Fuzz introspector: libfplist_property_list_fuzzer
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
85 85 8 :

['libfplist_xml_scanner_realloc', 'clearerr', 'ferror', 'libfplist_xml_scanner_restart', 'fread', '__errno_location', 'yy_fatal_error', 'getc']

85 85 yy_get_next_buffer call site: 00057 /src/libfplist/libfplist/libfplist_xml_scanner.c:158629
16 16 5 :

['realloc', 'free', 'libcerror_error_resize', 'libcerror_error_initialize', 'strlen']

16 16 libcerror_error_set call site: 00002 /src/libfmos/libcerror/libcerror_error.c:328
0 78 3 :

['libcerror_error_set', 'free', 'libcdata_array_free']

0 78 libfplist_xml_tag_initialize call site: 00103 /src/libfplist/libfplist/libfplist_xml_tag.c:169
0 70 2 :

['libcerror_error_set', 'libfplist_xml_attribute_free']

0 70 libfplist_xml_tag_append_attribute call site: 00163 /src/libfplist/libfplist/libfplist_xml_tag.c:598
0 64 1 :

['libcerror_error_set']

0 64 libcdata_internal_array_resize call site: 00127 /src/libfwnt/libcdata/libcdata_array.c:823
0 60 1 :

['libfplist_xml_tag_free']

0 60 libfplist_property_list_copy_from_byte_stream call site: 00219 /src/libfplist/libfplist/libfplist_property_list.c:490
0 38 1 :

['libfplist_xml_attribute_free']

0 38 libfplist_xml_tag_append_attribute call site: 00164 /src/libfplist/libfplist/libfplist_xml_tag.c:616
0 32 1 :

['libcerror_error_set']

0 127 libfplist_xml_parser_parse_buffer call site: 00171 /src/libfplist/libfplist/libfplist_xml_parser.c:463
0 32 2 :

['libcerror_error_set', 'free']

0 32 libcdata_array_initialize call site: 00100 /src/libfwnt/libcdata/libcdata_array.c:162
0 32 1 :

['libcerror_error_set']

0 32 libcdata_array_free call site: 00107 /src/libfwnt/libcdata/libcdata_array.c:260
0 32 1 :

['libcerror_error_set']

0 32 libcdata_internal_array_resize call site: 00126 /src/libfwnt/libcdata/libcdata_array.c:797
0 32 1 :

['libcerror_error_set']

0 32 libcdata_array_get_number_of_entries call site: 00204 /src/libfwnt/libcdata/libcdata_array.c:1052

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 libfplist_property_list_initialize [function] [call site] 00001
2 libcerror_error_set [function] [call site] 00002
3 strlen [call site] 00003
3 libcerror_error_initialize [function] [call site] 00004
3 libcerror_error_resize [function] [call site] 00005
4 realloc [call site] 00006
4 realloc [call site] 00007
3 realloc [call site] 00008
3 vsnprintf [call site] 00009
2 libcerror_error_set [function] [call site] 00010
2 libcerror_error_set [function] [call site] 00011
2 libcerror_error_set [function] [call site] 00012
1 libfplist_property_list_copy_from_byte_stream [function] [call site] 00013
2 libcerror_error_set [function] [call site] 00014
2 libcerror_error_set [function] [call site] 00015
2 libcerror_error_set [function] [call site] 00016
2 libcerror_error_set [function] [call site] 00017
2 libcerror_error_set [function] [call site] 00018
2 libcerror_error_set [function] [call site] 00019
2 libcerror_error_set [function] [call site] 00020
2 libfplist_xml_parser_parse_buffer [function] [call site] 00021
3 libcerror_error_set [function] [call site] 00022
3 libfplist_xml_scanner__scan_buffer [function] [call site] 00023
4 libfplist_xml_scanner_alloc [function] [call site] 00024
4 yy_fatal_error [function] [call site] 00025
5 fprintf [call site] 00026
5 exit [call site] 00027
4 libfplist_xml_scanner__switch_to_buffer [function] [call site] 00028
5 libfplist_xml_scanner_ensure_buffer_stack [function] [call site] 00029
6 libfplist_xml_scanner_alloc [function] [call site] 00030
6 yy_fatal_error [function] [call site] 00031
6 libfplist_xml_scanner_realloc [function] [call site] 00032
7 realloc [call site] 00033
6 yy_fatal_error [function] [call site] 00034
5 libfplist_xml_scanner__load_buffer_state [function] [call site] 00035
3 libfplist_xml_scanner_parse [function] [call site] 00036
4 yygrowstack [function] [call site] 00037
5 realloc [call site] 00038
5 realloc [call site] 00039
4 libfplist_xml_scanner_lex [function] [call site] 00040
5 libfplist_xml_scanner_ensure_buffer_stack [function] [call site] 00041
5 libfplist_xml_scanner__create_buffer [function] [call site] 00042
6 libfplist_xml_scanner_alloc [function] [call site] 00043
6 yy_fatal_error [function] [call site] 00044
6 libfplist_xml_scanner_alloc [function] [call site] 00045
6 yy_fatal_error [function] [call site] 00046
6 libfplist_xml_scanner__init_buffer [function] [call site] 00047
7 __errno_location [call site] 00048
7 libfplist_xml_scanner__flush_buffer [function] [call site] 00049
8 libfplist_xml_scanner__load_buffer_state [function] [call site] 00050
7 __errno_location [call site] 00051
5 libfplist_xml_scanner__load_buffer_state [function] [call site] 00052
5 fwrite [call site] 00053
5 yy_get_previous_state [function] [call site] 00054
5 yy_try_NUL_trans [function] [call site] 00055
5 yy_get_next_buffer [function] [call site] 00056
6 yy_fatal_error [function] [call site] 00057
6 libfplist_xml_scanner_realloc [function] [call site] 00058
6 yy_fatal_error [function] [call site] 00059
6 getc [call site] 00060
6 ferror [call site] 00061
6 yy_fatal_error [function] [call site] 00062
6 __errno_location [call site] 00063
6 fread [call site] 00064
6 clearerr [call site] 00065
6 libfplist_xml_scanner_restart [function] [call site] 00066
7 libfplist_xml_scanner_ensure_buffer_stack [function] [call site] 00067
7 libfplist_xml_scanner__create_buffer [function] [call site] 00068
7 libfplist_xml_scanner__init_buffer [function] [call site] 00069
7 libfplist_xml_scanner__load_buffer_state [function] [call site] 00070
6 libfplist_xml_scanner_realloc [function] [call site] 00071
6 yy_fatal_error [function] [call site] 00072
5 libfplist_xml_scanner_wrap [function] [call site] 00073
5 libfplist_xml_scanner_restart [function] [call site] 00074
5 yy_get_previous_state [function] [call site] 00075
5 yy_get_previous_state [function] [call site] 00076
5 yy_fatal_error [function] [call site] 00077
4 yygrowstack [function] [call site] 00078
4 libfplist_xml_scanner_error [function] [call site] 00079
5 fprintf [call site] 00080
4 yygrowstack [function] [call site] 00081
4 libcerror_error_set [function] [call site] 00082
4 libfplist_xml_tag_initialize [function] [call site] 00083
5 libcerror_error_set [function] [call site] 00084
5 libcerror_error_set [function] [call site] 00085
5 libcerror_error_set [function] [call site] 00086
5 libcerror_error_set [function] [call site] 00087
5 libcerror_error_set [function] [call site] 00088
5 libcerror_error_set [function] [call site] 00089
5 libcerror_error_set [function] [call site] 00090
5 libcerror_error_set [function] [call site] 00091
5 libcdata_array_initialize [function] [call site] 00092
6 libcerror_error_set [function] [call site] 00093
6 libcerror_error_set [function] [call site] 00094
6 libcerror_error_set [function] [call site] 00095
6 libcerror_error_set [function] [call site] 00096
6 libcerror_error_set [function] [call site] 00097
6 libcerror_error_set [function] [call site] 00098
6 libcerror_error_set [function] [call site] 00099
6 libcerror_error_set [function] [call site] 00100
6 libcerror_error_set [function] [call site] 00101
5 libcerror_error_set [function] [call site] 00102
5 libcdata_array_initialize [function] [call site] 00103
5 libcerror_error_set [function] [call site] 00104
5 libcdata_array_free [function] [call site] 00105
6 libcerror_error_set [function] [call site] 00106
6 libcdata_internal_array_clear [function] [call site] 00107
7 libcerror_error_set [function] [call site] 00108
7 libcerror_error_set [function] [call site] 00109
7 libcerror_error_set [function] [call site] 00110
6 libcerror_error_set [function] [call site] 00111
4 libcerror_error_set [function] [call site] 00112
4 libfplist_xml_tag_append_element [function] [call site] 00113
5 libcerror_error_set [function] [call site] 00114
5 libcerror_error_set [function] [call site] 00115
5 libcdata_array_append_entry [function] [call site] 00116
6 libcerror_error_set [function] [call site] 00117
6 libcerror_error_set [function] [call site] 00118
6 libcerror_error_set [function] [call site] 00119
6 libcdata_internal_array_resize [function] [call site] 00120
7 libcerror_error_set [function] [call site] 00121
7 libcerror_error_set [function] [call site] 00122
7 libcerror_error_set [function] [call site] 00123
7 libcerror_error_set [function] [call site] 00124
7 libcerror_error_set [function] [call site] 00125
7 realloc [call site] 00126
7 libcerror_error_set [function] [call site] 00127
7 libcerror_error_set [function] [call site] 00128
7 libcerror_error_set [function] [call site] 00129
6 libcerror_error_set [function] [call site] 00130
5 libcerror_error_set [function] [call site] 00131
4 libcerror_error_set [function] [call site] 00132
4 libcerror_error_set [function] [call site] 00133
4 libcerror_error_set [function] [call site] 00134
4 libcerror_error_set [function] [call site] 00135
4 memcmp [call site] 00136
4 libcerror_error_set [function] [call site] 00137
4 libcerror_error_set [function] [call site] 00138
4 libfplist_xml_tag_set_value [function] [call site] 00139
5 libcerror_error_set [function] [call site] 00140
5 libcerror_error_set [function] [call site] 00141
5 libcerror_error_set [function] [call site] 00142
5 libcerror_error_set [function] [call site] 00143
5 libcerror_error_set [function] [call site] 00144
4 libcerror_error_set [function] [call site] 00145
4 libcerror_error_set [function] [call site] 00146
4 libcerror_error_set [function] [call site] 00147
4 libfplist_xml_tag_append_attribute [function] [call site] 00148
5 libcerror_error_set [function] [call site] 00149
5 libfplist_xml_attribute_initialize [function] [call site] 00150
6 libcerror_error_set [function] [call site] 00151
6 libcerror_error_set [function] [call site] 00152
6 libcerror_error_set [function] [call site] 00153
6 libcerror_error_set [function] [call site] 00154
6 libcerror_error_set [function] [call site] 00155
6 libcerror_error_set [function] [call site] 00156
6 libcerror_error_set [function] [call site] 00157
6 libcerror_error_set [function] [call site] 00158
6 libcerror_error_set [function] [call site] 00159
6 libcerror_error_set [function] [call site] 00160
6 libcerror_error_set [function] [call site] 00161
5 libcerror_error_set [function] [call site] 00162
5 libcdata_array_append_entry [function] [call site] 00163
5 libcerror_error_set [function] [call site] 00164
5 libfplist_xml_attribute_free [function] [call site] 00165
6 libcerror_error_set [function] [call site] 00166
4 libcerror_error_set [function] [call site] 00167
4 libfplist_xml_scanner_lex [function] [call site] 00168
4 yygrowstack [function] [call site] 00169
4 libfplist_xml_scanner_error [function] [call site] 00170
3 libfplist_property_list_set_root_tag [function] [call site] 00171
4 libcerror_error_set [function] [call site] 00172
4 libcerror_error_set [function] [call site] 00173
3 libcerror_error_set [function] [call site] 00174
3 libfplist_xml_scanner__delete_buffer [function] [call site] 00175
4 libfplist_xml_scanner_free [function] [call site] 00176
4 libfplist_xml_scanner_free [function] [call site] 00177
3 libfplist_xml_scanner_lex_destroy [function] [call site] 00178
4 libfplist_xml_scanner__delete_buffer [function] [call site] 00179
4 libfplist_xml_scanner_pop_buffer_state [function] [call site] 00180
5 libfplist_xml_scanner__delete_buffer [function] [call site] 00181
5 libfplist_xml_scanner__load_buffer_state [function] [call site] 00182
4 libfplist_xml_scanner_free [function] [call site] 00183
4 yy_init_globals [function] [call site] 00184
3 libfplist_xml_tag_free [function] [call site] 00185
4 libcdata_array_free [function] [call site] 00186
4 libfplist_xml_tag_free [function] [call site] 00187
5 libcerror_error_set [function] [call site] 00188
5 libcdata_array_free [function] [call site] 00189
5 libfplist_xml_attribute_free [function] [call site] 00190
5 libcerror_error_set [function] [call site] 00191
2 libcerror_error_set [function] [call site] 00192
2 libcerror_error_set [function] [call site] 00193
2 libfplist_xml_tag_compare_name [function] [call site] 00194
3 libcerror_error_set [function] [call site] 00195
3 libcerror_error_set [function] [call site] 00196
3 memcmp [call site] 00197
2 libcerror_error_set [function] [call site] 00198
2 libfplist_xml_tag_compare_name [function] [call site] 00199
2 libcerror_error_set [function] [call site] 00200
2 libfplist_xml_tag_get_number_of_elements [function] [call site] 00201
3 libcerror_error_set [function] [call site] 00202
3 libcdata_array_get_number_of_entries [function] [call site] 00203
4 libcerror_error_set [function] [call site] 00204
4 libcerror_error_set [function] [call site] 00205
3 libcerror_error_set [function] [call site] 00206
2 libcerror_error_set [function] [call site] 00207
2 libfplist_xml_tag_get_element [function] [call site] 00208
3 libcerror_error_set [function] [call site] 00209
3 libcdata_array_get_entry_by_index [function] [call site] 00210
4 libcerror_error_set [function] [call site] 00211
4 libcerror_error_set [function] [call site] 00212
4 libcerror_error_set [function] [call site] 00213
4 libcerror_error_set [function] [call site] 00214
3 libcerror_error_set [function] [call site] 00215
2 libcerror_error_set [function] [call site] 00216
2 libfplist_xml_tag_compare_name [function] [call site] 00217
2 libfplist_xml_tag_compare_name [function] [call site] 00218
2 libcerror_error_set [function] [call site] 00219
2 libfplist_xml_tag_free [function] [call site] 00220
1 libfplist_property_list_free [function] [call site] 00221
2 libfplist_xml_tag_free [function] [call site] 00222
2 libcerror_error_set [function] [call site] 00223