Fuzz introspector: fuzztest_proto3_pointer
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
15 86 2 :

['pb_field_iter_begin_extension', 'pb_release_single_field']

15 96 pb_release_single_field call site: 00031 /src/nanopb/pb_decode.c:1243
15 15 1 :

['pb_field_iter_begin_extension']

15 366 pb_field_set_to_default call site: 00020 /src/nanopb/pb_decode.c:874
5 5 1 :

['encode_callback_field']

5 5 encode_field call site: 00197 /src/nanopb/pb_encode.c:457
0 363 2 :

['pb_field_iter_begin', 'pb_message_set_to_defaults']

0 725 decode_static_field call site: 00137 /src/nanopb/pb_decode.c:536
0 363 2 :

['pb_field_iter_begin', 'pb_message_set_to_defaults']

0 363 pb_field_set_to_default call site: 00024 /src/nanopb/pb_decode.c:907
0 47 2 :

['pb_close_string_substream', 'pb_make_string_substream']

0 428 pb_decode_ex call site: 00010 /src/nanopb/pb_decode.c:1158
0 24 1 :

['pb_read']

0 24 pb_dec_bytes call site: 00065 /src/nanopb/pb_decode.c:1513
0 24 1 :

['pb_read']

0 24 pb_dec_string call site: 00079 /src/nanopb/pb_decode.c:1555
0 9 1 :

['pb_write']

0 9 pb_encode_submessage call site: 00247 /src/nanopb/pb_encode.c:744
0 9 1 :

['pb_write']

0 9 encode_array call site: 00214 /src/nanopb/pb_encode.c:177
0 5 1 :

['free_with_check']

0 5 realloc_with_check call site: 00068 /src/nanopb/tests/build/common/malloc_wrappers.c:108
0 3 1 :

['safe_read_bool']

5 461 encode_field call site: 00195 /src/nanopb/pb_encode.c:431

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 do_roundtrips [function] [call site] 00001
2 get_alloc_count [function] [call site] 00002
2 do_decode [function] [call site] 00003
3 get_alloc_count [function] [call site] 00004
3 malloc_with_check [function] [call site] 00005
4 round_blocksize [function] [call site] 00006
3 malloc_with_check [function] [call site] 00007
3 __assert_fail [call site] 00008
3 pb_istream_from_buffer [function] [call site] 00009
3 pb_decode_ex [function] [call site] 00010
4 pb_decode_inner [function] [call site] 00011
5 pb_field_iter_begin [function] [call site] 00012
6 load_descriptor_values [function] [call site] 00013
5 pb_message_set_to_defaults [function] [call site] 00014
6 pb_istream_from_buffer [function] [call site] 00015
6 pb_decode_tag [function] [call site] 00016
7 pb_decode_varint32_eof [function] [call site] 00017
8 pb_readbyte [function] [call site] 00018
8 pb_readbyte [function] [call site] 00019
6 pb_field_set_to_default [function] [call site] 00020
7 pb_field_iter_begin_extension [function] [call site] 00021
8 pb_field_iter_begin [function] [call site] 00022
8 pb_field_iter_begin [function] [call site] 00023
7 pb_message_set_to_defaults [function] [call site] 00024
8 decode_field [function] [call site] 00025
9 pb_release_union_field [function] [call site] 00026
10 pb_field_iter_find [function] [call site] 00027
11 advance_iterator [function] [call site] 00028
11 load_descriptor_values [function] [call site] 00029
11 load_descriptor_values [function] [call site] 00030
10 pb_release_single_field [function] [call site] 00031
11 pb_field_iter_begin_extension [function] [call site] 00032
11 pb_release_single_field [function] [call site] 00033
12 pb_release [function] [call site] 00034
13 pb_field_iter_begin [function] [call site] 00035
13 pb_release_single_field [function] [call site] 00036
14 free_with_check [function] [call site] 00037
15 __assert_fail [call site] 00038
15 __assert_fail [call site] 00039
15 __assert_fail [call site] 00040
15 __assert_fail [call site] 00041
14 free_with_check [function] [call site] 00042
13 pb_field_iter_next [function] [call site] 00043
14 advance_iterator [function] [call site] 00044
14 load_descriptor_values [function] [call site] 00045
9 decode_static_field [function] [call site] 00046
10 decode_basic_field [function] [call site] 00047
11 pb_dec_bool [function] [call site] 00048
12 pb_decode_bool [function] [call site] 00049
13 pb_decode_varint32 [function] [call site] 00050
14 pb_decode_varint32_eof [function] [call site] 00051
11 pb_dec_varint [function] [call site] 00052
12 pb_decode_varint [function] [call site] 00053
13 pb_readbyte [function] [call site] 00054
12 pb_decode_svarint [function] [call site] 00055
13 pb_decode_varint [function] [call site] 00056
12 pb_decode_varint [function] [call site] 00057
11 pb_decode_fixed32 [function] [call site] 00058
11 pb_decode_fixed64 [function] [call site] 00062
11 pb_dec_bytes [function] [call site] 00064
12 pb_decode_varint32 [function] [call site] 00065
12 allocate_field [function] [call site] 00066
13 realloc_with_check [function] [call site] 00067
14 malloc_with_check [function] [call site] 00068
14 __assert_fail [call site] 00069
14 __assert_fail [call site] 00070
14 __assert_fail [call site] 00071
14 __assert_fail [call site] 00072
14 round_blocksize [function] [call site] 00073
14 round_blocksize [function] [call site] 00074
14 realloc [call site] 00075
14 free_with_check [function] [call site] 00076
11 pb_dec_string [function] [call site] 00078
12 pb_decode_varint32 [function] [call site] 00079
12 allocate_field [function] [call site] 00080
11 pb_dec_submessage [function] [call site] 00082
12 pb_make_string_substream [function] [call site] 00083
13 pb_decode_varint32 [function] [call site] 00084
12 pb_decode_inner [function] [call site] 00085
13 pb_decode_tag [function] [call site] 00086
13 pb_field_iter_find [function] [call site] 00087
13 pb_field_iter_find_extension [function] [call site] 00088
14 advance_iterator [function] [call site] 00089
14 load_descriptor_values [function] [call site] 00090
14 load_descriptor_values [function] [call site] 00091
13 decode_extension [function] [call site] 00092
14 default_extension_decoder [function] [call site] 00093
15 pb_field_iter_begin_extension [function] [call site] 00094
15 decode_field [function] [call site] 00095
16 decode_pointer_field [function] [call site] 00096
17 pb_release_single_field [function] [call site] 00097
17 decode_basic_field [function] [call site] 00098
18 pb_dec_fixed_length_bytes [function] [call site] 00099
19 pb_decode_varint32 [function] [call site] 00100
17 allocate_field [function] [call site] 00102
17 initialize_pointer_field [function] [call site] 00103
17 decode_basic_field [function] [call site] 00104
17 pb_make_string_substream [function] [call site] 00105
17 allocate_field [function] [call site] 00106
17 initialize_pointer_field [function] [call site] 00107
17 decode_basic_field [function] [call site] 00108
17 pb_close_string_substream [function] [call site] 00109
17 allocate_field [function] [call site] 00111
17 initialize_pointer_field [function] [call site] 00112
17 decode_basic_field [function] [call site] 00113
16 decode_callback_field [function] [call site] 00114
17 pb_skip_field [function] [call site] 00115
18 pb_skip_varint [function] [call site] 00116
18 pb_skip_string [function] [call site] 00119
19 pb_decode_varint32 [function] [call site] 00120
17 pb_make_string_substream [function] [call site] 00123
17 pb_close_string_substream [function] [call site] 00124
17 read_raw_value [function] [call site] 00125
17 pb_istream_from_buffer [function] [call site] 00129
13 pb_skip_field [function] [call site] 00130
13 decode_field [function] [call site] 00131
12 pb_close_string_substream [function] [call site] 00132
10 decode_basic_field [function] [call site] 00133
10 pb_make_string_substream [function] [call site] 00134
10 decode_basic_field [function] [call site] 00135
10 pb_close_string_substream [function] [call site] 00136
10 decode_basic_field [function] [call site] 00137
10 pb_field_iter_begin [function] [call site] 00138
10 pb_message_set_to_defaults [function] [call site] 00139
11 pb_decode_tag [function] [call site] 00140
11 pb_field_iter_next [function] [call site] 00141
10 decode_basic_field [function] [call site] 00142
7 pb_field_iter_begin [function] [call site] 00143
7 pb_message_set_to_defaults [function] [call site] 00144
4 pb_make_string_substream [function] [call site] 00145
4 pb_decode_inner [function] [call site] 00146
4 pb_close_string_substream [function] [call site] 00147
4 pb_release [function] [call site] 00148
3 validate_message [function] [call site] 00149
4 pb_field_iter_begin_const [function] [call site] 00150
5 pb_const_cast [function] [call site] 00151
4 validate_static [function] [call site] 00152
5 __assert_fail [call site] 00153
5 memcmp [call site] 00154
5 strlen [call site] 00155
5 __assert_fail [call site] 00156
5 memcmp [call site] 00157
5 validate_message [function] [call site] 00158
6 validate_pointer [function] [call site] 00159
7 __assert_fail [call site] 00160
7 get_allocation_size [function] [call site] 00161
7 __assert_fail [call site] 00162
7 get_allocation_size [function] [call site] 00163
7 __assert_fail [call site] 00164
7 get_allocation_size [function] [call site] 00165
7 get_allocation_size [function] [call site] 00166
7 __assert_fail [call site] 00167
7 memcmp [call site] 00168
7 validate_message [function] [call site] 00169
8 pb_field_iter_next [function] [call site] 00170
3 fprintf [call site] 00171
3 __assert_fail [call site] 00172
3 pb_release [function] [call site] 00173
3 free_with_check [function] [call site] 00174
3 get_alloc_count [function] [call site] 00175
3 __assert_fail [call site] 00176
2 do_roundtrip [function] [call site] 00177
3 malloc_with_check [function] [call site] 00178
3 malloc_with_check [function] [call site] 00179
3 __assert_fail [call site] 00180
3 pb_istream_from_buffer [function] [call site] 00181
3 pb_decode [function] [call site] 00182
4 pb_decode_inner [function] [call site] 00183
4 pb_release [function] [call site] 00184
3 fprintf [call site] 00185
3 __assert_fail [call site] 00186
3 validate_message [function] [call site] 00187
3 pb_ostream_from_buffer [function] [call site] 00188
3 pb_encode [function] [call site] 00189
4 pb_field_iter_begin_const [function] [call site] 00190
4 encode_extension_field [function] [call site] 00191
5 default_extension_encoder [function] [call site] 00192
6 pb_field_iter_begin_extension_const [function] [call site] 00193
7 pb_const_cast [function] [call site] 00194
6 encode_field [function] [call site] 00195
7 safe_read_bool [function] [call site] 00196
7 pb_check_proto3_default_value [function] [call site] 00197
8 safe_read_bool [function] [call site] 00198
8 pb_field_iter_begin [function] [call site] 00199
8 pb_check_proto3_default_value [function] [call site] 00200
9 pb_field_iter_next [function] [call site] 00201
7 encode_callback_field [function] [call site] 00202
7 encode_array [function] [call site] 00203
8 pb_encode_tag [function] [call site] 00204
9 pb_encode_varint [function] [call site] 00205
10 pb_write [function] [call site] 00206
10 pb_encode_varint_32 [function] [call site] 00207
11 pb_write [function] [call site] 00208
8 pb_enc_varint [function] [call site] 00209
9 pb_encode_varint [function] [call site] 00210
9 pb_encode_svarint [function] [call site] 00211
10 pb_encode_varint [function] [call site] 00212
9 pb_encode_varint [function] [call site] 00213
8 pb_encode_varint [function] [call site] 00214
8 pb_enc_fixed [function] [call site] 00216
9 pb_encode_fixed32 [function] [call site] 00217
10 pb_write [function] [call site] 00218
9 pb_encode_fixed64 [function] [call site] 00219
10 pb_write [function] [call site] 00220
8 pb_enc_varint [function] [call site] 00221
8 pb_encode_tag_for_field [function] [call site] 00222
9 pb_encode_tag [function] [call site] 00223
8 pb_encode_varint [function] [call site] 00224
8 encode_basic_field [function] [call site] 00225
9 pb_encode_tag_for_field [function] [call site] 00226
9 pb_enc_bool [function] [call site] 00227
10 safe_read_bool [function] [call site] 00228
10 pb_encode_varint [function] [call site] 00229
9 pb_enc_varint [function] [call site] 00230
9 pb_enc_fixed [function] [call site] 00231
9 pb_enc_bytes [function] [call site] 00232
10 pb_encode_string [function] [call site] 00233
11 pb_encode_varint [function] [call site] 00234
11 pb_write [function] [call site] 00235
10 pb_encode_string [function] [call site] 00236
9 pb_enc_string [function] [call site] 00237
10 pb_encode_string [function] [call site] 00238
9 pb_enc_submessage [function] [call site] 00239
10 pb_encode_submessage [function] [call site] 00240
11 pb_encode [function] [call site] 00241
12 encode_field [function] [call site] 00242
13 encode_basic_field [function] [call site] 00243
14 pb_enc_fixed_length_bytes [function] [call site] 00244
15 pb_encode_string [function] [call site] 00245
12 pb_field_iter_next [function] [call site] 00246
11 pb_encode_varint [function] [call site] 00247
11 pb_write [function] [call site] 00248
11 pb_encode [function] [call site] 00249
8 encode_basic_field [function] [call site] 00250
3 strcmp [call site] 00251
3 fprintf [call site] 00252
3 __assert_fail [call site] 00253
3 xor32_checksum [function] [call site] 00254
3 pb_release [function] [call site] 00255
3 pb_istream_from_buffer [function] [call site] 00256
3 pb_decode [function] [call site] 00257
3 fprintf [call site] 00258
3 __assert_fail [call site] 00259
3 validate_message [function] [call site] 00260
3 pb_ostream_from_buffer [function] [call site] 00261
3 pb_encode [function] [call site] 00262
3 fprintf [call site] 00263
3 __assert_fail [call site] 00264
3 xor32_checksum [function] [call site] 00265
3 __assert_fail [call site] 00266
3 __assert_fail [call site] 00267
3 pb_release [function] [call site] 00268
3 free_with_check [function] [call site] 00269
3 free_with_check [function] [call site] 00270
2 do_stream_decode [function] [call site] 00271
3 malloc_with_check [function] [call site] 00272
3 __assert_fail [call site] 00273
3 flakystream_init [function] [call site] 00274
3 pb_decode [function] [call site] 00275
3 validate_message [function] [call site] 00276
3 fprintf [call site] 00277
3 __assert_fail [call site] 00278
3 pb_release [function] [call site] 00279
3 free_with_check [function] [call site] 00280
3 get_alloc_count [function] [call site] 00281
3 __assert_fail [call site] 00282
2 get_alloc_count [function] [call site] 00283
2 __assert_fail [call site] 00284