Fuzz introspector: ssh_sftp_attr_fuzzer_nalloc
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
20 91 _ssh_log call site: 00091 _ssh_log
14 168 ssh_free call site: 00168 ssh_message_free
13 77 ssh_socket_close call site: 00077 ssh_poll_free
13 301 ssh_buffer_unpack_va call site: 00301 _ssh_log
8 60 ssh_free call site: 00060 ssh_channel_do_free
8 128 ssh_string_len call site: 00128 ssh_string_burn
7 289 ssh_buffer_unpack_va call site: 00289 ssh_buffer_get_ssh_string
6 121 crypto_free call site: 00121 ssh_key_clean
6 316 sftp_parse_attr_3 call site: 00316 sftp_parse_longname
4 145 crypto_free call site: 00145 deflateEnd
4 281 ssh_buffer_unpack_va call site: 00281 ssh_buffer_get_u8
2 22 ssh_buffer_new call site: 00022 buffer_shift

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 nalloc_start [function] [call site] 00001
2 nalloc_random_update [function] [call site] 00002
1 __assert_fail [call site] 00003
1 ssh_new [function] [call site] 00004
2 calloc [function] [call site] 00005
3 nalloc_fail [function] [call site] 00006
4 nalloc_random_update [function] [call site] 00007
4 nalloc_random_update [function] [call site] 00008
4 nalloc_random_update [function] [call site] 00009
4 nalloc_backtrace_exclude [function] [call site] 00010
5 fprintf [call site] 00011
3 __errno_location [call site] 00012
3 __libc_calloc [call site] 00013
2 crypto_new [function] [call site] 00014
3 calloc [function] [call site] 00015
2 ssh_socket_new [function] [call site] 00016
3 calloc [function] [call site] 00017
3 _ssh_set_error_oom [function] [call site] 00018
4 snprintf [call site] 00019
3 ssh_buffer_new [function] [call site] 00020
4 calloc [function] [call site] 00021
4 ssh_buffer_allocate_size [function] [call site] 00022
5 buffer_shift [function] [call site] 00023
6 explicit_bzero [call site] 00024
5 realloc_buffer [function] [call site] 00025
6 explicit_bzero [call site] 00026
6 realloc [function] [call site] 00027
7 nalloc_fail [function] [call site] 00028
7 __errno_location [call site] 00029
7 __libc_realloc [call site] 00030
3 _ssh_set_error_oom [function] [call site] 00031
3 ssh_buffer_new [function] [call site] 00032
3 _ssh_set_error_oom [function] [call site] 00033
3 ssh_buffer_free [function] [call site] 00034
4 explicit_bzero [call site] 00035
4 explicit_bzero [call site] 00036
2 ssh_buffer_new [function] [call site] 00037
2 ssh_buffer_new [function] [call site] 00038
2 ssh_list_new [function] [call site] 00039
2 ssh_set_blocking [function] [call site] 00040
2 ssh_agent_new [function] [call site] 00041
3 calloc [function] [call site] 00042
3 ssh_socket_new [function] [call site] 00043
2 ssh_pki_ctx_new [function] [call site] 00044
3 calloc [function] [call site] 00045
2 ssh_list_new [function] [call site] 00046
2 ssh_list_new [function] [call site] 00047
2 ssh_list_new [function] [call site] 00048
2 ssh_list_new [function] [call site] 00049
2 ssh_list_new [function] [call site] 00050
2 ssh_list_new [function] [call site] 00051
2 strdup [call site] 00052
2 ssh_list_append [function] [call site] 00053
3 ssh_iterator_new [function] [call site] 00054
2 strdup [call site] 00055
2 ssh_list_append [function] [call site] 00056
2 strdup [call site] 00057
2 ssh_list_append [function] [call site] 00058
2 ssh_free [function] [call site] 00059
3 ssh_list_get_iterator [function] [call site] 00060
3 ssh_channel_do_free [function] [call site] 00061
4 ssh_list_find [function] [call site] 00062
5 ssh_list_get_iterator [function] [call site] 00063
4 ssh_list_remove [function] [call site] 00064
4 ssh_buffer_free [function] [call site] 00065
4 ssh_buffer_free [function] [call site] 00066
4 ssh_list_free [function] [call site] 00067
3 ssh_list_remove [function] [call site] 00068
3 ssh_list_get_iterator [function] [call site] 00069
3 ssh_list_free [function] [call site] 00070
3 ssh_pcap_context_free [function] [call site] 00071
3 ssh_socket_free [function] [call site] 00072
4 ssh_socket_close [function] [call site] 00073
5 ssh_socket_is_open [function] [call site] 00074
5 close [call site] 00075
5 __errno_location [call site] 00076
5 ssh_poll_is_locked [function] [call site] 00077
5 ssh_poll_free [function] [call site] 00078
6 ssh_poll_ctx_remove [function] [call site] 00079
7 ssh_poll_ctx_resize [function] [call site] 00080
8 realloc [function] [call site] 00081
8 realloc [function] [call site] 00082
8 realloc [function] [call site] 00083
5 kill [call site] 00084
5 waitpid [call site] 00085
5 __errno_location [call site] 00086
5 __errno_location [call site] 00087
5 ssh_strerror [function] [call site] 00088
6 __xpg_strerror_r [call site] 00089
5 _ssh_log [function] [call site] 00090
6 ssh_get_log_level [function] [call site] 00091
6 ssh_vlog [function] [call site] 00092
7 vsnprintf [call site] 00093
7 ssh_log_function [function] [call site] 00094
8 ssh_get_log_callback [function] [call site] 00095
8 ssh_log_custom [function] [call site] 00096
9 snprintf [call site] 00097
9 ssh_get_log_userdata [function] [call site] 00098
8 ssh_log_stderr [function] [call site] 00099
9 current_timestring [function] [call site] 00100
10 gettimeofday [call site] 00101
10 localtime_r [call site] 00102
10 strftime [call site] 00103
10 snprintf [call site] 00104
10 strftime [call site] 00105
10 snprintf [call site] 00106
9 fprintf [call site] 00107
9 fprintf [call site] 00108
9 fprintf [call site] 00109
5 _ssh_log [function] [call site] 00110
5 _ssh_log [function] [call site] 00111
4 ssh_buffer_free [function] [call site] 00112
4 ssh_buffer_free [function] [call site] 00113
3 ssh_poll_ctx_free [function] [call site] 00114
4 ssh_poll_free [function] [call site] 00115
3 ssh_buffer_free [function] [call site] 00116
3 ssh_buffer_free [function] [call site] 00117
3 ssh_buffer_free [function] [call site] 00118
3 ssh_buffer_free [function] [call site] 00119
3 crypto_free [function] [call site] 00120
4 ssh_key_free [function] [call site] 00121
5 ssh_key_clean [function] [call site] 00122
6 pki_key_clean [function] [call site] 00123
7 EVP_PKEY_free [call site] 00124
6 ssh_buffer_free [function] [call site] 00125
6 ssh_string_burn [function] [call site] 00126
7 ssh_string_len [function] [call site] 00127
8 ntohl [call site] 00128
7 explicit_bzero [call site] 00129
6 ssh_string_free [function] [call site] 00130
6 ssh_string_burn [function] [call site] 00131
6 ssh_string_free [function] [call site] 00132
6 ssh_string_burn [function] [call site] 00133
6 ssh_string_free [function] [call site] 00134
6 ssh_string_burn [function] [call site] 00135
6 ssh_string_free [function] [call site] 00136
4 ssh_dh_cleanup [function] [call site] 00137
5 DH_free [call site] 00138
5 DH_free [call site] 00139
4 BN_clear_free [call site] 00140
4 EC_KEY_free [call site] 00141
4 EVP_PKEY_free [call site] 00142
4 explicit_bzero [call site] 00143
4 explicit_bzero [call site] 00144
4 compress_cleanup [function] [call site] 00145
5 deflateEnd [call site] 00146
5 inflateEnd [call site] 00147
4 explicit_bzero [call site] 00148
4 explicit_bzero [call site] 00149
4 cipher_free [function] [call site] 00150
5 ssh_cipher_clear [function] [call site] 00151
4 cipher_free [function] [call site] 00152
4 explicit_bzero [call site] 00153
4 ssh_string_burn [function] [call site] 00154
4 ssh_string_free [function] [call site] 00155
4 ssh_string_free [function] [call site] 00156
4 ssh_string_free [function] [call site] 00157
4 explicit_bzero [call site] 00158
3 crypto_free [function] [call site] 00159
3 ssh_agent_free [function] [call site] 00160
4 ssh_buffer_free [function] [call site] 00161
4 ssh_agent_close [function] [call site] 00162
5 ssh_socket_close [function] [call site] 00163
4 ssh_socket_free [function] [call site] 00164
3 ssh_pki_ctx_free [function] [call site] 00165
3 ssh_key_free [function] [call site] 00166
3 ssh_key_free [function] [call site] 00167
3 ssh_key_free [function] [call site] 00168
3 _ssh_list_pop_head [function] [call site] 00169
3 ssh_message_free [function] [call site] 00170
4 strlen [call site] 00171
4 explicit_bzero [call site] 00172
4 ssh_key_free [function] [call site] 00173
4 ssh_key_free [function] [call site] 00174
3 _ssh_list_pop_head [function] [call site] 00175
3 ssh_list_free [function] [call site] 00176
3 ssh_kbdint_free [function] [call site] 00177
4 strlen [call site] 00178
4 explicit_bzero [call site] 00179
4 strlen [call site] 00180
4 explicit_bzero [call site] 00181
3 ssh_list_free [function] [call site] 00182
3 _ssh_list_pop_head [function] [call site] 00183
3 _ssh_list_pop_head [function] [call site] 00184
3 ssh_list_free [function] [call site] 00185
3 _ssh_list_pop_head [function] [call site] 00186
3 _ssh_list_pop_head [function] [call site] 00187
3 ssh_list_free [function] [call site] 00188
3 _ssh_list_pop_head [function] [call site] 00189
3 _ssh_list_pop_head [function] [call site] 00190
3 ssh_list_free [function] [call site] 00191
3 _ssh_list_pop_head [function] [call site] 00192
3 _ssh_list_pop_head [function] [call site] 00193
3 ssh_list_free [function] [call site] 00194
3 ssh_proxyjumps_free [function] [call site] 00195
4 _ssh_list_pop_head [function] [call site] 00196
4 _ssh_list_pop_head [function] [call site] 00197
3 ssh_list_free [function] [call site] 00198
3 ssh_list_free [function] [call site] 00199
3 _ssh_list_pop_head [function] [call site] 00200
3 ssh_buffer_free [function] [call site] 00201
3 ssh_list_free [function] [call site] 00202
3 ssh_agent_state_free [function] [call site] 00203
4 ssh_string_free_char [function] [call site] 00204
4 ssh_key_free [function] [call site] 00205
3 _ssh_remove_legacy_log_cb [function] [call site] 00206
4 ssh_get_log_callback [function] [call site] 00207
4 _ssh_reset_log_cb [function] [call site] 00208
4 ssh_set_log_userdata [function] [call site] 00209
3 explicit_bzero [call site] 00210
1 create_minimal_sftp_session [function] [call site] 00211
2 calloc [function] [call site] 00212
1 ssh_buffer_new [function] [call site] 00213
1 ssh_buffer_reinit [function] [call site] 00214
2 explicit_bzero [call site] 00215
2 realloc_buffer [function] [call site] 00216
1 ssh_buffer_add_data [function] [call site] 00217
2 buffer_shift [function] [call site] 00218
2 realloc_buffer [function] [call site] 00219
1 sftp_parse_attr [function] [call site] 00220
2 sftp_parse_attr_4 [function] [call site] 00221
3 calloc [function] [call site] 00222
3 _ssh_set_error_oom [function] [call site] 00223
3 sftp_set_error [function] [call site] 00224
3 ssh_buffer_get_u32 [function] [call site] 00225
4 ssh_buffer_get_data [function] [call site] 00226
5 ssh_buffer_validate_length [function] [call site] 00227
3 ntohl [call site] 00228
3 ssh_buffer_get_u64 [function] [call site] 00229
4 ssh_buffer_get_data [function] [call site] 00230
3 ntohl [call site] 00231
3 ssh_buffer_get_ssh_string [function] [call site] 00232
4 ssh_buffer_get_u32 [function] [call site] 00233
4 ntohl [call site] 00234
4 ssh_buffer_validate_length [function] [call site] 00235
4 ssh_string_new [function] [call site] 00236
5 __errno_location [call site] 00237
5 htonl [call site] 00238
4 ssh_string_data [function] [call site] 00239
4 ssh_buffer_get_data [function] [call site] 00240
3 ssh_string_to_char [function] [call site] 00241
4 ssh_string_len [function] [call site] 00242
3 ssh_string_free [function] [call site] 00243
3 ssh_buffer_get_ssh_string [function] [call site] 00244
3 ssh_string_to_char [function] [call site] 00245
3 ssh_string_free [function] [call site] 00246
3 ssh_buffer_get_u32 [function] [call site] 00247
3 ntohl [call site] 00248
3 ssh_buffer_get_u64 [function] [call site] 00249
3 ntohl [call site] 00250
3 ssh_buffer_get_u32 [function] [call site] 00251
3 ntohl [call site] 00252
3 ssh_buffer_get_u64 [function] [call site] 00253
3 ntohl [call site] 00254
3 ssh_buffer_get_u32 [function] [call site] 00255
3 ntohl [call site] 00256
3 ssh_buffer_get_u64 [function] [call site] 00257
3 ntohl [call site] 00258
3 ssh_buffer_get_u32 [function] [call site] 00259
3 ntohl [call site] 00260
3 ssh_buffer_get_ssh_string [function] [call site] 00261
3 ssh_buffer_get_u32 [function] [call site] 00262
3 ntohl [call site] 00263
3 ssh_buffer_get_ssh_string [function] [call site] 00264
3 ssh_buffer_get_ssh_string [function] [call site] 00265
3 ssh_string_free [function] [call site] 00266
3 ssh_string_free [function] [call site] 00267
3 ssh_string_free [function] [call site] 00268
3 ssh_string_free [function] [call site] 00269
3 ssh_string_free [function] [call site] 00270
3 _ssh_set_error [function] [call site] 00271
4 vsnprintf [call site] 00272
4 ssh_get_log_level [function] [call site] 00273
4 ssh_log_function [function] [call site] 00274
2 sftp_parse_attr_3 [function] [call site] 00275
3 calloc [function] [call site] 00276
3 _ssh_set_error_oom [function] [call site] 00277
3 sftp_set_error [function] [call site] 00278
3 _ssh_buffer_unpack [function] [call site] 00279
4 ssh_buffer_unpack_va [function] [call site] 00280
5 ssh_buffer_get_len [function] [call site] 00281
5 ssh_buffer_get_u8 [function] [call site] 00282
6 ssh_buffer_get_data [function] [call site] 00283
5 ssh_buffer_get_data [function] [call site] 00284
5 ntohs [call site] 00285
5 ssh_buffer_get_u32 [function] [call site] 00286
5 ntohl [call site] 00287
5 ssh_buffer_get_u64 [function] [call site] 00288
5 ntohl [call site] 00289
5 ssh_buffer_get_ssh_string [function] [call site] 00290
5 ssh_make_string_bn [function] [call site] 00291
6 ssh_string_len [function] [call site] 00292
6 BN_new [call site] 00293
6 BN_bin2bn [call site] 00294
5 ssh_string_burn [function] [call site] 00295
5 ssh_string_free [function] [call site] 00296
5 ssh_buffer_get_ssh_string [function] [call site] 00297
5 ssh_buffer_get_u32 [function] [call site] 00298
5 ntohl [call site] 00299
5 ssh_buffer_validate_length [function] [call site] 00300
5 ssh_buffer_get_data [function] [call site] 00301
5 ssh_buffer_validate_length [function] [call site] 00302
5 ssh_buffer_get_data [function] [call site] 00303
5 _ssh_log [function] [call site] 00304
5 abort [call site] 00305
5 explicit_bzero [call site] 00306
5 explicit_bzero [call site] 00307
5 explicit_bzero [call site] 00308
5 explicit_bzero [call site] 00309
5 BN_clear_free [call site] 00310
5 ssh_string_burn [function] [call site] 00311
5 strlen [call site] 00312
5 explicit_bzero [call site] 00313
5 explicit_bzero [call site] 00314
3 _ssh_log [function] [call site] 00315
3 ssh_get_openssh_version [function] [call site] 00316
3 sftp_parse_longname [function] [call site] 00317
4 __ctype_b_loc [call site] 00318
4 __ctype_b_loc [call site] 00319
4 __ctype_b_loc [call site] 00320
4 strndup [call site] 00321
3 sftp_parse_longname [function] [call site] 00322
3 _ssh_buffer_unpack [function] [call site] 00323
3 _ssh_log [function] [call site] 00324
3 _ssh_buffer_unpack [function] [call site] 00325
3 _ssh_log [function] [call site] 00326
3 _ssh_buffer_unpack [function] [call site] 00327
3 _ssh_buffer_unpack [function] [call site] 00328
3 _ssh_buffer_unpack [function] [call site] 00329
3 _ssh_buffer_unpack [function] [call site] 00330
3 _ssh_buffer_unpack [function] [call site] 00331
3 _ssh_buffer_unpack [function] [call site] 00332
3 ssh_string_free [function] [call site] 00333
3 ssh_string_free [function] [call site] 00334
3 _ssh_set_error [function] [call site] 00335
3 sftp_set_error [function] [call site] 00336
2 _ssh_set_error [function] [call site] 00337
1 sftp_attributes_free [function] [call site] 00338
2 ssh_string_free [function] [call site] 00339
2 ssh_string_free [function] [call site] 00340
2 ssh_string_free [function] [call site] 00341
1 ssh_buffer_free [function] [call site] 00342
1 ssh_free [function] [call site] 00343
1 nalloc_end [function] [call site] 00344