Fuzz introspector: quic-rcidm
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
3263 3281 2 :

['OSSL_LIB_CTX_get_conf_diagnostics', 'CONF_modules_load']

3270 3305 CONF_modules_load_file_ex call site: 00000 /src/openssl/crypto/conf/conf_mod.c:217
2002 3617 14 :

['DSO_ctrl', 'CRYPTO_strdup', 'CRYPTO_free', 'DSO_free', 'DSO_new', 'ossl_safe_getenv', 'ossl_get_modulesdir', 'CRYPTO_THREAD_read_lock', 'DSO_bind_func', 'DSO_load', 'DSO_merge', 'DSO_convert_filename', 'get_provider_store', 'CRYPTO_THREAD_unlock']

2014 4416 provider_init call site: 00000 /src/openssl/crypto/provider_core.c:890
1591 3190 5 :

['CRYPTO_free', 'CRYPTO_FREE_REF.9603', 'EVP_RAND_free', 'CRYPTO_DOWN_REF.9602', 'EVP_RAND_CTX_free']

1591 3190 EVP_RAND_CTX_free call site: 00000 /src/openssl/crypto/evp/evp_rand.c:390
1589 3181 2 :

['ossl_provider_up_ref_parent', 'ossl_provider_free']

1589 3181 ossl_provider_up_ref call site: 00000 /src/openssl/crypto/provider_core.c:483
1589 1589 1 :

['ossl_provider_free_parent']

1589 1589 provider_deactivate call site: 00000 /src/openssl/crypto/provider_core.c:1152
1587 1587 1 :

['ossl_rand_crng_ctx_free']

1587 1625 context_deinit_objs call site: 00000 /src/openssl/crypto/context.c:331
1235 1235 2 :

['BIO_free', 'def_load_bio']

1235 1235 def_load call site: 00000 /src/openssl/crypto/conf/conf_def.c:177
650 650 5 :

['fclose', 'BIO_clear_flags', 'BIO_ctrl', 'BIO_new', 'BIO_s_file']

650 650 BIO_new_file call site: 00000 /src/openssl/crypto/bio/bss_file.c:66
639 664 8 :

['CRYPTO_free', 'DSO_free', 'sk_INFOPAIR_pop_free', 'ERR_unload_strings', 'ossl_init_thread_deregister', 'CRYPTO_THREAD_lock_free', 'ossl_provider_teardown', 'CRYPTO_FREE_REF.12511']

639 664 ossl_provider_free call site: 00000 /src/openssl/crypto/provider_core.c:719
629 629 2 :

['ossl_provider_info_add_parameter', 'sk_INFOPAIR_new_null']

629 3847 ossl_provider_new call site: 00000 /src/openssl/crypto/provider_core.c:557
37 37 2 :

['ossl_strtouint64', 'ossl_strchr']

41 41 OPENSSL_cpuid_setup call site: 00000 /src/openssl/crypto/cpuid.c:106
20 39 6 :

['OPENSSL_LH_set_down_load', 'ossl_check_CONF_VALUE_lh_doallfunc_type', 'ossl_check_CONF_VALUE_lh_type', 'OPENSSL_LH_free', 'lh_CONF_VALUE_doall_LH_CONF_VALUE', 'OPENSSL_LH_doall']

20 39 _CONF_free_data call site: 00000 /src/openssl/crypto/conf/conf_api.c:142

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 FuzzerTestOneInput [function] [call site] 00001
2 PACKET_buf_init [function] [call site] 00002
2 ossl_quic_rcidm_new [function] [call site] 00003
3 ossl_pqueue_RCID_new [function] [call site] 00004
4 ossl_pqueue_new [function] [call site] 00005
5 ossl_pqueue_free [function] [call site] 00006
5 pqueue_add_freelist [function] [call site] 00007
3 rcidm_update [function] [call site] 00008
4 ossl_pqueue_RCID_peek [function] [call site] 00009
4 rcidm_transition_rcid [function] [call site] 00010
5 __assert_fail [call site] 00011
5 rcidm_check_rcid [function] [call site] 00012
6 __assert_fail [call site] 00013
6 __assert_fail [call site] 00014
6 __assert_fail [call site] 00015
6 ossl_list_retiring_next [function] [call site] 00016
7 __assert_fail [call site] 00017
6 __assert_fail [call site] 00018
6 __assert_fail [call site] 00019
6 __assert_fail [call site] 00020
6 __assert_fail [call site] 00021
6 __assert_fail [call site] 00022
6 __assert_fail [call site] 00023
6 __assert_fail [call site] 00024
6 __assert_fail [call site] 00025
5 rcidm_transition_rcid [function] [call site] 00026
6 __assert_fail [call site] 00027
6 ossl_pqueue_RCID_remove [function] [call site] 00028
6 ossl_list_retiring_insert_tail [function] [call site] 00029
6 rcidm_check_rcid [function] [call site] 00030
4 __assert_fail [call site] 00031
4 rcidm_check_rcid [function] [call site] 00032
4 rcidm_set_preferred_rcid [function] [call site] 00033
5 ossl_quic_conn_id_eq [function] [call site] 00034
6 memcmp [call site] 00035
4 rcidm_set_preferred_rcid [function] [call site] 00036
4 rcidm_set_preferred_rcid [function] [call site] 00037
4 rcidm_set_preferred_rcid [function] [call site] 00038
2 PACKET_remaining [function] [call site] 00039
2 PACKET_get_1 [function] [call site] 00040
3 PACKET_peek_1 [function] [call site] 00041
4 PACKET_remaining [function] [call site] 00042
3 packet_forward [function] [call site] 00043
2 get_cid [function] [call site] 00044
3 PACKET_get_1 [function] [call site] 00045
3 PACKET_copy_bytes [function] [call site] 00046
4 PACKET_peek_copy_bytes [function] [call site] 00047
5 PACKET_remaining [function] [call site] 00048
4 packet_forward [function] [call site] 00049
2 ossl_quic_rcidm_free [function] [call site] 00050
3 ossl_pqueue_RCID_pop [function] [call site] 00051
3 ossl_list_retiring_head [function] [call site] 00052
3 ossl_pqueue_RCID_free [function] [call site] 00053
2 ossl_quic_rcidm_new [function] [call site] 00054
2 ossl_quic_rcidm_free [function] [call site] 00055
2 ossl_quic_rcidm_new [function] [call site] 00056
2 ossl_quic_rcidm_add_from_initial [function] [call site] 00058
3 rcidm_create_rcid [function] [call site] 00059
4 ossl_pqueue_RCID_num [function] [call site] 00060
4 ossl_pqueue_RCID_push [function] [call site] 00061
4 ossl_list_retiring_insert_tail [function] [call site] 00062
4 rcidm_check_rcid [function] [call site] 00063
3 rcidm_tick [function] [call site] 00064
4 rcidm_should_roll [function] [call site] 00065
4 rcidm_roll [function] [call site] 00066
5 ossl_pqueue_RCID_peek [function] [call site] 00067
5 rcidm_transition_rcid [function] [call site] 00068
4 rcidm_update [function] [call site] 00069
2 ossl_quic_rcidm_add_from_server_retry [function] [call site] 00071
3 rcidm_tick [function] [call site] 00072
2 PACKET_get_net_8 [function] [call site] 00073
3 PACKET_peek_net_8 [function] [call site] 00074
4 PACKET_remaining [function] [call site] 00075
3 packet_forward [function] [call site] 00076
2 PACKET_get_net_8 [function] [call site] 00077
2 ossl_quic_rcidm_add_from_ncid [function] [call site] 00079
3 rcidm_create_rcid [function] [call site] 00080
3 rcidm_handle_retire_prior_to [function] [call site] 00081
4 rcidm_transition_rcid [function] [call site] 00082
4 ossl_pqueue_RCID_peek [function] [call site] 00083
4 rcidm_transition_rcid [function] [call site] 00084
3 rcidm_tick [function] [call site] 00085
2 ossl_quic_rcidm_on_handshake_complete [function] [call site] 00086
3 rcidm_tick [function] [call site] 00087
2 PACKET_get_net_8 [function] [call site] 00088
2 ossl_quic_rcidm_on_packet_sent [function] [call site] 00089
3 rcidm_tick [function] [call site] 00090
2 ossl_quic_rcidm_request_roll [function] [call site] 00091
3 rcidm_tick [function] [call site] 00092
2 ossl_quic_rcidm_pop_retire_seq_num [function] [call site] 00093
3 rcidm_get_retire [function] [call site] 00094
4 ossl_list_retiring_head [function] [call site] 00095
4 rcidm_free_rcid [function] [call site] 00096
5 rcidm_check_rcid [function] [call site] 00097
5 ossl_pqueue_RCID_remove [function] [call site] 00098
5 ossl_list_retiring_remove [function] [call site] 00099
5 __assert_fail [call site] 00100
2 ossl_quic_rcidm_peek_retire_seq_num [function] [call site] 00101
3 rcidm_get_retire [function] [call site] 00102
2 ossl_quic_rcidm_get_preferred_tx_dcid [function] [call site] 00103
2 PACKET_get_1 [function] [call site] 00104
2 ossl_quic_rcidm_get_preferred_tx_dcid_changed [function] [call site] 00105
2 ossl_quic_rcidm_free [function] [call site] 00106