Fuzz introspector: srtp-fuzzer
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
210 210 1 :

['srtp_unprotect_aead']

210 210 srtp_unprotect_mki call site: 00000 /src/libsrtp/srtp/srtp.c:2585
187 187 1 :

['srtp_crypto_kernel_status']

187 187 srtp_crypto_kernel_init call site: 00000 /src/libsrtp/crypto/kernel/crypto_kernel.c:77
171 171 1 :

['srtp_unprotect_rtcp_aead']

171 171 srtp_unprotect_rtcp_mki call site: 00000 /src/libsrtp/srtp/srtp.c:4310
154 154 1 :

['srtp_protect_aead']

154 154 srtp_protect_mki call site: 00000 /src/libsrtp/srtp/srtp.c:2241
76 76 1 :

['srtp_protect_rtcp_aead']

76 76 srtp_protect_rtcp_mki call site: 00000 /src/libsrtp/srtp/srtp.c:4074
23 29 3 :

['srtp_octet_string_hex_string', 'srtp_err_report', 'srtp_cipher_output']

25 215 srtp_unprotect_rtcp_mki call site: 00000 /src/libsrtp/srtp/srtp.c:4424
2 2 1 :

['abort']

2 2 LLVMFuzzerInitialize call site: 00000 /src/libsrtp/fuzzer/fuzzer.c:775
2 2 1 :

['abort']

2 2 extract_policy call site: 00012 /src/libsrtp/fuzzer/fuzzer.c:442
0 63 1 :

['srtp_stream_dealloc']

0 63 srtp_stream_clone call site: 00000 /src/libsrtp/srtp/srtp.c:573
0 25 1 :

['srtp_rdbx_dealloc']

0 25 srtp_stream_init call site: 00110 /src/libsrtp/srtp/srtp.c:1367
0 21 2 :

['srtp_kdf_init', 'srtp_cipher_get_key_length']

189 430 srtp_stream_init_keys call site: 00145 /src/libsrtp/srtp/srtp.c:1087
0 20 1 :

['srtp_crypto_free']

0 20 srtp_aes_icm_alloc call site: 00000 /src/libsrtp/crypto/cipher/aes_icm.c:124

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 fuzz_write_input [function] [call site] 00001
2 fopen [call site] 00002
2 abort [call site] 00003
2 fwrite [call site] 00004
2 printf [call site] 00005
2 abort [call site] 00006
2 fclose [call site] 00007
1 fuzz_mt19937_init [function] [call site] 00008
1 srand [call site] 00009
1 extract_policies [function] [call site] 00010
2 extract_policy [function] [call site] 00011
3 fuzz_alloc_succeed [function] [call site] 00012
4 fuzz_alloc [function] [call site] 00013
5 fuzz_mt19937_get [function] [call site] 00014
5 fuzz_mt19937_get [function] [call site] 00015
5 fuzz_mt19937_get [function] [call site] 00016
4 calloc [call site] 00017
3 abort [call site] 00018
3 extract_key [function] [call site] 00019
4 fuzz_alloc_succeed [function] [call site] 00020
3 fuzz_free [function] [call site] 00021
4 fuzz_is_special_pointer [function] [call site] 00022
3 fuzz_free [function] [call site] 00023
3 fuzz_free [function] [call site] 00024
3 fuzz_alloc_succeed [function] [call site] 00025
3 extract_master_keys [function] [call site] 00026
4 extract_master_key [function] [call site] 00027
5 fuzz_alloc_succeed [function] [call site] 00028
5 fuzz_alloc_succeed [function] [call site] 00029
5 fuzz_alloc_succeed [function] [call site] 00030
4 fuzz_alloc_succeed [function] [call site] 00031
4 extract_master_key [function] [call site] 00032
4 abort [call site] 00033
3 fuzz_free [function] [call site] 00034
3 fuzz_free [function] [call site] 00035
3 fuzz_free [function] [call site] 00036
2 extract_policy [function] [call site] 00037
1 extract_policies [function] [call site] 00038
1 srtp_create [function] [call site] 00039
2 srtp_valid_policy [function] [call site] 00040
2 srtp_crypto_alloc [function] [call site] 00041
3 calloc [call site] 00042
3 srtp_err_report [function] [call site] 00043
4 vfprintf [call site] 00044
4 vsnprintf [call site] 00045
4 strlen [call site] 00046
4 octet_string_set_to_zero [function] [call site] 00047
5 srtp_cleanse [function] [call site] 00048
3 srtp_err_report [function] [call site] 00049
2 srtp_stream_list_alloc [function] [call site] 00050
3 srtp_crypto_alloc [function] [call site] 00051
2 srtp_dealloc [function] [call site] 00052
3 srtp_remove_and_dealloc_streams [function] [call site] 00053
4 srtp_stream_list_for_each [function] [call site] 00054
3 srtp_stream_dealloc [function] [call site] 00055
4 srtp_cipher_dealloc [function] [call site] 00056
4 srtp_cipher_dealloc [function] [call site] 00057
4 srtp_cipher_dealloc [function] [call site] 00058
4 octet_string_set_to_zero [function] [call site] 00059
4 octet_string_set_to_zero [function] [call site] 00060
4 octet_string_set_to_zero [function] [call site] 00061
4 srtp_crypto_free [function] [call site] 00062
5 srtp_err_report [function] [call site] 00063
4 srtp_crypto_free [function] [call site] 00064
4 srtp_crypto_free [function] [call site] 00065
4 srtp_rdbx_dealloc [function] [call site] 00066
5 bitvector_dealloc [function] [call site] 00067
6 srtp_crypto_free [function] [call site] 00068
4 srtp_crypto_free [function] [call site] 00069
4 srtp_crypto_free [function] [call site] 00070
3 srtp_stream_list_dealloc [function] [call site] 00071
4 srtp_crypto_free [function] [call site] 00072
3 srtp_crypto_free [function] [call site] 00073
2 srtp_add_stream [function] [call site] 00074
3 srtp_valid_policy [function] [call site] 00075
3 srtp_validate_policy_master_keys [function] [call site] 00076
3 srtp_stream_alloc [function] [call site] 00077
4 srtp_valid_policy [function] [call site] 00078
4 srtp_crypto_alloc [function] [call site] 00079
4 srtp_crypto_alloc [function] [call site] 00080
4 srtp_stream_dealloc [function] [call site] 00081
4 srtp_crypto_kernel_alloc_cipher [function] [call site] 00082
5 srtp_crypto_kernel_get_cipher_type [function] [call site] 00083
4 srtp_stream_dealloc [function] [call site] 00084
4 srtp_crypto_kernel_alloc_auth [function] [call site] 00085
5 srtp_crypto_kernel_get_auth_type [function] [call site] 00086
4 srtp_stream_dealloc [function] [call site] 00087
4 srtp_crypto_kernel_alloc_cipher [function] [call site] 00088
4 srtp_stream_dealloc [function] [call site] 00089
4 srtp_crypto_kernel_alloc_auth [function] [call site] 00090
4 srtp_stream_dealloc [function] [call site] 00091
4 srtp_crypto_alloc [function] [call site] 00092
4 srtp_stream_dealloc [function] [call site] 00093
4 srtp_crypto_alloc [function] [call site] 00094
4 srtp_stream_dealloc [function] [call site] 00095
4 srtp_crypto_kernel_alloc_cipher [function] [call site] 00096
4 srtp_stream_dealloc [function] [call site] 00097
3 srtp_stream_init [function] [call site] 00098
4 srtp_valid_policy [function] [call site] 00099
4 srtp_err_report [function] [call site] 00100
4 srtp_rdbx_init [function] [call site] 00101
5 bitvector_alloc [function] [call site] 00102
6 srtp_crypto_alloc [function] [call site] 00103
6 bitvector_set_to_zero [function] [call site] 00104
5 srtp_index_init [function] [call site] 00105
4 srtp_rdbx_init [function] [call site] 00106
4 htonl [call site] 00107
4 srtp_rdb_init [function] [call site] 00108
4 srtp_rdbx_dealloc [function] [call site] 00109
4 srtp_stream_init_all_master_keys [function] [call site] 00110
5 srtp_stream_init_keys [function] [call site] 00111
6 srtp_key_limit_set [function] [call site] 00112
6 srtp_crypto_alloc [function] [call site] 00113
6 full_key_length [function] [call site] 00114
6 full_key_length [function] [call site] 00115
6 srtp_cipher_get_key_length [function] [call site] 00116
6 srtp_cipher_get_key_length [function] [call site] 00117
6 base_key_length [function] [call site] 00118
6 srtp_err_report [function] [call site] 00119
6 srtp_err_report [function] [call site] 00120
6 srtp_err_report [function] [call site] 00121
6 srtp_err_report [function] [call site] 00122
6 srtp_err_report [function] [call site] 00123
6 srtp_err_report [function] [call site] 00124
6 srtp_kdf_init [function] [call site] 00125
7 srtp_crypto_kernel_alloc_cipher [function] [call site] 00126
7 srtp_cipher_init [function] [call site] 00127
7 srtp_cipher_dealloc [function] [call site] 00128
6 octet_string_set_to_zero [function] [call site] 00129
6 srtp_kdf_generate [function] [call site] 00130
7 srtp_cipher_set_iv [function] [call site] 00131
7 octet_string_set_to_zero [function] [call site] 00132
7 srtp_cipher_encrypt [function] [call site] 00133
6 octet_string_set_to_zero [function] [call site] 00134
6 srtp_octet_string_hex_string [function] [call site] 00135
7 srtp_nibble_to_hex_char [function] [call site] 00136
7 srtp_nibble_to_hex_char [function] [call site] 00137
6 srtp_err_report [function] [call site] 00138
6 srtp_err_report [function] [call site] 00139
6 srtp_kdf_generate [function] [call site] 00140
6 octet_string_set_to_zero [function] [call site] 00141
6 srtp_octet_string_hex_string [function] [call site] 00142
6 srtp_err_report [function] [call site] 00143
6 srtp_cipher_init [function] [call site] 00144
6 octet_string_set_to_zero [function] [call site] 00145
6 srtp_cipher_get_key_length [function] [call site] 00146
6 base_key_length [function] [call site] 00147
6 octet_string_set_to_zero [function] [call site] 00148
6 srtp_kdf_init [function] [call site] 00149
6 octet_string_set_to_zero [function] [call site] 00150
6 octet_string_set_to_zero [function] [call site] 00151
6 srtp_kdf_generate [function] [call site] 00152
6 octet_string_set_to_zero [function] [call site] 00153
6 srtp_octet_string_hex_string [function] [call site] 00154
6 srtp_err_report [function] [call site] 00155
6 srtp_err_report [function] [call site] 00156
6 srtp_kdf_generate [function] [call site] 00157
6 octet_string_set_to_zero [function] [call site] 00158
6 srtp_octet_string_hex_string [function] [call site] 00159
6 srtp_err_report [function] [call site] 00160
6 srtp_cipher_init [function] [call site] 00161
6 octet_string_set_to_zero [function] [call site] 00162
6 srtp_kdf_clear [function] [call site] 00163
7 srtp_cipher_dealloc [function] [call site] 00164
6 octet_string_set_to_zero [function] [call site] 00165
6 srtp_auth_get_key_length [function] [call site] 00166
6 srtp_kdf_generate [function] [call site] 00167
6 octet_string_set_to_zero [function] [call site] 00168
6 srtp_auth_get_key_length [function] [call site] 00169
6 srtp_octet_string_hex_string [function] [call site] 00170
6 srtp_err_report [function] [call site] 00171
6 octet_string_set_to_zero [function] [call site] 00172
6 base_key_length [function] [call site] 00173
6 srtp_err_report [function] [call site] 00174
6 srtp_kdf_generate [function] [call site] 00175
6 octet_string_set_to_zero [function] [call site] 00176
6 srtp_err_report [function] [call site] 00177
6 srtp_kdf_generate [function] [call site] 00178
6 octet_string_set_to_zero [function] [call site] 00179
6 srtp_octet_string_hex_string [function] [call site] 00180
6 srtp_err_report [function] [call site] 00181
6 srtp_octet_string_hex_string [function] [call site] 00182
6 srtp_err_report [function] [call site] 00183
6 srtp_cipher_init [function] [call site] 00184
6 octet_string_set_to_zero [function] [call site] 00185
6 srtp_auth_get_key_length [function] [call site] 00186
6 srtp_kdf_generate [function] [call site] 00187
6 octet_string_set_to_zero [function] [call site] 00188
6 srtp_auth_get_key_length [function] [call site] 00189
6 srtp_octet_string_hex_string [function] [call site] 00190
6 srtp_err_report [function] [call site] 00191
6 octet_string_set_to_zero [function] [call site] 00192
6 srtp_kdf_clear [function] [call site] 00193
6 octet_string_set_to_zero [function] [call site] 00194
5 srtp_stream_init_keys [function] [call site] 00195
4 srtp_rdbx_dealloc [function] [call site] 00196
3 srtp_stream_dealloc [function] [call site] 00197
3 srtp_stream_dealloc [function] [call site] 00198
3 srtp_stream_dealloc [function] [call site] 00199
3 srtp_insert_or_dealloc_stream [function] [call site] 00200
4 srtp_stream_list_insert [function] [call site] 00201
4 srtp_stream_dealloc [function] [call site] 00202
3 srtp_stream_dealloc [function] [call site] 00203
2 srtp_dealloc [function] [call site] 00204
1 extract_remove_stream_ssrc [function] [call site] 00205
2 fuzz_alloc_succeed [function] [call site] 00206
1 extract_set_roc [function] [call site] 00207
2 fuzz_alloc_succeed [function] [call site] 00208
1 run_srtp_func [function] [call site] 00209
2 fuzz_alloc_succeed [function] [call site] 00210
2 fuzz_alloc_succeed [function] [call site] 00211
2 fuzz_free [function] [call site] 00212
2 fuzz_testmem [function] [call site] 00213
2 fuzz_alloc_succeed [function] [call site] 00214
2 fuzz_alloc_succeed [function] [call site] 00215
2 fuzz_free [function] [call site] 00216
2 fuzz_free [function] [call site] 00217
2 fuzz_testmem [function] [call site] 00218
1 fuzz_free [function] [call site] 00219
1 srtp_remove_stream [function] [call site] 00220
2 srtp_stream_list_get [function] [call site] 00221
2 srtp_stream_list_remove [function] [call site] 00222
2 srtp_stream_dealloc [function] [call site] 00223
1 srtp_set_stream_roc [function] [call site] 00224
2 htonl [call site] 00225
2 srtp_get_stream [function] [call site] 00226
3 srtp_stream_list_get [function] [call site] 00227
1 srtp_get_stream_roc [function] [call site] 00228
2 htonl [call site] 00229
2 srtp_get_stream [function] [call site] 00230
2 srtp_rdbx_get_roc [function] [call site] 00231
1 free_policies [function] [call site] 00240
1 free_policies [function] [call site] 00241
1 fuzz_free [function] [call site] 00242
1 fuzz_free [function] [call site] 00243
1 srtp_dealloc [function] [call site] 00244
1 fuzz_mt19937_destroy [function] [call site] 00245