Fuzz introspector: fuzz_libinjection
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
0 177 1 :

['h5_state_tag_name']

0 177 h5_state_tag_open call site: 00119 /src/ndpi/src/lib/third_party/src/libinjection_html5.c:204
0 174 1 :

['h5_state_data']

0 174 h5_state_tag_open call site: 00119 /src/ndpi/src/lib/third_party/src/libinjection_html5.c:209
0 0 None 0 4 h5_state_tag_name call site: 00127 /src/ndpi/src/lib/third_party/src/libinjection_html5.c:273
0 0 None 0 0 h5_state_comment call site: 00195 /src/ndpi/src/lib/third_party/src/libinjection_html5.c:760
0 0 None 0 0 h5_state_comment call site: 00196 /src/ndpi/src/lib/third_party/src/libinjection_html5.c:790
0 0 None 0 0 libinjection_sqli_tokenize call site: 00034 /src/ndpi/src/lib/third_party/src/libinjection_sqli.c:1222
0 0 None 0 0 libinjection_sqli_not_whitelist call site: 00013 /src/ndpi/src/lib/third_party/src/libinjection_sqli.c:2146
0 0 None 0 0 flag2delim call site: 00036 /src/ndpi/src/lib/third_party/src/libinjection_sqli.c:89
0 0 None 0 0 is_black_url call site: 00214 /src/ndpi/src/lib/third_party/src/libinjection_xss.c:400
0 0 None 0 0 is_black_url call site: 00216 /src/ndpi/src/lib/third_party/src/libinjection_xss.c:408
0 0 None 0 0 html_decode_char_at call site: 00213 /src/ndpi/src/lib/third_party/src/libinjection_xss.c:63

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 strlen [call site] 00001
1 libinjection_sqli_init [function] [call site] 00002
2 libinjection_sqli_lookup_word [function] [call site] 00003
3 libinjection_sqli_check_fingerprint [function] [call site] 00004
4 libinjection_sqli_blacklist [function] [call site] 00005
5 strlen [call site] 00006
5 is_keyword [function] [call site] 00007
6 bsearch_keyword_type [function] [call site] 00008
7 cstrcasecmp [function] [call site] 00009
7 cstrcasecmp [function] [call site] 00010
4 libinjection_sqli_not_whitelist [function] [call site] 00011
5 strlen [call site] 00012
5 my_memmem [function] [call site] 00013
6 __assert_fail [call site] 00014
6 __assert_fail [call site] 00015
6 __assert_fail [call site] 00016
6 memcmp [call site] 00017
5 streq [function] [call site] 00018
6 strcmp [call site] 00019
5 streq [function] [call site] 00020
5 streq [function] [call site] 00021
5 streq [function] [call site] 00022
5 streq [function] [call site] 00023
5 streq [function] [call site] 00024
5 streq [function] [call site] 00025
5 cstrcasecmp [function] [call site] 00026
3 bsearch_keyword_type [function] [call site] 00027
1 libinjection_is_sqli [function] [call site] 00028
2 libinjection_sqli_fingerprint [function] [call site] 00029
3 libinjection_sqli_reset [function] [call site] 00030
4 libinjection_sqli_init [function] [call site] 00031
3 libinjection_sqli_fold [function] [call site] 00032
4 st_clear [function] [call site] 00033
4 libinjection_sqli_tokenize [function] [call site] 00034
5 st_clear [function] [call site] 00035
5 flag2delim [function] [call site] 00036
4 st_is_unary_op [function] [call site] 00037
5 cstrcasecmp [function] [call site] 00038
4 st_copy [function] [call site] 00039
4 libinjection_sqli_tokenize [function] [call site] 00040
4 st_copy [function] [call site] 00041
4 st_is_unary_op [function] [call site] 00042
4 st_is_unary_op [function] [call site] 00043
4 syntax_merge_words [function] [call site] 00044
5 st_assign [function] [call site] 00045
4 cstrcasecmp [function] [call site] 00046
4 cstrcasecmp [function] [call site] 00047
4 cstrcasecmp [function] [call site] 00048
4 cstrcasecmp [function] [call site] 00049
4 cstrcasecmp [function] [call site] 00050
4 cstrcasecmp [function] [call site] 00051
4 cstrcasecmp [function] [call site] 00052
4 cstrcasecmp [function] [call site] 00053
4 cstrcasecmp [function] [call site] 00054
4 cstrcasecmp [function] [call site] 00055
4 cstrcasecmp [function] [call site] 00056
4 cstrcasecmp [function] [call site] 00057
4 cstrcasecmp [function] [call site] 00058
4 cstrcasecmp [function] [call site] 00059
4 cstrcasecmp [function] [call site] 00060
4 st_copy [function] [call site] 00061
4 strchr [call site] 00062
4 st_is_arithmetic_op [function] [call site] 00063
4 st_copy [function] [call site] 00064
4 libinjection_sqli_tokenize [function] [call site] 00065
4 st_copy [function] [call site] 00066
4 streq [function] [call site] 00067
4 st_is_unary_op [function] [call site] 00068
4 st_copy [function] [call site] 00069
4 st_is_unary_op [function] [call site] 00070
4 st_copy [function] [call site] 00071
4 st_is_unary_op [function] [call site] 00072
4 st_copy [function] [call site] 00073
4 __assert_fail [call site] 00074
4 st_is_unary_op [function] [call site] 00075
4 st_copy [function] [call site] 00076
4 __assert_fail [call site] 00077
4 st_copy [function] [call site] 00078
4 cstrcasecmp [function] [call site] 00079
4 st_copy [function] [call site] 00080
3 strchr [call site] 00081
2 strlen [call site] 00082
2 reparse_as_mysql [function] [call site] 00083
2 libinjection_sqli_fingerprint [function] [call site] 00084
2 strlen [call site] 00085
2 memchr [call site] 00086
2 libinjection_sqli_fingerprint [function] [call site] 00087
2 strlen [call site] 00088
2 reparse_as_mysql [function] [call site] 00089
2 libinjection_sqli_fingerprint [function] [call site] 00090
2 strlen [call site] 00091
2 memchr [call site] 00092
2 libinjection_sqli_fingerprint [function] [call site] 00093
2 strlen [call site] 00094
1 strlen [call site] 00095
1 libinjection_sqli_init [function] [call site] 00096
1 libinjection_is_sqli [function] [call site] 00097
1 strlen [call site] 00098
1 libinjection_sqli_init [function] [call site] 00099
1 libinjection_is_sqli [function] [call site] 00100
1 strlen [call site] 00101
1 libinjection_sqli_init [function] [call site] 00102
1 libinjection_is_sqli [function] [call site] 00103
1 strlen [call site] 00104
1 libinjection_sqli_init [function] [call site] 00105
1 libinjection_is_sqli [function] [call site] 00106
1 strlen [call site] 00107
1 libinjection_sqli_init [function] [call site] 00108
1 libinjection_is_sqli [function] [call site] 00109
1 strlen [call site] 00110
1 libinjection_xss [function] [call site] 00111
2 libinjection_is_xss [function] [call site] 00112
3 libinjection_h5_init [function] [call site] 00113
4 h5_state_data [function] [call site] 00114
5 __assert_fail [call site] 00115
5 memchr [call site] 00116
5 h5_state_eof [function] [call site] 00117
5 h5_state_tag_open [function] [call site] 00118
6 h5_state_markup_declaration_open [function] [call site] 00119
7 h5_state_doctype [function] [call site] 00120
8 memchr [call site] 00121
8 h5_state_eof [function] [call site] 00122
8 h5_state_data [function] [call site] 00123
9 h5_state_tag_open [function] [call site] 00124
10 h5_state_end_tag_open [function] [call site] 00125
11 h5_state_data [function] [call site] 00126
11 h5_state_tag_name [function] [call site] 00127
12 h5_is_white [function] [call site] 00128
13 strchr [call site] 00129
12 h5_state_before_attribute_name [function] [call site] 00130
13 h5_skip_white [function] [call site] 00131
13 h5_state_self_closing_start_tag [function] [call site] 00132
14 __assert_fail [call site] 00133
14 h5_state_data [function] [call site] 00134
14 h5_state_before_attribute_name [function] [call site] 00135
15 h5_state_data [function] [call site] 00136
15 h5_state_attribute_name [function] [call site] 00137
16 h5_is_white [function] [call site] 00138
16 h5_state_after_attribute_name [function] [call site] 00139
17 h5_skip_white [function] [call site] 00140
17 h5_state_self_closing_start_tag [function] [call site] 00141
17 h5_state_before_attribute_value [function] [call site] 00142
18 h5_skip_white [function] [call site] 00143
18 h5_state_eof [function] [call site] 00144
18 h5_state_attribute_value_double_quote [function] [call site] 00145
19 h5_state_attribute_value_quote [function] [call site] 00146
20 memchr [call site] 00147
20 h5_state_eof [function] [call site] 00148
20 h5_state_after_attribute_value_quoted_state [function] [call site] 00149
21 h5_is_white [function] [call site] 00150
21 h5_state_before_attribute_name [function] [call site] 00151
21 h5_state_self_closing_start_tag [function] [call site] 00152
21 h5_state_data [function] [call site] 00153
21 h5_state_before_attribute_name [function] [call site] 00154
18 h5_state_attribute_value_single_quote [function] [call site] 00155
19 h5_state_attribute_value_quote [function] [call site] 00156
18 h5_state_attribute_value_back_quote [function] [call site] 00157
19 h5_state_attribute_value_quote [function] [call site] 00158
18 h5_state_attribute_value_no_quote [function] [call site] 00159
19 h5_is_white [function] [call site] 00160
19 h5_state_before_attribute_name [function] [call site] 00161
19 h5_state_tag_name_close [function] [call site] 00162
20 h5_state_data [function] [call site] 00163
20 h5_state_eof [function] [call site] 00164
19 h5_state_eof [function] [call site] 00165
17 h5_state_tag_name_close [function] [call site] 00166
17 h5_state_attribute_name [function] [call site] 00167
18 h5_state_self_closing_start_tag [function] [call site] 00168
18 h5_state_before_attribute_value [function] [call site] 00169
18 h5_state_tag_name_close [function] [call site] 00170
18 h5_state_eof [function] [call site] 00171
12 h5_state_self_closing_start_tag [function] [call site] 00172
12 h5_state_data [function] [call site] 00173
12 h5_state_tag_name_close [function] [call site] 00174
12 h5_state_eof [function] [call site] 00175
11 h5_state_bogus_comment [function] [call site] 00176
12 memchr [call site] 00177
12 h5_state_eof [function] [call site] 00178
12 h5_state_data [function] [call site] 00179
10 h5_state_bogus_comment [function] [call site] 00180
10 h5_state_bogus_comment2 [function] [call site] 00181
11 memchr [call site] 00182
11 h5_state_eof [function] [call site] 00183
11 h5_state_data [function] [call site] 00184
10 h5_state_tag_name [function] [call site] 00185
10 h5_state_tag_name [function] [call site] 00186
10 h5_state_data [function] [call site] 00187
10 h5_state_data [function] [call site] 00188
7 h5_state_cdata [function] [call site] 00189
8 memchr [call site] 00190
8 h5_state_eof [function] [call site] 00191
8 h5_state_data [function] [call site] 00192
7 h5_state_comment [function] [call site] 00193
8 memchr [call site] 00194
8 h5_state_eof [function] [call site] 00195
8 h5_state_eof [function] [call site] 00196
8 h5_state_eof [function] [call site] 00197
8 h5_state_data [function] [call site] 00198
7 h5_state_bogus_comment [function] [call site] 00199
4 h5_state_before_attribute_name [function] [call site] 00200
4 h5_state_attribute_value_single_quote [function] [call site] 00201
4 h5_state_attribute_value_double_quote [function] [call site] 00202
4 h5_state_attribute_value_back_quote [function] [call site] 00203
3 libinjection_h5_next [function] [call site] 00204
4 __assert_fail [call site] 00205
3 is_black_tag [function] [call site] 00206
4 cstrcasecmp_with_null [function] [call site] 00207
3 is_black_attr [function] [call site] 00208
4 cstrcasecmp_with_null [function] [call site] 00209
4 cstrcasecmp_with_null [function] [call site] 00210
3 is_black_url [function] [call site] 00211
4 htmlencode_startswith [function] [call site] 00212
5 html_decode_char_at [function] [call site] 00213
4 htmlencode_startswith [function] [call site] 00214
4 htmlencode_startswith [function] [call site] 00215
4 htmlencode_startswith [function] [call site] 00216
3 is_black_attr [function] [call site] 00217
3 memchr [call site] 00218
3 cstrcasecmp_with_null [function] [call site] 00219
3 cstrcasecmp_with_null [function] [call site] 00220
2 libinjection_is_xss [function] [call site] 00221
2 libinjection_is_xss [function] [call site] 00222
2 libinjection_is_xss [function] [call site] 00223
2 libinjection_is_xss [function] [call site] 00224
1 libinjection_version [function] [call site] 00225