Fuzz introspector: mpi-div
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
95 127 5 :

['s_mp_div_d', 'mp_clear', 's_mp_exch', 's_mp_cmp_d', 'mp_init_copy']

95 127 mp_div_d call site: 00083 /src/nss/out/Debug/../../lib/freebl/mpi/mpi.c:562
0 10 1 :

['mp_init_size']

0 263 mp_div call site: 00000 /src/nss/out/Debug/../../lib/freebl/mpi/mpi.c:1091
0 5 1 :

['mp_zero']

0 5 mp_mul_d call site: 00014 /src/nss/out/Debug/../../lib/freebl/mpi/mpi.c:504
0 2 1 :

['s_mp_setz']

0 2 s_mp_rshd call site: 00086 /src/nss/out/Debug/../../lib/freebl/mpi/mpi.c:3283
0 0 None 4 67 s_mp_mulg call site: 00125 /src/nss/out/Debug/../../lib/freebl/mpi/mpi.c:831
0 0 None 2 79 s_mp_mul_d call site: 00024 /src/nss/out/Debug/../../lib/freebl/mpi/mpi.c:3585
0 0 None 0 303 mp_div call site: 00000 /src/nss/out/Debug/../../lib/freebl/mpi/mpi.c:1083
0 0 None 0 30 mp_div call site: 00000 /src/nss/out/Debug/../../lib/freebl/mpi/mpi.c:1131
0 0 None 0 30 s_mp_div call site: 00000 /src/nss/out/Debug/../../lib/freebl/mpi/mpi.c:4596
0 0 None 0 9 mp_add_d call site: 00051 /src/nss/out/Debug/../../lib/freebl/mpi/mpi.c:418
0 0 None 0 9 s_mp_mulg call site: 00127 /src/nss/out/Debug/../../lib/freebl/mpi/mpi.c:850
0 0 None 0 9 s_mp_mulg call site: 00135 /src/nss/out/Debug/../../lib/freebl/mpi/mpi.c:901

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 BN_CTX_new [call site] 00001
1 mp_init [function] [call site] 00002
2 mp_init_size [function] [call site] 00003
3 __assert_fail [call site] 00004
3 s_mp_alloc [function] [call site] 00005
4 calloc [call site] 00006
1 parse_input(unsigned char const*, unsigned long, bignum_st*, bignum_st*, mp_int*, mp_int*) [function] [call site] 00007
2 to_char(unsigned char const*) [function] [call site] 00008
2 mp_read_raw [function] [call site] 00009
3 __assert_fail [call site] 00010
3 mp_zero [function] [call site] 00011
4 s_mp_setz [function] [call site] 00012
3 mp_mul_d [function] [call site] 00013
4 __assert_fail [call site] 00014
4 mp_zero [function] [call site] 00015
4 mp_copy [function] [call site] 00016
5 __assert_fail [call site] 00017
5 s_mp_setz [function] [call site] 00018
5 s_mp_copy [function] [call site] 00019
5 s_mp_alloc [function] [call site] 00020
5 s_mp_copy [function] [call site] 00021
5 s_mp_setz [function] [call site] 00022
5 s_mp_free [function] [call site] 00023
4 s_mp_mul_d [function] [call site] 00024
5 mp_zero [function] [call site] 00025
5 s_mp_ispow2d [function] [call site] 00026
5 s_mp_mul_2d [function] [call site] 00027
6 __assert_fail [call site] 00028
6 s_mp_pad [function] [call site] 00029
7 __assert_fail [call site] 00030
7 s_mp_grow [function] [call site] 00031
8 __assert_fail [call site] 00032
8 s_mp_alloc [function] [call site] 00033
8 s_mp_copy [function] [call site] 00034
8 s_mp_setz [function] [call site] 00035
8 s_mp_free [function] [call site] 00036
7 s_mp_setz [function] [call site] 00037
6 s_mp_lshd [function] [call site] 00038
7 __assert_fail [call site] 00039
7 s_mp_pad [function] [call site] 00040
6 s_mp_clamp [function] [call site] 00041
5 s_mp_pad [function] [call site] 00042
5 s_mpv_mul_set_vec64 [call site] 00043
5 s_mp_clamp [function] [call site] 00044
3 mp_add_d [function] [call site] 00045
4 __assert_fail [call site] 00046
4 mp_init_copy [function] [call site] 00047
5 __assert_fail [call site] 00048
5 s_mp_alloc [function] [call site] 00049
5 s_mp_copy [function] [call site] 00050
4 s_mp_add_d [function] [call site] 00051
5 s_mp_pad [function] [call site] 00052
4 s_mp_cmp_d [function] [call site] 00053
5 __assert_fail [call site] 00054
4 s_mp_sub_d [function] [call site] 00055
5 s_mp_clamp [function] [call site] 00056
4 mp_neg [function] [call site] 00057
5 __assert_fail [call site] 00058
5 mp_copy [function] [call site] 00059
5 s_mp_cmp_d [function] [call site] 00060
4 s_mp_cmp_d [function] [call site] 00061
4 s_mp_exch [function] [call site] 00062
4 mp_clear [function] [call site] 00063
5 s_mp_setz [function] [call site] 00064
5 s_mp_free [function] [call site] 00065
2 __assert_fail [call site] 00066
2 to_char(unsigned char const*) [function] [call site] 00067
2 mp_read_raw [function] [call site] 00068
2 __assert_fail [call site] 00069
2 BN_bin2bn [call site] 00070
2 BN_bin2bn [call site] 00071
2 check_equal(bignum_st*, mp_int*, unsigned long) [function] [call site] 00072
3 BN_bn2hex [call site] 00073
3 mp_toradix [function] [call site] 00074
4 __assert_fail [call site] 00075
4 __assert_fail [call site] 00076
4 mp_cmp_z [function] [call site] 00077
5 __assert_fail [call site] 00078
4 mp_init_copy [function] [call site] 00079
4 mp_cmp_z [function] [call site] 00080
4 mp_div_d [function] [call site] 00081
5 __assert_fail [call site] 00082
5 s_mp_ispow2d [function] [call site] 00083
5 mp_copy [function] [call site] 00084
5 s_mp_div_2d [function] [call site] 00085
6 s_mp_rshd [function] [call site] 00086
7 s_mp_setz [function] [call site] 00087
6 s_mp_clamp [function] [call site] 00088
5 mp_init_copy [function] [call site] 00089
5 s_mp_div_d [function] [call site] 00090
6 mp_init_size [function] [call site] 00091
6 mp_init_copy [function] [call site] 00092
6 s_mp_norm [function] [call site] 00093
7 __assert_fail [call site] 00094
7 s_mp_mul_2d [function] [call site] 00095
7 s_mp_mul_2d [function] [call site] 00096
6 s_mpv_div_2dx1d [function] [call site] 00097
6 s_mp_lshd [function] [call site] 00098
6 s_mp_clamp [function] [call site] 00099
6 mp_exch [function] [call site] 00100
7 __assert_fail [call site] 00101
7 s_mp_exch [function] [call site] 00102
6 mp_clear [function] [call site] 00103
6 mp_clear [function] [call site] 00104
5 s_mp_cmp_d [function] [call site] 00105
5 s_mp_exch [function] [call site] 00106
5 mp_clear [function] [call site] 00107
4 mp_clear [function] [call site] 00108
4 s_mp_todigit [function] [call site] 00109
5 tolower [call site] 00110
4 mp_clear [function] [call site] 00111
3 CRYPTO_free [call site] 00112
3 __assert_fail [call site] 00113
2 check_equal(bignum_st*, mp_int*, unsigned long) [function] [call site] 00114
1 mp_cmp_z [function] [call site] 00115
1 mp_clear [function] [call site] 00116
1 BN_CTX_end [call site] 00117
1 __assert_fail [call site] 00118
1 BN_div [call site] 00119
1 check_equal(bignum_st*, mp_int*, unsigned long) [function] [call site] 00120
1 check_equal(bignum_st*, mp_int*, unsigned long) [function] [call site] 00121
1 mp_mul [function] [call site] 00122
2 s_mp_mulg [function] [call site] 00123
3 __assert_fail [call site] 00124
3 mp_init_copy [function] [call site] 00125
3 mp_init_copy [function] [call site] 00126
3 s_mp_pad [function] [call site] 00127
3 s_mp_mul_comba_4 [function] [call site] 00128
3 s_mp_mul_comba_8 [function] [call site] 00129
3 s_mp_mul_comba_16 [function] [call site] 00130
3 s_mp_mul_comba_32 [function] [call site] 00131
3 s_mpv_mul_set_vec64 [call site] 00132
3 s_mpv_mul_add_vec64 [call site] 00133
3 s_mp_clamp [function] [call site] 00134
3 s_mp_cmp_d [function] [call site] 00135
3 mp_clear [function] [call site] 00136
1 __assert_fail [call site] 00137
1 mp_add [function] [call site] 00138
2 __assert_fail [call site] 00139
2 s_mp_add_3arg [function] [call site] 00140
3 s_mp_pad [function] [call site] 00141
3 s_mp_pad [function] [call site] 00142
2 s_mp_cmp [function] [call site] 00143
3 __assert_fail [call site] 00144
2 s_mp_sub_3arg [function] [call site] 00145
3 s_mp_pad [function] [call site] 00146
3 s_mp_clamp [function] [call site] 00147
2 s_mp_sub_3arg [function] [call site] 00148
2 s_mp_cmp_d [function] [call site] 00149
1 __assert_fail [call site] 00150
1 mp_cmp [function] [call site] 00151
2 __assert_fail [call site] 00152
2 s_mp_cmp [function] [call site] 00153
1 __assert_fail [call site] 00154
1 mp_clear [function] [call site] 00155
1 BN_CTX_end [call site] 00156