Fuzz introspector: fuzztest_proto3_static
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
15 15 1 :

['pb_field_iter_begin_extension']

15 368 pb_field_set_to_default call site: 00021 /src/nanopb/pb_decode.c:873
5 5 1 :

['encode_callback_field']

5 5 encode_field call site: 00163 /src/nanopb/pb_encode.c:456
0 365 2 :

['pb_message_set_to_defaults', 'pb_field_iter_begin']

0 729 decode_static_field call site: 00096 /src/nanopb/pb_decode.c:535
0 47 2 :

['pb_make_string_substream', 'pb_close_string_substream']

0 430 pb_decode_ex call site: 00011 /src/nanopb/pb_decode.c:1157
0 9 1 :

['pb_write']

0 9 pb_encode_submessage call site: 00213 /src/nanopb/pb_encode.c:743
0 9 1 :

['pb_write']

0 9 encode_array call site: 00180 /src/nanopb/pb_encode.c:176
0 4 1 :

['pb_istream_from_buffer']

0 782 pb_message_set_to_defaults call site: 00015 /src/nanopb/pb_decode.c:957
0 0 None 348 808 pb_decode_inner call site: 00015 /src/nanopb/pb_decode.c:1010
0 0 None 348 808 pb_decode_inner call site: 00015 /src/nanopb/pb_decode.c:1046
0 0 None 348 808 pb_decode_inner call site: 00015 /src/nanopb/pb_decode.c:1058
0 0 None 348 808 pb_decode_inner call site: 00015 /src/nanopb/pb_decode.c:1102
0 0 None 215 454 pb_encode call site: 00156 /src/nanopb/pb_encode.c:518

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 do_roundtrips [function] [call site] 00001
2 get_alloc_count [function] [call site] 00002
2 do_decode [function] [call site] 00003
3 get_alloc_count [function] [call site] 00004
3 malloc_with_check [function] [call site] 00005
4 round_blocksize [function] [call site] 00006
3 malloc_with_check [function] [call site] 00007
3 __assert_fail [call site] 00008
3 pb_istream_from_buffer [function] [call site] 00009
4 buf_read [function] [call site] 00010
3 pb_decode_ex [function] [call site] 00011
4 pb_decode_inner [function] [call site] 00012
5 pb_field_iter_begin [function] [call site] 00013
6 load_descriptor_values [function] [call site] 00014
5 pb_message_set_to_defaults [function] [call site] 00015
6 pb_istream_from_buffer [function] [call site] 00016
6 pb_decode_tag [function] [call site] 00017
7 pb_decode_varint32_eof [function] [call site] 00018
8 pb_readbyte [function] [call site] 00019
8 pb_readbyte [function] [call site] 00020
6 pb_field_set_to_default [function] [call site] 00021
7 pb_field_iter_begin_extension [function] [call site] 00022
8 pb_field_iter_begin [function] [call site] 00023
8 pb_field_iter_begin [function] [call site] 00024
7 pb_message_set_to_defaults [function] [call site] 00025
8 decode_field [function] [call site] 00026
9 decode_static_field [function] [call site] 00027
10 decode_basic_field [function] [call site] 00028
11 pb_dec_bool [function] [call site] 00029
12 pb_decode_bool [function] [call site] 00030
13 pb_decode_varint32 [function] [call site] 00031
14 pb_decode_varint32_eof [function] [call site] 00032
11 pb_dec_varint [function] [call site] 00033
12 pb_decode_varint [function] [call site] 00034
13 pb_readbyte [function] [call site] 00035
12 pb_decode_svarint [function] [call site] 00036
13 pb_decode_varint [function] [call site] 00037
12 pb_decode_varint [function] [call site] 00038
11 pb_decode_fixed32 [function] [call site] 00039
12 pb_read [function] [call site] 00040
13 pb_read [function] [call site] 00041
14 pb_read [function] [call site] 00042
11 pb_decode_fixed64 [function] [call site] 00043
12 pb_read [function] [call site] 00044
11 pb_dec_bytes [function] [call site] 00045
12 pb_decode_varint32 [function] [call site] 00046
12 pb_read [function] [call site] 00047
11 pb_dec_string [function] [call site] 00048
12 pb_decode_varint32 [function] [call site] 00049
12 pb_read [function] [call site] 00050
11 pb_dec_submessage [function] [call site] 00051
12 pb_make_string_substream [function] [call site] 00052
13 pb_decode_varint32 [function] [call site] 00053
12 pb_decode_inner [function] [call site] 00054
13 pb_decode_tag [function] [call site] 00055
13 pb_field_iter_find [function] [call site] 00056
14 advance_iterator [function] [call site] 00057
14 load_descriptor_values [function] [call site] 00058
14 load_descriptor_values [function] [call site] 00059
13 pb_field_iter_find_extension [function] [call site] 00060
14 advance_iterator [function] [call site] 00061
14 load_descriptor_values [function] [call site] 00062
14 load_descriptor_values [function] [call site] 00063
13 decode_extension [function] [call site] 00064
14 default_extension_decoder [function] [call site] 00065
15 pb_field_iter_begin_extension [function] [call site] 00066
15 decode_field [function] [call site] 00067
16 decode_pointer_field [function] [call site] 00068
16 decode_callback_field [function] [call site] 00069
17 pb_skip_field [function] [call site] 00070
18 pb_skip_varint [function] [call site] 00071
19 pb_read [function] [call site] 00072
18 pb_read [function] [call site] 00073
18 pb_skip_string [function] [call site] 00074
19 pb_decode_varint32 [function] [call site] 00075
19 pb_read [function] [call site] 00076
18 pb_read [function] [call site] 00077
17 pb_make_string_substream [function] [call site] 00078
17 pb_close_string_substream [function] [call site] 00079
18 pb_read [function] [call site] 00080
17 read_raw_value [function] [call site] 00081
18 pb_read [function] [call site] 00082
18 pb_read [function] [call site] 00083
18 pb_read [function] [call site] 00084
17 pb_istream_from_buffer [function] [call site] 00085
13 pb_skip_field [function] [call site] 00086
13 decode_field [function] [call site] 00087
12 pb_close_string_substream [function] [call site] 00088
11 pb_dec_fixed_length_bytes [function] [call site] 00089
12 pb_decode_varint32 [function] [call site] 00090
12 pb_read [function] [call site] 00091
10 decode_basic_field [function] [call site] 00092
10 pb_make_string_substream [function] [call site] 00093
10 decode_basic_field [function] [call site] 00094
10 pb_close_string_substream [function] [call site] 00095
10 decode_basic_field [function] [call site] 00096
10 pb_field_iter_begin [function] [call site] 00097
10 pb_message_set_to_defaults [function] [call site] 00098
11 pb_decode_tag [function] [call site] 00099
11 pb_field_iter_next [function] [call site] 00100
12 advance_iterator [function] [call site] 00101
12 load_descriptor_values [function] [call site] 00102
10 decode_basic_field [function] [call site] 00103
7 pb_field_iter_begin [function] [call site] 00104
7 pb_message_set_to_defaults [function] [call site] 00105
4 pb_make_string_substream [function] [call site] 00106
4 pb_decode_inner [function] [call site] 00107
4 pb_close_string_substream [function] [call site] 00108
3 validate_message [function] [call site] 00109
4 pb_field_iter_begin_const [function] [call site] 00110
5 pb_const_cast [function] [call site] 00111
4 validate_static [function] [call site] 00112
5 __assert_fail [call site] 00113
5 memcmp [call site] 00114
5 strlen [call site] 00115
5 __assert_fail [call site] 00116
5 memcmp [call site] 00117
5 validate_message [function] [call site] 00118
6 validate_pointer [function] [call site] 00119
7 __assert_fail [call site] 00120
7 get_allocation_size [function] [call site] 00121
7 __assert_fail [call site] 00122
7 get_allocation_size [function] [call site] 00123
7 __assert_fail [call site] 00124
7 strlen [call site] 00125
7 get_allocation_size [function] [call site] 00126
7 get_allocation_size [function] [call site] 00127
7 __assert_fail [call site] 00128
7 memcmp [call site] 00129
7 validate_message [function] [call site] 00130
8 pb_field_iter_next [function] [call site] 00131
3 fprintf [call site] 00132
3 __assert_fail [call site] 00133
3 pb_release [function] [call site] 00134
3 free_with_check [function] [call site] 00135
4 __assert_fail [call site] 00136
4 __assert_fail [call site] 00137
4 __assert_fail [call site] 00138
4 __assert_fail [call site] 00139
3 free_with_check [function] [call site] 00140
3 get_alloc_count [function] [call site] 00141
3 __assert_fail [call site] 00142
2 do_roundtrip [function] [call site] 00143
3 malloc_with_check [function] [call site] 00144
3 malloc_with_check [function] [call site] 00145
3 __assert_fail [call site] 00146
3 pb_istream_from_buffer [function] [call site] 00147
3 pb_decode [function] [call site] 00148
4 pb_decode_inner [function] [call site] 00149
3 fprintf [call site] 00150
3 __assert_fail [call site] 00151
3 validate_message [function] [call site] 00152
3 pb_ostream_from_buffer [function] [call site] 00153
4 buf_write [function] [call site] 00154
3 pb_encode [function] [call site] 00155
4 pb_field_iter_begin_const [function] [call site] 00156
4 encode_extension_field [function] [call site] 00157
5 default_extension_encoder [function] [call site] 00158
6 pb_field_iter_begin_extension_const [function] [call site] 00159
7 pb_const_cast [function] [call site] 00160
6 encode_field [function] [call site] 00161
7 safe_read_bool [function] [call site] 00162
7 pb_check_proto3_default_value [function] [call site] 00163
8 safe_read_bool [function] [call site] 00164
8 pb_field_iter_begin [function] [call site] 00165
8 pb_check_proto3_default_value [function] [call site] 00166
9 pb_field_iter_next [function] [call site] 00167
7 encode_callback_field [function] [call site] 00168
7 encode_array [function] [call site] 00169
8 pb_encode_tag [function] [call site] 00170
9 pb_encode_varint [function] [call site] 00171
10 pb_write [function] [call site] 00172
10 pb_encode_varint_32 [function] [call site] 00173
11 pb_write [function] [call site] 00174
8 pb_enc_varint [function] [call site] 00175
9 pb_encode_varint [function] [call site] 00176
9 pb_encode_svarint [function] [call site] 00177
10 pb_encode_varint [function] [call site] 00178
9 pb_encode_varint [function] [call site] 00179
8 pb_encode_varint [function] [call site] 00180
8 pb_write [function] [call site] 00181
8 pb_enc_fixed [function] [call site] 00182
9 pb_encode_fixed32 [function] [call site] 00183
10 pb_write [function] [call site] 00184
9 pb_encode_fixed64 [function] [call site] 00185
10 pb_write [function] [call site] 00186
8 pb_enc_varint [function] [call site] 00187
8 pb_encode_tag_for_field [function] [call site] 00188
9 pb_encode_tag [function] [call site] 00189
8 pb_encode_varint [function] [call site] 00190
8 encode_basic_field [function] [call site] 00191
9 pb_encode_tag_for_field [function] [call site] 00192
9 pb_enc_bool [function] [call site] 00193
10 safe_read_bool [function] [call site] 00194
10 pb_encode_varint [function] [call site] 00195
9 pb_enc_varint [function] [call site] 00196
9 pb_enc_fixed [function] [call site] 00197
9 pb_enc_bytes [function] [call site] 00198
10 pb_encode_string [function] [call site] 00199
11 pb_encode_varint [function] [call site] 00200
11 pb_write [function] [call site] 00201
10 pb_encode_string [function] [call site] 00202
9 pb_enc_string [function] [call site] 00203
10 pb_encode_string [function] [call site] 00204
9 pb_enc_submessage [function] [call site] 00205
10 pb_encode_submessage [function] [call site] 00206
11 pb_encode [function] [call site] 00207
12 encode_field [function] [call site] 00208
13 encode_basic_field [function] [call site] 00209
14 pb_enc_fixed_length_bytes [function] [call site] 00210
15 pb_encode_string [function] [call site] 00211
12 pb_field_iter_next [function] [call site] 00212
11 pb_encode_varint [function] [call site] 00213
11 pb_write [function] [call site] 00214
11 pb_encode [function] [call site] 00215
8 encode_basic_field [function] [call site] 00216
3 strcmp [call site] 00217
3 fprintf [call site] 00218
3 __assert_fail [call site] 00219
3 xor32_checksum [function] [call site] 00220
3 pb_release [function] [call site] 00221
3 pb_istream_from_buffer [function] [call site] 00222
3 pb_decode [function] [call site] 00223
3 fprintf [call site] 00224
3 __assert_fail [call site] 00225
3 validate_message [function] [call site] 00226
3 pb_ostream_from_buffer [function] [call site] 00227
3 pb_encode [function] [call site] 00228
3 fprintf [call site] 00229
3 __assert_fail [call site] 00230
3 xor32_checksum [function] [call site] 00231
3 __assert_fail [call site] 00232
3 __assert_fail [call site] 00233
3 pb_release [function] [call site] 00234
3 free_with_check [function] [call site] 00235
3 free_with_check [function] [call site] 00236
2 do_stream_decode [function] [call site] 00237
3 malloc_with_check [function] [call site] 00238
3 __assert_fail [call site] 00239
3 flakystream_init [function] [call site] 00240
4 flakystream_callback [function] [call site] 00241
3 pb_decode [function] [call site] 00242
3 validate_message [function] [call site] 00243
3 fprintf [call site] 00244
3 __assert_fail [call site] 00245
3 pb_release [function] [call site] 00246
3 free_with_check [function] [call site] 00247
3 get_alloc_count [function] [call site] 00248
3 __assert_fail [call site] 00249
2 get_alloc_count [function] [call site] 00250
2 __assert_fail [call site] 00251