 00107
8 node_destroy [function] [call site] 00108
5 fprintf [call site] 00109
5 __bswap_64 [function] [call site] 00110
5 plist_free [function] [call site] 00111
5 fprintf [call site] 00112
5 parse_bin_node_at_index [function] [call site] 00113
5 plist_free [function] [call site] 00114
5 node_attach [function] [call site] 00115
4 fprintf [call site] 00116
4 parse_uid_node [function] [call site] 00117
5 plist_new_plist_data [function] [call site] 00118
5 __bswap_64 [function] [call site] 00119
5 fprintf [call site] 00120
5 node_create [function] [call site] 00121
4 fprintf [call site] 00122
4 parse_dict_node [function] [call site] 00123
5 plist_new_plist_data [function] [call site] 00124
5 node_create [function] [call site] 00125
5 plist_free [function] [call site] 00126
5 fprintf [call site] 00127
5 __bswap_64 [function] [call site] 00128
5 __bswap_64 [function] [call site] 00129
5 plist_free [function] [call site] 00130
5 fprintf [call site] 00131
5 plist_free [function] [call site] 00132
5 fprintf [call site] 00133
5 parse_bin_node_at_index [function] [call site] 00134
5 plist_free [function] [call site] 00135
5 plist_get_data [function] [call site] 00136
5 fprintf [call site] 00137
5 plist_free [function] [call site] 00138
5 plist_free [function] [call site] 00139
5 plist_get_data [function] [call site] 00140
5 plist_get_data [function] [call site] 00141
5 fprintf [call site] 00142
5 plist_free [function] [call site] 00143
5 plist_free [function] [call site] 00144
5 parse_bin_node_at_index [function] [call site] 00145
5 plist_free [function] [call site] 00146
5 plist_free [function] [call site] 00147
5 node_attach [function] [call site] 00148
5 node_attach [function] [call site] 00149
4 fprintf [call site] 00150
2 ptr_array_free [function] [call site] 00151
1 plist_free [function] [call site] 00152