High level conclusions

Fuzzers reach 66.71% of cyclomatic complexity.

Fuzzers reach 59.52% of all functions.

Fuzzer snmp_parse_fuzzer is blocked:

The runtime code coverage of snmp_parse_fuzzer covers 22.38% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer snmp_config_fuzzer is blocked:

The runtime code coverage of snmp_config_fuzzer covers 24.84% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer snmp_scoped_pdu_parse_fuzzer is blocked:

The runtime code coverage of snmp_scoped_pdu_parse_fuzzer covers 27.27% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer read_objid_fuzzer is blocked:

The runtime code coverage of read_objid_fuzzer covers 25.0% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer snmp_transport_fuzzer is blocked:

The runtime code coverage of snmp_transport_fuzzer covers 22.72% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer snmp_parse_oid_fuzzer is blocked:

The runtime code coverage of snmp_parse_oid_fuzzer covers 27.65% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Reachability and coverage overview

Functions statically reachable by fuzzers

1287 / 2162

Cyclomatic complexity statically reachable by fuzzers

12776 / 19149

Runtime code coverage of functions

798 / 2162

The following table shows data about each function in the project. The functions included in this table correspond to all functions that exist in the executables of the fuzzers. As such, there may be functions that are from third-party libraries.

For further technical details on the meaning of columns in the below table, please see the Glossary .

Func name	Functions filename	Args	Function call depth	Reached by Fuzzers	Fuzzers runtime hit	Func lines hit %	I Count	BB Count	Cyclomatic complexity	Functions reached	Reached by functions	Accumulated cyclomatic complexity	Undiscovered complexity

Fuzzer: parse_octet_hint_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	24	75.0%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	7	21.8%
lawngreen	50+	1	3.12%
All colors	32	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
0	0	1 : View List ['free']	0	0	parse_octet_hint	call site: 00031	/src/net-snmp/snmplib/mib.c:6327

Runtime coverage analysis

Covered functions

5

Functions that are reachable but not covered

9

Reachable functions

13

Percentage of reachable functions covered

30.77%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
testing/fuzzing/parse_octet_hint_fuzzer.c	1
snmplib/mib.c	6

Fuzzer: snmp_config_mem_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	833	86.2%
gold	[1:9]	51	5.27%
yellow	[10:29]	7	0.72%
greenyellow	[30:49]	4	0.41%
lawngreen	50+	71	7.34%
All colors	966	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
260	262	5 : View List ['debugmsgtoken', 'debugmsg', 'snmp_get_do_debugging', 'malloc', 'strlen']	260	343	netsnmp_set_mib_directory	call site: 00272	/src/net-snmp/snmplib/mib.c:2533
9	9	1 : View List ['sprintf_stamp']	11	11	log_handler_stdouterr	call site: 00027	/src/net-snmp/snmplib/snmp_logging.c:1098
2	2	1 : View List ['strcmp']	2	2	find_tree_node	call site: 00166	/src/net-snmp/snmplib/parse.c:1252
0	48	1 : View List ['snmp_log']	0	1110	read_module_replacements	call site: 00258	/src/net-snmp/snmplib/parse.c:3874
0	0	None	768	1076	netsnmp_get_mib_directory	call site: 00268	/src/net-snmp/snmplib/mib.c:2590
0	0	None	264	2094	read_config_read_memory	call site: 00001	/src/net-snmp/snmplib/read_config.c:2278
0	0	1 : View List ['malloc']	258	1675	read_config_read_objid_const	call site: 00050	/src/net-snmp/snmplib/read_config.c:2157
0	0	None	258	269	copy_nword_const	call site: 00003	/src/net-snmp/snmplib/read_config.c:1868
0	0	None	256	402	print_error	call site: 00109	/src/net-snmp/snmplib/parse.c:781
0	0	None	95	206	_add_strings_to_oid	call site: 00885	/src/net-snmp/snmplib/mib.c:5349
0	0	1 : View List ['malloc']	2	103	read_config_read_octet_string_const	call site: 00044	/src/net-snmp/snmplib/read_config.c:2098
0	0	1 : View List ['malloc']	2	11	read_config_read_octet_string_const	call site: 00038	/src/net-snmp/snmplib/read_config.c:2050

Runtime coverage analysis

Covered functions

50

Functions that are reachable but not covered

101

Reachable functions

150

Percentage of reachable functions covered

32.67%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
testing/fuzzing/snmp_config_mem_fuzzer.c	1
snmplib/read_config.c	11
snmplib/snmp_debug.c	1
snmplib/snmp_logging.c	7
snmplib/default_store.c	4
snmplib/mib.c	15
snmplib/parse.c	62
snmplib/tools.c	1
snmplib/strlcpy.c	1
snmplib/strlcat.c	1
snmplib/snmp_api.c	1
snmplib/int64.c	5

Fuzzer: snmp_print_var_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	1019	76.9%
gold	[1:9]	82	6.18%
yellow	[10:29]	49	3.69%
greenyellow	[30:49]	4	0.30%
lawngreen	50+	171	12.9%
All colors	1325	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1066	1066	3 : View List ['strtok_r', 'free', 'read_mib']	1846	1856	netsnmp_init_mib	call site: 00000	/src/net-snmp/snmplib/mib.c:2794
260	262	5 : View List ['debugmsgtoken', 'debugmsg', 'snmp_get_do_debugging', 'malloc', 'strlen']	260	343	netsnmp_set_mib_directory	call site: 00260	/src/net-snmp/snmplib/mib.c:2534
199	199	3 : View List ['strrchr', 'add_mibfile', 'free']	199	199	add_mibdir	call site: 00000	/src/net-snmp/snmplib/parse.c:5073
197	197	1 : View List ['add_mibfile']	4724	6207	netsnmp_init_mib	call site: 00000	/src/net-snmp/snmplib/mib.c:2701
15	15	1 : View List ['printI64']	15	96	sprint_realloc_counter64	call site: 01118	/src/net-snmp/snmplib/mib.c:959
12	23	3 : View List ['sprint_char', 'strlen', 'snmp_realloc']	12	23	_sprint_hexstring_line	call site: 01022	/src/net-snmp/snmplib/mib.c:328
9	9	1 : View List ['sprintf_stamp']	11	11	log_handler_stdouterr	call site: 00068	/src/net-snmp/snmplib/snmp_logging.c:1098
2	831	3 : View List ['memchr', 'sprint_realloc_octet_string', 'snmp_realloc']	2	1116	sprint_realloc_octet_string	call site: 00975	/src/net-snmp/snmplib/mib.c:475
2	2	1 : View List ['strlen']	2	29	sprint_realloc_hinted_integer	call site: 01138	/src/net-snmp/snmplib/mib.c:1298
2	2	1 : View List ['strcmp']	2	2	find_tree_node	call site: 00154	/src/net-snmp/snmplib/parse.c:1252
2	2	1 : View List ['strlen']	2	2	strlcat	call site: 00453	/src/net-snmp/snmplib/strlcat.c:53
0	707	2 : View List ['sprint_realloc_by_type', 'netsnmp_ds_get_boolean']	0	734	sprint_realloc_null	call site: 01070	/src/net-snmp/snmplib/mib.c:1772

Runtime coverage analysis

Covered functions

82

Functions that are reachable but not covered

108

Reachable functions

184

Percentage of reachable functions covered

41.3%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
testing/fuzzing/snmp_print_var_fuzzer.c	1
testing/fuzzing/ada_fuzz_header.h	4
snmplib/default_store.c	5
snmplib/snmp_debug.c	1
snmplib/mib.c	49
snmplib/parse.c	63
snmplib/snmp_logging.c	7
snmplib/tools.c	3
snmplib/strlcpy.c	1
snmplib/strlcat.c	1
snmplib/snmp_api.c	1
snmplib/../include/net-snmp/library/tools.h	1
snmplib/int64.c	5

Fuzzer: snmp_parse_oid_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	834	88.4%
gold	[1:9]	50	5.30%
yellow	[10:29]	4	0.42%
greenyellow	[30:49]	1	0.10%
lawngreen	50+	54	5.72%
All colors	943	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
260	262	5 : View List ['debugmsgtoken', 'debugmsg', 'snmp_get_do_debugging', 'malloc', 'strlen']	260	343	netsnmp_set_mib_directory	call site: 00246	/src/net-snmp/snmplib/mib.c:2533
9	9	1 : View List ['sprintf_stamp']	11	11	log_handler_stdouterr	call site: 00054	/src/net-snmp/snmplib/snmp_logging.c:1098
2	2	1 : View List ['strcmp']	2	2	find_tree_node	call site: 00140	/src/net-snmp/snmplib/parse.c:1252
0	1275	1 : View List ['get_node']	0	1275	read_objid	call site: 00930	/src/net-snmp/snmplib/mib.c:3007
0	48	1 : View List ['snmp_log']	0	1110	read_module_replacements	call site: 00232	/src/net-snmp/snmplib/parse.c:3874
0	0	None	768	1076	netsnmp_get_mib_directory	call site: 00242	/src/net-snmp/snmplib/mib.c:2590
0	0	None	256	402	print_error	call site: 00082	/src/net-snmp/snmplib/parse.c:781
0	0	None	95	206	_add_strings_to_oid	call site: 00859	/src/net-snmp/snmplib/mib.c:5349
0	0	1 : View List ['free']	2	2	netsnmp_ds_set_string	call site: 00252	/src/net-snmp/snmplib/default_store.c:295
0	0	None	2	2	name_hash	call site: 00016	/src/net-snmp/snmplib/parse.c:691
0	0	None	0	1312	snmp_parse_oid	call site: 00918	/src/net-snmp/snmplib/mib.c:6077
0	0	None	0	1259	get_node	call site: 00915	/src/net-snmp/snmplib/mib.c:5731

Runtime coverage analysis

Covered functions

40

Functions that are reachable but not covered

102

Reachable functions

141

Percentage of reachable functions covered

27.66%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
testing/fuzzing/snmp_parse_oid_fuzzer.c	1
snmplib/mib.c	19
snmplib/default_store.c	4
snmplib/snmp_debug.c	1
snmplib/parse.c	64
snmplib/snmp_logging.c	7
snmplib/tools.c	1
snmplib/strlcpy.c	1
snmplib/strlcat.c	1
snmplib/snmp_api.c	1

Fuzzer: snmp_transport_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	616	68.9%
gold	[1:9]	48	5.37%
yellow	[10:29]	20	2.23%
greenyellow	[30:49]	10	1.11%
lawngreen	50+	199	22.2%
All colors	893	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
514	518	4 : View List ['snmp_get_do_debugging', 'debugmsg', 'debugmsgtoken', 'freeaddrinfo']	514	518	netsnmp_resolve_v6_hostname	call site: 00736	/src/net-snmp/snmplib/transports/snmpIPv6BaseDomain.c:200
256	258	3 : View List ['snmp_get_do_debugging', 'debugmsg', 'debugmsgtoken']	256	258	netsnmp_gethostbyname_v4	call site: 00839	/src/net-snmp/snmplib/system.c:790
96	96	1 : View List ['snmp_log']	96	96	_callback_lock	call site: 00148	/src/net-snmp/snmplib/callback.c:141
87	87	4 : View List ['netsnmp_gethostbyaddr', 'netsnmp_if_indextoname', 'inet_ntop', 'ntohs']	89	89	netsnmp_ipv6_fmtaddr	call site: 00694	/src/net-snmp/snmplib/transports/snmpIPv6BaseDomain.c:137
62	62	2 : View List ['CONTAINER_FREE', 'CONTAINER_CLEAR']	62	62	netsnmp_transport_filter_cleanup	call site: 00889	/src/net-snmp/snmplib/snmp_transport.c:367
9	9	1 : View List ['sprintf_stamp']	11	11	log_handler_stdouterr	call site: 00050	/src/net-snmp/snmplib/snmp_logging.c:1098
2	132	3 : View List ['strchr', 'internal_register_config_handler', 'strlcpy']	2	132	internal_register_config_handler	call site: 00014	/src/net-snmp/snmplib/read_config.c:165
0	56	1 : View List ['config_perror']	0	56	create_com2Sec6Entry	call site: 00794	/src/net-snmp/snmplib/transports/snmpUDPIPv6Domain.c:795
0	0	None	834	1049	netsnmp_sockaddr_in6_3	call site: 00709	/src/net-snmp/snmplib/transports/snmpIPv6BaseDomain.c:273
0	0	None	595	609	netsnmp_getaddrinfo	call site: 00737	/src/net-snmp/snmplib/system.c:853
0	0	None	532	544	netsnmp_getaddrinfo	call site: 00739	/src/net-snmp/snmplib/system.c:858
0	0	None	528	691	netsnmp_sockaddr_in6_3	call site: 00712	/src/net-snmp/snmplib/transports/snmpIPv6BaseDomain.c:289

Runtime coverage analysis

Covered functions

71

Functions that are reachable but not covered

238

Reachable functions

308

Percentage of reachable functions covered

22.73%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
testing/fuzzing/snmp_transport_fuzzer.c	1
testing/fuzzing/ada_fuzz_header.h	4
snmplib/default_store.c	9
snmplib/snmp_debug.c	1
snmplib/snmp_transport.c	11
snmplib/read_config.c	15
snmplib/strlcpy.c	1
snmplib/snmp_logging.c	6
snmplib/container.c	9
snmplib/transports/snmpTLSBaseDomain.c	4
snmplib/snmp_openssl.c	9
snmplib/callback.c	5
snmplib/cert_util.c	39
snmplib/tools.c	4
snmplib/system.c	4
snmplib/snmp_enum.c	7
snmplib/dir_utils.c	3
snmplib/file_utils.c	5
snmplib/data_list.c	4
snmplib/transports/snmpTLSTCPDomain.c	1
snmplib/snmp_api.c	1
snmplib/transports/snmpDTLSUDPDomain.c	1
snmplib/transports/snmpUDPsharedDomain.c	1
snmplib/transports/snmpSTDDomain.c	1
snmplib/transports/snmpIPXDomain.c	1
snmplib/transports/snmpAAL5PVCDomain.c	1
snmplib/transports/snmpUDPIPv6Domain.c	3
snmplib/transports/snmpTCPIPv6Domain.c	1
snmplib/transports/snmpUDPDomain.c	6
snmplib/transports/snmpTCPDomain.c	1
snmplib/transports/snmpAliasDomain.c	2
snmplib/transports/snmpUnixDomain.c	2
snmplib/transports/snmpIPv6BaseDomain.c	7
snmplib/transports/snmpIPBaseDomain.c	2

Fuzzer: snmp_pdu_parse_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	67	28.1%
gold	[1:9]	4	1.68%
yellow	[10:29]	22	9.24%
greenyellow	[30:49]	17	7.14%
lawngreen	50+	128	53.7%
All colors	238	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
9	9	1 : View List ['sprintf_stamp']	11	11	log_handler_stdouterr	call site: 00104	/src/net-snmp/snmplib/snmp_logging.c:1098
0	13	1 : View List ['_asn_size_err']	0	13	asn_parse_int	call site: 00064	/src/net-snmp/snmplib/asn1.c:581
0	13	1 : View List ['_asn_size_err']	0	13	asn_parse_unsigned_int	call site: 00078	/src/net-snmp/snmplib/asn1.c:670
0	13	1 : View List ['_asn_type_err']	0	13	asn_parse_bitstring	call site: 00209	/src/net-snmp/snmplib/asn1.c:1848
0	13	1 : View List ['_asn_short_err']	0	13	asn_parse_bitstring	call site: 00211	/src/net-snmp/snmplib/asn1.c:1854
0	13	1 : View List ['_asn_length_err']	0	13	asn_parse_bitstring	call site: 00212	/src/net-snmp/snmplib/asn1.c:1859
0	13	1 : View List ['_asn_size_err']	0	13	asn_parse_unsigned_int64	call site: 00135	/src/net-snmp/snmplib/asn1.c:1969
0	13	1 : View List ['_asn_short_err']	0	13	asn_parse_unsigned_int64	call site: 00144	/src/net-snmp/snmplib/asn1.c:2025
0	13	1 : View List ['_asn_size_err']	0	13	asn_parse_signed_int64	call site: 00183	/src/net-snmp/snmplib/asn1.c:2240
0	13	1 : View List ['_asn_short_err']	0	13	asn_parse_signed_int64	call site: 00191	/src/net-snmp/snmplib/asn1.c:2282
0	13	1 : View List ['_asn_short_err']	0	13	asn_parse_float	call site: 00162	/src/net-snmp/snmplib/asn1.c:2496
0	13	1 : View List ['_asn_short_err']	0	13	asn_parse_double	call site: 00176	/src/net-snmp/snmplib/asn1.c:2686

Runtime coverage analysis

Covered functions

41

Functions that are reachable but not covered

75

Reachable functions

115

Percentage of reachable functions covered

34.78%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
testing/fuzzing/snmp_pdu_parse_fuzzer.c	1
snmplib/snmp_api.c	10
snmplib/asn1.c	18
snmplib/strlcpy.c	1
snmplib/snmp_debug.c	1
snmplib/tools.c	2
snmplib/mib.c	1
snmplib/snmp_logging.c	6
snmplib/default_store.c	1
snmplib/snmp.c	1
snmplib/snmp_client.c	1
snmplib/int64.c	5
snmplib/snmp_secmod.c	1

Fuzzer: snmp_mib_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	107	12.5%
gold	[1:9]	83	9.76%
yellow	[10:29]	20	2.35%
greenyellow	[30:49]	19	2.23%
lawngreen	50+	621	73.0%
All colors	850	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
260	262	5 : View List ['debugmsgtoken', 'debugmsg', 'snmp_get_do_debugging', 'malloc', 'strlen']	260	343	netsnmp_set_mib_directory	call site: 00258	/src/net-snmp/snmplib/mib.c:2533
258	313	7 : View List ['snmp_get_do_debugging', 'debugmsgtoken', 'snmp_log', 'strdup', 'debugmsg', 'free', 'netsnmp_ds_get_int']	258	313	new_module	call site: 00085	/src/net-snmp/snmplib/parse.c:4294
72	72	1 : View List ['dump_module_list']	844	1569	do_linkup	call site: 00139	/src/net-snmp/snmplib/parse.c:1724
61	61	2 : View List ['__errno_location', 'snmp_log_perror']	61	61	read_module_internal	call site: 00124	/src/net-snmp/snmplib/parse.c:3957
57	57	1 : View List ['snmp_log_perror']	57	57	read_mib	call site: 00006	/src/net-snmp/snmplib/parse.c:5101
9	9	1 : View List ['sprintf_stamp']	11	11	log_handler_stdouterr	call site: 00016	/src/net-snmp/snmplib/snmp_logging.c:1098
2	2	1 : View List ['strdup']	2	1611	parse_moduleIdentity	call site: 00767	/src/net-snmp/snmplib/parse.c:3583
2	2	1 : View List ['strlen']	2	2	strlcat	call site: 00440	/src/net-snmp/snmplib/strlcat.c:53
0	52	1 : View List ['free_node']	0	52	parse_trapDefinition	call site: 00567	/src/net-snmp/snmplib/parse.c:3046
0	48	1 : View List ['snmp_log']	0	1184	read_import_replacements	call site: 00239	/src/net-snmp/snmplib/parse.c:3910
0	48	1 : View List ['snmp_log']	0	1110	read_module_replacements	call site: 00244	/src/net-snmp/snmplib/parse.c:3874
0	48	1 : View List ['snmp_log']	0	48	parse_macro	call site: 00307	/src/net-snmp/snmplib/parse.c:3659

Runtime coverage analysis

Covered functions

80

Functions that are reachable but not covered

41

Reachable functions

120

Percentage of reachable functions covered

65.83%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
testing/fuzzing/snmp_mib_fuzzer.c	1
snmplib/parse.c	63
snmplib/snmp_logging.c	7
snmplib/default_store.c	4
snmplib/snmp_debug.c	1
snmplib/mib.c	3
snmplib/tools.c	1
snmplib/strlcpy.c	1
snmplib/strlcat.c	1

Fuzzer: agentx_parse_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	126	26.8%
gold	[1:9]	4	0.85%
yellow	[10:29]	21	4.46%
greenyellow	[30:49]	36	7.65%
lawngreen	50+	283	60.2%
All colors	470	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
260	262	5 : View List ['snmp_get_do_debugging', 'debugmsgtoken', 'free', 'DH_free', 'debugmsg']	260	262	usm_free_user	call site: 00466	/src/net-snmp/snmplib/snmpusm.c:748
192	192	1 : View List ['snmp_log']	192	192	snmp_set_var_value	call site: 00102	/src/net-snmp/snmplib/snmp_client.c:842
48	48	1 : View List ['snmp_log']	48	48	snmp_set_var_value	call site: 00123	/src/net-snmp/snmplib/snmp_client.c:920
48	48	1 : View List ['snmp_log']	48	48	snmp_set_var_value	call site: 00125	/src/net-snmp/snmplib/snmp_client.c:940
48	48	1 : View List ['snmp_log']	48	48	snmp_set_var_value	call site: 00126	/src/net-snmp/snmplib/snmp_client.c:966
48	48	1 : View List ['snmp_log']	48	48	snmp_set_var_value	call site: 00127	/src/net-snmp/snmplib/snmp_client.c:977
48	48	1 : View List ['snmp_log']	48	48	snmp_set_var_value	call site: 00128	/src/net-snmp/snmplib/snmp_client.c:987
0	12	1 : View List ['snmp_free_var']	0	12	snmp_varlist_add_variable	call site: 00101	/src/net-snmp/snmplib/snmp_api.c:7322
0	0	None	11990	22368	_agentx_realloc_build	call site: 00212	/src/net-snmp/agent/mibgroup/agentx/protocol.c:705
0	0	None	6626	15657	agentx_parse	call site: 00003	/src/net-snmp/agent/mibgroup/agentx/protocol.c:1588
0	0	None	3900	8708	agentx_realloc_build_varbind	call site: 00366	/src/net-snmp/agent/mibgroup/agentx/protocol.c:392
0	0	None	3900	8708	agentx_realloc_build_varbind	call site: 00369	/src/net-snmp/agent/mibgroup/agentx/protocol.c:402

Runtime coverage analysis

Covered functions

41

Functions that are reachable but not covered

84

Reachable functions

124

Percentage of reachable functions covered

32.26%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
testing/fuzzing/agentx_parse_fuzzer.c	1
agent/mibgroup/agentx/protocol.c	22
snmplib/snmp_debug.c	2
snmplib/mib.c	1
snmplib/tools.c	1
snmplib/snmp_client.c	4
snmplib/snmp_api.c	9
snmplib/snmp_logging.c	6
snmplib/default_store.c	1
snmplib/strlcpy.c	1
snmplib/snmp_secmod.c	1
snmplib/snmpusm.c	1

Fuzzer: read_objid_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	827	90.1%
gold	[1:9]	50	5.45%
yellow	[10:29]	2	0.21%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	38	4.14%
All colors	917	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
260	262	5 : View List ['debugmsgtoken', 'debugmsg', 'snmp_get_do_debugging', 'malloc', 'strlen']	260	343	netsnmp_set_mib_directory	call site: 00239	/src/net-snmp/snmplib/mib.c:2533
9	9	1 : View List ['sprintf_stamp']	11	11	log_handler_stdouterr	call site: 00047	/src/net-snmp/snmplib/snmp_logging.c:1098
2	2	1 : View List ['strcmp']	2	2	find_tree_node	call site: 00133	/src/net-snmp/snmplib/parse.c:1252
0	48	1 : View List ['snmp_log']	0	1110	read_module_replacements	call site: 00225	/src/net-snmp/snmplib/parse.c:3874
0	0	None	768	1076	netsnmp_get_mib_directory	call site: 00235	/src/net-snmp/snmplib/mib.c:2590
0	0	None	256	402	print_error	call site: 00075	/src/net-snmp/snmplib/parse.c:781
0	0	None	95	206	_add_strings_to_oid	call site: 00851	/src/net-snmp/snmplib/mib.c:5349
0	0	1 : View List ['free']	2	2	netsnmp_ds_set_string	call site: 00245	/src/net-snmp/snmplib/default_store.c:295
0	0	None	2	2	name_hash	call site: 00009	/src/net-snmp/snmplib/parse.c:691
0	0	None	0	2518	get_node	call site: 00003	/src/net-snmp/snmplib/mib.c:5719
0	0	None	0	1259	get_node	call site: 00907	/src/net-snmp/snmplib/mib.c:5731
0	0	None	0	41	snmp_vlog	call site: 00042	/src/net-snmp/snmplib/snmp_logging.c:1376

Runtime coverage analysis

Covered functions

34

Functions that are reachable but not covered

99

Reachable functions

132

Percentage of reachable functions covered

25.0%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
testing/fuzzing/read_objid_fuzzer.c	1
snmplib/mib.c	15
snmplib/parse.c	62
snmplib/snmp_debug.c	1
snmplib/snmp_logging.c	7
snmplib/default_store.c	4
snmplib/tools.c	1
snmplib/strlcpy.c	1
snmplib/strlcat.c	1
snmplib/snmp_api.c	1

Fuzzer: snmp_api_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	1251	57.9%
gold	[1:9]	102	4.72%
yellow	[10:29]	68	3.14%
greenyellow	[30:49]	78	3.61%
lawngreen	50+	660	30.5%
All colors	2159	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
4208	8109	17 : View List ['debugmsgtoken', 'asn_build_sequence', 'snmp_pdu_realloc_rbuild', 'debugmsg', 'snmp_get_do_debugging', 'snmp_pdu_build', 'debug_indent_add', 'asn_realloc_rbuild_sequence', 'asn_build_int', 'asn_realloc_rbuild_int', 'netsnmp_memdup', 'asn_realloc_rbuild_string', 'snmp_pdu_type', 'debug_is_token_registered', 'debug_indent_get', 'asn_build_string', 'free']	4208	8109	_snmp_build	call site: 02055	/src/net-snmp/snmplib/snmp_api.c:3017
260	262	5 : View List ['debugmsgtoken', 'debugmsg', 'snmp_get_do_debugging', 'malloc', 'strlen']	260	343	netsnmp_set_mib_directory	call site: 00475	/src/net-snmp/snmplib/mib.c:2533
256	273	4 : View List ['snmp_free_varbind', 'debugmsg', 'debugmsgtoken', 'snmp_get_do_debugging']	256	301	snmp_pdu_build	call site: 01375	/src/net-snmp/snmplib/snmp_api.c:3487
105	105	1 : View List ['snmp_call_callbacks']	3142	3575	_snmp_parse	call site: 01718	/src/net-snmp/snmplib/snmp_api.c:4452
19	163	3 : View List ['se_find_label_in_slist', 'strcmp', 'snmp_log']	19	163	register_sec_mod	call site: 00000	/src/net-snmp/snmplib/snmp_secmod.c:92
6	139	5 : View List ['snmp_realloc', 'snmp_pdu_add_variable', 'strcmp', 'strtoul', 'strtok_r']	6	175	snmp_add_var	call site: 01198	/src/net-snmp/snmplib/snmp_api.c:7687
2	2	1 : View List ['strcmp']	2	2	find_tree_node	call site: 00369	/src/net-snmp/snmplib/parse.c:1252
0	1275	1 : View List ['get_node']	0	1275	read_objid	call site: 01157	/src/net-snmp/snmplib/mib.c:3007
0	1168	3 : View List ['asn_realloc_rbuild_objid', 'asn_realloc_rbuild_string', 'asn_realloc_rbuild_unsigned_int']	2505	4726	snmp_pdu_realloc_rbuild	call site: 01952	/src/net-snmp/snmplib/snmp_api.c:3615
0	96	1 : View List ['store_byte']	1222	1461	asn_realloc_rbuild_objid	call site: 01886	/src/net-snmp/snmplib/asn1.c:3308
0	48	1 : View List ['snmp_log']	0	1110	read_module_replacements	call site: 00461	/src/net-snmp/snmplib/parse.c:3874
0	48	1 : View List ['snmp_log']	0	48	snmp_set_var_value	call site: 00124	/src/net-snmp/snmplib/snmp_client.c:920

Runtime coverage analysis

Covered functions

162

Functions that are reachable but not covered

189

Reachable functions

347

Percentage of reachable functions covered

45.53%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
testing/fuzzing/snmp_api_fuzzer.c	1
testing/fuzzing/ada_fuzz_header.h	7
agent/mibgroup/agentx/protocol.c	11
snmplib/snmp_debug.c	5
snmplib/mib.c	20
snmplib/tools.c	7
snmplib/snmp_client.c	11
snmplib/snmp_api.c	43
snmplib/snmp_logging.c	7
snmplib/default_store.c	5
snmplib/strlcpy.c	1
snmplib/int64.c	9
snmplib/parse.c	64
snmplib/strlcat.c	1
snmplib/asn1.c	50
snmplib/snmp.c	4
snmplib/snmp_secmod.c	1
snmplib/snmp_auth.c	1
snmplib/callback.c	4
snmplib/snmpv3.c	3
snmplib/snmp_enum.c	3
snmplib/snmp_transport.c	2

Fuzzer: snmp_scoped_pdu_parse_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	53	61.6%
gold	[1:9]	7	8.13%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	2	2.32%
lawngreen	50+	24	27.9%
All colors	86	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
617	855	10 : View List ['asn_parse_string', 'debugmsgtoken', 'debug_is_token_registered', 'strdup', 'debugmsg', 'debug_indent_get', 'snmp_get_do_debugging', 'asn_parse_header', 'debug_indent_add', 'netsnmp_memdup']	617	873	snmpv3_scopedPDU_parse	call site: 00050	/src/net-snmp/snmplib/snmp_api.c:4980
0	0	None	96	99	free_securityStateRef	call site: 00061	/src/net-snmp/snmplib/snmp_api.c:4113
0	0	None	0	106	asn_parse_header	call site: 00004	/src/net-snmp/snmplib/asn1.c:1082
0	0	None	0	74	snmp_free_pdu	call site: 00060	/src/net-snmp/snmplib/snmp_api.c:5585
0	0	None	0	27	asn_parse_length	call site: 00013	/src/net-snmp/snmplib/asn1.c:1307
0	0	None	0	15	snmp_free_pdu	call site: 00082	/src/net-snmp/snmplib/snmp_api.c:5591
0	0	None	0	0	asn_parse_nlength	call site: 00012	/src/net-snmp/snmplib/asn1.c:330
0	0	None	0	0	asn_parse_nlength	call site: 00012	/src/net-snmp/snmplib/asn1.c:333
0	0	None	0	0	asn_parse_length	call site: 00014	/src/net-snmp/snmplib/asn1.c:1313
0	0	None	0	0	strlcpy	call site: 00007	/src/net-snmp/snmplib/strlcpy.c:30
0	0	None	0	0	strlcpy	call site: 00007	/src/net-snmp/snmplib/strlcpy.c:34

Runtime coverage analysis

Covered functions

16

Functions that are reachable but not covered

40

Reachable functions

55

Percentage of reachable functions covered

27.27%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
testing/fuzzing/snmp_scoped_pdu_parse_fuzzer.c	1
snmplib/snmp_api.c	7
snmplib/asn1.c	8
snmplib/strlcpy.c	1
snmplib/snmp_debug.c	1
snmplib/mib.c	1
snmplib/tools.c	2
snmplib/snmp_secmod.c	1
snmplib/snmp_logging.c	6
snmplib/default_store.c	1

Fuzzer: snmp_config_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	871	90.6%
gold	[1:9]	8	0.83%
yellow	[10:29]	3	0.31%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	79	8.22%
All colors	961	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1292	2430	7 : View List ['stat', 'debugmsgtoken', 'read_config', 'debugmsg', 'snmp_get_do_debugging', 'strncmp', 'strlen']	1292	2430	read_config_files_in_path	call site: 00000	/src/net-snmp/snmplib/read_config.c:1353
1154	1154	2 : View List ['new_module', 'netsnmp_read_module']	1156	1156	read_mib	call site: 00071	/src/net-snmp/snmplib/parse.c:5108
264	266	5 : View List ['debugmsgtoken', 'debugmsg', 'strerror', 'snmp_get_do_debugging', '__errno_location']	264	266	read_config	call site: 00000	/src/net-snmp/snmplib/read_config.c:791
9	9	1 : View List ['sprintf_stamp']	11	11	log_handler_stdouterr	call site: 00054	/src/net-snmp/snmplib/snmp_logging.c:1098
2	132	3 : View List ['strchr', 'internal_register_config_handler', 'strlcpy']	2	132	internal_register_config_handler	call site: 00005	/src/net-snmp/snmplib/read_config.c:165
2	2	1 : View List ['__errno_location']	2	50	snmp_log_perror	call site: 00046	/src/net-snmp/snmplib/snmp_logging.c:1412
2	2	1 : View List ['strlen']	2	2	strlcat	call site: 00476	/src/net-snmp/snmplib/strlcat.c:53
0	5	1 : View List ['netsnmp_ds_get_string']	530	669	internal_register_config_handler	call site: 00003	/src/net-snmp/snmplib/read_config.c:157
0	0	None	1292	2430	read_config_files_in_path	call site: 00000	/src/net-snmp/snmplib/read_config.c:1296
0	0	None	1292	2430	read_config_files_in_path	call site: 00000	/src/net-snmp/snmplib/read_config.c:1325
0	0	None	1292	2430	read_config_files_in_path	call site: 00000	/src/net-snmp/snmplib/read_config.c:1345
0	0	None	1292	2430	read_config_files_in_path	call site: 00000	/src/net-snmp/snmplib/read_config.c:1350

Runtime coverage analysis

Covered functions

41

Functions that are reachable but not covered

121

Reachable functions

161

Percentage of reachable functions covered

24.84%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
testing/fuzzing/snmp_config_fuzzer.c	1
snmplib/mib.c	8
snmplib/read_config.c	10
snmplib/default_store.c	9
snmplib/strlcpy.c	1
snmplib/snmp_debug.c	1
snmplib/parse.c	63
snmplib/snmp_logging.c	7
snmplib/tools.c	1
snmplib/strlcat.c	1

Fuzzer: snmp_parse_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	713	74.1%
gold	[1:9]	17	1.76%
yellow	[10:29]	20	2.07%
greenyellow	[30:49]	14	1.45%
lawngreen	50+	198	20.5%
All colors	962	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
204	204	1 : View List ['snmp_parse_version']	5677	8691	_snmp_parse	call site: 00337	/src/net-snmp/snmplib/snmp_api.c:4361
19	163	3 : View List ['se_find_label_in_slist', 'strcmp', 'snmp_log']	19	163	register_sec_mod	call site: 00000	/src/net-snmp/snmplib/snmp_secmod.c:92
9	9	1 : View List ['sprintf_stamp']	11	11	log_handler_stdouterr	call site: 00068	/src/net-snmp/snmplib/snmp_logging.c:1098
0	13	1 : View List ['_asn_size_err']	0	13	asn_parse_int	call site: 00031	/src/net-snmp/snmplib/asn1.c:581
0	13	1 : View List ['_asn_size_err']	0	13	asn_parse_unsigned_int	call site: 00179	/src/net-snmp/snmplib/asn1.c:670
0	13	1 : View List ['_asn_type_err']	0	13	asn_parse_bitstring	call site: 00290	/src/net-snmp/snmplib/asn1.c:1848
0	13	1 : View List ['_asn_short_err']	0	13	asn_parse_bitstring	call site: 00292	/src/net-snmp/snmplib/asn1.c:1854
0	13	1 : View List ['_asn_length_err']	0	13	asn_parse_bitstring	call site: 00293	/src/net-snmp/snmplib/asn1.c:1859
0	13	1 : View List ['_asn_size_err']	0	13	asn_parse_unsigned_int64	call site: 00216	/src/net-snmp/snmplib/asn1.c:1969
0	13	1 : View List ['_asn_short_err']	0	13	asn_parse_unsigned_int64	call site: 00225	/src/net-snmp/snmplib/asn1.c:2025
0	13	1 : View List ['_asn_size_err']	0	13	asn_parse_signed_int64	call site: 00264	/src/net-snmp/snmplib/asn1.c:2240
0	13	1 : View List ['_asn_short_err']	0	13	asn_parse_signed_int64	call site: 00272	/src/net-snmp/snmplib/asn1.c:2282

Runtime coverage analysis

Covered functions

51

Functions that are reachable but not covered

163

Reachable functions

210

Percentage of reachable functions covered

22.38%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
testing/fuzzing/snmp_parse_fuzzer.c	1
snmplib/snmp_api.c	38
snmplib/snmp_debug.c	4
snmplib/asn1.c	50
snmplib/strlcpy.c	1
snmplib/snmp_logging.c	6
snmplib/default_store.c	3
snmplib/mib.c	1
snmplib/tools.c	3
snmplib/snmp_secmod.c	1
snmplib/snmp.c	4
snmplib/snmp_client.c	10
snmplib/int64.c	5
snmplib/snmp_auth.c	1
snmplib/callback.c	4
snmplib/snmpv3.c	2
snmplib/snmp_enum.c	3
snmplib/snmp_transport.c	2

Fuzzer: snmp_e2e_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	2895	74.3%
gold	[1:9]	636	16.3%
yellow	[10:29]	70	1.79%
greenyellow	[30:49]	26	0.66%
lawngreen	50+	265	6.80%
All colors	3892	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
2229	2229	1 : View List ['_sess_read_accept']	2229	2229	_sess_read	call site: 02892	/src/net-snmp/snmplib/snmp_api.c:6212
1231	1231	6 : View List ['netsnmp_directory_container_free', 'netsnmp_directory_container_read_some', '_certindex_new', '_add_certfile', '_cert_read_index', 'fclose']	1231	2399	_add_certdir	call site: 00221	/src/net-snmp/snmplib/cert_util.c:1645
1136	2233	23 : View List ['strlcat', 'fgets', 'netsnmp_config_warn', 'read_config_get_handlers', 'skip_white', 'realloc', 'copy_nword', 'netsnmp_config_error', 'strcmp', 'free', 'run_config_handler', 'strlcpy', 'strcasecmp', 'opendir', 'readdir', 'strncasecmp', 'closedir', 'read_config', 'strrchr', 'fclose', 'strlen', 'netsnmp_ds_get_boolean', 'read_config_files_of_type']	1136	3265	read_config	call site: 02364	/src/net-snmp/snmplib/read_config.c:783
1066	1066	3 : View List ['strtok_r', 'free', 'read_mib']	1078	1856	netsnmp_init_mib	call site: 02536	/src/net-snmp/snmplib/mib.c:2794
289	805	5 : View List ['snmp_get_do_debugging', 'debugmsgtoken', 'debugmsg', 'snmp_sess_close', 'snmpv3_engineID_probe']	289	805	snmp_sess_add_ex	call site: 02865	/src/net-snmp/snmplib/snmp_api.c:1918
228	228	3 : View List ['calloc', 'snmp_sess_close', 'usm_cloneFrom_user']	228	228	_sess_copy	call site: 02857	/src/net-snmp/snmplib/snmp_api.c:1332
204	204	1 : View List ['snmp_parse_version']	3565	8691	_snmp_parse	call site: 02963	/src/net-snmp/snmplib/snmp_api.c:4361
203	203	1 : View List ['snmp_sess_close']	203	203	snmp_close	call site: 03889	/src/net-snmp/snmplib/snmp_api.c:2122
199	212	4 : View List ['get_default_privtype', 'generate_Ku', 'snmp_perror', 'snmp_duplicate_objid']	205	486	netsnmp_parse_args	call site: 02697	/src/net-snmp/snmplib/snmp_parse_args.c:592
199	199	3 : View List ['strrchr', 'add_mibfile', 'free']	199	199	add_mibdir	call site: 02478	/src/net-snmp/snmplib/parse.c:5073
197	197	1 : View List ['add_mibfile']	3444	6207	netsnmp_init_mib	call site: 02504	/src/net-snmp/snmplib/mib.c:2701
118	118	1 : View List ['netsnmp_transport_free']	118	118	snmp_sess_add_ex	call site: 02795	/src/net-snmp/snmplib/snmp_api.c:1889

Runtime coverage analysis

Covered functions

312

Functions that are reachable but not covered

483

Reachable functions

776

Percentage of reachable functions covered

37.76%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
testing/fuzzing/snmp_e2e_fuzzer.c	2
snmplib/snmp_parse_args.c	3
snmplib/snmp_api.c	75
snmplib/parse.c	70
snmplib/snmp_debug.c	12
snmplib/mib.c	13
snmplib/snmp_transport.c	17
snmplib/transports/snmpTLSBaseDomain.c	4
snmplib/snmp_openssl.c	9
snmplib/default_store.c	11
snmplib/read_config.c	45
snmplib/strlcpy.c	1
snmplib/snmp_logging.c	24
snmplib/callback.c	7
snmplib/cert_util.c	43
snmplib/tools.c	9
snmplib/system.c	3
snmplib/snmp_enum.c	14
snmplib/dir_utils.c	3
snmplib/container.c	16
snmplib/file_utils.c	5
snmplib/data_list.c	4
snmplib/transports/snmpTLSTCPDomain.c	1
snmplib/transports/snmpDTLSUDPDomain.c	1
snmplib/transports/snmpUDPsharedDomain.c	1
snmplib/transports/snmpSTDDomain.c	1
snmplib/transports/snmpIPXDomain.c	1
snmplib/transports/snmpAAL5PVCDomain.c	1
snmplib/transports/snmpUDPIPv6Domain.c	1
snmplib/transports/snmpTCPIPv6Domain.c	1
snmplib/transports/snmpUDPDomain.c	1
snmplib/transports/snmpTCPDomain.c	1
snmplib/transports/snmpAliasDomain.c	2
snmplib/transports/snmpUnixDomain.c	1
snmplib/snmp_service.c	8
snmplib/snmp_version.c	1
snmplib/container_binary_array.c	6
snmplib/container_list_ssll.c	1
snmplib/container_null.c	2
snmplib/strlcat.c	1
snmplib/snmpv3.c	24
snmplib/lcd_time.c	4
snmplib/scapi.c	13
snmplib/snmp_secmod.c	4
snmplib/snmpusm.c	26
snmplib/keytools.c	5
snmplib/snmptsm.c	1
snmplib/snmpksm.c	2
snmplib/snmp_alarm.c	11
snmplib/vacm.c	1
snmplib/large_fd_set.c	9
snmplib/snmp.c	4
snmplib/asn1.c	51
snmplib/snmp_auth.c	1
snmplib/snmp_client.c	10
snmplib/int64.c	5

Fuzzer: snmp_agent_e2e_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	5107	70.4%
gold	[1:9]	121	1.66%
yellow	[10:29]	102	1.40%
greenyellow	[30:49]	43	0.59%
lawngreen	50+	1875	25.8%
All colors	7248	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
7228	7228	1 : View List ['subagent_init']	7228	17577	init_agent	call site: 06701	/src/net-snmp/agent/snmp_vars.c:311
4879	5028	11 : View List ['debugmsgtoken', 'snmp_log', 'debugmsg', 'netsnmp_ds_get_boolean', 'snmpv3_engineID_probe', 'snmp_get_do_debugging', 'free', 'netsnmp_build_packet', 'malloc', 'netsnmp_max_send_msg_size', 'count_varbinds']	4879	5028	_build_initial_pdu_packet	call site: 03513	/src/net-snmp/snmplib/snmp_api.c:5074
3381	3381	1 : View List ['real_init_master']	3604	3784	init_master_agent	call site: 07078	/src/net-snmp/agent/snmp_agent.c:1526
2843	2845	6 : View List ['debugmsgtoken', 'debugmsg', 'clear_tree_flags', 'get_wild_node', 'snmp_get_do_debugging', 'get_node']	2843	2845	snmp_parse_oid	call site: 04771	/src/net-snmp/snmplib/mib.c:6084
2275	4774	6 : View List ['snmp_call_callbacks', 'snmp_send', 'netsnmp_remove_and_free_agent_snmp_session', 'snmp_free_pdu', 'send_easy_trap', 'snmp_increment_statistic']	2275	4774	handle_snmp_packet	call site: 04067	/src/net-snmp/agent/snmp_agent.c:2248
1859	1859	1 : View List ['_sess_async_send']	1859	1859	snmp_sess_async_send	call site: 03511	/src/net-snmp/snmplib/snmp_api.c:5522
1292	2430	7 : View List ['stat', 'debugmsgtoken', 'read_config', 'debugmsg', 'snmp_get_do_debugging', 'strncmp', 'strlen']	1292	2430	read_config_files_in_path	call site: 01102	/src/net-snmp/snmplib/read_config.c:1353
1275	1275	1 : View List ['get_node']	1275	1275	read_objid	call site: 04771	/src/net-snmp/snmplib/mib.c:3007
1231	1231	6 : View List ['netsnmp_directory_container_free', 'netsnmp_directory_container_read_some', '_certindex_new', '_add_certfile', '_cert_read_index', 'fclose']	2383	2399	_add_certdir	call site: 00553	/src/net-snmp/snmplib/cert_util.c:1645
1066	1066	3 : View List ['strtok_r', 'free', 'read_mib']	1846	1856	netsnmp_init_mib	call site: 03040	/src/net-snmp/snmplib/mib.c:2794
912	912	1 : View List ['netsnmp_pdu_stats_process']	1937	6262	netsnmp_wrap_up_request	call site: 04240	/src/net-snmp/agent/snmp_agent.c:1896
707	707	1 : View List ['debugmsg_oid']	770	1172	netsnmp_subtree_unload	call site: 00278	/src/net-snmp/agent/agent_registry.c:1624

Runtime coverage analysis

Covered functions

591

Functions that are reachable but not covered

865

Reachable functions

1414

Percentage of reachable functions covered

38.83%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
testing/fuzzing/snmp_agent_e2e_fuzzer.c	1
testing/fuzzing/ada_fuzz_header.h	4
agent/snmp_vars.c	6
snmplib/snmp_logging.c	25
snmplib/default_store.c	12
agent/snmp_agent.c	53
snmplib/tools.c	14
snmplib/snmp_debug.c	15
agent/kernel.c	2
agent/agent_registry.c	37
snmplib/snmp_api.c	95
agent/helpers/null.c	3
agent/agent_handler.c	25
agent/helpers/bulk_to_next.c	4
snmplib/snmp_enum.c	15
snmplib/snmp_client.c	20
snmplib/mib.c	67
snmplib/../include/net-snmp/library/tools.h	1
snmplib/callback.c	9
agent/agent_read_config.c	8
snmplib/read_config.c	52
snmplib/strlcpy.c	1
agent/agent_trap.c	24
snmplib/parse.c	75
snmplib/snmp_transport.c	28
snmplib/transports/snmpTLSBaseDomain.c	4
snmplib/snmp_openssl.c	10
snmplib/cert_util.c	70
snmplib/system.c	6
snmplib/dir_utils.c	3
snmplib/container.c	20
snmplib/file_utils.c	5
snmplib/data_list.c	8
snmplib/transports/snmpTLSTCPDomain.c	1
snmplib/transports/snmpDTLSUDPDomain.c	1
snmplib/transports/snmpUDPsharedDomain.c	1
snmplib/transports/snmpSTDDomain.c	1
snmplib/transports/snmpIPXDomain.c	1
snmplib/transports/snmpAAL5PVCDomain.c	1
snmplib/transports/snmpUDPIPv6Domain.c	5
snmplib/transports/snmpTCPIPv6Domain.c	1
snmplib/transports/snmpUDPDomain.c	8
snmplib/transports/snmpTCPDomain.c	1
snmplib/transports/snmpAliasDomain.c	2
snmplib/transports/snmpUnixDomain.c	6
snmplib/snmp_service.c	12
snmplib/strlcat.c	1
snmplib/snmp_secmod.c	6
snmplib/snmpusm.c	32
snmplib/snmp_parse_args.c	2
snmplib/snmp_version.c	1
snmplib/container_binary_array.c	6
snmplib/container_list_ssll.c	1
snmplib/container_null.c	2
snmplib/snmpv3.c	24
snmplib/lcd_time.c	4
snmplib/scapi.c	15
snmplib/keytools.c	5
snmplib/snmptsm.c	1
snmplib/snmpksm.c	2
snmplib/snmp_alarm.c	15
snmplib/vacm.c	18
snmplib/transports/snmpCallbackDomain.c	4
snmplib/asn1.c	51
snmplib/snmp.c	4
snmplib/int64.c	9
agent/helpers/all_helpers.c	1
agent/helpers/debug_handler.c	4
agent/helpers/serialize.c	3
agent/helpers/read_only.c	3
agent/helpers/table_dataset.c	24
agent/helpers/table_data.c	15
agent/helpers/table.c	13
snmplib/oid_stash.c	7
agent/helpers/row_merge.c	5
agent/helpers/stash_cache.c	8
agent/helpers/cache_handler.c	15
agent/helpers/stash_to_next.c	2
agent/agent_sysORTable.c	10
agent/mibgroup/agentx/agentx_config.c	3
agent/mibgroup/agentx/subagent.c	20
agent/mibgroup/agentx/protocol.c	11
agent/mibgroup/agentx/client.c	9
snmplib/large_fd_set.c	10
snmplib/snmp_auth.c	1
agent/mibgroup/smux/smux.c	4
agent/mibgroup/snmpv3/usmConf.c	1
agent/mibgroup/utilities/iquery.c	7
agent/mibgroup/mibII/vacm_conf.c	26
agent/mibgroup/agentx/master.c	1
snmplib/transports/snmpIPv4BaseDomain.c	3
snmplib/transports/snmpIPBaseDomain.c	2

Optimal target analysis

Remaining optimal interesting functions

The following table shows a list of functions that are optimal targets. Optimal targets are identified by finding the functions that in combination, yield a high code coverage.

Func name	Functions filename	Arg count	Args	Function depth	hitcount	instr count	bb count	cyclomatic complexity	Reachable functions	Incoming references	total cyclomatic complexity	Unreached complexity
netsnmp_dtlsudp_close	/src/net-snmp/snmplib/transports/snmpDTLSUDPDomain.c	1	['N/A']	17	0	438	83	23	235	0	1245	643
netsnmp_udpshared_create_tspec	/src/net-snmp/snmplib/transports/snmpUDPsharedDomain.c	1	['N/A']	16	0	84	16	6	131	0	752	384
handle_master_agentx_packet	/src/net-snmp/agent/mibgroup/agentx/master_admin.c	5	['int', 'N/A', 'int', 'N/A', 'N/A']	35	0	503	77	15	816	0	8678	371
usm_secmod_process_in_msg	/src/net-snmp/snmplib/snmpusm.c	1	['N/A']	16	0	81	6	3	159	0	1353	370
smux_accept	/src/net-snmp/agent/mibgroup/smux/smux.c	1	['int']	24	0	402	73	21	315	0	3303	351
usm_secmod_rgenerate_out_msg	/src/net-snmp/snmplib/snmpusm.c	1	['N/A']	16	0	83	6	3	144	0	1198	190
ksm_process_in_msg	/src/net-snmp/snmplib/snmpksm.c	1	['N/A']	8	0	1802	307	89	64	0	321	128

Implementing fuzzers that target the above functions will improve reachability such that it becomes:

Functions statically reachable by fuzzers

1474 / 2162

Cyclomatic complexity statically reachable by fuzzers

15011 / 19149

All functions overview

If you implement fuzzers for these functions, the status of all functions in the project will be:

Func name	Functions filename	Args	Function call depth	Reached by Fuzzers	Fuzzers runtime hit	Func lines hit %	I Count	BB Count	Cyclomatic complexity	Functions reached	Reached by functions	Accumulated cyclomatic complexity	Undiscovered complexity

This sections provides heuristics that can be used as input to a fuzz engine when running a given fuzz target. The current focus is on providing input that is usable by libFuzzer.

testing/fuzzing/parse_octet_hint_fuzzer.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['parse_hints_ctor']

testing/fuzzing/snmp_config_mem_fuzzer.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['strlcpy', 'find_tree_node', 'print_error', 'snmp_set_detail', 'init_tree_roots', '_add_strings_to_oid', 'print_module_not_found', 'netsnmp_ds_set_string', 'log_handler_stdouterr', 'read_config_read_octet_string_const']

testing/fuzzing/snmp_print_var_fuzzer.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['strlcpy', 'module_name', 'print_error', 'sprint_realloc_integer', 'snmp_set_detail', 'snmp_vlog', 'print_module_not_found', 'sprint_realloc_by_type', 'netsnmp_ds_set_string', '_add_strings_to_oid']

testing/fuzzing/snmp_parse_oid_fuzzer.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['strlcpy', 'find_tree_node', 'print_error', 'snmp_set_detail', 'snmp_vlog', '_add_strings_to_oid', 'print_module_not_found', 'netsnmp_ds_set_string', 'init_tree_roots', 'log_handler_stdouterr']

testing/fuzzing/snmp_transport_fuzzer.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['netsnmp_tlsbase_ctor', 'netsnmp_alias_ctor', 'init_snmp_transport', 'netsnmp_ds_register_config', 'netsnmp_ipv6_fmtaddr', 'snmp_vlog', 'skip_white_const', 'netsnmp_getaddrinfo']

testing/fuzzing/snmp_pdu_parse_fuzzer.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['asn_parse_string', 'asn_parse_unsigned_int64', 'asn_parse_signed_int64', 'log_handler_stdouterr', 'snmp_pdu_parse', 'snmp_free_pdu']

testing/fuzzing/snmp_mib_fuzzer.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['parse_capabilities', 'netsnmp_ds_set_string', 'snmp_vlog', 'log_handler_stdouterr', 'print_error', 'new_module', 'netsnmp_set_mib_directory', 'read_mib', 'do_linkup', 'module_name']

testing/fuzzing/agentx_parse_fuzzer.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['snmp_varlist_add_variable', 'snmp_set_var_value', 'snmp_realloc', 'agentx_realloc_build_varbind', 'agentx_parse_string', 'agentx_realloc_build_float', 'agentx_realloc_build_double']

testing/fuzzing/read_objid_fuzzer.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['strlcpy', 'find_tree_node', 'print_error', 'snmp_set_detail', 'snmp_vlog', '_add_strings_to_oid', 'print_module_not_found', 'netsnmp_ds_set_string', 'init_tree_roots', 'log_handler_stdouterr']

testing/fuzzing/snmp_api_fuzzer.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['print_module_not_found', 'find_tree_node', 'snmp_pdu_realloc_rbuild', 'print_error', '_add_strings_to_oid', '_snmp_build', '_snmp_parse', 'snmpv3_parse', 'init_tree_roots', 'se_find_slist']

testing/fuzzing/snmp_scoped_pdu_parse_fuzzer.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['asn_parse_string', 'snmp_free_pdu', 'snmpv3_scopedPDU_parse', 'asn_parse_sequence', 'asn_parse_nlength']

testing/fuzzing/snmp_config_fuzzer.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['netsnmp_ds_set_string', 'read_mib', 'get_token', 'netsnmp_ds_register_premib', 'netsnmp_getenv', 'register_mib_handlers', 'config_vlog', 'snmp_vlog', 'skip_white_const']

testing/fuzzing/snmp_parse_fuzzer.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['se_find_slist', '_snmp_parse', 'snmpv3_parse', 'snmp_free_var', 'asn_parse_string', 'asn_parse_unsigned_int64', 'asn_parse_signed_int64', 'snmp_get_next_transid', 'log_handler_stdouterr', 'snmp_pdu_parse']

testing/fuzzing/snmp_e2e_fuzzer.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['_snmp_parse', 'print_module_not_found', 'snmp_set_detail', 'module_name', '_get_cert_container', 'netsnmp_parse_args', 'init_snmp_logging', 'se_find_slist_ptr', 'read_configs', 'print_error']

testing/fuzzing/snmp_agent_e2e_fuzzer.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['_asn_size_err', 'snmp_pdu_parse', 'read_objid', 'netsnmp_wrap_up_request', 'init_agent', '_get_cert_container', 'read_configs', 'snmp_close', 'netsnmp_certs_load', '_copy_pdu_vars']

This section shows analysis of runtime coverage data.

For futher technical details on how this section is generated, please see the Glossary .

Complex functions with low coverage

Func name	Function total lines	Lines covered at runtime	percentage covered	Reached by fuzzers
parse_octet_hint	87	20	22.98%	['parse_octet_hint_fuzzer', 'snmp_config_mem_fuzzer', 'snmp_print_var_fuzzer', 'snmp_parse_oid_fuzzer', 'read_objid_fuzzer', 'snmp_api_fuzzer', 'snmp_agent_e2e_fuzzer']
set_function	57	24	42.10%	['snmp_config_mem_fuzzer', 'snmp_print_var_fuzzer', 'snmp_parse_oid_fuzzer', 'snmp_mib_fuzzer', 'read_objid_fuzzer', 'snmp_api_fuzzer', 'snmp_config_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
_add_strings_to_oid	365	119	32.60%	['snmp_config_mem_fuzzer', 'snmp_print_var_fuzzer', 'snmp_parse_oid_fuzzer', 'read_objid_fuzzer', 'snmp_api_fuzzer', 'snmp_agent_e2e_fuzzer']
snmp_log_string	33	18	54.54%	['snmp_config_mem_fuzzer', 'snmp_print_var_fuzzer', 'snmp_parse_oid_fuzzer', 'snmp_transport_fuzzer', 'snmp_pdu_parse_fuzzer', 'snmp_mib_fuzzer', 'agentx_parse_fuzzer', 'read_objid_fuzzer', 'snmp_api_fuzzer', 'snmp_scoped_pdu_parse_fuzzer', 'snmp_config_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
sprint_realloc_octet_string	232	49	21.12%	['snmp_print_var_fuzzer', 'snmp_transport_fuzzer', 'snmp_pdu_parse_fuzzer', 'agentx_parse_fuzzer', 'snmp_api_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
sprint_realloc_float	37	18	48.64%	['snmp_print_var_fuzzer', 'snmp_transport_fuzzer', 'snmp_pdu_parse_fuzzer', 'agentx_parse_fuzzer', 'snmp_api_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
sprint_realloc_double	37	18	48.64%	['snmp_print_var_fuzzer', 'snmp_transport_fuzzer', 'snmp_pdu_parse_fuzzer', 'agentx_parse_fuzzer', 'snmp_api_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
sprint_realloc_counter64	73	35	47.94%	['snmp_print_var_fuzzer', 'snmp_transport_fuzzer', 'snmp_pdu_parse_fuzzer', 'agentx_parse_fuzzer', 'snmp_api_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
sprint_realloc_opaque	57	25	43.85%	['snmp_print_var_fuzzer', 'snmp_transport_fuzzer', 'snmp_pdu_parse_fuzzer', 'agentx_parse_fuzzer', 'snmp_api_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
sprint_realloc_object_identifier	32	15	46.87%	['snmp_print_var_fuzzer', 'snmp_transport_fuzzer', 'snmp_pdu_parse_fuzzer', 'agentx_parse_fuzzer', 'snmp_api_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
sprint_realloc_timeticks	39	20	51.28%	['snmp_print_var_fuzzer', 'snmp_transport_fuzzer', 'snmp_pdu_parse_fuzzer', 'agentx_parse_fuzzer', 'snmp_api_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
sprint_realloc_integer	60	28	46.66%	['snmp_print_var_fuzzer', 'snmp_transport_fuzzer', 'snmp_pdu_parse_fuzzer', 'agentx_parse_fuzzer', 'snmp_api_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
sprint_realloc_uinteger	55	25	45.45%	['snmp_print_var_fuzzer', 'snmp_transport_fuzzer', 'snmp_pdu_parse_fuzzer', 'agentx_parse_fuzzer', 'snmp_api_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
sprint_realloc_gauge	38	15	39.47%	['snmp_print_var_fuzzer', 'snmp_transport_fuzzer', 'snmp_pdu_parse_fuzzer', 'agentx_parse_fuzzer', 'snmp_api_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
sprint_realloc_bitstring	75	35	46.66%	['snmp_print_var_fuzzer', 'snmp_transport_fuzzer', 'snmp_pdu_parse_fuzzer', 'agentx_parse_fuzzer', 'snmp_api_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
_get_realloc_symbol	358	51	14.24%	['snmp_print_var_fuzzer', 'snmp_transport_fuzzer', 'snmp_pdu_parse_fuzzer', 'agentx_parse_fuzzer', 'snmp_api_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
netsnmp_getaddrinfo	62	26	41.93%	['snmp_transport_fuzzer', 'snmp_agent_e2e_fuzzer']
netsnmp_ipv6_fmtaddr	44	22	50.0%	['snmp_transport_fuzzer']
parse_capabilities	181	99	54.69%	['snmp_config_mem_fuzzer', 'snmp_print_var_fuzzer', 'snmp_parse_oid_fuzzer', 'snmp_mib_fuzzer', 'read_objid_fuzzer', 'snmp_api_fuzzer', 'snmp_config_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
snmp_set_var_value	176	94	53.40%	['agentx_parse_fuzzer', 'snmp_api_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
usm_free_user	51	24	47.05%	['agentx_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
asn_build_string	36	17	47.22%	['snmp_api_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
asn_realloc_rbuild_length	46	18	39.13%	['snmp_api_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
asn_realloc_rbuild_string	48	19	39.58%	['snmp_api_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
asn_realloc_rbuild_bitstring	49	18	36.73%	['snmp_api_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
snmp_pdu_realloc_rbuild	160	66	41.25%	['snmp_api_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
snmpv3_parse	243	132	54.32%	['snmp_api_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
snmpv3_build	131	9	6.870%	['snmp_api_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
_check_range	37	10	27.02%	['snmp_api_fuzzer', 'snmp_agent_e2e_fuzzer']
register_sec_mod	43	20	46.51%	['snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
snmpv3_scopedPDU_parse	49	23	46.93%	['snmp_api_fuzzer', 'snmp_scoped_pdu_parse_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
_certindexes_load	44	22	50.0%	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
_add_certdir	63	14	22.22%	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
netsnmp_large_fd_set_resize	39	20	51.28%	['snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
sc_get_openssl_hashfn	31	11	35.48%	['snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
_sess_read	182	33	18.13%	['snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
_sess_copy	205	101	49.26%	['snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
_sess_process_packet_parse_pdu	96	38	39.58%	['snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
_sess_process_packet_handle_pdu	105	21	20.0%	['snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
debug_register_tokens	34	18	52.94%	['snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
netsnmp_parse_args	380	77	20.26%	['snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
usm_create_user_from_session	153	12	7.843%	['snmp_e2e_fuzzer']
usm_session_init	85	33	38.82%	[]
setup_engineID	142	55	38.73%	['snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
netsnmp_register_handler	55	19	34.54%	['snmp_agent_e2e_fuzzer']
netsnmp_call_handler	38	18	47.36%	['snmp_agent_e2e_fuzzer']
netsnmp_subtree_load	128	63	49.21%	['snmp_agent_e2e_fuzzer']
netsnmp_register_mib	126	69	54.76%	['snmp_agent_e2e_fuzzer']
in_a_view	35	5	14.28%	['snmp_agent_e2e_fuzzer']
vacm_parse_view	75	40	53.33%	['snmp_agent_e2e_fuzzer']
handle_snmp_packet	66	25	37.87%	['snmp_agent_e2e_fuzzer']
check_acm	48	26	54.16%	['snmp_agent_e2e_fuzzer']
check_getnext_results	56	10	17.85%	['snmp_agent_e2e_fuzzer']
handle_getnext_loop	62	15	24.19%	['snmp_agent_e2e_fuzzer']
netsnmp_handle_request	61	21	34.42%	['snmp_agent_e2e_fuzzer']
unregister_config_handler	57	22	38.59%	['snmp_agent_e2e_fuzzer']
netsnmp_sd_listen_fds	58	12	20.68%	[]
_build_initial_pdu_packet	131	10	7.633%	['snmp_api_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
netsnmp_sock_buffer_set	53	24	45.28%	[]
netsnmp_udpipv4base_transport_init	47	18	38.29%	[]
netsnmp_udpipv4base_transport_bind	49	19	38.77%	[]

This section shows which files and directories are considered in this report. The main reason for showing this is fuzz introspector may include more code in the reasoning than is desired. This section helps identify if too many files/directories are included, e.g. third party code, which may be irrelevant for the threat model. In the event too much is included, fuzz introspector supports a configuration file that can exclude data from the report. See the following link for more information on how to create a config file: link

Files in report

Source file	Reached by	Covered by
	[]	[]
/src/net-snmp/snmplib/file_utils.c	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	[]
/src/net-snmp/snmplib/tools.c	['snmp_config_mem_fuzzer', 'snmp_print_var_fuzzer', 'snmp_parse_oid_fuzzer', 'snmp_transport_fuzzer', 'snmp_pdu_parse_fuzzer', 'snmp_mib_fuzzer', 'agentx_parse_fuzzer', 'read_objid_fuzzer', 'snmp_api_fuzzer', 'snmp_scoped_pdu_parse_fuzzer', 'snmp_config_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_config_mem_fuzzer', 'snmp_print_var_fuzzer', 'snmp_parse_oid_fuzzer', 'snmp_pdu_parse_fuzzer', 'snmp_mib_fuzzer', 'agentx_parse_fuzzer', 'read_objid_fuzzer', 'snmp_api_fuzzer', 'snmp_config_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/testing/fuzzing/snmp_pdu_parse_fuzzer.c	['snmp_pdu_parse_fuzzer']	['snmp_pdu_parse_fuzzer']
/src/net-snmp/agent/kernel.c	['snmp_agent_e2e_fuzzer']	['snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/transports/snmpIPXDomain.c	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/fd_event_manager.c	[]	[]
/src/net-snmp/agent/mibgroup/agentx/agentx_config.c	['snmp_agent_e2e_fuzzer']	['snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/transports/snmpTLSBaseDomain.c	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/testing/fuzzing/snmp_transport_fuzzer.c	['snmp_transport_fuzzer']	['snmp_transport_fuzzer']
/src/net-snmp/testing/fuzzing/snmp_config_mem_fuzzer.c	['snmp_config_mem_fuzzer']	['snmp_config_mem_fuzzer']
/src/net-snmp/snmplib/transports/snmpCallbackDomain.c	['snmp_agent_e2e_fuzzer']	['snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/snmp_client.c	['snmp_pdu_parse_fuzzer', 'agentx_parse_fuzzer', 'snmp_api_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_pdu_parse_fuzzer', 'agentx_parse_fuzzer', 'snmp_api_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/agent/agent_registry.c	['snmp_agent_e2e_fuzzer']	['snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/scapi.c	['snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/snmp_service.c	['snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/transports/snmpTCPBaseDomain.c	[]	[]
/src/net-snmp/snmplib/container_binary_array.c	['snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/agent/helpers/stash_cache.c	['snmp_agent_e2e_fuzzer']	['snmp_agent_e2e_fuzzer']
/src/net-snmp/agent/helpers/all_helpers.c	['snmp_agent_e2e_fuzzer']	['snmp_agent_e2e_fuzzer']
/usr/include/openssl/x509v3.h	[]	[]
/src/net-snmp/snmplib/snmp_debug.c	['snmp_config_mem_fuzzer', 'snmp_print_var_fuzzer', 'snmp_parse_oid_fuzzer', 'snmp_transport_fuzzer', 'snmp_pdu_parse_fuzzer', 'snmp_mib_fuzzer', 'agentx_parse_fuzzer', 'read_objid_fuzzer', 'snmp_api_fuzzer', 'snmp_scoped_pdu_parse_fuzzer', 'snmp_config_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_config_mem_fuzzer', 'snmp_print_var_fuzzer', 'snmp_parse_oid_fuzzer', 'snmp_transport_fuzzer', 'snmp_pdu_parse_fuzzer', 'snmp_mib_fuzzer', 'agentx_parse_fuzzer', 'read_objid_fuzzer', 'snmp_api_fuzzer', 'snmp_scoped_pdu_parse_fuzzer', 'snmp_config_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/snmpv3.c	['snmp_api_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_api_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/snmp_alarm.c	['snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/container_list_ssll.c	['snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/agent/helpers/stash_to_next.c	['snmp_agent_e2e_fuzzer']	['snmp_agent_e2e_fuzzer']
/src/net-snmp/agent/mibgroup/utilities/iquery.c	['snmp_agent_e2e_fuzzer']	['snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/oid_stash.c	['snmp_agent_e2e_fuzzer']	[]
/src/net-snmp/snmplib/system.c	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/agent/helpers/serialize.c	['snmp_agent_e2e_fuzzer']	['snmp_agent_e2e_fuzzer']
/src/net-snmp/agent/mibgroup/snmpv3/usmConf.c	['snmp_agent_e2e_fuzzer']	['snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/transports/snmpUDPsharedDomain.c	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/snmp_logging.c	['snmp_config_mem_fuzzer', 'snmp_print_var_fuzzer', 'snmp_parse_oid_fuzzer', 'snmp_transport_fuzzer', 'snmp_pdu_parse_fuzzer', 'snmp_mib_fuzzer', 'agentx_parse_fuzzer', 'read_objid_fuzzer', 'snmp_api_fuzzer', 'snmp_scoped_pdu_parse_fuzzer', 'snmp_config_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_config_mem_fuzzer', 'snmp_print_var_fuzzer', 'snmp_parse_oid_fuzzer', 'snmp_transport_fuzzer', 'snmp_pdu_parse_fuzzer', 'snmp_mib_fuzzer', 'read_objid_fuzzer', 'snmp_api_fuzzer', 'snmp_config_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/transports/snmpIPBaseDomain.c	['snmp_transport_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_transport_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/lcd_time.c	['snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/transports/snmpSTDDomain.c	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/agent/helpers/debug_handler.c	['snmp_agent_e2e_fuzzer']	['snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/strlcpy.c	['snmp_config_mem_fuzzer', 'snmp_print_var_fuzzer', 'snmp_parse_oid_fuzzer', 'snmp_transport_fuzzer', 'snmp_pdu_parse_fuzzer', 'snmp_mib_fuzzer', 'agentx_parse_fuzzer', 'read_objid_fuzzer', 'snmp_api_fuzzer', 'snmp_scoped_pdu_parse_fuzzer', 'snmp_config_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_config_mem_fuzzer', 'snmp_print_var_fuzzer', 'snmp_parse_oid_fuzzer', 'snmp_transport_fuzzer', 'snmp_pdu_parse_fuzzer', 'snmp_mib_fuzzer', 'read_objid_fuzzer', 'snmp_api_fuzzer', 'snmp_scoped_pdu_parse_fuzzer', 'snmp_config_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/agent/mibgroup/smux/smux.c	['snmp_agent_e2e_fuzzer']	['snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/callback.c	['snmp_transport_fuzzer', 'snmp_api_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/transports/snmpUnixDomain.c	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/agent/agent_handler.c	['snmp_agent_e2e_fuzzer']	['snmp_agent_e2e_fuzzer']
/src/net-snmp/agent/mibgroup/agentx/master_admin.c	[]	[]
/src/net-snmp/testing/fuzzing/snmp_print_var_fuzzer.c	['snmp_print_var_fuzzer']	['snmp_print_var_fuzzer']
/src/net-snmp/snmplib/transports/snmpAAL5PVCDomain.c	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/transports/snmpTCPIPv6Domain.c	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/snmp_enum.c	['snmp_transport_fuzzer', 'snmp_api_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_api_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/agent/mibgroup/mibII/vacm_conf.c	['snmp_agent_e2e_fuzzer']	['snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/snmpusm.c	['agentx_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['agentx_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/../include/net-snmp/library/tools.h	['snmp_print_var_fuzzer', 'snmp_agent_e2e_fuzzer']	[]
/src/net-snmp/agent/mibgroup/agentx/protocol.c	['agentx_parse_fuzzer', 'snmp_api_fuzzer', 'snmp_agent_e2e_fuzzer']	['agentx_parse_fuzzer', 'snmp_api_fuzzer']
/src/net-snmp/testing/fuzzing/snmp_api_fuzzer.c	['snmp_api_fuzzer']	['snmp_api_fuzzer']
/src/net-snmp/agent/mibgroup/agentx/client.c	['snmp_agent_e2e_fuzzer']	[]
/src/net-snmp/agent/helpers/table.c	['snmp_agent_e2e_fuzzer']	[]
/src/net-snmp/agent/helpers/row_merge.c	['snmp_agent_e2e_fuzzer']	['snmp_agent_e2e_fuzzer']
/src/net-snmp/agent/helpers/table_data.c	['snmp_agent_e2e_fuzzer']	[]
/src/net-snmp/snmplib/transports/snmpTLSTCPDomain.c	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/agent/agent_sysORTable.c	['snmp_agent_e2e_fuzzer']	['snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/snmp_auth.c	['snmp_api_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_api_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer']
/src/net-snmp/snmplib/int64.c	['snmp_config_mem_fuzzer', 'snmp_print_var_fuzzer', 'snmp_pdu_parse_fuzzer', 'snmp_api_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_config_mem_fuzzer', 'snmp_print_var_fuzzer', 'snmp_api_fuzzer', 'snmp_e2e_fuzzer']
/src/net-snmp/agent/mibgroup/agentx/subagent.c	['snmp_agent_e2e_fuzzer']	[]
/src/net-snmp/testing/fuzzing/snmp_parse_fuzzer.c	['snmp_parse_fuzzer']	['snmp_parse_fuzzer']
/src/net-snmp/testing/fuzzing/snmp_agent_e2e_fuzzer.c	['snmp_agent_e2e_fuzzer']	['snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/transports/snmpAliasDomain.c	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/agent/helpers/null.c	['snmp_agent_e2e_fuzzer']	['snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/snmp_api.c	['snmp_config_mem_fuzzer', 'snmp_print_var_fuzzer', 'snmp_parse_oid_fuzzer', 'snmp_transport_fuzzer', 'snmp_pdu_parse_fuzzer', 'agentx_parse_fuzzer', 'read_objid_fuzzer', 'snmp_api_fuzzer', 'snmp_scoped_pdu_parse_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_config_mem_fuzzer', 'snmp_print_var_fuzzer', 'snmp_parse_oid_fuzzer', 'snmp_transport_fuzzer', 'snmp_pdu_parse_fuzzer', 'agentx_parse_fuzzer', 'read_objid_fuzzer', 'snmp_api_fuzzer', 'snmp_scoped_pdu_parse_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/agent/helpers/bulk_to_next.c	['snmp_agent_e2e_fuzzer']	['snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/vacm.c	['snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/snmp_version.c	['snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	[]
/src/net-snmp/snmplib/snmp_parse_args.c	['snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_e2e_fuzzer']
/src/net-snmp/snmplib/cert_util.c	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/testing/fuzzing/ada_fuzz_header.h	['snmp_print_var_fuzzer', 'snmp_transport_fuzzer', 'snmp_api_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_print_var_fuzzer', 'snmp_transport_fuzzer', 'snmp_api_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/parse.c	['snmp_config_mem_fuzzer', 'snmp_print_var_fuzzer', 'snmp_parse_oid_fuzzer', 'snmp_mib_fuzzer', 'read_objid_fuzzer', 'snmp_api_fuzzer', 'snmp_config_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_config_mem_fuzzer', 'snmp_print_var_fuzzer', 'snmp_parse_oid_fuzzer', 'snmp_mib_fuzzer', 'read_objid_fuzzer', 'snmp_api_fuzzer', 'snmp_config_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/snmp_openssl.c	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/agent/helpers/old_api.c	[]	[]
/src/net-snmp/testing/fuzzing/snmp_e2e_fuzzer.c	['snmp_e2e_fuzzer']	['snmp_e2e_fuzzer']
/src/net-snmp/testing/fuzzing/snmp_mib_fuzzer.c	['snmp_mib_fuzzer']	['snmp_mib_fuzzer']
/src/net-snmp/testing/fuzzing/snmp_scoped_pdu_parse_fuzzer.c	['snmp_scoped_pdu_parse_fuzzer']	['snmp_scoped_pdu_parse_fuzzer']
/src/net-snmp/snmplib/transports/snmpUDPDomain.c	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/container.c	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/transports/snmpUDPIPv4BaseDomain.c	[]	[]
/src/net-snmp/agent/helpers/cache_handler.c	['snmp_agent_e2e_fuzzer']	['snmp_agent_e2e_fuzzer']
/src/net-snmp/agent/mibgroup/agentx/master.c	['snmp_agent_e2e_fuzzer']	[]
/src/net-snmp/snmplib/transports/snmpDTLSUDPDomain.c	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/transports/snmpSocketBaseDomain.c	[]	[]
/src/net-snmp/snmplib/transports/snmpIPv4BaseDomain.c	['snmp_agent_e2e_fuzzer']	['snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/transports/snmpTCPDomain.c	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/large_fd_set.c	['snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_e2e_fuzzer']
/usr/include/openssl/x509.h	[]	[]
/src/net-snmp/testing/fuzzing/snmp_config_fuzzer.c	['snmp_config_fuzzer']	['snmp_config_fuzzer']
/src/net-snmp/testing/fuzzing/parse_octet_hint_fuzzer.c	['parse_octet_hint_fuzzer']	['parse_octet_hint_fuzzer']
/src/net-snmp/snmplib/snmptsm.c	['snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/snmp_transport.c	['snmp_transport_fuzzer', 'snmp_api_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/testing/fuzzing/agentx_parse_fuzzer.c	['agentx_parse_fuzzer']	['agentx_parse_fuzzer']
/src/net-snmp/snmplib/transports/snmpUDPIPv6Domain.c	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/keytools.c	['snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	[]
/src/net-snmp/agent/helpers/table_dataset.c	['snmp_agent_e2e_fuzzer']	['snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/data_list.c	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/agent/snmp_agent.c	['snmp_agent_e2e_fuzzer']	['snmp_agent_e2e_fuzzer']
/src/net-snmp/agent/snmp_vars.c	['snmp_agent_e2e_fuzzer']	['snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/read_config.c	['snmp_config_mem_fuzzer', 'snmp_transport_fuzzer', 'snmp_config_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_config_mem_fuzzer', 'snmp_transport_fuzzer', 'snmp_config_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/dir_utils.c	['snmp_transport_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	[]
/src/net-snmp/agent/helpers/read_only.c	['snmp_agent_e2e_fuzzer']	['snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/snmpksm.c	['snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/testing/fuzzing/snmp_parse_oid_fuzzer.c	['snmp_parse_oid_fuzzer']	['snmp_parse_oid_fuzzer']
/src/net-snmp/snmplib/mib.c	['parse_octet_hint_fuzzer', 'snmp_config_mem_fuzzer', 'snmp_print_var_fuzzer', 'snmp_parse_oid_fuzzer', 'snmp_pdu_parse_fuzzer', 'snmp_mib_fuzzer', 'agentx_parse_fuzzer', 'read_objid_fuzzer', 'snmp_api_fuzzer', 'snmp_scoped_pdu_parse_fuzzer', 'snmp_config_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['parse_octet_hint_fuzzer', 'snmp_config_mem_fuzzer', 'snmp_print_var_fuzzer', 'snmp_parse_oid_fuzzer', 'snmp_mib_fuzzer', 'read_objid_fuzzer', 'snmp_api_fuzzer', 'snmp_config_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/container_null.c	['snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/snmp.c	['snmp_pdu_parse_fuzzer', 'snmp_api_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_pdu_parse_fuzzer', 'snmp_api_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/strlcat.c	['snmp_config_mem_fuzzer', 'snmp_print_var_fuzzer', 'snmp_parse_oid_fuzzer', 'snmp_mib_fuzzer', 'read_objid_fuzzer', 'snmp_api_fuzzer', 'snmp_config_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_print_var_fuzzer', 'snmp_mib_fuzzer', 'snmp_config_fuzzer']
/src/net-snmp/testing/fuzzing/read_objid_fuzzer.c	['read_objid_fuzzer']	['read_objid_fuzzer']
/src/net-snmp/snmplib/snmp_secmod.c	['snmp_pdu_parse_fuzzer', 'agentx_parse_fuzzer', 'snmp_api_fuzzer', 'snmp_scoped_pdu_parse_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_pdu_parse_fuzzer', 'agentx_parse_fuzzer', 'snmp_api_fuzzer', 'snmp_scoped_pdu_parse_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/asn1.c	['snmp_pdu_parse_fuzzer', 'snmp_api_fuzzer', 'snmp_scoped_pdu_parse_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_pdu_parse_fuzzer', 'snmp_api_fuzzer', 'snmp_scoped_pdu_parse_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/sd-daemon.c	[]	[]
/src/net-snmp/agent/agent_index.c	[]	[]
/src/net-snmp/snmplib/transports/snmpIPv6BaseDomain.c	['snmp_transport_fuzzer']	['snmp_transport_fuzzer']
/src/net-snmp/agent/agent_trap.c	['snmp_agent_e2e_fuzzer']	['snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/default_store.c	['snmp_config_mem_fuzzer', 'snmp_print_var_fuzzer', 'snmp_parse_oid_fuzzer', 'snmp_transport_fuzzer', 'snmp_pdu_parse_fuzzer', 'snmp_mib_fuzzer', 'agentx_parse_fuzzer', 'read_objid_fuzzer', 'snmp_api_fuzzer', 'snmp_scoped_pdu_parse_fuzzer', 'snmp_config_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']	['snmp_config_mem_fuzzer', 'snmp_print_var_fuzzer', 'snmp_parse_oid_fuzzer', 'snmp_transport_fuzzer', 'snmp_pdu_parse_fuzzer', 'snmp_mib_fuzzer', 'read_objid_fuzzer', 'snmp_api_fuzzer', 'snmp_config_fuzzer', 'snmp_parse_fuzzer', 'snmp_e2e_fuzzer', 'snmp_agent_e2e_fuzzer']
/src/net-snmp/snmplib/transports/snmpUDPBaseDomain.c	[]	[]
/src/net-snmp/agent/agent_read_config.c	['snmp_agent_e2e_fuzzer']	['snmp_agent_e2e_fuzzer']

Directories in report

Directory
/src/net-snmp/agent/
/src/net-snmp/agent/mibgroup/utilities/
/src/net-snmp/agent/mibgroup/snmpv3/
/src/net-snmp/testing/fuzzing/
/src/net-snmp/agent/mibgroup/mibII/
/usr/include/openssl/
/src/net-snmp/agent/mibgroup/smux/
/src/net-snmp/snmplib/transports/
/src/net-snmp/agent/helpers/
/src/net-snmp/snmplib/../include/net-snmp/library/
/src/net-snmp/snmplib/
/src/net-snmp/agent/mibgroup/agentx/