The followings are the branches where fuzzer fails to bypass.
Unique non-covered Complexity | Unique Reachable Complexities | Unique Reachable Functions | All non-covered Complexity | All Reachable Complexity | Function Name | Function Callsite | Blocked Branch |
---|---|---|---|---|---|---|---|
95 | 95 |
8 :
['strlen', 'strnvis', 'syslog', '__errno_location', 'openlog', 'strlcpy', 'write', 'closelog'] |
95 | 95 | do_log | call site: 00028 | /src/openssh/log.c:351 |
13 | 13 |
1 :
['rsa_hash_id_from_keyname'] |
21 | 697 | ssh_rsa_verify | call site: 00000 | /src/openssh/ssh-rsa.c:508 |
7 | 7 |
1 :
['strlcpy'] |
7 | 118 | sshlogv | call site: 00024 | /src/openssh/log.c:484 |
4 | 4 |
1 :
['timingsafe_bcmp'] |
4 | 9 | openssh_RSA_verify | call site: 00000 | /src/openssh/ssh-rsa.c:659 |
2 | 2 |
1 :
['BN_clear_free'] |
2 | 2 | sshbuf_get_bignum2 | call site: 00000 | /src/openssh/sshbuf-getput-crypto.c:48 |
2 | 2 |
1 :
['explicit_bzero'] |
2 | 2 | sshkey_xmss_free_state | call site: 00000 | /src/openssh/sshkey-xmss.c:144 |
2 | 2 |
1 :
['SHA512'] |
2 | 2 | core_hash_SHA2 | call site: 00000 | /src/openssh/xmss_hash.c:55 |
0 | 220 |
1 :
['cert_free'] |
0 | 220 | cert_new | call site: 00083 | /src/openssh/sshkey.c:587 |
0 | 218 |
1 :
['sshkey_free'] |
0 | 218 | sshkey_new | call site: 00081 | /src/openssh/sshkey.c:622 |
0 | 201 |
1 :
['sshbuf_free'] |
0 | 201 | sshbuf_froms | call site: 00000 | /src/openssh/sshbuf-getput-basic.c:561 |
0 | 201 |
1 :
['sshbuf_free'] |
0 | 201 | sshbuf_fromb | call site: 00049 | /src/openssh/sshbuf.c:151 |
0 | 0 | None | 14 | 14 | sshkey_ec_validate_public | call site: 00000 | /src/openssh/sshkey.c:2639 |
LLVMFuzzerTestOneInput
[function]
[call site]
00000
sshkey_from_blob
[function]
[call site]
00001
sshbuf_from
[function]
[call site]
00002
calloc
[call site]
00003
sshkey_from_blob_internal
[function]
[call site]
00004
sshbuf_fromb
[function]
[call site]
00005
sshbuf_check_sanity
[function]
[call site]
00006
ssh_signal
[function]
[call site]
00007
memset
[call site]
00008
sigfillset
[call site]
00009
sigaction
[call site]
00010
strsignal
[call site]
00011
sshlog
[function]
[call site]
00012
sshlogv
[function]
[call site]
00013
strrchr
[call site]
00014
getpid
[call site]
00015
snprintf
[call site]
00016
match_pattern_list
[function]
[call site]
00017
strlen
[call site]
00018
__ctype_b_loc
[call site]
00019
tolower
[call site]
00020
match_pattern
[function]
[call site]
00021
match_pattern
[function]
[call site]
00022
match_pattern
[function]
[call site]
00023
snprintf
[call site]
00024
snprintf
[call site]
00025
strlcpy
[function]
[call site]
00026
do_log
[function]
[call site]
00027
__errno_location
[call site]
00028
snprintf
[call site]
00029
vsnprintf
[call site]
00030
vsnprintf
[call site]
00031
snprintf
[call site]
00032
strlcpy
[function]
[call site]
00033
strnvis
[function]
[call site]
00034
__ctype_b_loc
[call site]
00035
vis
[function]
[call site]
00036
__ctype_b_loc
[call site]
00037
__ctype_b_loc
[call site]
00038
vis
[function]
[call site]
00039
snprintf
[call site]
00040
strlen
[call site]
00041
openlog
[call site]
00042
syslog
[call site]
00043
closelog
[call site]
00044
__errno_location
[call site]
00045
raise
[call site]
00046
sshbuf_ptr
[function]
[call site]
00047
sshbuf_check_sanity
[function]
[call site]
00048
sshbuf_set_parent
[function]
[call site]
00049
sshbuf_check_sanity
[function]
[call site]
00050
sshbuf_check_sanity
[function]
[call site]
00051
sshbuf_free
[function]
[call site]
00052
sshbuf_check_sanity
[function]
[call site]
00053
sshbuf_free
[function]
[call site]
00054
explicit_bzero
[call site]
00055
freezero
[function]
[call site]
00056
explicit_bzero
[call site]
00057
sshbuf_get_cstring
[function]
[call site]
00058
sshbuf_peek_string_direct
[function]
[call site]
00059
sshbuf_ptr
[function]
[call site]
00060
sshbuf_len
[function]
[call site]
00061
sshbuf_check_sanity
[function]
[call site]
00062
sshbuf_len
[function]
[call site]
00063
memchr
[call site]
00064
sshbuf_get_string_direct
[function]
[call site]
00065
sshbuf_peek_string_direct
[function]
[call site]
00066
sshbuf_consume
[function]
[call site]
00067
sshbuf_check_sanity
[function]
[call site]
00068
sshbuf_len
[function]
[call site]
00069
sshkey_type_from_name
[function]
[call site]
00070
strcmp
[call site]
00071
strcasecmp
[call site]
00072
sshkey_type_is_cert
[function]
[call site]
00073
sshkey_impl_from_type
[function]
[call site]
00074
sshkey_impl_from_type
[function]
[call site]
00075
sshkey_new
[function]
[call site]
00076
sshkey_impl_from_type
[function]
[call site]
00077
calloc
[call site]
00078
sshkey_is_cert
[function]
[call site]
00079
sshkey_type_is_cert
[function]
[call site]
00080
cert_new
[function]
[call site]
00081
calloc
[call site]
00082
sshbuf_new
[function]
[call site]
00083
calloc
[call site]
00084
calloc
[call site]
00085
sshbuf_new
[function]
[call site]
00086
sshbuf_new
[function]
[call site]
00087
cert_free
[function]
[call site]
00088
sshbuf_free
[function]
[call site]
00089
sshbuf_free
[function]
[call site]
00090
sshbuf_free
[function]
[call site]
00091
sshkey_free
[function]
[call site]
00092
sshkey_free_contents
[function]
[call site]
00093
sshkey_impl_from_type
[function]
[call site]
00094
sshkey_is_cert
[function]
[call site]
00095
cert_free
[function]
[call site]
00096
freezero
[function]
[call site]
00097
freezero
[function]
[call site]
00098
freezero
[function]
[call site]
00099
freezero
[function]
[call site]
00100
sshkey_free
[function]
[call site]
00101
sshkey_type_is_cert
[function]
[call site]
00102
sshbuf_get_string_direct
[function]
[call site]
00103
sshkey_is_cert
[function]
[call site]
00104
sshbuf_len
[function]
[call site]
00105
sshbuf_free
[function]
[call site]
00106
sshkey_free
[function]
[call site]
00107
sshbuf_free
[function]
[call site]
00108
sshkey_free
[function]
[call site]
00109