Fuzz introspector: fuzz
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2609 2645 7 :

['ObjectIsStorage', 'CryptSecretEncrypt', 'ProduceOuterWrap', 'HandleToObject', 'MemoryCopy', 'CryptHashGetDigestSize', 'TpmFail']

2609 2645 TPM2_Rewrap call site: 00000 /src/libtpms/src/tpm2/DuplicationCommands.c:202
2563 2566 3 :

['RcSafeAddToResult', 'UnwrapOuter', 'CryptSecretDecrypt']

5225 5300 TPM2_Rewrap call site: 00000 /src/libtpms/src/tpm2/DuplicationCommands.c:169
1608 1608 2 :

['IsAuthPolicyAvailable', 'CheckPolicyAuthSession']

3338 3572 CheckAuthSession call site: 00000 /src/libtpms/src/tpm2/SessionProcess.c:1427
1488 1488 1 :

['CheckSessionHMAC']

1730 1789 CheckAuthSession call site: 00000 /src/libtpms/src/tpm2/SessionProcess.c:1451
1442 1442 2 :

['IsSessionBindEntity', 'SessionGet']

4780 5271 CheckAuthSession call site: 00000 /src/libtpms/src/tpm2/SessionProcess.c:1388
1344 2613 2 :

['PCRComputeCurrentDigest', 'SignAttestInfo']

1344 2613 TPM2_Quote call site: 00000 /src/libtpms/src/tpm2/AttestationCommands.c:182
1297 1297 2 :

['CryptSecretDecrypt', 'CryptIsAsymAlgorithm']

1297 2861 TPM2_StartAuthSession call site: 00000 /src/libtpms/src/tpm2/SessionCommands.c:81
1263 1397 4 :

['RcSafeAddToResult', 'EntityGetAuthValue', 'CryptParameterDecryption', 'DecryptSize']

1263 1397 ParseSessionBuffer call site: 00000 /src/libtpms/src/tpm2/SessionProcess.c:1658
1260 1391 3 :

['EntityGetAuthValue', 'CryptParameterEncryption', 'EncryptSize']

2710 5512 BuildResponseSession call site: 00000 /src/libtpms/src/tpm2/SessionProcess.c:2110
1248 1248 1 :

['OpenSSLCryptRsaGenerateKey']

2493 2497 CryptRsaGenerateKey call site: 00000 /src/libtpms/src/tpm2/crypto/openssl/CryptRsa.c:1474
242 299 4 :

['NvGetIndexInfo', 'NvGetUINT64Data', 'TpmFail', 'NvWriteUINT64Data']

242 299 CheckAuthSession call site: 00000 /src/libtpms/src/tpm2/SessionProcess.c:1459
79 229 5 :

['SetLabelAndContext', 'PublicAttributesValidation', 'TpmFail', 'DRBG_InstantiateSeededKdf', 'RuntimeProfileRequiresAttributeFlags']

1387 4568 TPM2_CreateLoaded call site: 00000 /src/libtpms/src/tpm2/ObjectCommands.c:577

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 TPMLIB_RegisterCallbacks [function] [call site] 00001
1 die(char const*) [function] [call site] 00002
2 fprintf [call site] 00003
2 __assert_fail [call site] 00004
1 TPMLIB_ChooseTPMVersion [function] [call site] 00005
2 ClearAllCachedState [function] [call site] 00006
3 ClearCachedState [function] [call site] 00007
3 ClearCachedState [function] [call site] 00008
3 ClearCachedState [function] [call site] 00009
2 ClearAllCachedState [function] [call site] 00010
1 die(char const*) [function] [call site] 00011
1 TPMLIB_MainInit [function] [call site] 00012
1 die(char const*) [function] [call site] 00013
1 TPMLIB_Process [function] [call site] 00014
1 die(char const*) [function] [call site] 00015
1 TPMLIB_Process [function] [call site] 00016
1 die(char const*) [function] [call site] 00017
1 TPMLIB_GetState [function] [call site] 00018
1 die(char const*) [function] [call site] 00019
1 TPMLIB_GetState [function] [call site] 00020
1 die(char const*) [function] [call site] 00021
1 TPMLIB_Terminate [function] [call site] 00022
1 TPMLIB_SetState [function] [call site] 00023
1 die(char const*) [function] [call site] 00024
1 TPMLIB_SetState [function] [call site] 00025
1 die(char const*) [function] [call site] 00026
1 TPMLIB_MainInit [function] [call site] 00027
1 die(char const*) [function] [call site] 00028
1 TPMLIB_Terminate [function] [call site] 00029
1 TPM_Free [function] [call site] 00030
1 TPM_Free [function] [call site] 00031
1 TPM_Free [function] [call site] 00032
1 TPM_Free [function] [call site] 00033