Fuzz introspector: snmp_scoped_pdu_parse_fuzzer
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
617 855 10 :

['asn_parse_string', 'debugmsgtoken', 'asn_parse_header', 'snmp_get_do_debugging', 'strdup', 'debug_indent_add', 'debug_is_token_registered', 'debugmsg', 'debug_indent_get', 'netsnmp_memdup']

617 873 snmpv3_scopedPDU_parse call site: 00050 /src/net-snmp/snmplib/snmp_api.c:4913
0 0 None 96 99 free_securityStateRef call site: 00061 /src/net-snmp/snmplib/snmp_api.c:4046
0 0 None 0 106 asn_parse_header call site: 00004 /src/net-snmp/snmplib/asn1.c:1082
0 0 None 0 74 snmp_free_pdu call site: 00060 /src/net-snmp/snmplib/snmp_api.c:5517
0 0 None 0 27 asn_parse_length call site: 00013 /src/net-snmp/snmplib/asn1.c:1307
0 0 None 0 15 snmp_free_pdu call site: 00082 /src/net-snmp/snmplib/snmp_api.c:5523
0 0 None 0 0 asn_parse_nlength call site: 00012 /src/net-snmp/snmplib/asn1.c:330
0 0 None 0 0 asn_parse_nlength call site: 00012 /src/net-snmp/snmplib/asn1.c:333
0 0 None 0 0 asn_parse_length call site: 00014 /src/net-snmp/snmplib/asn1.c:1313
0 0 None 0 0 strlcpy call site: 00007 /src/net-snmp/snmplib/strlcpy.c:30
0 0 None 0 0 strlcpy call site: 00007 /src/net-snmp/snmplib/strlcpy.c:34

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 calloc [call site] 00001
1 snmpv3_scopedPDU_parse [function] [call site] 00002
2 asn_parse_sequence [function] [call site] 00003
3 asn_parse_header [function] [call site] 00004
4 snmp_set_detail [function] [call site] 00005
5 strlcpy [function] [call site] 00006
6 strlen [call site] 00007
4 _asn_short_err [function] [call site] 00008
5 snprintf [call site] 00009
5 snmp_set_detail [function] [call site] 00010
4 snmp_set_detail [function] [call site] 00011
4 asn_parse_nlength [function] [call site] 00012
5 asn_parse_length [function] [call site] 00013
6 snmp_set_detail [function] [call site] 00014
6 snprintf [call site] 00015
6 snmp_set_detail [function] [call site] 00016
6 snprintf [call site] 00017
6 snmp_set_detail [function] [call site] 00018
6 snprintf [call site] 00019
6 snmp_set_detail [function] [call site] 00020
4 _asn_short_err [function] [call site] 00021
4 asn_parse_nlength [function] [call site] 00022
4 _asn_short_err [function] [call site] 00023
3 snprintf [call site] 00024
3 snmp_set_detail [function] [call site] 00025
2 snmp_get_do_debugging [function] [call site] 00026
2 asn_parse_string [function] [call site] 00027
3 snmp_set_detail [function] [call site] 00028
3 _asn_short_err [function] [call site] 00029
3 _asn_type_err [function] [call site] 00030
4 snprintf [call site] 00031
4 snmp_set_detail [function] [call site] 00032
3 asn_parse_nlength [function] [call site] 00033
3 _asn_short_err [function] [call site] 00034
3 _asn_length_err [function] [call site] 00035
4 snprintf [call site] 00036
4 snmp_set_detail [function] [call site] 00037
3 snmp_get_do_debugging [function] [call site] 00038
3 snmp_get_do_debugging [function] [call site] 00039
3 sprint_realloc_asciistring [function] [call site] 00040
4 __ctype_b_loc [call site] 00041
4 snmp_realloc [function] [call site] 00042
5 realloc [call site] 00043
4 snmp_realloc [function] [call site] 00044
4 snmp_realloc [function] [call site] 00045
4 snmp_realloc [function] [call site] 00046
3 snmp_get_do_debugging [function] [call site] 00047
3 snmp_get_do_debugging [function] [call site] 00048
3 snmp_get_do_debugging [function] [call site] 00049
2 snmp_get_do_debugging [function] [call site] 00050
2 snmp_set_detail [function] [call site] 00051
2 snmp_get_do_debugging [function] [call site] 00052
2 asn_parse_string [function] [call site] 00053
2 snmp_get_do_debugging [function] [call site] 00054
2 snmp_set_detail [function] [call site] 00055
2 netsnmp_memdup [function] [call site] 00056
2 strdup [call site] 00057
2 snmp_set_detail [function] [call site] 00058
2 asn_parse_header [function] [call site] 00059
1 snmp_free_pdu [function] [call site] 00060
2 free_securityStateRef [function] [call site] 00061
3 find_sec_mod [function] [call site] 00062
3 snmp_log [function] [call site] 00063
4 snmp_vlog [function] [call site] 00064
5 vasprintf [call site] 00065
5 snmp_log_string [function] [call site] 00066
6 netsnmp_set_line_buffering [function] [call site] 00067
7 setvbuf [call site] 00068
6 log_handler_stdouterr [function] [call site] 00069
7 netsnmp_ds_get_boolean [function] [call site] 00070
7 sprintf_stamp [function] [call site] 00071
8 time [call site] 00072
8 localtime [call site] 00073
8 sprintf [call site] 00074
7 strcpy [call site] 00075
7 strrchr [call site] 00076
7 printf [call site] 00077
7 fprintf [call site] 00078
6 log_handler_stdouterr [function] [call site] 00079
5 snmp_log_string [function] [call site] 00080
3 snmp_log [function] [call site] 00081
2 find_sec_mod [function] [call site] 00082
2 snmp_free_varbind [function] [call site] 00083
3 snmp_free_var [function] [call site] 00084
4 snmp_free_var_internals [function] [call site] 00085