Fuzz introspector: lws_upng_inflate_fuzzer
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
0 0 None 6 6 _realloc call site: 00000 /src/libwebsockets/lib/core/alloc.c:140
0 0 None 4 173 lws_api_test_gunzip(FuzzedDataProvider&) call site: 00000 /src/libwebsockets/lws_upng_inflate_fuzzer.cpp:28
0 0 None 2 17 __lws_logv call site: 00005 /src/libwebsockets/lib/core/logs.c:384
0 0 None 2 2 _realloc call site: 00000 /src/libwebsockets/lib/core/alloc.c:154
0 0 None 0 501 _lws_upng_inflate_data call site: 00033 /src/libwebsockets/lib/misc/upng-gzip.c:438
0 0 None 0 501 _lws_upng_inflate_data call site: 00064 /src/libwebsockets/lib/misc/upng-gzip.c:764
0 0 None 0 501 _lws_upng_inflate_data call site: 00065 /src/libwebsockets/lib/misc/upng-gzip.c:768
0 0 None 0 501 _lws_upng_inflate_data call site: 00065 /src/libwebsockets/lib/misc/upng-gzip.c:788
0 0 None 0 41 lws_upng_inflator_create call site: 00003 /src/libwebsockets/lib/misc/upng-gzip.c:974
0 0 None 0 37 _lws_upng_inflate_data call site: 00062 /src/libwebsockets/lib/misc/upng-gzip.c:733
0 0 None 0 0 lws_snprintf call site: 00011 /src/libwebsockets/lib/core/libwebsockets.c:870
0 0 None 0 0 lws_snprintf call site: 00012 /src/libwebsockets/lib/core/libwebsockets.c:877

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 lws_api_test_gunzip(FuzzedDataProvider&) [function] [call site] 00001
2 lws_upng_inflator_create [function] [call site] 00002
3 lws_zalloc [function] [call site] 00003
3 _lws_log [function] [call site] 00004
4 __lws_logv [function] [call site] 00005
5 lws_strncpy [function] [call site] 00006
6 strncpy [call site] 00007
5 lwsl_timestamp [function] [call site] 00008
6 gettimeofday [call site] 00009
6 localtime_r [call site] 00010
6 lws_snprintf [function] [call site] 00011
7 vsnprintf [call site] 00012
6 lws_snprintf [function] [call site] 00013
5 strlen [call site] 00014
5 lws_snprintf [function] [call site] 00015
5 vsnprintf [call site] 00016
3 lws_realloc [function] [call site] 00017
3 _lws_log [function] [call site] 00018
3 lws_realloc [function] [call site] 00019
2 std::__cxx11::basic_string , std::allocator >::~basic_string() [call site] 00020
2 lws_upng_inflate_data [function] [call site] 00021
3 _lws_upng_inflate_data [function] [call site] 00022
4 read_bit [function] [call site] 00023
4 read_bit [function] [call site] 00024
4 read_bit [function] [call site] 00025
4 _lws_log [function] [call site] 00026
4 _lws_log [function] [call site] 00027
4 read_byte [function] [call site] 00028
4 read_byte [function] [call site] 00029
4 read_byte [function] [call site] 00030
4 read_byte [function] [call site] 00031
4 _lws_log [function] [call site] 00032
4 read_byte [function] [call site] 00033
4 huffman_tree_init [function] [call site] 00034
4 huffman_tree_init [function] [call site] 00035
4 _lws_log [function] [call site] 00036
4 huffman_tree_init [function] [call site] 00037
4 huffman_tree_init [function] [call site] 00038
4 huffman_tree_init [function] [call site] 00039
4 read_bits [function] [call site] 00040
5 read_bit [function] [call site] 00041
4 read_bits [function] [call site] 00042
4 read_bits [function] [call site] 00043
4 read_bits [function] [call site] 00044
4 huffman_tree_create_lengths [function] [call site] 00045
5 __assert_fail [call site] 00046
5 __assert_fail [call site] 00047
5 __assert_fail [call site] 00048
5 __assert_fail [call site] 00049
4 huffman_tree_create_lengths [function] [call site] 00050
4 huffman_tree_create_lengths [function] [call site] 00051
4 huffman_decode_symbol [function] [call site] 00052
5 read_bit [function] [call site] 00053
4 read_bits [function] [call site] 00054
4 read_bits [function] [call site] 00055
4 read_bits [function] [call site] 00056
4 _lws_log [function] [call site] 00057
4 huffman_decode_symbol [function] [call site] 00058
4 read_bits [function] [call site] 00059
4 huffman_decode_symbol [function] [call site] 00060
4 _lws_log [function] [call site] 00061
4 read_bits [function] [call site] 00062
4 _lws_log [function] [call site] 00063
4 __assert_fail [call site] 00064
4 _lws_log [function] [call site] 00065
4 read_byte [function] [call site] 00066
4 read_byte [function] [call site] 00067
4 read_byte [function] [call site] 00068
4 read_byte [function] [call site] 00069
4 read_byte [function] [call site] 00070
4 read_byte [function] [call site] 00071
4 read_byte [function] [call site] 00072
4 read_byte [function] [call site] 00073
4 read_byte [function] [call site] 00074
4 read_byte [function] [call site] 00075
4 read_byte [function] [call site] 00076
2 lws_upng_inflator_destroy [function] [call site] 00077
3 lws_realloc [function] [call site] 00078
3 lws_realloc [function] [call site] 00079