Fuzz introspector
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues
Project coverage
Per-fuzzer coverage

Table of contents

Project overview: mosquitto
High level conclusions
Reachability and coverage overview
Fuzzers overview
Project functions overview
Fuzzer details
Fuzzer: lib_fuzz_utf8
Call tree
Runtime coverage analysis
Files reached
Fuzzer: mosquitto_passwd_fuzz_load
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: lib_fuzz_pub_topic_check2
Call tree
Runtime coverage analysis
Files reached
Fuzzer: lib_fuzz_sub_topic_check2
Call tree
Runtime coverage analysis
Files reached
Fuzzer: db_dump_fuzz_load_stats
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: db_dump_fuzz_load_client_stats
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: db_dump_fuzz_load
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: broker_fuzz_test_config
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: broker_fuzz_read_handle
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: dynsec_fuzz_load
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Analyses and suggestions
Optimal target analysis
Remaining optimal interesting functions
All functions overview
Runtime coverage analysis
Complex functions with low coverage
Files and Directories in report
Files in report
Directories in report
Metadata section
Function call coverage
Function in each files in report
Report generation date: 2023-06-07

Project overview: mosquitto

High level conclusions

Reachability and coverage overview

Functions statically reachable by fuzzers
93.0%
771 / 828
Cyclomatic complexity statically reachable by fuzzers
94.0%
8363 / 8911
Runtime code coverage of functions
34.0%
278 / 828

Fuzzers overview

Fuzzer Fuzzer filename Functions Reached Functions unreached Fuzzer depth Files reached Basic blocks reached Cyclomatic complexity Details
lib_fuzz_utf8 fuzzing/lib/lib_fuzz_utf8.cpp 2 0 1 2 83 32 lib_fuzz_utf8.cpp
mosquitto_passwd_fuzz_load fuzzing/apps/mosquitto_passwd/mosquitto_passwd_fuzz_load.cpp 77 10 6 6 410 277 mosquitto_passwd_fuzz_load.cpp
lib_fuzz_pub_topic_check2 fuzzing/lib/lib_fuzz_pub_topic_check2.cpp 2 10 1 2 19 8 lib_fuzz_pub_topic_check2.cpp
lib_fuzz_sub_topic_check2 fuzzing/lib/lib_fuzz_sub_topic_check2.cpp 2 10 1 2 39 15 lib_fuzz_sub_topic_check2.cpp
db_dump_fuzz_load_stats fuzzing/apps/db_dump/db_dump_fuzz_load_stats.cpp 86 76 9 12 1696 533 db_dump_fuzz_load_stats.cpp
db_dump_fuzz_load_client_stats fuzzing/apps/db_dump/db_dump_fuzz_load_client_stats.cpp 86 76 9 12 1696 533 db_dump_fuzz_load_client_stats.cpp
db_dump_fuzz_load fuzzing/apps/db_dump/db_dump_fuzz_load.cpp 86 76 9 12 1696 533 db_dump_fuzz_load.cpp
broker_fuzz_test_config fuzzing/broker/broker_fuzz_test_config.cpp 832 68 25 99 19660 6770 broker_fuzz_test_config.cpp
broker_fuzz_read_handle fuzzing/broker/broker_fuzz_read_handle.cpp 326 572 22 67 9488 2959 broker_fuzz_read_handle.cpp
dynsec_fuzz_load fuzzing/plugins/dynamic-security/dynsec_fuzz_load.cpp 409 644 22 59 10944 3443 dynsec_fuzz_load.cpp

Project functions overview

The following table shows data about each function in the project. The functions included in this table correspond to all functions that exist in the executables of the fuzzers. As such, there may be functions that are from third-party libraries.

For further technical details on the meaning of columns in the below table, please see the Glossary .

Func name Functions filename Args Function call depth Reached by Fuzzers Fuzzers runtime hit Func lines hit % I Count BB Count Cyclomatic complexity Functions reached Reached by functions Accumulated cyclomatic complexity Undiscovered complexity

Fuzzer details

Fuzzer: lib_fuzz_utf8

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 0 0.0%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 2 100.%
All colors 2 100

Runtime coverage analysis

Covered functions
2
Functions that are reachable but not covered
0
Reachable functions
2
Percentage of reachable functions covered
100.0%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/lib/lib_fuzz_utf8.cpp 1
lib/utf8_mosq.c 1

Fuzzer: mosquitto_passwd_fuzz_load

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 100 53.7%
gold [1:9] 4 2.15%
yellow [10:29] 2 1.07%
greenyellow [30:49] 1 0.53%
lawngreen 50+ 79 42.4%
All colors 186 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
102 102 1 :

['update_file']

118 136 mosquitto_passwd_fuzz_main call site: 00141 /src/mosquitto/apps/mosquitto_passwd/mosquitto_passwd.c:644
53 53 1 :

['delete_pwuser']

69 87 mosquitto_passwd_fuzz_main call site: 00140 /src/mosquitto/apps/mosquitto_passwd/mosquitto_passwd.c:642
34 34 1 :

['get_password']

56 181 mosquitto_passwd_fuzz_main call site: 00162 /src/mosquitto/apps/mosquitto_passwd/mosquitto_passwd.c:647
12 12 5 :

['EVP_DigestUpdate', 'EVP_MD_CTX_new', 'EVP_DigestInit_ex', 'EVP_DigestFinal_ex', 'EVP_MD_CTX_free']

14 14 pw__hash call site: 00091 /src/mosquitto/apps/mosquitto_passwd/../../common/password_mosq.c:91
0 56 1 :

['output_new_password']

42 98 mosquitto_passwd_fuzz_main call site: 00067 /src/mosquitto/apps/mosquitto_passwd/mosquitto_passwd.c:591
0 0 None 305 656 mosquitto_passwd_fuzz_main call site: 00032 /src/mosquitto/apps/mosquitto_passwd/mosquitto_passwd.c:460
0 0 None 305 656 mosquitto_passwd_fuzz_main call site: 00038 /src/mosquitto/apps/mosquitto_passwd/mosquitto_passwd.c:476
0 0 None 305 656 mosquitto_passwd_fuzz_main call site: 00039 /src/mosquitto/apps/mosquitto_passwd/mosquitto_passwd.c:478
0 0 None 305 656 mosquitto_passwd_fuzz_main call site: 00040 /src/mosquitto/apps/mosquitto_passwd/mosquitto_passwd.c:480
0 0 None 287 638 mosquitto_passwd_fuzz_main call site: 00044 /src/mosquitto/apps/mosquitto_passwd/mosquitto_passwd.c:491
0 0 None 283 634 mosquitto_passwd_fuzz_main call site: 00048 /src/mosquitto/apps/mosquitto_passwd/mosquitto_passwd.c:515
0 0 None 283 634 mosquitto_passwd_fuzz_main call site: 00050 /src/mosquitto/apps/mosquitto_passwd/mosquitto_passwd.c:534

Runtime coverage analysis

Covered functions
15
Functions that are reachable but not covered
61
Reachable functions
77
Percentage of reachable functions covered
20.78%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/apps/mosquitto_passwd/mosquitto_passwd_fuzz_load.cpp 2
apps/mosquitto_passwd/mosquitto_passwd.c 12
apps/mosquitto_passwd/get_password.c 3
apps/mosquitto_passwd/../../common/password_mosq.c 1
apps/mosquitto_passwd/../../common/base64_mosq.c 1
apps/mosquitto_passwd/../../common/misc_mosq.c 2

Fuzzer: lib_fuzz_pub_topic_check2

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 0 0.0%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 2 100.%
All colors 2 100

Runtime coverage analysis

Covered functions
2
Functions that are reachable but not covered
0
Reachable functions
2
Percentage of reachable functions covered
100.0%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/lib/lib_fuzz_pub_topic_check2.cpp 1
lib/util_topic.c 1

Fuzzer: lib_fuzz_sub_topic_check2

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 0 0.0%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 2 100.%
All colors 2 100

Runtime coverage analysis

Covered functions
2
Functions that are reachable but not covered
0
Reachable functions
2
Percentage of reachable functions covered
100.0%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/lib/lib_fuzz_sub_topic_check2.cpp 1
lib/util_topic.c 1

Fuzzer: db_dump_fuzz_load_stats

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 59 20.0%
gold [1:9] 1 0.34%
yellow [10:29] 10 3.40%
greenyellow [30:49] 1 0.34%
lawngreen 50+ 223 75.8%
All colors 294 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
40 40 1 :

['print__base_msg']

40 54 dump__base_msg_chunk_process call site: 00150 /src/mosquitto/apps/db_dump/db_dump.c:303
16 53 7 :

['exit', 'strdup', 'mosquitto_free', 'mosquitto_malloc', 'calloc', 'strlen', 'free']

22 61 dump__client_chunk_process call site: 00262 /src/mosquitto/apps/db_dump/db_dump.c:162
12 12 2 :

['memcmp', 'strlen']

17 19 dump__client_msg_chunk_process call site: 00191 /src/mosquitto/apps/db_dump/db_dump.c:202
10 10 2 :

['memcmp', 'strlen']

14 16 dump__sub_chunk_process call site: 00233 /src/mosquitto/apps/db_dump/db_dump.c:355
8 45 4 :

['exit', 'calloc', 'mosquitto_free', 'mosquitto_malloc']

48 99 dump__base_msg_chunk_process call site: 00146 /src/mosquitto/apps/db_dump/db_dump.c:292
6 6 1 :

['print__client']

6 8 dump__client_chunk_process call site: 00265 /src/mosquitto/apps/db_dump/db_dump.c:173
5 5 1 :

['print__client_msg']

5 7 dump__client_msg_chunk_process call site: 00193 /src/mosquitto/apps/db_dump/db_dump.c:215
4 4 1 :

['print__sub']

4 6 dump__sub_chunk_process call site: 00234 /src/mosquitto/apps/db_dump/db_dump.c:363
0 0 None 24 821 db_dump_fuzz_main call site: 00008 /src/mosquitto/apps/db_dump/db_dump.c:429
0 0 None 22 819 db_dump_fuzz_main call site: 00012 /src/mosquitto/apps/db_dump/db_dump.c:445
0 0 None 6 196 persist__chunk_client_msg_read_v56 call site: 00172 /src/mosquitto/src/persist_read_v5.c:131
0 0 None 6 26 db_dump_fuzz_main call site: 00273 /src/mosquitto/apps/db_dump/db_dump.c:491

Runtime coverage analysis

Covered functions
56
Functions that are reachable but not covered
29
Reachable functions
86
Percentage of reachable functions covered
66.28%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/apps/db_dump/db_dump_fuzz_load_stats.cpp 2
apps/db_dump/db_dump.c 14
src/persist_read.c 3
src/persist_read_v5.c 7
src/persist_read_v234.c 7
apps/db_dump/stubs.c 2
src/../lib/memory_mosq.c 3
src/../lib/property_mosq.c 9
src/../lib/packet_datatypes.c 6
src/../lib/utf8_mosq.c 1
src/memory_public.c 2
apps/db_dump/print.c 5

Fuzzer: db_dump_fuzz_load_client_stats

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 53 18.0%
gold [1:9] 1 0.34%
yellow [10:29] 9 3.06%
greenyellow [30:49] 2 0.68%
lawngreen 50+ 229 77.8%
All colors 294 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
40 40 1 :

['print__base_msg']

40 54 dump__base_msg_chunk_process call site: 00150 /src/mosquitto/apps/db_dump/db_dump.c:303
6 6 1 :

['print__client']

6 8 dump__client_chunk_process call site: 00265 /src/mosquitto/apps/db_dump/db_dump.c:173
5 5 1 :

['print__client_msg']

5 7 dump__client_msg_chunk_process call site: 00193 /src/mosquitto/apps/db_dump/db_dump.c:215
4 4 1 :

['print__sub']

4 6 dump__sub_chunk_process call site: 00234 /src/mosquitto/apps/db_dump/db_dump.c:363
0 0 None 46 97 dump__base_msg_chunk_process call site: 00147 /src/mosquitto/apps/db_dump/db_dump.c:294
0 0 None 24 821 db_dump_fuzz_main call site: 00008 /src/mosquitto/apps/db_dump/db_dump.c:429
0 0 None 22 819 db_dump_fuzz_main call site: 00012 /src/mosquitto/apps/db_dump/db_dump.c:445
0 0 None 20 59 dump__client_chunk_process call site: 00262 /src/mosquitto/apps/db_dump/db_dump.c:164
0 0 None 6 196 persist__chunk_client_msg_read_v56 call site: 00172 /src/mosquitto/src/persist_read_v5.c:131
0 0 None 6 26 db_dump_fuzz_main call site: 00273 /src/mosquitto/apps/db_dump/db_dump.c:491
0 0 None 2 183 persist__chunk_base_msg_read_v56 call site: 00069 /src/mosquitto/src/persist_read_v5.c:212
0 0 None 0 179 property__read_all call site: 00073 /src/mosquitto/src/../lib/property_mosq.c:172

Runtime coverage analysis

Covered functions
56
Functions that are reachable but not covered
29
Reachable functions
86
Percentage of reachable functions covered
66.28%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/apps/db_dump/db_dump_fuzz_load_client_stats.cpp 2
apps/db_dump/db_dump.c 14
src/persist_read.c 3
src/persist_read_v5.c 7
src/persist_read_v234.c 7
apps/db_dump/stubs.c 2
src/../lib/memory_mosq.c 3
src/../lib/property_mosq.c 9
src/../lib/packet_datatypes.c 6
src/../lib/utf8_mosq.c 1
src/memory_public.c 2
apps/db_dump/print.c 5

Fuzzer: db_dump_fuzz_load

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 28 9.52%
gold [1:9] 1 0.34%
yellow [10:29] 10 3.40%
greenyellow [30:49] 2 0.68%
lawngreen 50+ 253 86.0%
All colors 294 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
16 53 7 :

['exit', 'strdup', 'mosquitto_free', 'mosquitto_malloc', 'calloc', 'strlen', 'free']

16 61 dump__client_chunk_process call site: 00261 /src/mosquitto/apps/db_dump/db_dump.c:162
12 12 2 :

['memcmp', 'strlen']

12 19 dump__client_msg_chunk_process call site: 00190 /src/mosquitto/apps/db_dump/db_dump.c:202
10 10 2 :

['memcmp', 'strlen']

10 16 dump__sub_chunk_process call site: 00232 /src/mosquitto/apps/db_dump/db_dump.c:355
8 45 4 :

['exit', 'calloc', 'mosquitto_free', 'mosquitto_malloc']

8 99 dump__base_msg_chunk_process call site: 00144 /src/mosquitto/apps/db_dump/db_dump.c:292
0 0 None 22 819 db_dump_fuzz_main call site: 00011 /src/mosquitto/apps/db_dump/db_dump.c:445
0 0 None 6 196 persist__chunk_client_msg_read_v56 call site: 00171 /src/mosquitto/src/persist_read_v5.c:131
0 0 None 6 26 db_dump_fuzz_main call site: 00272 /src/mosquitto/apps/db_dump/db_dump.c:491
0 0 None 2 183 persist__chunk_base_msg_read_v56 call site: 00067 /src/mosquitto/src/persist_read_v5.c:212
0 0 None 0 179 property__read_all call site: 00071 /src/mosquitto/src/../lib/property_mosq.c:172
0 0 None 0 59 db_dump_fuzz_main call site: 00275 /src/mosquitto/apps/db_dump/db_dump.c:505
0 0 None 0 25 persist__chunk_base_msg_read_v56 call site: 00065 /src/mosquitto/src/persist_read_v5.c:200
0 0 None 0 20 persist__chunk_base_msg_read_v234 call site: 00130 /src/mosquitto/src/persist_read_v234.c:171

Runtime coverage analysis

Covered functions
61
Functions that are reachable but not covered
24
Reachable functions
86
Percentage of reachable functions covered
72.09%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/apps/db_dump/db_dump_fuzz_load.cpp 2
apps/db_dump/db_dump.c 14
src/persist_read.c 3
src/persist_read_v5.c 7
src/persist_read_v234.c 7
apps/db_dump/stubs.c 2
src/../lib/memory_mosq.c 3
src/../lib/property_mosq.c 9
src/../lib/packet_datatypes.c 6
src/../lib/utf8_mosq.c 1
src/memory_public.c 2
apps/db_dump/print.c 5

Fuzzer: broker_fuzz_test_config

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 2861 85.3%
gold [1:9] 172 5.12%
yellow [10:29] 6 0.17%
greenyellow [30:49] 7 0.20%
lawngreen 50+ 307 9.15%
All colors 3353 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
32462 32467 37 :

['keepalive__init', 'listeners__start', 'bridge__db_cleanup', 'context__cleanup', 'plugin__load_all', 'db__close', 'mosquitto_security_init', 'log__init', 'context__free_disused', 'set_umask', 'db__msg_store_compact', 'acl__find_acls', 'mosquitto__daemonise', 'mosquitto_main_loop', 'broker_control__init', 'will_delay__send_all', 'drop_privileges', 'mux__init', 'session_expiry__remove_all', 'signal__setup', 'persist__backup', 'context__send_will', 'mosquitto_security_cleanup', 'sys_tree__init', 'remove', 'listeners__stop', 'report_features', 'keepalive__cleanup', 'mosquitto__free', 'plugin__unload_all', 'broker_control__cleanup', 'bridge__start_all', 'log__close', 'plugin_persist__handle_restore', 'net__broker_cleanup', 'db__open', 'pid__write']

32462 32505 mosquitto_fuzz_main call site: 01195 /src/mosquitto/src/mosquitto.c:363
1384 125677 30 :

['mosquitto__realloc', 'atoi', 'strcmp', 'conf__parse_int', 'strcasecmp', 'conf__attempt_resolve', 'config__plugin_add_secopt', 'config__read_file', 'strrchr', 'listener__set_defaults', 'config__plugin_find', 'conf__set_cur_security_options', 'conf__parse_bool', 'mosquitto__free', 'config__get_dir_files', 'config__plugin_load', 'config__create_default_listener', 'mosquitto__hex2bin_sha1', 'fgets_extending', 'mosquitto__strdup', 'strtok_r', 'strncmp', 'conf__parse_string', 'memory__set_limit', 'bridge__add_topic', 'strlen', 'config__add_listener', 'mosquitto_pub_topic_check', 'mosquitto__malloc', 'conf__parse_ssize_t']

1384 125677 config__read_file_core call site: 00788 /src/mosquitto/src/conf.c:1856
1384 125677 30 :

['mosquitto__realloc', 'atoi', 'strcmp', 'conf__parse_int', 'strcasecmp', 'conf__attempt_resolve', 'config__plugin_add_secopt', 'config__read_file', 'strrchr', 'listener__set_defaults', 'config__plugin_find', 'conf__set_cur_security_options', 'conf__parse_bool', 'mosquitto__free', 'config__get_dir_files', 'config__plugin_load', 'config__create_default_listener', 'mosquitto__hex2bin_sha1', 'fgets_extending', 'mosquitto__strdup', 'strtok_r', 'strncmp', 'conf__parse_string', 'memory__set_limit', 'bridge__add_topic', 'strlen', 'config__add_listener', 'mosquitto_pub_topic_check', 'mosquitto__malloc', 'conf__parse_ssize_t']

1384 125677 config__read_file_core call site: 00828 /src/mosquitto/src/conf.c:1977
840 840 2 :

['strlen', 'db__messages_easy_queue']

840 840 log__vprintf call site: 00076 /src/mosquitto/src/logging.c:357
21 21 1 :

['config__copy']

27 915 config__read call site: 01084 /src/mosquitto/src/conf.c:736
16 21 3 :

['getenv', 'mosquitto__free', 'mosquitto_strdup']

16 41 config__parse_args call site: 01188 /src/mosquitto/src/conf.c:605
9 9 2 :

['get_time', 'strftime']

851 851 log__vprintf call site: 00066 /src/mosquitto/src/logging.c:314
6 6 2 :

['strerror', '__errno_location']

6 6 conf__attempt_resolve call site: 00448 /src/mosquitto/src/conf.c:223
4 12 2 :

['strlen', 'mosquitto__malloc']

4 863 config__read call site: 01130 /src/mosquitto/src/conf.c:764
4 4 1 :

['umask']

14 14 mosquitto__fopen call site: 00380 /src/mosquitto/apps/mosquitto_passwd/../../common/misc_mosq.c:136
2 2 1 :

['syslog']

842 842 log__vprintf call site: 00075 /src/mosquitto/src/logging.c:349
2 2 1 :

['freeaddrinfo']

10 10 conf__attempt_resolve call site: 00447 /src/mosquitto/src/conf.c:218

Runtime coverage analysis

Covered functions
47
Functions that are reachable but not covered
784
Reachable functions
832
Percentage of reachable functions covered
5.77%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/broker/broker_fuzz_test_config.cpp 2
src/mosquitto.c 7
src/../common/time_mosq.c 2
src/plugin_public.c 4
src/net.c 17
src/../lib/net_mosq.c 26
src/conf.c 25
src/listeners.c 7
src/../lib/memory_mosq.c 8
src/logging.c 5
src/database.c 38
src/../lib/property_mosq.c 28
src/memory_public.c 4
src/subs.c 15
src/topic_tok.c 2
src/plugin_acl_check.c 4
src/../lib/util_topic.c 5
src/../lib/util_mosq.c 11
src/sys_tree.c 5
src/plugin_persist.c 13
src/../lib/send_publish.c 2
src/plugin_message.c 3
src/../lib/alias_mosq.c 7
src/../lib/packet_datatypes.c 14
src/../lib/packet_mosq.c 7
src/../lib/net_ws.c 8
src/mux.c 8
src/mux_epoll.c 9
src/../lib/send_mosq.c 8
src/retain.c 8
src/../common/misc_mosq.c 4
src/../lib/utf8_mosq.c 1
src/conf_includedir.c 2
src/bridge_topic.c 5
src/keepalive.c 7
src/persist_read.c 12
src/persist_read_v5.c 7
src/persist_read_v234.c 7
src/context.c 9
src/session_expiry.c 7
src/plugin_init.c 5
src/plugin_v5.c 1
src/plugin_v4.c 7
src/plugin_callbacks.c 7
src/control.c 4
src/plugin_v3.c 5
src/plugin_v2.c 5
src/security_default.c 19
src/../common/base64_mosq.c 2
src/../common/password_mosq.c 1
src/loop.c 6
src/plugin_psk_key.c 2
src/signals.c 3
src/bridge.c 19
src/../lib/will_mosq.c 2
src/../lib/tls_mosq.c 3
/usr/include/openssl/x509v3.h 3
src/../lib/net_mosq_ocsp.c 1
/usr/include/openssl/x509.h 1
src/../lib/send_connect.c 1
src/broker_control.c 9
src/control_common.c 4
src/will_delay.c 5
src/../lib/strings_mosq.c 2
src/plugin_disconnect.c 2
src/plugin_client_offline.c 2
src/../lib/send_disconnect.c 1
src/plugin_tick.c 2
src/http_serv.c 5
src/read_handle.c 1
src/../lib/handle_ping.c 2
src/../lib/handle_pubackcomp.c 1
src/handle_publish.c 1
src/../lib/handle_pubrec.c 1
src/../lib/handle_pubrel.c 1
src/handle_connect.c 8
src/send_connack.c 1
src/property_broker.c 3
src/plugin_extended_auth.c 4
src/plugin_connect.c 2
src/send_auth.c 1
src/plugin_basic_auth.c 2
src/handle_disconnect.c 1
src/handle_subscribe.c 1
src/plugin_subscribe.c 2
src/send_suback.c 1
src/handle_unsubscribe.c 1
src/plugin_unsubscribe.c 2
src/send_unsuback.c 1
src/handle_connack.c 1
src/../lib/send_subscribe.c 1
src/../lib/send_unsubscribe.c 1
src/../lib/handle_suback.c 1
src/../lib/handle_unsuback.c 1
src/handle_auth.c 1
lib/../deps/picohttpparser/picohttpparser.c 8
src/persist_write.c 9
src/persist_write_v5.c 6
src/plugin_cleanup.c 4

Fuzzer: broker_fuzz_read_handle

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 827 65.0%
gold [1:9] 68 5.35%
yellow [10:29] 63 4.95%
greenyellow [30:49] 23 1.80%
lawngreen 50+ 290 22.8%
All colors 1271 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
3384 3402 6 :

['mosquitto__mid_generate', 'send__real_publish', 'db__messages_easy_queue', 'strlen', 'mosquitto__malloc', 'mosquitto__free']

5955 5973 bridge__on_connect call site: 01124 /src/mosquitto/src/bridge.c:634
1443 1443 1 :

['connect__on_authorised']

1443 1443 handle__connect call site: 00737 /src/mosquitto/src/handle_connect.c:977
936 936 1 :

['get_username_from_cert']

4776 15668 handle__connect call site: 00689 /src/mosquitto/src/handle_connect.c:908
893 895 2 :

['send__auth', 'mosquitto__set_state']

893 895 handle__connect call site: 00738 /src/mosquitto/src/handle_connect.c:979
64 64 3 :

['strerror', 'mosquitto_strerror', '__errno_location']

64 1074 do_disconnect call site: 00800 /src/mosquitto/src/loop.c:295
52 52 1 :

['context__add_to_disused']

52 79 context__disconnect call site: 00849 /src/mosquitto/src/context.c:247
39 39 1 :

['bridge__cleanup']

39 1196 context__cleanup call site: 01209 /src/mosquitto/src/context.c:136
37 37 1 :

['session_expiry__add']

37 64 context__disconnect call site: 00841 /src/mosquitto/src/context.c:243
18 18 3 :

['close', 'mosquitto_free', 'memcmp']

18 18 net__socket_close call site: 00845 /src/mosquitto/src/../lib/net_mosq.c:244
16 16 1 :

['ws__prepare_packet']

16 859 packet__queue call site: 00226 /src/mosquitto/src/../lib/packet_mosq.c:175
12 12 1 :

['mosquitto__strdup']

3840 11154 handle__connect call site: 00696 /src/mosquitto/src/handle_connect.c:952
9 9 1 :

['plugin__handle_client_offline']

98 1035 context__disconnect call site: 00833 /src/mosquitto/src/context.c:235

Runtime coverage analysis

Covered functions
132
Functions that are reachable but not covered
194
Reachable functions
326
Percentage of reachable functions covered
40.49%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/broker/broker_fuzz_read_handle.cpp 1
src/logging.c 4
src/../common/misc_mosq.c 1
src/database.c 35
src/../lib/memory_mosq.c 5
src/../lib/property_mosq.c 29
src/memory_public.c 2
src/subs.c 14
src/topic_tok.c 2
src/plugin_acl_check.c 3
src/../lib/util_topic.c 4
src/../lib/util_mosq.c 8
src/../lib/net_mosq.c 5
src/sys_tree.c 2
src/plugin_persist.c 12
src/../lib/send_publish.c 2
src/plugin_message.c 3
src/../lib/alias_mosq.c 7
src/../lib/packet_datatypes.c 14
src/../lib/packet_mosq.c 6
src/../lib/net_ws.c 1
src/mux.c 3
src/mux_epoll.c 3
src/../lib/send_mosq.c 7
src/retain.c 6
src/context.c 7
src/read_handle.c 1
src/../lib/handle_ping.c 2
src/../lib/handle_pubackcomp.c 1
src/handle_publish.c 1
src/../lib/utf8_mosq.c 1
src/bridge_topic.c 1
src/control.c 1
src/../lib/handle_pubrec.c 1
src/../lib/handle_pubrel.c 1
src/handle_connect.c 8
src/send_connack.c 1
src/keepalive.c 3
src/property_broker.c 3
src/plugin_extended_auth.c 4
src/will_delay.c 3
src/loop.c 2
src/../lib/will_mosq.c 1
src/session_expiry.c 4
src/../lib/send_disconnect.c 1
src/../lib/strings_mosq.c 2
src/plugin_disconnect.c 2
src/plugin_client_offline.c 2
src/security_default.c 1
src/plugin_connect.c 2
src/send_auth.c 1
src/plugin_basic_auth.c 2
src/handle_disconnect.c 1
src/handle_subscribe.c 1
src/plugin_subscribe.c 2
src/send_suback.c 1
src/handle_unsubscribe.c 1
src/plugin_unsubscribe.c 2
src/send_unsuback.c 1
src/handle_connack.c 1
src/bridge.c 2
src/../lib/send_subscribe.c 1
src/../lib/send_unsubscribe.c 1
src/../lib/handle_suback.c 1
src/../lib/handle_unsuback.c 1
src/handle_auth.c 1
src/conf.c 1

Fuzzer: dynsec_fuzz_load

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 1539 86.7%
gold [1:9] 0 0.0%
yellow [10:29] 1 0.05%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 234 13.1%
All colors 1774 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
1058 1058 2 :

['fopen', 'dynsec__config_init']

1080 2423 dynsec__config_load call site: 00349 /src/mosquitto/plugins/dynamic-security/config.c:107
31 31 1 :

['dynsec_rolelist__remove_role']

31 31 dynsec_rolelist__client_add call site: 00566 /src/mosquitto/plugins/dynamic-security/rolelist.c:149
31 31 1 :

['dynsec_rolelist__remove_role']

31 31 dynsec_rolelist__group_add call site: 00596 /src/mosquitto/plugins/dynamic-security/rolelist.c:165
29 29 1 :

['dynsec_clientlist__remove']

29 29 dynsec_groups__add_client call site: 00612 /src/mosquitto/plugins/dynamic-security/groups.c:522
4 4 2 :

['strerror', '__errno_location']

6 6 dynsec__config_load call site: 00462 /src/mosquitto/plugins/dynamic-security/config.c:123
2 2 1 :

['openlog']

21 21 log__init call site: 00007 /src/mosquitto/src/logging.c:120
2 2 1 :

['dynsec__config_batch_save']

2 2 dynsec_groups__add_client call site: 00613 /src/mosquitto/plugins/dynamic-security/groups.c:527
0 14 1 :

['mosquitto_strdup']

0 14 mosquitto_plugin_set_info call site: 00346 /src/mosquitto/src/plugin_public.c:43
0 7 1 :

['mosquitto_free']

2 9 dynsec__config_load call site: 00467 /src/mosquitto/plugins/dynamic-security/config.c:139
0 5 1 :

['mosquitto__free']

0 5 control__register_callback call site: 00623 /src/mosquitto/src/control.c:110
0 0 None 28 478 dynsec_groups__config_load call site: 00584 /src/mosquitto/plugins/dynamic-security/groups.c:235
0 0 None 28 478 dynsec_groups__config_load call site: 00587 /src/mosquitto/plugins/dynamic-security/groups.c:246

Runtime coverage analysis

Covered functions
66
Functions that are reachable but not covered
342
Reachable functions
409
Percentage of reachable functions covered
16.38%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/plugins/dynamic-security/dynsec_fuzz_load.cpp 2
src/logging.c 5
plugins/dynamic-security/../../common/misc_mosq.c 2
src/database.c 20
src/../lib/memory_mosq.c 5
src/../lib/property_mosq.c 8
src/memory_public.c 4
src/subs.c 9
src/topic_tok.c 2
src/plugin_acl_check.c 3
src/../lib/util_topic.c 3
src/../lib/util_mosq.c 6
src/../lib/net_mosq.c 5
src/sys_tree.c 1
src/plugin_persist.c 9
src/../lib/send_publish.c 2
src/plugin_message.c 2
src/../lib/alias_mosq.c 5
src/../lib/packet_datatypes.c 7
src/../lib/packet_mosq.c 5
src/../lib/net_ws.c 1
src/mux.c 3
src/mux_epoll.c 3
src/../lib/send_mosq.c 2
src/retain.c 3
plugins/dynamic-security/plugin.c 2
src/plugin_public.c 10
plugins/dynamic-security/config.c 8
plugins/dynamic-security/config_init.c 14
plugins/dynamic-security/../../common/password_mosq.c 1
plugins/dynamic-security/../../common/base64_mosq.c 2
plugins/dynamic-security/../../common/json_help.c 4
plugins/dynamic-security/roles.c 23
plugins/dynamic-security/clients.c 25
plugins/dynamic-security/rolelist.c 11
plugins/dynamic-security/clientlist.c 6
plugins/dynamic-security/groups.c 24
plugins/dynamic-security/grouplist.c 5
src/plugin_callbacks.c 6
src/control.c 2
plugins/dynamic-security/control.c 2
src/control_common.c 4
src/loop.c 2
plugins/dynamic-security/default_acl.c 2
src/../lib/utf8_mosq.c 1
plugins/dynamic-security/hash.c 1
plugins/dynamic-security/kicklist.c 3
src/../lib/send_disconnect.c 1
src/../lib/strings_mosq.c 1
src/context.c 4
src/plugin_disconnect.c 2
src/plugin_client_offline.c 2
src/will_delay.c 2
src/../lib/will_mosq.c 1
src/session_expiry.c 3
src/keepalive.c 2
plugins/dynamic-security/auth.c 2
plugins/dynamic-security/acl.c 2
plugins/dynamic-security/tick.c 1

Analyses and suggestions

Optimal target analysis

Remaining optimal interesting functions

The following table shows a list of functions that are optimal targets. Optimal targets are identified by finding the functions that in combination, yield a high code coverage.

Func name Functions filename Arg count Args Function depth hitcount instr count bb count cyclomatic complexity Reachable functions Incoming references total cyclomatic complexity Unreached complexity

Implementing fuzzers that target the above functions will improve reachability such that it becomes:

Functions statically reachable by fuzzers
93.0%
771 / 828
Cyclomatic complexity statically reachable by fuzzers
94.0%
8363 / 8911

All functions overview

If you implement fuzzers for these functions, the status of all functions in the project will be:

Func name Functions filename Args Function call depth Reached by Fuzzers Fuzzers runtime hit Func lines hit % I Count BB Count Cyclomatic complexity Functions reached Reached by functions Accumulated cyclomatic complexity Undiscovered complexity

Runtime coverage analysis

This section shows analysis of runtime coverage data.

For futher technical details on how this section is generated, please see the Glossary .

Complex functions with low coverage

Func name Function total lines Lines covered at runtime percentage covered Reached by fuzzers
mosquitto_passwd_fuzz_main 233 84 36.05% ['mosquitto_passwd_fuzz_load']
config__parse_args 84 35 41.66% ['broker_fuzz_test_config']
config__read_file_core 1244 498 40.03% ['broker_fuzz_test_config']
config__check_bridges 45 10 22.22% ['broker_fuzz_test_config']
config__get_dir_files 42 23 54.76% ['broker_fuzz_test_config']
mosquitto_fuzz_main 128 29 22.65% ['broker_fuzz_test_config']
packet__write 60 8 13.33% ['broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load']
property__get_length 32 7 21.87% ['broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load']
mosquitto_property_copy_all 80 3 3.75% ['broker_fuzz_test_config', 'broker_fuzz_read_handle']
property__write 32 11 34.37% ['broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load']
bridge__on_connect 83 16 19.27% ['broker_fuzz_test_config', 'broker_fuzz_read_handle']
bridge__remap_topic_in 46 9 19.56% ['broker_fuzz_test_config', 'broker_fuzz_read_handle']
db__message_delete_outgoing 52 14 26.92% ['broker_fuzz_test_config', 'broker_fuzz_read_handle']
db__message_release_incoming 47 15 31.91% ['broker_fuzz_test_config', 'broker_fuzz_read_handle']
db__message_reconnect_reset_outgoing 53 15 28.30% ['broker_fuzz_test_config', 'broker_fuzz_read_handle']
db__message_reconnect_reset_incoming 41 15 36.58% ['broker_fuzz_test_config', 'broker_fuzz_read_handle']
handle__auth 102 13 12.74% ['broker_fuzz_test_config', 'broker_fuzz_read_handle']
handle__publish 309 167 54.04% ['broker_fuzz_test_config', 'broker_fuzz_read_handle']
do_disconnect 101 9 8.910% ['broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load']
mosquitto_acl_check 43 6 13.95% ['broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load']
mosquitto_basic_auth 39 13 33.33% ['broker_fuzz_test_config', 'broker_fuzz_read_handle']
sub__clean_session 50 10 20.0% ['broker_fuzz_test_config', 'broker_fuzz_read_handle']
dynsec__config_load 46 22 47.82% ['dynsec_fuzz_load']
mosquitto_plugin_init 69 32 46.37% ['dynsec_fuzz_load']
mosquitto_callback_register 43 20 46.51% ['broker_fuzz_test_config', 'dynsec_fuzz_load']
get_event_name 60 10 16.66% ['broker_fuzz_test_config', 'dynsec_fuzz_load']

Files and Directories in report

This section shows which files and directories are considered in this report. The main reason for showing this is fuzz introspector may include more code in the reasoning than is desired. This section helps identify if too many files/directories are included, e.g. third party code, which may be irrelevant for the threat model. In the event too much is included, fuzz introspector supports a configuration file that can exclude data from the report. See the following link for more information on how to create a config file: link

Files in report

Source file Reached by Covered by
[] []
/src/mosquitto/src/subs.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load'] ['broker_fuzz_read_handle']
/src/mosquitto/src/loop.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load'] ['broker_fuzz_read_handle']
/src/mosquitto/src/persist_write_v5.c ['broker_fuzz_test_config'] []
/src/mosquitto/plugins/dynamic-security/../../common/json_help.c ['dynsec_fuzz_load'] []
/src/mosquitto/src/sys_tree.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load'] ['broker_fuzz_read_handle']
/src/mosquitto/fuzzing/lib/lib_fuzz_utf8.cpp ['lib_fuzz_utf8'] ['lib_fuzz_utf8']
/src/mosquitto/src/../lib/handle_unsuback.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle'] []
/src/mosquitto/plugins/dynamic-security/grouplist.c ['dynsec_fuzz_load'] ['dynsec_fuzz_load']
/src/mosquitto/fuzzing/broker/broker_fuzz_test_config.cpp ['broker_fuzz_test_config'] ['broker_fuzz_test_config']
/src/mosquitto/src/../lib/handle_suback.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle'] []
/src/mosquitto/src/topic_tok.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load'] []
/src/mosquitto/fuzzing/broker/broker_fuzz_read_handle.cpp ['broker_fuzz_read_handle'] ['broker_fuzz_read_handle']
/src/mosquitto/src/context.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load'] ['broker_fuzz_read_handle']
/src/mosquitto/apps/mosquitto_passwd/../../common/misc_mosq.c ['mosquitto_passwd_fuzz_load'] []
/src/mosquitto/src/database.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load'] ['broker_fuzz_read_handle']
/src/mosquitto/src/../lib/send_subscribe.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle'] []
/src/mosquitto/src/plugin_init.c ['broker_fuzz_test_config'] []
/src/mosquitto/src/../lib/send_unsubscribe.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle'] []
/src/mosquitto/src/will_delay.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load'] []
/src/mosquitto/plugins/dynamic-security/auth.c ['dynsec_fuzz_load'] []
/src/mosquitto/apps/mosquitto_passwd/get_password.c ['mosquitto_passwd_fuzz_load'] []
/src/mosquitto/lib/../deps/picohttpparser/picohttpparser.c ['broker_fuzz_test_config'] []
/src/mosquitto/src/plugin_callbacks.c ['broker_fuzz_test_config', 'dynsec_fuzz_load'] ['dynsec_fuzz_load']
/src/mosquitto/lib/util_topic.c ['lib_fuzz_pub_topic_check2', 'lib_fuzz_sub_topic_check2'] ['lib_fuzz_pub_topic_check2', 'lib_fuzz_sub_topic_check2']
/src/mosquitto/src/../lib/send_publish.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load'] []
/src/mosquitto/src/mux_epoll.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load'] ['broker_fuzz_read_handle']
/src/mosquitto/src/persist_read_v5.c ['db_dump_fuzz_load_stats', 'db_dump_fuzz_load_client_stats', 'db_dump_fuzz_load', 'broker_fuzz_test_config'] ['db_dump_fuzz_load_stats', 'db_dump_fuzz_load_client_stats', 'db_dump_fuzz_load']
/src/mosquitto/src/handle_disconnect.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle'] ['broker_fuzz_read_handle']
/src/mosquitto/src/plugin_tick.c ['broker_fuzz_test_config'] []
/src/mosquitto/src/../lib/strings_mosq.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load'] []
/src/mosquitto/src/handle_connect.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle'] ['broker_fuzz_read_handle']
/src/mosquitto/src/handle_auth.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle'] ['broker_fuzz_read_handle']
/src/mosquitto/src/../common/misc_mosq.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle'] []
/src/mosquitto/src/send_connack.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle'] ['broker_fuzz_read_handle']
/src/mosquitto/fuzzing/apps/db_dump/db_dump_fuzz_load.cpp ['db_dump_fuzz_load'] ['db_dump_fuzz_load']
/src/mosquitto/src/../lib/send_mosq.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load'] []
/src/mosquitto/fuzzing/plugins/dynamic-security/dynsec_fuzz_load.cpp ['dynsec_fuzz_load'] ['dynsec_fuzz_load']
/src/mosquitto/plugins/dynamic-security/roles.c ['dynsec_fuzz_load'] ['dynsec_fuzz_load']
/src/mosquitto/src/plugin_disconnect.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load'] ['broker_fuzz_read_handle']
/src/mosquitto/src/plugin_message.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load'] []
/src/mosquitto/src/../lib/send_connect.c ['broker_fuzz_test_config'] []
/src/mosquitto/fuzzing/lib/lib_fuzz_pub_topic_check2.cpp ['lib_fuzz_pub_topic_check2'] ['lib_fuzz_pub_topic_check2']
/src/mosquitto/src/../lib/handle_pubackcomp.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle'] []
/src/mosquitto/fuzzing/apps/db_dump/db_dump_fuzz_load_stats.cpp ['db_dump_fuzz_load_stats'] ['db_dump_fuzz_load_stats']
/src/mosquitto/src/session_expiry.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load'] []
/src/mosquitto/src/../lib/net_mosq_ocsp.c ['broker_fuzz_test_config'] []
/src/mosquitto/fuzzing/apps/db_dump/db_dump_fuzz_load_client_stats.cpp ['db_dump_fuzz_load_client_stats'] ['db_dump_fuzz_load_client_stats']
/src/mosquitto/plugins/dynamic-security/config.c ['dynsec_fuzz_load'] ['dynsec_fuzz_load']
/src/mosquitto/src/plugin_v3.c ['broker_fuzz_test_config'] []
/src/mosquitto/src/send_unsuback.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle'] ['broker_fuzz_read_handle']
/src/mosquitto/src/persist_read.c ['db_dump_fuzz_load_stats', 'db_dump_fuzz_load_client_stats', 'db_dump_fuzz_load', 'broker_fuzz_test_config'] ['db_dump_fuzz_load_stats', 'db_dump_fuzz_load_client_stats', 'db_dump_fuzz_load']
/src/mosquitto/src/plugin_psk_key.c ['broker_fuzz_test_config'] []
/src/mosquitto/src/plugin_basic_auth.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle'] ['broker_fuzz_read_handle']
/src/mosquitto/src/../lib/handle_pubrec.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle'] []
/src/mosquitto/src/../lib/property_mosq.c ['db_dump_fuzz_load_stats', 'db_dump_fuzz_load_client_stats', 'db_dump_fuzz_load', 'broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load'] []
/src/mosquitto/src/control_common.c ['broker_fuzz_test_config', 'dynsec_fuzz_load'] []
/src/mosquitto/src/conf.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle'] ['broker_fuzz_test_config']
/src/mosquitto/src/../lib/utf8_mosq.c ['db_dump_fuzz_load_stats', 'db_dump_fuzz_load_client_stats', 'db_dump_fuzz_load', 'broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load'] ['lib_fuzz_utf8']
/src/mosquitto/src/../lib/alias_mosq.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load'] []
/src/mosquitto/src/../lib/util_mosq.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load'] []
/src/mosquitto/src/plugin_subscribe.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle'] []
/src/mosquitto/plugins/dynamic-security/groups.c ['dynsec_fuzz_load'] ['dynsec_fuzz_load']
/src/mosquitto/src/conf_includedir.c ['broker_fuzz_test_config'] ['broker_fuzz_test_config']
/src/mosquitto/plugins/dynamic-security/../../common/misc_mosq.c ['dynsec_fuzz_load'] []
/src/mosquitto/src/keepalive.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load'] ['broker_fuzz_read_handle']
/src/mosquitto/apps/db_dump/db_dump.c ['db_dump_fuzz_load_stats', 'db_dump_fuzz_load_client_stats', 'db_dump_fuzz_load'] ['db_dump_fuzz_load_stats', 'db_dump_fuzz_load_client_stats', 'db_dump_fuzz_load']
/src/mosquitto/lib/utf8_mosq.c ['lib_fuzz_utf8'] ['lib_fuzz_utf8']
/src/mosquitto/src/plugin_client_offline.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load'] []
/src/mosquitto/src/handle_publish.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle'] ['broker_fuzz_read_handle']
/src/mosquitto/src/listeners.c ['broker_fuzz_test_config'] ['broker_fuzz_test_config']
/src/mosquitto/src/../common/time_mosq.c ['broker_fuzz_test_config'] []
/src/mosquitto/src/../lib/net_mosq.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load'] []
/usr/include/openssl/x509.h ['broker_fuzz_test_config'] []
/src/mosquitto/src/../lib/handle_ping.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle'] []
/src/mosquitto/plugins/dynamic-security/config_init.c ['dynsec_fuzz_load'] []
/usr/include/openssl/x509v3.h ['broker_fuzz_test_config'] []
/src/mosquitto/src/persist_write.c ['broker_fuzz_test_config'] []
/src/mosquitto/src/../lib/net_ws.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load'] []
/src/mosquitto/src/handle_connack.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle'] ['broker_fuzz_read_handle']
/src/mosquitto/src/security_default.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle'] []
/src/mosquitto/src/../lib/util_topic.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load'] ['lib_fuzz_pub_topic_check2', 'lib_fuzz_sub_topic_check2']
/src/mosquitto/plugins/dynamic-security/control.c ['dynsec_fuzz_load'] []
/src/mosquitto/src/bridge_topic.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle'] ['broker_fuzz_read_handle']
/src/mosquitto/src/../lib/packet_mosq.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load'] []
/src/mosquitto/src/plugin_v5.c ['broker_fuzz_test_config'] []
/src/mosquitto/src/plugin_persist.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load'] ['broker_fuzz_read_handle']
/src/mosquitto/plugins/dynamic-security/default_acl.c ['dynsec_fuzz_load'] []
/src/mosquitto/src/../lib/will_mosq.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load'] []
/src/mosquitto/apps/db_dump/print.c ['db_dump_fuzz_load_stats', 'db_dump_fuzz_load_client_stats', 'db_dump_fuzz_load'] ['db_dump_fuzz_load']
/src/mosquitto/src/read_handle.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle'] ['broker_fuzz_read_handle']
/src/mosquitto/src/../common/base64_mosq.c ['broker_fuzz_test_config'] []
/src/mosquitto/src/signals.c ['broker_fuzz_test_config'] []
/src/mosquitto/plugins/dynamic-security/../../common/base64_mosq.c ['dynsec_fuzz_load'] []
/src/mosquitto/src/mosquitto.c ['broker_fuzz_test_config'] ['broker_fuzz_test_config']
/src/mosquitto/src/net.c ['broker_fuzz_test_config'] ['broker_fuzz_test_config']
/src/mosquitto/src/plugin_extended_auth.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle'] ['broker_fuzz_read_handle']
/src/mosquitto/src/mux.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load'] ['broker_fuzz_read_handle']
/src/mosquitto/src/../common/password_mosq.c ['broker_fuzz_test_config'] []
/src/mosquitto/src/bridge.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle'] ['broker_fuzz_read_handle']
/src/mosquitto/src/plugin_connect.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle'] []
/src/mosquitto/src/send_suback.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle'] ['broker_fuzz_read_handle']
/src/mosquitto/src/http_serv.c ['broker_fuzz_test_config'] []
/src/mosquitto/src/memory_public.c ['db_dump_fuzz_load_stats', 'db_dump_fuzz_load_client_stats', 'db_dump_fuzz_load', 'broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load'] ['db_dump_fuzz_load_stats', 'db_dump_fuzz_load_client_stats', 'db_dump_fuzz_load', 'broker_fuzz_test_config', 'dynsec_fuzz_load']
/src/mosquitto/src/retain.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load'] []
/src/mosquitto/plugins/dynamic-security/clients.c ['dynsec_fuzz_load'] ['dynsec_fuzz_load']
/src/mosquitto/plugins/dynamic-security/hash.c ['dynsec_fuzz_load'] []
/src/mosquitto/src/handle_unsubscribe.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle'] ['broker_fuzz_read_handle']
/src/mosquitto/src/plugin_acl_check.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load'] ['broker_fuzz_read_handle']
/src/mosquitto/src/plugin_public.c ['broker_fuzz_test_config', 'dynsec_fuzz_load'] ['broker_fuzz_test_config', 'dynsec_fuzz_load']
/src/mosquitto/src/persist_read_v234.c ['db_dump_fuzz_load_stats', 'db_dump_fuzz_load_client_stats', 'db_dump_fuzz_load', 'broker_fuzz_test_config'] ['db_dump_fuzz_load_stats', 'db_dump_fuzz_load_client_stats', 'db_dump_fuzz_load']
/src/mosquitto/src/../lib/handle_pubrel.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle'] []
/src/mosquitto/apps/mosquitto_passwd/../../common/base64_mosq.c ['mosquitto_passwd_fuzz_load'] []
/src/mosquitto/src/../lib/send_disconnect.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load'] []
/src/mosquitto/src/handle_subscribe.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle'] ['broker_fuzz_read_handle']
/src/mosquitto/src/plugin_cleanup.c ['broker_fuzz_test_config'] []
/src/mosquitto/src/../lib/memory_mosq.c ['db_dump_fuzz_load_stats', 'db_dump_fuzz_load_client_stats', 'db_dump_fuzz_load', 'broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load'] []
/src/mosquitto/src/logging.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load'] ['broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load']
/src/mosquitto/plugins/dynamic-security/kicklist.c ['dynsec_fuzz_load'] ['dynsec_fuzz_load']
/src/mosquitto/src/broker_control.c ['broker_fuzz_test_config'] []
/src/mosquitto/plugins/dynamic-security/rolelist.c ['dynsec_fuzz_load'] ['dynsec_fuzz_load']
/src/mosquitto/fuzzing/apps/mosquitto_passwd/mosquitto_passwd_fuzz_load.cpp ['mosquitto_passwd_fuzz_load'] ['mosquitto_passwd_fuzz_load']
/src/mosquitto/plugins/dynamic-security/clientlist.c ['dynsec_fuzz_load'] ['dynsec_fuzz_load']
/src/mosquitto/plugins/dynamic-security/plugin.c ['dynsec_fuzz_load'] ['dynsec_fuzz_load']
/src/mosquitto/apps/mosquitto_passwd/../../common/password_mosq.c ['mosquitto_passwd_fuzz_load'] []
/src/mosquitto/src/send_auth.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle'] []
/src/mosquitto/src/property_broker.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle'] ['broker_fuzz_read_handle']
/src/mosquitto/src/../lib/packet_datatypes.c ['db_dump_fuzz_load_stats', 'db_dump_fuzz_load_client_stats', 'db_dump_fuzz_load', 'broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load'] []
/src/mosquitto/src/plugin_v4.c ['broker_fuzz_test_config'] []
/src/mosquitto/apps/mosquitto_passwd/mosquitto_passwd.c ['mosquitto_passwd_fuzz_load'] ['mosquitto_passwd_fuzz_load']
/src/mosquitto/plugins/dynamic-security/acl.c ['dynsec_fuzz_load'] []
/src/mosquitto/plugins/dynamic-security/tick.c ['dynsec_fuzz_load'] []
/src/mosquitto/fuzzing/lib/lib_fuzz_sub_topic_check2.cpp ['lib_fuzz_sub_topic_check2'] ['lib_fuzz_sub_topic_check2']
/src/mosquitto/src/../lib/tls_mosq.c ['broker_fuzz_test_config'] []
/src/mosquitto/src/plugin_v2.c ['broker_fuzz_test_config'] []
/src/mosquitto/src/plugin_unsubscribe.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle'] []
/src/mosquitto/plugins/dynamic-security/../../common/password_mosq.c ['dynsec_fuzz_load'] []
/src/mosquitto/apps/db_dump/stubs.c ['db_dump_fuzz_load_stats', 'db_dump_fuzz_load_client_stats', 'db_dump_fuzz_load'] ['db_dump_fuzz_load_stats', 'db_dump_fuzz_load_client_stats', 'db_dump_fuzz_load']
/src/mosquitto/src/control.c ['broker_fuzz_test_config', 'broker_fuzz_read_handle', 'dynsec_fuzz_load'] ['dynsec_fuzz_load']

Directories in report

Directory
/src/mosquitto/plugins/dynamic-security/
/src/mosquitto/fuzzing/apps/mosquitto_passwd/
/src/mosquitto/apps/db_dump/
/src/mosquitto/fuzzing/lib/
/src/mosquitto/src/../lib/
/src/mosquitto/plugins/dynamic-security/../../common/
/src/mosquitto/fuzzing/apps/db_dump/
/usr/include/openssl/
/src/mosquitto/lib/../deps/picohttpparser/
/src/mosquitto/fuzzing/plugins/dynamic-security/
/src/mosquitto/apps/mosquitto_passwd/../../common/
/src/mosquitto/src/../common/
/src/mosquitto/apps/mosquitto_passwd/
/src/mosquitto/fuzzing/broker/
/src/mosquitto/src/
/src/mosquitto/lib/

Metadata section

This sections shows the raw data that is used to produce this report. This is mainly used for further processing and developer debugging.

Fuzzer Calltree file Program data file Coverage file
lib_fuzz_utf8 fuzzerLogFile-0-eEXeNj1maX.data fuzzerLogFile-0-eEXeNj1maX.data.yaml lib_fuzz_utf8.covreport
mosquitto_passwd_fuzz_load fuzzerLogFile-0-x0W8GJY0Mz.data fuzzerLogFile-0-x0W8GJY0Mz.data.yaml mosquitto_passwd_fuzz_load.covreport
lib_fuzz_pub_topic_check2 fuzzerLogFile-0-24aXkc0vzC.data fuzzerLogFile-0-24aXkc0vzC.data.yaml lib_fuzz_pub_topic_check2.covreport
lib_fuzz_sub_topic_check2 fuzzerLogFile-0-xf3kgV90MC.data fuzzerLogFile-0-xf3kgV90MC.data.yaml lib_fuzz_sub_topic_check2.covreport
db_dump_fuzz_load_stats fuzzerLogFile-0-Op75vpGy66.data fuzzerLogFile-0-Op75vpGy66.data.yaml db_dump_fuzz_load_stats.covreport
db_dump_fuzz_load_client_stats fuzzerLogFile-0-q1VHCC4Gum.data fuzzerLogFile-0-q1VHCC4Gum.data.yaml db_dump_fuzz_load_client_stats.covreport
db_dump_fuzz_load fuzzerLogFile-0-7uWUjU54Bz.data fuzzerLogFile-0-7uWUjU54Bz.data.yaml db_dump_fuzz_load.covreport
broker_fuzz_test_config fuzzerLogFile-0-P6kXK4Rzxi.data fuzzerLogFile-0-P6kXK4Rzxi.data.yaml broker_fuzz_test_config.covreport
broker_fuzz_read_handle fuzzerLogFile-0-1HSOgy2ell.data fuzzerLogFile-0-1HSOgy2ell.data.yaml broker_fuzz_read_handle.covreport
dynsec_fuzz_load fuzzerLogFile-0-YREoaSgS98.data fuzzerLogFile-0-YREoaSgS98.data.yaml dynsec_fuzz_load.covreport