The followings are the branches where fuzzer fails to bypass.
| Unique non-covered Complexity | Unique Reachable Complexities | Unique Reachable Functions | All non-covered Complexity | All Reachable Complexity | Function Name | Function Callsite | Blocked Branch |
|---|---|---|---|---|---|---|---|
| 419 | 419 |
1 :
['pkcs11_key_free'] |
419 | 881 | sshkey_free_contents | call site: 00222 | /src/openssh/sshkey.c:782 |
| 167 | 167 |
1 :
['xstrdup'] |
167 | 167 | tohex | call site: 00125 | /src/openssh/misc.c:1564 |
| 163 | 163 |
1 :
['sshfatal'] |
163 | 163 | xcalloc | call site: 00137 | /src/openssh/xmalloc.c:56 |
| 122 | 158 |
5 :
['do_log', 'getpid', 'strrchr', 'strlcpy', 'match_pattern_list'] |
122 | 158 | sshlogv | call site: 00025 | /src/openssh/log.c:462 |
| 82 | 243 |
4 :
['malloc', 'xmss_sign_open', 'sshkey_xmss_params', 'sshlog'] |
82 | 452 | ssh_xmss_verify | call site: 00000 | /src/openssh/ssh-xmss.c:314 |
| 49 | 49 |
5 :
['EC_KEY_get0_group', 'EVP_PKEY_set1_EC_KEY', 'EVP_PKEY_new', 'sshkey_ec_validate_public', 'EC_KEY_get0_public_key'] |
55 | 55 | ssh_ecdsa_deserialize_public | call site: 00000 | /src/openssh/ssh-ecdsa.c:251 |
| 13 | 13 |
1 :
['ssh_rsa_hash_id_from_keyname'] |
23 | 674 | ssh_rsa_verify | call site: 00000 | /src/openssh/ssh-rsa.c:528 |
| 6 | 6 |
3 :
['openlog', 'closelog', 'exit'] |
6 | 6 | log_init | call site: 00008 | /src/openssh/log.c:215 |
| 2 | 219 |
2 :
['sshbuf_get_string_direct', 'EC_KEY_set_public_key'] |
6 | 223 | sshbuf_get_eckey | call site: 00000 | /src/openssh/sshbuf-getput-crypto.c:110 |
| 2 | 2 |
1 :
['strlen'] |
2 | 2 | strlcat | call site: 00140 | /src/openssh/openbsd-compat/strlcat.c:48 |
| 2 | 2 |
1 :
['BN_clear_free'] |
2 | 2 | sshbuf_get_bignum2 | call site: 00000 | /src/openssh/sshbuf-getput-crypto.c:48 |
| 2 | 2 |
1 :
['munmap'] |
2 | 2 | sshkey_prekey_free | call site: 00278 | /src/openssh/sshkey.c:770 |
LLVMFuzzerTestOneInput
[function]
[call site]
00000
sshbuf_from
[function]
[call site]
00001
calloc
[call site]
00002
strlen
[call site]
00003
sshbuf_from
[function]
[call site]
00004
log_init
[function]
[call site]
00005
log_change_level
[function]
[call site]
00006
fprintf
[call site]
00007
exit
[call site]
00008
fprintf
[call site]
00009
exit
[call site]
00010
openlog
[call site]
00011
closelog
[call site]
00012
sshsig_verifyb
[function]
[call site]
00013
sshsig_peek_hashalg
[function]
[call site]
00014
sshbuf_fromb
[function]
[call site]
00015
sshbuf_check_sanity
[function]
[call site]
00016
ssh_signal
[function]
[call site]
00017
memset
[call site]
00018
sigfillset
[call site]
00019
sigaction
[call site]
00020
strsignal
[call site]
00021
__errno_location
[call site]
00022
strerror
[call site]
00023
sshlog
[function]
[call site]
00024
sshlogv
[function]
[call site]
00025
strrchr
[call site]
00026
getpid
[call site]
00027
snprintf
[call site]
00028
match_pattern_list
[function]
[call site]
00029
strlen
[call site]
00030
__ctype_b_loc
[call site]
00031
tolower
[call site]
00032
match_pattern
[function]
[call site]
00033
match_pattern
[function]
[call site]
00034
match_pattern
[function]
[call site]
00035
snprintf
[call site]
00036
snprintf
[call site]
00037
strlcpy
[function]
[call site]
00038
do_log
[function]
[call site]
00039
__errno_location
[call site]
00040
snprintf
[call site]
00041
vsnprintf
[call site]
00042
vsnprintf
[call site]
00043
snprintf
[call site]
00044
strlcpy
[function]
[call site]
00045
strnvis
[function]
[call site]
00046
__ctype_b_loc
[call site]
00047
vis
[function]
[call site]
00048
__ctype_b_loc
[call site]
00049
__ctype_b_loc
[call site]
00050
vis
[function]
[call site]
00051
snprintf
[call site]
00052
strlen
[call site]
00053
write
[call site]
00054
openlog
[call site]
00055
syslog
[call site]
00056
closelog
[call site]
00057
__errno_location
[call site]
00058
raise
[call site]
00059
sshbuf_ptr
[function]
[call site]
00060
sshbuf_check_sanity
[function]
[call site]
00061
sshbuf_len
[function]
[call site]
00062
sshbuf_check_sanity
[function]
[call site]
00063
sshbuf_from
[function]
[call site]
00064
sshbuf_set_parent
[function]
[call site]
00065
sshbuf_check_sanity
[function]
[call site]
00066
sshbuf_check_sanity
[function]
[call site]
00067
sshbuf_free
[function]
[call site]
00068
sshbuf_check_sanity
[function]
[call site]
00069
sshbuf_free
[function]
[call site]
00070
freezero
[function]
[call site]
00071
explicit_bzero
[call site]
00072
freezero
[function]
[call site]
00073
sshsig_parse_preamble
[function]
[call site]
00074
sshbuf_cmp
[function]
[call site]
00075
sshbuf_ptr
[function]
[call site]
00076
sshbuf_len
[function]
[call site]
00077
sshbuf_ptr
[function]
[call site]
00078
timingsafe_bcmp
[function]
[call site]
00079
sshbuf_consume
[function]
[call site]
00080
sshbuf_check_sanity
[function]
[call site]
00081
sshbuf_len
[function]
[call site]
00082
sshbuf_get_u32
[function]
[call site]
00083
sshbuf_ptr
[function]
[call site]
00084
sshbuf_consume
[function]
[call site]
00085
sshlog
[function]
[call site]
00086
sshlog
[function]
[call site]
00087
sshbuf_get_string_direct
[function]
[call site]
00088
sshbuf_peek_string_direct
[function]
[call site]
00089
sshbuf_ptr
[function]
[call site]
00090
sshbuf_len
[function]
[call site]
00091
sshbuf_len
[function]
[call site]
00092
sshbuf_consume
[function]
[call site]
00093
sshbuf_get_string_direct
[function]
[call site]
00094
sshbuf_get_string
[function]
[call site]
00095
sshbuf_get_string_direct
[function]
[call site]
00096
sshbuf_get_cstring
[function]
[call site]
00097
sshbuf_peek_string_direct
[function]
[call site]
00098
memchr
[call site]
00099
sshbuf_get_string_direct
[function]
[call site]
00100
ssh_err
[function]
[call site]
00101
__errno_location
[call site]
00102
strerror
[call site]
00103
sshlog
[function]
[call site]
00104
sshbuf_free
[function]
[call site]
00105
sshlog
[function]
[call site]
00106
hash_buffer
[function]
[call site]
00107
memset
[call site]
00108
sshsig_check_hashalg
[function]
[call site]
00109
match_pattern_list
[function]
[call site]
00110
sshlog
[function]
[call site]
00111
ssh_digest_alg_by_name
[function]
[call site]
00112
strcasecmp
[call site]
00113
sshlog
[function]
[call site]
00114
ssh_digest_buffer
[function]
[call site]
00115
sshbuf_ptr
[function]
[call site]
00116
sshbuf_len
[function]
[call site]
00117
ssh_digest_memory
[function]
[call site]
00118
ssh_digest_by_alg
[function]
[call site]
00119
EVP_Digest
[call site]
00120
ssh_err
[function]
[call site]
00121
sshlog
[function]
[call site]
00122
ssh_digest_bytes
[function]
[call site]
00123
ssh_digest_by_alg
[function]
[call site]
00124
tohex
[function]
[call site]
00125
xstrdup
[function]
[call site]
00126
strlen
[call site]
00127
xmalloc
[function]
[call site]
00128
sshfatal
[function]
[call site]
00129
sshlogv
[function]
[call site]
00130
cleanup_exit
[function]
[call site]
00131
_exit
[call site]
00132
sshfatal
[function]
[call site]
00133
xcalloc
[function]
[call site]
00134
sshfatal
[function]
[call site]
00135
sshfatal
[function]
[call site]
00136
calloc
[call site]
00137
sshfatal
[function]
[call site]
00138
snprintf
[call site]
00139
strlcat
[function]
[call site]
00140
strlen
[call site]
00141
sshlog
[function]
[call site]
00142
strlen
[call site]
00143
freezero
[function]
[call site]
00144
sshbuf_new
[function]
[call site]
00145
calloc
[call site]
00146
calloc
[call site]
00147
ssh_digest_bytes
[function]
[call site]
00148
sshbuf_put
[function]
[call site]
00149
sshbuf_reserve
[function]
[call site]
00150
sshbuf_allocate
[function]
[call site]
00151
sshbuf_check_reserve
[function]
[call site]
00152
sshbuf_check_sanity
[function]
[call site]
00153
sshbuf_maybe_pack
[function]
[call site]
00154
recallocarray
[function]
[call site]
00155
calloc
[call site]
00156
__errno_location
[call site]
00157
__errno_location
[call site]
00158
getpagesize
[call site]
00159
memset
[call site]
00160
memset
[call site]
00161
explicit_bzero
[call site]
00162
sshbuf_check_reserve
[function]
[call site]
00163
ssh_err
[function]
[call site]
00164
sshlog
[function]
[call site]
00165
sshbuf_free
[function]
[call site]
00166
explicit_bzero
[call site]
00167
ssh_err
[function]
[call site]
00168
sshlog
[function]
[call site]
00169
sshsig_wrap_verify
[function]
[call site]
00170
sshbuf_len
[function]
[call site]
00171
sshlog
[function]
[call site]
00172
sshbuf_new
[function]
[call site]
00173
sshlog
[function]
[call site]
00174
sshbuf_put
[function]
[call site]
00175
sshbuf_put_cstring
[function]
[call site]
00176
strlen
[call site]
00177
sshbuf_put_string
[function]
[call site]
00178
sshbuf_reserve
[function]
[call site]
00179
sshbuf_put_string
[function]
[call site]
00180
sshbuf_put_cstring
[function]
[call site]
00181
sshbuf_put_stringb
[function]
[call site]
00182
sshbuf_put_string
[function]
[call site]
00183
sshbuf_ptr
[function]
[call site]
00184
sshbuf_len
[function]
[call site]
00185
sshbuf_put_string
[function]
[call site]
00186
ssh_err
[function]
[call site]
00187
sshlog
[function]
[call site]
00188
sshsig_parse_preamble
[function]
[call site]
00189
sshkey_froms
[function]
[call site]
00190
sshbuf_froms
[function]
[call site]
00191
sshbuf_peek_string_direct
[function]
[call site]
00192
sshbuf_from
[function]
[call site]
00193
sshbuf_consume
[function]
[call site]
00194
sshbuf_set_parent
[function]
[call site]
00195
sshbuf_free
[function]
[call site]
00196
sshkey_from_blob_internal
[function]
[call site]
00197
sshbuf_fromb
[function]
[call site]
00198
sshbuf_get_cstring
[function]
[call site]
00199
sshkey_type_from_name
[function]
[call site]
00200
type_from_name
[function]
[call site]
00201
strcmp
[call site]
00202
strcasecmp
[call site]
00203
sshkey_type_is_cert
[function]
[call site]
00204
sshkey_impl_from_type
[function]
[call site]
00205
sshkey_impl_from_type
[function]
[call site]
00206
sshkey_new
[function]
[call site]
00207
sshkey_impl_from_type
[function]
[call site]
00208
calloc
[call site]
00209
sshkey_is_cert
[function]
[call site]
00210
sshkey_type_is_cert
[function]
[call site]
00211
cert_new
[function]
[call site]
00212
calloc
[call site]
00213
sshbuf_new
[function]
[call site]
00214
sshbuf_new
[function]
[call site]
00215
sshbuf_new
[function]
[call site]
00216
cert_free
[function]
[call site]
00217
sshbuf_free
[function]
[call site]
00218
sshbuf_free
[function]
[call site]
00219
sshbuf_free
[function]
[call site]
00220
sshkey_free
[function]
[call site]
00221
sshkey_free_contents
[function]
[call site]
00222
pkcs11_key_free
[function]
[call site]
00223
sshkey_type
[function]
[call site]
00224
sshkey_impl_from_key
[function]
[call site]
00225
sshkey_impl_from_type_nid
[function]
[call site]
00226
sshlog
[function]
[call site]
00227
helper_by_key
[function]
[call site]
00228
sshbuf_new
[function]
[call site]
00229
sshfatal
[function]
[call site]
00230
sshkey_putb
[function]
[call site]
00231
to_blob_buf
[function]
[call site]
00232
sshkey_type_plain
[function]
[call site]
00233
sshkey_type_is_cert
[function]
[call site]
00234
sshbuf_len
[function]
[call site]
00235
sshbuf_putb
[function]
[call site]
00236
sshbuf_ptr
[function]
[call site]
00237
sshbuf_len
[function]
[call site]
00238
sshbuf_put
[function]
[call site]
00239
sshkey_impl_from_type
[function]
[call site]
00240
sshkey_ssh_name_from_type_nid
[function]
[call site]
00241
sshkey_impl_from_type_nid
[function]
[call site]
00242
sshbuf_put_cstring
[function]
[call site]
00243
ssh_err
[function]
[call site]
00244
sshfatal
[function]
[call site]
00245
sshbuf_equals
[function]
[call site]
00246
sshbuf_ptr
[function]
[call site]
00247
sshbuf_len
[function]
[call site]
00248
sshbuf_len
[function]
[call site]
00249
sshbuf_ptr
[function]
[call site]
00250
sshbuf_len
[function]
[call site]
00251
memcmp
[call site]
00252
sshbuf_free
[function]
[call site]
00253
sshbuf_free
[function]
[call site]
00254
sshkey_type
[function]
[call site]
00255
sshfatal
[function]
[call site]
00256
sshbuf_new
[function]
[call site]
00257
sshfatal
[function]
[call site]
00258
sshkey_putb
[function]
[call site]
00259
ssh_err
[function]
[call site]
00260
sshfatal
[function]
[call site]
00261
sshbuf_equals
[function]
[call site]
00262
sshfatal
[function]
[call site]
00263
xrecallocarray
[function]
[call site]
00264
recallocarray
[function]
[call site]
00265
sshfatal
[function]
[call site]
00266
helper_terminate
[function]
[call site]
00267
sshfatal
[function]
[call site]
00268
sshlog
[function]
[call site]
00269
close
[call site]
00270
sshfatal
[function]
[call site]
00271
xrecallocarray
[function]
[call site]
00272
sshkey_impl_from_type
[function]
[call site]
00273
sshkey_is_cert
[function]
[call site]
00274
cert_free
[function]
[call site]
00275
freezero
[function]
[call site]
00276
freezero
[function]
[call site]
00277
sshkey_prekey_free
[function]
[call site]
00278
munmap
[call site]
00279
freezero
[function]
[call site]
00280
sshkey_free
[function]
[call site]
00281
sshkey_type_is_cert
[function]
[call site]
00282
sshbuf_get_string_direct
[function]
[call site]
00283
sshkey_is_cert
[function]
[call site]
00284
cert_parse
[function]
[call site]
00285
sshbuf_putb
[function]
[call site]
00286
sshbuf_get_u64
[function]
[call site]
00287
sshbuf_ptr
[function]
[call site]
00288
sshbuf_consume
[function]
[call site]
00289
sshbuf_get_u32
[function]
[call site]
00290
sshbuf_get_cstring
[function]
[call site]
00291
sshbuf_froms
[function]
[call site]
00292
sshbuf_get_u64
[function]
[call site]
00293
sshbuf_get_u64
[function]
[call site]
00294
sshbuf_froms
[function]
[call site]
00295
sshbuf_froms
[function]
[call site]
00296
sshbuf_get_string_direct
[function]
[call site]
00297
sshbuf_froms
[function]
[call site]
00298
sshbuf_len
[function]
[call site]
00299
sshbuf_get_string
[function]
[call site]
00300
sshbuf_len
[function]
[call site]
00301
sshbuf_get_cstring
[function]
[call site]
00302
recallocarray
[function]
[call site]
00303
sshbuf_putb
[function]
[call site]
00304
sshbuf_putb
[function]
[call site]
00305
sshbuf_len
[function]
[call site]
00306
sshbuf_get_string_direct
[function]
[call site]
00307
sshbuf_get_string_direct
[function]
[call site]
00308
sshbuf_reset
[function]
[call site]
00309
sshbuf_check_sanity
[function]
[call site]
00310
recallocarray
[function]
[call site]
00311
explicit_bzero
[call site]
00312
sshbuf_len
[function]
[call site]
00313
sshbuf_get_string_direct
[function]
[call site]
00314
sshbuf_get_string_direct
[function]
[call site]
00315
sshbuf_reset
[function]
[call site]
00316
sshkey_from_blob_internal
[function]
[call site]
00317
sshbuf_len
[function]
[call site]
00318
sshbuf_free
[function]
[call site]
00319
sshkey_free
[function]
[call site]
00320
sshkey_type_is_valid_ca
[function]
[call site]
00321
sshkey_impl_from_type
[function]
[call site]
00322
sshbuf_ptr
[function]
[call site]
00323
sshkey_verify
[function]
[call site]
00324
sshkey_impl_from_key
[function]
[call site]
00325
sshkey_get_sigtype
[function]
[call site]
00326
sshbuf_from
[function]
[call site]
00327
sshbuf_get_cstring
[function]
[call site]
00328
sshbuf_free
[function]
[call site]
00329
sshbuf_free
[function]
[call site]
00330
sshbuf_free
[function]
[call site]
00331
sshbuf_free
[function]
[call site]
00332
sshbuf_free
[function]
[call site]
00333
sshbuf_free
[function]
[call site]
00334
sshbuf_get_cstring
[function]
[call site]
00335
sshbuf_get_string
[function]
[call site]
00336
sshbuf_get_cstring
[function]
[call site]
00337
sshbuf_get_string_direct
[function]
[call site]
00338
ssh_err
[function]
[call site]
00339
sshlog
[function]
[call site]
00340
sshbuf_len
[function]
[call site]
00341
sshlog
[function]
[call site]
00342
strcmp
[call site]
00343
sshlog
[function]
[call site]
00344
sshlog
[function]
[call site]
00345
strcmp
[call site]
00346
sshlog
[function]
[call site]
00347
sshlog
[function]
[call site]
00348
sshkey_type_plain
[function]
[call site]
00349
sshkey_get_sigtype
[function]
[call site]
00350
ssh_err
[function]
[call site]
00351
sshlog
[function]
[call site]
00352
match_pattern_list
[function]
[call site]
00353
sshlog
[function]
[call site]
00354
sshbuf_ptr
[function]
[call site]
00355
sshbuf_len
[function]
[call site]
00356
sshkey_verify
[function]
[call site]
00357
ssh_err
[function]
[call site]
00358
sshlog
[function]
[call site]
00359
sshbuf_free
[function]
[call site]
00360
sshbuf_free
[function]
[call site]
00361
sshkey_free
[function]
[call site]
00362
sshbuf_free
[function]
[call site]
00363
sshkey_sig_details_free
[function]
[call site]
00364
freezero
[function]
[call site]
00365
sshkey_free
[function]
[call site]
00366
sshbuf_free
[function]
[call site]
00367
sshbuf_free
[function]
[call site]
00368