The followings are the branches where fuzzer fails to bypass.
Unique non-covered Complexity | Unique Reachable Complexities | Unique Reachable Functions | All non-covered Complexity | All Reachable Complexity | Function Name | Function Callsite | Blocked Branch |
---|---|---|---|---|---|---|---|
446 | 446 |
2 :
['sshkey_free', 'cert_new'] |
446 | 446 | sshkey_new | call site: 00010 | /src/openssh/sshkey.c:621 |
218 | 218 |
1 :
['sshkey_free'] |
218 | 218 | sshkey_generate | call site: 00007 | /src/openssh/sshkey.c:1406 |
162 | 162 |
1 :
['_getentropy_fail'] |
166 | 227 | _rs_stir | call site: 00000 | /src/openssh/openbsd-compat/arc4random.c:116 |
162 | 162 |
2 :
['sshfatal', 'ERR_get_error'] |
162 | 162 | _ssh_compat_getentropy | call site: 00000 | /src/openssh/openbsd-compat/bsd-getentropy.c:45 |
95 | 95 |
8 :
['strlen', 'strnvis', 'syslog', '__errno_location', 'openlog', 'strlcpy', 'write', 'closelog'] |
95 | 95 | do_log | call site: 00043 | /src/openssh/log.c:351 |
73 | 73 |
2 :
['ssh_err', 'abort'] |
73 | 73 | generate_or_die(int,unsignedint) | call site: 00000 | /src/openssh/regress/misc/fuzz-harness/sig_fuzz.cc:18 |
13 | 13 |
1 :
['rsa_hash_id_from_keyname'] |
21 | 697 | ssh_rsa_verify | call site: 00000 | /src/openssh/ssh-rsa.c:508 |
7 | 7 |
1 :
['strlcpy'] |
7 | 118 | sshlogv | call site: 00039 | /src/openssh/log.c:484 |
4 | 4 |
1 :
['timingsafe_bcmp'] |
4 | 9 | openssh_RSA_verify | call site: 00000 | /src/openssh/ssh-rsa.c:659 |
2 | 2 |
1 :
['_exit'] |
2 | 2 | _rs_init | call site: 00000 | /src/openssh/openbsd-compat/arc4random.c:102 |
2 | 2 |
1 :
['memset'] |
2 | 2 | _rs_forkdetect | call site: 00000 | /src/openssh/openbsd-compat/./arc4random.h:58 |
2 | 2 |
1 :
['munmap'] |
2 | 2 | _rs_allocate | call site: 00000 | /src/openssh/openbsd-compat/./arc4random.h:71 |
LLVMFuzzerTestOneInput
[function]
[call site]
00000
__cxa_guard_acquire
[call site]
00001
generate_or_die(int, unsigned int)
[function]
[call site]
00002
sshkey_generate
[function]
[call site]
00003
sshkey_type_is_cert
[function]
[call site]
00004
sshkey_impl_from_type
[function]
[call site]
00005
sshkey_impl_from_type
[function]
[call site]
00006
sshkey_new
[function]
[call site]
00007
sshkey_impl_from_type
[function]
[call site]
00008
calloc
[call site]
00009
sshkey_is_cert
[function]
[call site]
00010
sshkey_type_is_cert
[function]
[call site]
00011
cert_new
[function]
[call site]
00012
calloc
[call site]
00013
sshbuf_new
[function]
[call site]
00014
calloc
[call site]
00015
calloc
[call site]
00016
sshbuf_new
[function]
[call site]
00017
sshbuf_new
[function]
[call site]
00018
cert_free
[function]
[call site]
00019
sshbuf_free
[function]
[call site]
00020
sshbuf_check_sanity
[function]
[call site]
00021
ssh_signal
[function]
[call site]
00022
memset
[call site]
00023
sigfillset
[call site]
00024
sigaction
[call site]
00025
strsignal
[call site]
00026
sshlog
[function]
[call site]
00027
sshlogv
[function]
[call site]
00028
strrchr
[call site]
00029
getpid
[call site]
00030
snprintf
[call site]
00031
match_pattern_list
[function]
[call site]
00032
strlen
[call site]
00033
__ctype_b_loc
[call site]
00034
tolower
[call site]
00035
match_pattern
[function]
[call site]
00036
match_pattern
[function]
[call site]
00037
match_pattern
[function]
[call site]
00038
snprintf
[call site]
00039
snprintf
[call site]
00040
strlcpy
[function]
[call site]
00041
do_log
[function]
[call site]
00042
__errno_location
[call site]
00043
snprintf
[call site]
00044
vsnprintf
[call site]
00045
vsnprintf
[call site]
00046
snprintf
[call site]
00047
strlcpy
[function]
[call site]
00048
strnvis
[function]
[call site]
00049
__ctype_b_loc
[call site]
00050
vis
[function]
[call site]
00051
__ctype_b_loc
[call site]
00052
__ctype_b_loc
[call site]
00053
vis
[function]
[call site]
00054
snprintf
[call site]
00055
strlen
[call site]
00056
openlog
[call site]
00057
syslog
[call site]
00058
closelog
[call site]
00059
__errno_location
[call site]
00060
raise
[call site]
00061
sshbuf_free
[function]
[call site]
00062
explicit_bzero
[call site]
00063
freezero
[function]
[call site]
00064
explicit_bzero
[call site]
00065
sshbuf_free
[function]
[call site]
00066
sshbuf_free
[function]
[call site]
00067
sshkey_free
[function]
[call site]
00068
sshkey_free_contents
[function]
[call site]
00069
sshkey_impl_from_type
[function]
[call site]
00070
sshkey_is_cert
[function]
[call site]
00071
cert_free
[function]
[call site]
00072
freezero
[function]
[call site]
00073
freezero
[function]
[call site]
00074
freezero
[function]
[call site]
00075
freezero
[function]
[call site]
00076
sshkey_free
[function]
[call site]
00077
sshkey_free
[function]
[call site]
00078
ssh_err
[function]
[call site]
00079
__errno_location
[call site]
00080
fprintf
[call site]
00081
abort
[call site]
00082
generate_or_die(int, unsigned int)
[function]
[call site]
00083
__cxa_guard_acquire
[call site]
00084
generate_or_die(int, unsigned int)
[function]
[call site]
00085
__cxa_guard_acquire
[call site]
00086
generate_or_die(int, unsigned int)
[function]
[call site]
00087
__cxa_guard_acquire
[call site]
00088
generate_or_die(int, unsigned int)
[function]
[call site]
00089
__cxa_guard_acquire
[call site]
00090
generate_or_die(int, unsigned int)
[function]
[call site]
00091
__cxa_guard_acquire
[call site]
00092
sshkey_verify
[function]
[call site]
00093
sshkey_impl_from_key
[function]
[call site]
00094
sshkey_impl_from_type_nid
[function]
[call site]
00095
sshkey_sig_details_free
[function]
[call site]
00096
freezero
[function]
[call site]
00097
sshkey_verify
[function]
[call site]
00098
sshkey_sig_details_free
[function]
[call site]
00099
sshkey_verify
[function]
[call site]
00100
sshkey_sig_details_free
[function]
[call site]
00101
sshkey_verify
[function]
[call site]
00102
sshkey_sig_details_free
[function]
[call site]
00103
sshkey_verify
[function]
[call site]
00104
sshkey_sig_details_free
[function]
[call site]
00105
sshkey_verify
[function]
[call site]
00106
sshkey_sig_details_free
[function]
[call site]
00107