Fuzz introspector: mpi-submod
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
95 127 5 :

['s_mp_div_d', 'mp_clear', 's_mp_exch', 's_mp_cmp_d', 'mp_init_copy']

95 127 mp_div_d call site: 00083 /src/nss/out/Debug/../../lib/freebl/mpi/mpi.c:562
30 30 1 :

['s_mp_add_3arg']

30 37 mp_add call site: 00196 /src/nss/out/Debug/../../lib/freebl/mpi/mpi.c:746
30 30 1 :

['s_mp_add_3arg']

30 37 mp_sub call site: 00133 /src/nss/out/Debug/../../lib/freebl/mpi/mpi.c:785
8 18 2 :

['mp_set', 'mp_zero']

8 65 mp_div call site: 00156 /src/nss/out/Debug/../../lib/freebl/mpi/mpi.c:1104
0 22 1 :

['s_mp_pad']

8 280 mp_div call site: 00152 /src/nss/out/Debug/../../lib/freebl/mpi/mpi.c:1091
0 7 2 :

['s_mp_alloc', 's_mp_free']

0 11 mp_copy call site: 00017 /src/nss/out/Debug/../../lib/freebl/mpi/mpi.c:217
0 5 1 :

['mp_zero']

0 5 mp_mul_d call site: 00014 /src/nss/out/Debug/../../lib/freebl/mpi/mpi.c:504
0 2 1 :

['s_mp_setz']

0 2 s_mp_rshd call site: 00086 /src/nss/out/Debug/../../lib/freebl/mpi/mpi.c:3283
0 0 None 2 79 s_mp_mul_d call site: 00024 /src/nss/out/Debug/../../lib/freebl/mpi/mpi.c:3585
0 0 None 0 41 mp_add call site: 00198 /src/nss/out/Debug/../../lib/freebl/mpi/mpi.c:748
0 0 None 0 40 mp_div call site: 00188 /src/nss/out/Debug/../../lib/freebl/mpi/mpi.c:1122
0 0 None 0 33 mp_div call site: 00189 /src/nss/out/Debug/../../lib/freebl/mpi/mpi.c:1128

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 BN_CTX_new [call site] 00001
1 mp_init [function] [call site] 00002
2 mp_init_size [function] [call site] 00003
3 __assert_fail [call site] 00004
3 s_mp_alloc [function] [call site] 00005
4 calloc [call site] 00006
1 parse_input(unsigned char const*, unsigned long, bignum_st*, bignum_st*, mp_int*, mp_int*) [function] [call site] 00007
2 to_char(unsigned char const*) [function] [call site] 00008
2 mp_read_raw [function] [call site] 00009
3 __assert_fail [call site] 00010
3 mp_zero [function] [call site] 00011
4 s_mp_setz [function] [call site] 00012
3 mp_mul_d [function] [call site] 00013
4 __assert_fail [call site] 00014
4 mp_zero [function] [call site] 00015
4 mp_copy [function] [call site] 00016
5 __assert_fail [call site] 00017
5 s_mp_setz [function] [call site] 00018
5 s_mp_copy [function] [call site] 00019
5 s_mp_alloc [function] [call site] 00020
5 s_mp_copy [function] [call site] 00021
5 s_mp_setz [function] [call site] 00022
5 s_mp_free [function] [call site] 00023
4 s_mp_mul_d [function] [call site] 00024
5 mp_zero [function] [call site] 00025
5 s_mp_ispow2d [function] [call site] 00026
5 s_mp_mul_2d [function] [call site] 00027
6 __assert_fail [call site] 00028
6 s_mp_pad [function] [call site] 00029
7 __assert_fail [call site] 00030
7 s_mp_grow [function] [call site] 00031
8 __assert_fail [call site] 00032
8 s_mp_alloc [function] [call site] 00033
8 s_mp_copy [function] [call site] 00034
8 s_mp_setz [function] [call site] 00035
8 s_mp_free [function] [call site] 00036
7 s_mp_setz [function] [call site] 00037
6 s_mp_lshd [function] [call site] 00038
7 __assert_fail [call site] 00039
7 s_mp_pad [function] [call site] 00040
6 s_mp_clamp [function] [call site] 00041
5 s_mp_pad [function] [call site] 00042
5 s_mpv_mul_set_vec64 [call site] 00043
5 s_mp_clamp [function] [call site] 00044
3 mp_add_d [function] [call site] 00045
4 __assert_fail [call site] 00046
4 mp_init_copy [function] [call site] 00047
5 __assert_fail [call site] 00048
5 s_mp_alloc [function] [call site] 00049
5 s_mp_copy [function] [call site] 00050
4 s_mp_add_d [function] [call site] 00051
5 s_mp_pad [function] [call site] 00052
4 s_mp_cmp_d [function] [call site] 00053
5 __assert_fail [call site] 00054
4 s_mp_sub_d [function] [call site] 00055
5 s_mp_clamp [function] [call site] 00056
4 mp_neg [function] [call site] 00057
5 __assert_fail [call site] 00058
5 mp_copy [function] [call site] 00059
5 s_mp_cmp_d [function] [call site] 00060
4 s_mp_cmp_d [function] [call site] 00061
4 s_mp_exch [function] [call site] 00062
4 mp_clear [function] [call site] 00063
5 s_mp_setz [function] [call site] 00064
5 s_mp_free [function] [call site] 00065
2 __assert_fail [call site] 00066
2 to_char(unsigned char const*) [function] [call site] 00067
2 mp_read_raw [function] [call site] 00068
2 __assert_fail [call site] 00069
2 BN_bin2bn [call site] 00070
2 BN_bin2bn [call site] 00071
2 check_equal(bignum_st*, mp_int*, unsigned long) [function] [call site] 00072
3 BN_bn2hex [call site] 00073
3 mp_toradix [function] [call site] 00074
4 __assert_fail [call site] 00075
4 __assert_fail [call site] 00076
4 mp_cmp_z [function] [call site] 00077
5 __assert_fail [call site] 00078
4 mp_init_copy [function] [call site] 00079
4 mp_cmp_z [function] [call site] 00080
4 mp_div_d [function] [call site] 00081
5 __assert_fail [call site] 00082
5 s_mp_ispow2d [function] [call site] 00083
5 mp_copy [function] [call site] 00084
5 s_mp_div_2d [function] [call site] 00085
6 s_mp_rshd [function] [call site] 00086
7 s_mp_setz [function] [call site] 00087
6 s_mp_clamp [function] [call site] 00088
5 mp_init_copy [function] [call site] 00089
5 s_mp_div_d [function] [call site] 00090
6 mp_init_size [function] [call site] 00091
6 mp_init_copy [function] [call site] 00092
6 s_mp_norm [function] [call site] 00093
7 __assert_fail [call site] 00094
7 s_mp_mul_2d [function] [call site] 00095
7 s_mp_mul_2d [function] [call site] 00096
6 s_mpv_div_2dx1d [function] [call site] 00097
6 s_mp_lshd [function] [call site] 00098
6 s_mp_clamp [function] [call site] 00099
6 mp_exch [function] [call site] 00100
7 __assert_fail [call site] 00101
7 s_mp_exch [function] [call site] 00102
6 mp_clear [function] [call site] 00103
6 mp_clear [function] [call site] 00104
5 s_mp_cmp_d [function] [call site] 00105
5 s_mp_exch [function] [call site] 00106
5 mp_clear [function] [call site] 00107
4 mp_clear [function] [call site] 00108
4 s_mp_todigit [function] [call site] 00109
5 tolower [call site] 00110
4 mp_clear [function] [call site] 00111
3 CRYPTO_free [call site] 00112
3 __assert_fail [call site] 00113
2 check_equal(bignum_st*, mp_int*, unsigned long) [function] [call site] 00114
1 get_modulus(unsigned char const*, unsigned long, bignum_ctx*) [function] [call site] 00115
2 BN_CTX_get [call site] 00116
2 mp_init [function] [call site] 00117
2 __assert_fail [call site] 00118
2 to_char(unsigned char const*) [function] [call site] 00119
2 mp_read_raw [function] [call site] 00120
2 __assert_fail [call site] 00121
2 BN_bin2bn [call site] 00122
2 check_equal(bignum_st*, mp_int*, unsigned long) [function] [call site] 00123
2 mp_cmp_z [function] [call site] 00124
2 mp_zero [function] [call site] 00125
2 BN_set_word [call site] 00126
2 mp_add_d [function] [call site] 00127
2 BN_add_word [call site] 00128
1 mp_submod [function] [call site] 00129
2 __assert_fail [call site] 00130
2 mp_sub [function] [call site] 00131
3 __assert_fail [call site] 00132
3 mp_zero [function] [call site] 00133
3 s_mp_add_3arg [function] [call site] 00134
4 s_mp_pad [function] [call site] 00135
4 s_mp_pad [function] [call site] 00136
3 s_mp_cmp [function] [call site] 00137
4 __assert_fail [call site] 00138
3 mp_zero [function] [call site] 00139
3 s_mp_sub_3arg [function] [call site] 00140
4 s_mp_pad [function] [call site] 00141
4 s_mp_clamp [function] [call site] 00142
3 s_mp_sub_3arg [function] [call site] 00143
3 s_mp_cmp_d [function] [call site] 00144
2 mp_mod [function] [call site] 00145
3 __assert_fail [call site] 00146
3 s_mp_cmp [function] [call site] 00147
3 mp_div [function] [call site] 00148
4 __assert_fail [call site] 00149
4 mp_cmp_z [function] [call site] 00150
4 mp_init_copy [function] [call site] 00151
4 mp_copy [function] [call site] 00152
4 mp_init_size [function] [call site] 00153
4 s_mp_pad [function] [call site] 00154
4 mp_zero [function] [call site] 00155
4 s_mp_cmp [function] [call site] 00156
4 mp_zero [function] [call site] 00157
4 mp_set [function] [call site] 00158
5 mp_zero [function] [call site] 00159
4 mp_zero [function] [call site] 00160
4 mp_init_copy [function] [call site] 00161
4 s_mp_div [function] [call site] 00162
5 mp_cmp_z [function] [call site] 00163
5 s_mp_ispow2 [function] [call site] 00164
6 __assert_fail [call site] 00165
6 s_mp_ispow2d [function] [call site] 00166
5 mp_copy [function] [call site] 00167
5 s_mp_div_2d [function] [call site] 00168
5 s_mp_mod_2d [function] [call site] 00169
6 s_mp_clamp [function] [call site] 00170
5 mp_init_size [function] [call site] 00171
5 s_mp_norm [function] [call site] 00172
5 s_mp_cmp [function] [call site] 00173
5 s_mp_cmp [function] [call site] 00174
5 __assert_fail [call site] 00175
5 s_mpv_div_2dx1d [function] [call site] 00176
5 __assert_fail [call site] 00177
5 mp_copy [function] [call site] 00178
5 s_mp_mul_d [function] [call site] 00179
5 s_mp_cmp [function] [call site] 00180
5 s_mp_sub [function] [call site] 00181
6 s_mp_clamp [function] [call site] 00182
5 s_mp_sub [function] [call site] 00183
5 s_mp_clamp [function] [call site] 00184
5 s_mp_div_2d [function] [call site] 00185
5 s_mp_clamp [function] [call site] 00186
5 mp_clear [function] [call site] 00187
4 s_mp_cmp_d [function] [call site] 00188
4 s_mp_cmp_d [function] [call site] 00189
4 s_mp_exch [function] [call site] 00190
4 s_mp_exch [function] [call site] 00191
4 mp_clear [function] [call site] 00192
4 mp_clear [function] [call site] 00193
4 mp_clear [function] [call site] 00194
3 mp_add [function] [call site] 00195
4 __assert_fail [call site] 00196
4 s_mp_add_3arg [function] [call site] 00197
4 s_mp_cmp [function] [call site] 00198
4 s_mp_sub_3arg [function] [call site] 00199
4 s_mp_sub_3arg [function] [call site] 00200
4 s_mp_cmp_d [function] [call site] 00201
3 mp_copy [function] [call site] 00202
3 mp_cmp_z [function] [call site] 00203
3 mp_add [function] [call site] 00204
3 mp_zero [function] [call site] 00205
1 __assert_fail [call site] 00206
1 check_equal(bignum_st*, mp_int*, unsigned long) [function] [call site] 00207
1 mp_clear [function] [call site] 00208
1 BN_CTX_end [call site] 00209