Fuzz introspector: srtp-fuzzer
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
221 221 1 :

['srtp_unprotect_aead']

221 221 srtp_unprotect call site: 00000 /src/libsrtp/srtp/srtp.c:2603
175 175 1 :

['srtp_crypto_kernel_status']

175 175 srtp_crypto_kernel_init call site: 00000 /src/libsrtp/crypto/kernel/crypto_kernel.c:78
175 175 1 :

['srtp_unprotect_rtcp_aead']

175 175 srtp_unprotect_rtcp call site: 00000 /src/libsrtp/srtp/srtp.c:4291
154 154 1 :

['srtp_protect_aead']

154 154 srtp_protect call site: 00000 /src/libsrtp/srtp/srtp.c:2291
71 71 1 :

['srtp_protect_rtcp_aead']

71 71 srtp_protect_rtcp call site: 00000 /src/libsrtp/srtp/srtp.c:4054
2 2 1 :

['srtp_inject_mki']

88 230 srtp_protect call site: 00000 /src/libsrtp/srtp/srtp.c:2344
2 2 1 :

['srtp_inject_mki']

73 100 srtp_protect_rtcp call site: 00000 /src/libsrtp/srtp/srtp.c:4094
2 2 1 :

['abort']

2 2 LLVMFuzzerInitialize call site: 00000 /src/libsrtp/fuzzer/fuzzer.c:715
2 2 1 :

['abort']

2 2 extract_policy call site: 00012 /src/libsrtp/fuzzer/fuzzer.c:390
0 63 1 :

['srtp_stream_dealloc']

0 63 srtp_stream_clone call site: 00000 /src/libsrtp/srtp/srtp.c:654
0 25 1 :

['srtp_crypto_alloc']

354 730 srtp_stream_init_keys call site: 00112 /src/libsrtp/srtp/srtp.c:1054
0 25 1 :

['srtp_rdbx_dealloc']

0 25 srtp_stream_init call site: 00110 /src/libsrtp/srtp/srtp.c:1497

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 fuzz_write_input [function] [call site] 00001
2 fopen [call site] 00002
2 abort [call site] 00003
2 fwrite [call site] 00004
2 printf [call site] 00005
2 abort [call site] 00006
2 fclose [call site] 00007
1 fuzz_mt19937_init [function] [call site] 00008
1 srand [call site] 00009
1 extract_policies [function] [call site] 00010
2 extract_policy [function] [call site] 00011
3 fuzz_alloc_succeed [function] [call site] 00012
4 fuzz_alloc [function] [call site] 00013
5 fuzz_mt19937_get [function] [call site] 00014
5 fuzz_mt19937_get [function] [call site] 00015
5 fuzz_mt19937_get [function] [call site] 00016
4 calloc [call site] 00017
3 abort [call site] 00018
3 extract_key [function] [call site] 00019
4 fuzz_alloc_succeed [function] [call site] 00020
3 fuzz_free [function] [call site] 00021
4 fuzz_is_special_pointer [function] [call site] 00022
3 fuzz_free [function] [call site] 00023
3 fuzz_free [function] [call site] 00024
3 fuzz_alloc_succeed [function] [call site] 00025
3 extract_master_keys [function] [call site] 00026
4 extract_master_key [function] [call site] 00027
5 fuzz_alloc_succeed [function] [call site] 00028
5 fuzz_alloc_succeed [function] [call site] 00029
5 fuzz_alloc_succeed [function] [call site] 00030
4 fuzz_alloc_succeed [function] [call site] 00031
4 extract_master_key [function] [call site] 00032
4 abort [call site] 00033
3 fuzz_free [function] [call site] 00034
3 fuzz_free [function] [call site] 00035
3 fuzz_free [function] [call site] 00036
2 extract_policy [function] [call site] 00037
1 extract_policies [function] [call site] 00038
1 srtp_create [function] [call site] 00039
2 srtp_valid_policy [function] [call site] 00040
2 srtp_crypto_alloc [function] [call site] 00041
3 calloc [call site] 00042
3 srtp_err_report [function] [call site] 00043
4 vfprintf [call site] 00044
4 vsnprintf [call site] 00045
4 strlen [call site] 00046
4 octet_string_set_to_zero [function] [call site] 00047
5 srtp_cleanse [function] [call site] 00048
3 srtp_err_report [function] [call site] 00049
2 srtp_stream_list_alloc [function] [call site] 00050
3 srtp_crypto_alloc [function] [call site] 00051
3 srtp_crypto_alloc [function] [call site] 00052
3 srtp_crypto_free [function] [call site] 00053
4 srtp_err_report [function] [call site] 00054
2 srtp_dealloc [function] [call site] 00055
3 srtp_remove_and_dealloc_streams [function] [call site] 00056
4 srtp_stream_list_for_each [function] [call site] 00057
3 srtp_stream_dealloc [function] [call site] 00058
4 srtp_cipher_dealloc [function] [call site] 00059
4 srtp_cipher_dealloc [function] [call site] 00060
4 srtp_cipher_dealloc [function] [call site] 00061
4 octet_string_set_to_zero [function] [call site] 00062
4 octet_string_set_to_zero [function] [call site] 00063
4 octet_string_set_to_zero [function] [call site] 00064
4 srtp_crypto_free [function] [call site] 00065
4 srtp_crypto_free [function] [call site] 00066
4 srtp_crypto_free [function] [call site] 00067
4 srtp_rdbx_dealloc [function] [call site] 00068
5 bitvector_dealloc [function] [call site] 00069
6 srtp_crypto_free [function] [call site] 00070
4 srtp_crypto_free [function] [call site] 00071
4 srtp_crypto_free [function] [call site] 00072
3 srtp_stream_list_dealloc [function] [call site] 00073
4 srtp_crypto_free [function] [call site] 00074
4 srtp_crypto_free [function] [call site] 00075
3 srtp_crypto_free [function] [call site] 00076
2 srtp_stream_add [function] [call site] 00077
3 srtp_valid_policy [function] [call site] 00078
3 srtp_stream_alloc [function] [call site] 00079
4 srtp_valid_policy [function] [call site] 00080
4 srtp_crypto_alloc [function] [call site] 00081
4 srtp_crypto_alloc [function] [call site] 00082
4 srtp_stream_dealloc [function] [call site] 00083
4 srtp_crypto_kernel_alloc_cipher [function] [call site] 00084
5 srtp_crypto_kernel_get_cipher_type [function] [call site] 00085
4 srtp_stream_dealloc [function] [call site] 00086
4 srtp_crypto_kernel_alloc_auth [function] [call site] 00087
5 srtp_crypto_kernel_get_auth_type [function] [call site] 00088
4 srtp_stream_dealloc [function] [call site] 00089
4 srtp_crypto_kernel_alloc_cipher [function] [call site] 00090
4 srtp_stream_dealloc [function] [call site] 00091
4 srtp_crypto_kernel_alloc_auth [function] [call site] 00092
4 srtp_stream_dealloc [function] [call site] 00093
4 srtp_crypto_alloc [function] [call site] 00094
4 srtp_stream_dealloc [function] [call site] 00095
4 srtp_crypto_alloc [function] [call site] 00096
4 srtp_stream_dealloc [function] [call site] 00097
4 srtp_crypto_kernel_alloc_cipher [function] [call site] 00098
4 srtp_stream_dealloc [function] [call site] 00099
3 srtp_stream_init [function] [call site] 00100
4 srtp_valid_policy [function] [call site] 00101
4 srtp_err_report [function] [call site] 00102
4 srtp_rdbx_init [function] [call site] 00103
5 bitvector_alloc [function] [call site] 00104
6 srtp_crypto_alloc [function] [call site] 00105
5 srtp_index_init [function] [call site] 00106
4 srtp_rdbx_init [function] [call site] 00107
4 htonl [call site] 00108
4 srtp_rdb_init [function] [call site] 00109
4 srtp_stream_init_all_master_keys [function] [call site] 00110
5 srtp_stream_init_keys [function] [call site] 00111
6 srtp_key_limit_set [function] [call site] 00112
6 srtp_crypto_alloc [function] [call site] 00113
6 full_key_length [function] [call site] 00114
6 full_key_length [function] [call site] 00115
6 srtp_cipher_get_key_length [function] [call site] 00116
6 srtp_cipher_get_key_length [function] [call site] 00117
6 base_key_length [function] [call site] 00118
6 srtp_err_report [function] [call site] 00119
6 srtp_err_report [function] [call site] 00120
6 srtp_err_report [function] [call site] 00121
6 srtp_err_report [function] [call site] 00122
6 srtp_err_report [function] [call site] 00123
6 srtp_err_report [function] [call site] 00124
6 srtp_kdf_init [function] [call site] 00125
7 srtp_crypto_kernel_alloc_cipher [function] [call site] 00126
7 srtp_cipher_init [function] [call site] 00127
7 srtp_cipher_dealloc [function] [call site] 00128
6 octet_string_set_to_zero [function] [call site] 00129
6 srtp_kdf_generate [function] [call site] 00130
7 srtp_cipher_set_iv [function] [call site] 00131
7 octet_string_set_to_zero [function] [call site] 00132
7 srtp_cipher_encrypt [function] [call site] 00133
6 octet_string_set_to_zero [function] [call site] 00134
6 srtp_octet_string_hex_string [function] [call site] 00135
7 srtp_nibble_to_hex_char [function] [call site] 00136
7 srtp_nibble_to_hex_char [function] [call site] 00137
6 srtp_err_report [function] [call site] 00138
6 srtp_err_report [function] [call site] 00139
6 srtp_kdf_generate [function] [call site] 00140
6 octet_string_set_to_zero [function] [call site] 00141
6 srtp_octet_string_hex_string [function] [call site] 00142
6 srtp_err_report [function] [call site] 00143
6 srtp_cipher_init [function] [call site] 00144
6 octet_string_set_to_zero [function] [call site] 00145
6 srtp_cipher_get_key_length [function] [call site] 00146
6 base_key_length [function] [call site] 00147
6 octet_string_set_to_zero [function] [call site] 00148
6 srtp_kdf_init [function] [call site] 00149
6 octet_string_set_to_zero [function] [call site] 00150
6 octet_string_set_to_zero [function] [call site] 00151
6 srtp_kdf_generate [function] [call site] 00152
6 octet_string_set_to_zero [function] [call site] 00153
6 srtp_octet_string_hex_string [function] [call site] 00154
6 srtp_err_report [function] [call site] 00155
6 srtp_err_report [function] [call site] 00156
6 srtp_kdf_generate [function] [call site] 00157
6 octet_string_set_to_zero [function] [call site] 00158
6 srtp_octet_string_hex_string [function] [call site] 00159
6 srtp_err_report [function] [call site] 00160
6 srtp_cipher_init [function] [call site] 00161
6 octet_string_set_to_zero [function] [call site] 00162
6 srtp_kdf_clear [function] [call site] 00163
7 srtp_cipher_dealloc [function] [call site] 00164
6 octet_string_set_to_zero [function] [call site] 00165
6 srtp_auth_get_key_length [function] [call site] 00166
6 srtp_kdf_generate [function] [call site] 00167
6 octet_string_set_to_zero [function] [call site] 00168
6 srtp_auth_get_key_length [function] [call site] 00169
6 srtp_octet_string_hex_string [function] [call site] 00170
6 srtp_err_report [function] [call site] 00171
6 octet_string_set_to_zero [function] [call site] 00172
6 base_key_length [function] [call site] 00173
6 srtp_err_report [function] [call site] 00174
6 srtp_kdf_generate [function] [call site] 00175
6 octet_string_set_to_zero [function] [call site] 00176
6 srtp_err_report [function] [call site] 00177
6 srtp_kdf_generate [function] [call site] 00178
6 octet_string_set_to_zero [function] [call site] 00179
6 srtp_octet_string_hex_string [function] [call site] 00180
6 srtp_err_report [function] [call site] 00181
6 srtp_octet_string_hex_string [function] [call site] 00182
6 srtp_err_report [function] [call site] 00183
6 srtp_cipher_init [function] [call site] 00184
6 octet_string_set_to_zero [function] [call site] 00185
6 srtp_auth_get_key_length [function] [call site] 00186
6 srtp_kdf_generate [function] [call site] 00187
6 octet_string_set_to_zero [function] [call site] 00188
6 srtp_auth_get_key_length [function] [call site] 00189
6 srtp_octet_string_hex_string [function] [call site] 00190
6 srtp_err_report [function] [call site] 00191
6 octet_string_set_to_zero [function] [call site] 00192
6 srtp_kdf_clear [function] [call site] 00193
6 octet_string_set_to_zero [function] [call site] 00194
5 srtp_stream_init_keys [function] [call site] 00195
4 srtp_rdbx_dealloc [function] [call site] 00196
3 srtp_stream_dealloc [function] [call site] 00197
3 srtp_stream_dealloc [function] [call site] 00198
3 srtp_stream_dealloc [function] [call site] 00199
3 srtp_insert_or_dealloc_stream [function] [call site] 00200
4 srtp_stream_list_insert [function] [call site] 00201
5 srtp_crypto_alloc [function] [call site] 00202
5 srtp_crypto_free [function] [call site] 00203
4 srtp_stream_dealloc [function] [call site] 00204
3 srtp_stream_dealloc [function] [call site] 00205
2 srtp_dealloc [function] [call site] 00206
1 extract_remove_stream_ssrc [function] [call site] 00207
2 fuzz_alloc_succeed [function] [call site] 00208
1 extract_set_roc [function] [call site] 00209
2 fuzz_alloc_succeed [function] [call site] 00210
1 run_srtp_func [function] [call site] 00211
2 fuzz_alloc_succeed [function] [call site] 00212
2 fuzz_alloc_succeed [function] [call site] 00213
2 fuzz_free [function] [call site] 00214
2 fuzz_testmem [function] [call site] 00215
2 fuzz_alloc_succeed [function] [call site] 00216
2 fuzz_alloc_succeed [function] [call site] 00217
2 fuzz_free [function] [call site] 00218
2 fuzz_free [function] [call site] 00219
2 fuzz_testmem [function] [call site] 00220
1 fuzz_free [function] [call site] 00221
1 srtp_stream_remove [function] [call site] 00222
2 htonl [call site] 00223
2 srtp_stream_list_get [function] [call site] 00224
2 srtp_stream_list_remove [function] [call site] 00225
2 srtp_stream_dealloc [function] [call site] 00226
1 srtp_stream_set_roc [function] [call site] 00227
2 htonl [call site] 00228
2 srtp_get_stream [function] [call site] 00229
3 srtp_stream_list_get [function] [call site] 00230
1 srtp_stream_get_roc [function] [call site] 00231
2 htonl [call site] 00232
2 srtp_get_stream [function] [call site] 00233
2 srtp_rdbx_get_roc [function] [call site] 00234
1 free_policies [function] [call site] 00235
2 fuzz_free [function] [call site] 00236
2 fuzz_free [function] [call site] 00237
2 fuzz_free [function] [call site] 00238
2 fuzz_free [function] [call site] 00239
2 fuzz_free [function] [call site] 00240
2 fuzz_free [function] [call site] 00241
2 fuzz_free [function] [call site] 00242
1 free_policies [function] [call site] 00243
1 free_policies [function] [call site] 00244
1 fuzz_free [function] [call site] 00245
1 fuzz_free [function] [call site] 00246
1 srtp_dealloc [function] [call site] 00247
1 fuzz_mt19937_destroy [function] [call site] 00248