Fuzz introspector: bndiv
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
1591 3190 5 :

['CRYPTO_free', 'CRYPTO_FREE_REF.9603', 'EVP_RAND_free', 'CRYPTO_DOWN_REF.9602', 'EVP_RAND_CTX_free']

1591 3190 EVP_RAND_CTX_free call site: 00000 /src/openssl/crypto/evp/evp_rand.c:390
1587 1587 1 :

['ossl_rand_crng_ctx_free']

1587 1625 context_deinit_objs call site: 00000 /src/openssl/crypto/context.c:331
261 261 3 :

['ERR_set_debug', 'ERR_new', 'ERR_set_error']

261 261 BN_usub call site: 00168 /src/openssl/crypto/bn/bn_add.c:138
261 261 3 :

['ERR_set_debug', 'ERR_new', 'ERR_set_error']

261 261 BN_CTX_get call site: 00039 /src/openssl/crypto/bn/bn_ctx.c:219
261 261 3 :

['ERR_set_debug', 'ERR_new', 'ERR_set_error']

261 261 BN_div call site: 00031 /src/openssl/crypto/bn/bn_div.c:224
261 261 3 :

['ERR_set_debug', 'ERR_new', 'ERR_set_error']

261 261 bn_expand_internal call site: 00014 /src/openssl/crypto/bn/bn_lib.c:273
261 261 3 :

['ERR_set_debug', 'ERR_new', 'ERR_set_error']

261 261 do_init_module_list_lock call site: 00000 /src/openssl/crypto/conf/conf_mod.c:103
261 261 3 :

['ERR_set_debug', 'ERR_new', 'ERR_set_error']

261 261 OPENSSL_sk_insert call site: 00000 /src/openssl/crypto/stack/stack.c:264
261 261 3 :

['ERR_set_debug', 'ERR_new', 'ERR_set_error']

261 261 sk_reserve call site: 00000 /src/openssl/crypto/stack/stack.c:209
43 48 6 :

['lh_OBJ_NAME_set_down_load', 'lh_OBJ_NAME_free', 'CRYPTO_THREAD_lock_free', 'sk_NAME_FUNCS_pop_free', 'lh_OBJ_NAME_doall', 'lh_OBJ_NAME_get_down_load']

43 48 OBJ_NAME_cleanup call site: 00000 /src/openssl/crypto/objects/o_names.c:371
37 37 2 :

['ossl_strtouint64', 'ossl_strchr']

41 41 OPENSSL_cpuid_setup call site: 00000 /src/openssl/crypto/cpuid.c:106
14 14 1 :

['async_deinit']

14 4964 OPENSSL_cleanup call site: 00000 /src/openssl/crypto/init.c:407

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 FuzzerTestOneInput [function] [call site] 00001
2 BN_bin2bn [function] [call site] 00002
3 bin2bn [function] [call site] 00003
4 BN_clear [function] [call site] 00005
5 OPENSSL_cleanse [call site] 00006
4 bn_wexpand [function] [call site] 00007
5 bn_expand2 [function] [call site] 00008
6 bn_expand_internal [function] [call site] 00009
7 ERR_new [function] [call site] 00010
8 err_get_slot [function] [call site] 00011
8 err_clear [function] [call site] 00012
9 err_clear_data [function] [call site] 00013
7 BN_get_flags [function] [call site] 00014
7 BN_get_flags [function] [call site] 00016
7 __assert_fail [call site] 00017
6 bn_free_d [function] [call site] 00018
7 BN_get_flags [function] [call site] 00019
4 BN_free [function] [call site] 00020
5 BN_get_flags [function] [call site] 00021
5 bn_free_d [function] [call site] 00022
4 bn_correct_top [function] [call site] 00023
2 BN_set_negative [function] [call site] 00024
3 BN_is_zero [function] [call site] 00025
2 BN_bin2bn [function] [call site] 00026
2 BN_set_negative [function] [call site] 00027
2 BN_is_zero [function] [call site] 00028
2 BN_div [function] [call site] 00029
3 BN_is_zero [function] [call site] 00030
3 bn_div_fixed_top [function] [call site] 00033
4 __assert_fail [call site] 00034
4 BN_CTX_start [function] [call site] 00035
5 BN_STACK_push [function] [call site] 00036
4 BN_CTX_get [function] [call site] 00038
5 BN_POOL_get [function] [call site] 00039
6 BN_set_flags [function] [call site] 00041
5 BN_zero_ex [function] [call site] 00042
4 BN_CTX_get [function] [call site] 00043
4 BN_CTX_get [function] [call site] 00044
4 BN_CTX_get [function] [call site] 00045
4 BN_copy [function] [call site] 00046
5 BN_get_flags [function] [call site] 00047
5 bn_wexpand [function] [call site] 00048
4 bn_left_align [function] [call site] 00049
5 BN_num_bits_word [function] [call site] 00050
4 bn_lshift_fixed_top [function] [call site] 00051
5 __assert_fail [call site] 00052
5 bn_wexpand [function] [call site] 00053
4 bn_wexpand [function] [call site] 00054
4 bn_wexpand [function] [call site] 00055
4 bn_wexpand [function] [call site] 00056
4 bn_div_words [function] [call site] 00057
4 bn_mul_words [function] [call site] 00058
4 bn_sub_words [function] [call site] 00059
4 bn_add_words [function] [call site] 00060
4 __assert_fail [call site] 00061
4 bn_rshift_fixed_top [function] [call site] 00062
5 __assert_fail [call site] 00063
5 BN_zero_ex [function] [call site] 00064
5 bn_wexpand [function] [call site] 00065
4 BN_CTX_end [function] [call site] 00066
5 BN_STACK_pop [function] [call site] 00067
5 BN_POOL_release [function] [call site] 00068
4 BN_CTX_end [function] [call site] 00069
3 bn_correct_top [function] [call site] 00070
3 bn_correct_top [function] [call site] 00071
2 BN_is_zero [function] [call site] 00072
2 BN_is_zero [function] [call site] 00073
2 BN_is_negative [function] [call site] 00074
2 BN_is_negative [function] [call site] 00075
2 BN_is_negative [function] [call site] 00076
2 BN_is_negative [function] [call site] 00077
2 BN_is_negative [function] [call site] 00078
2 BN_mul [function] [call site] 00079
3 bn_mul_fixed_top [function] [call site] 00080
4 BN_zero_ex [function] [call site] 00081
4 BN_CTX_start [function] [call site] 00082
4 BN_CTX_get [function] [call site] 00083
4 bn_wexpand [function] [call site] 00084
4 bn_mul_comba8 [function] [call site] 00085
4 BN_num_bits_word [function] [call site] 00086
4 BN_num_bits_word [function] [call site] 00087
4 __assert_fail [call site] 00088
4 BN_CTX_get [function] [call site] 00089
4 bn_wexpand [function] [call site] 00090
4 bn_wexpand [function] [call site] 00091
4 bn_mul_part_recursive [function] [call site] 00092
5 bn_mul_normal [function] [call site] 00093
6 bn_mul_words [function] [call site] 00094
6 bn_mul_words [function] [call site] 00095
6 bn_mul_add_words [function] [call site] 00096
6 bn_mul_add_words [function] [call site] 00097
6 bn_mul_add_words [function] [call site] 00098
6 bn_mul_add_words [function] [call site] 00099
5 bn_cmp_part_words [function] [call site] 00100
6 bn_cmp_words [function] [call site] 00101
5 bn_sub_part_words [function] [call site] 00102
6 __assert_fail [call site] 00103
6 bn_sub_words [function] [call site] 00104
5 bn_sub_part_words [function] [call site] 00105
5 bn_sub_part_words [function] [call site] 00106
5 bn_sub_part_words [function] [call site] 00107
5 bn_sub_part_words [function] [call site] 00108
5 bn_sub_part_words [function] [call site] 00109
5 bn_sub_part_words [function] [call site] 00110
5 bn_sub_part_words [function] [call site] 00111
5 bn_mul_comba8 [function] [call site] 00112
5 bn_mul_comba8 [function] [call site] 00113
5 bn_mul_normal [function] [call site] 00114
5 bn_mul_recursive [function] [call site] 00115
6 bn_mul_comba8 [function] [call site] 00116
6 bn_mul_normal [function] [call site] 00117
6 bn_cmp_part_words [function] [call site] 00118
6 bn_cmp_part_words [function] [call site] 00119
6 bn_sub_part_words [function] [call site] 00120
6 bn_sub_part_words [function] [call site] 00121
6 bn_sub_part_words [function] [call site] 00122
6 bn_sub_part_words [function] [call site] 00123
6 bn_sub_part_words [function] [call site] 00124
6 bn_sub_part_words [function] [call site] 00125
6 bn_sub_part_words [function] [call site] 00126
6 bn_sub_part_words [function] [call site] 00127
6 bn_mul_comba4 [function] [call site] 00128
6 bn_mul_comba4 [function] [call site] 00129
6 bn_mul_comba4 [function] [call site] 00130
6 bn_mul_comba8 [function] [call site] 00131
6 bn_mul_comba8 [function] [call site] 00132
6 bn_mul_comba8 [function] [call site] 00133
6 bn_mul_recursive [function] [call site] 00134
7 bn_mul_recursive [function] [call site] 00135
8 bn_mul_recursive [function] [call site] 00136
9 bn_add_words [function] [call site] 00137
9 bn_sub_words [function] [call site] 00138
9 bn_add_words [function] [call site] 00139
9 bn_add_words [function] [call site] 00140
5 bn_mul_recursive [function] [call site] 00141
5 bn_mul_recursive [function] [call site] 00142
5 bn_mul_part_recursive [function] [call site] 00143
6 bn_mul_normal [function] [call site] 00144
6 bn_mul_part_recursive [function] [call site] 00145
7 bn_mul_recursive [function] [call site] 00146
7 bn_add_words [function] [call site] 00147
7 bn_sub_words [function] [call site] 00148
7 bn_add_words [function] [call site] 00149
7 bn_add_words [function] [call site] 00150
4 bn_wexpand [function] [call site] 00151
4 bn_wexpand [function] [call site] 00152
4 bn_mul_recursive [function] [call site] 00153
4 bn_wexpand [function] [call site] 00154
4 bn_mul_normal [function] [call site] 00155
4 BN_CTX_end [function] [call site] 00157
3 bn_correct_top [function] [call site] 00158
2 BN_add [function] [call site] 00159
3 BN_uadd [function] [call site] 00160
4 bn_wexpand [function] [call site] 00161
4 bn_add_words [function] [call site] 00162
3 BN_ucmp [function] [call site] 00163
4 BN_get_flags [function] [call site] 00164
4 constant_time_lt_bn [function] [call site] 00165
5 constant_time_msb_bn [function] [call site] 00166
4 constant_time_lt_bn [function] [call site] 00167
3 BN_zero_ex [function] [call site] 00173
2 BN_print_fp [function] [call site] 00175
3 BIO_s_file [function] [call site] 00176
3 BIO_new [function] [call site] 00177
4 BIO_new_ex [function] [call site] 00178
5 CRYPTO_NEW_REF [function] [call site] 00179
5 CRYPTO_new_ex_data [function] [call site] 00180
6 ossl_crypto_new_ex_data_ex [function] [call site] 00181
7 ossl_lib_ctx_get_ex_data_global [function] [call site] 00182
8 ossl_lib_ctx_get_concrete [function] [call site] 00183
9 get_default_context [function] [call site] 00184
10 get_thread_default_context [function] [call site] 00185
11 CRYPTO_THREAD_get_local [function] [call site] 00186
12 pthread_getspecific [call site] 00187
7 get_and_lock [function] [call site] 00188
8 CRYPTO_THREAD_read_lock [function] [call site] 00190
9 pthread_rwlock_rdlock [call site] 00191
8 CRYPTO_THREAD_write_lock [function] [call site] 00192
9 pthread_rwlock_wrlock [call site] 00193
7 sk_EX_CALLBACK_num [function] [call site] 00194
8 OPENSSL_sk_num [function] [call site] 00195
7 sk_EX_CALLBACK_value [function] [call site] 00196
7 CRYPTO_THREAD_unlock [function] [call site] 00197
8 pthread_rwlock_unlock [call site] 00198
7 CRYPTO_get_ex_data [function] [call site] 00199
8 ossl_check_const_void_sk_type [function] [call site] 00200
8 OPENSSL_sk_num [function] [call site] 00201
8 ossl_check_const_void_sk_type [function] [call site] 00202
8 OPENSSL_sk_value [function] [call site] 00203
5 CRYPTO_free_ex_data [function] [call site] 00205
6 ossl_lib_ctx_get_ex_data_global [function] [call site] 00206
6 get_and_lock [function] [call site] 00207
6 sk_EX_CALLBACK_num [function] [call site] 00208
6 sk_EX_CALLBACK_value [function] [call site] 00209
6 CRYPTO_THREAD_unlock [function] [call site] 00210
6 qsort [call site] 00211
6 ex_callback_compare [function] [call site] 00212
6 CRYPTO_get_ex_data [function] [call site] 00213
6 ossl_check_void_sk_type [function] [call site] 00214
6 OPENSSL_sk_free [function] [call site] 00215
5 CRYPTO_FREE_REF [function] [call site] 00216
3 BIO_ctrl [function] [call site] 00217
4 bio_call_callback [function] [call site] 00219
4 bio_call_callback [function] [call site] 00220
3 BN_print [function] [call site] 00221
4 BIO_write [function] [call site] 00222
5 bio_write_intern [function] [call site] 00223
6 bio_call_callback [function] [call site] 00225
6 bio_call_callback [function] [call site] 00227
4 BN_is_zero [function] [call site] 00228
4 BIO_write [function] [call site] 00229
4 BIO_write [function] [call site] 00230
3 BIO_free [function] [call site] 00231
4 CRYPTO_DOWN_REF [function] [call site] 00232
4 bio_call_callback [function] [call site] 00233
4 CRYPTO_free_ex_data [function] [call site] 00234
4 CRYPTO_FREE_REF [function] [call site] 00235
2 putchar [call site] 00236
2 BN_print_fp [function] [call site] 00237
2 putchar [call site] 00238
2 BN_print_fp [function] [call site] 00239
2 putchar [call site] 00240
2 BN_print_fp [function] [call site] 00241
2 putchar [call site] 00242
2 BN_print_fp [function] [call site] 00243
2 putchar [call site] 00244
2 BN_is_negative [function] [call site] 00245
2 BN_is_negative [function] [call site] 00246
2 BN_is_negative [function] [call site] 00247
2 BN_is_negative [function] [call site] 00248
2 BN_is_negative [function] [call site] 00249
2 printf [call site] 00251
2 puts [call site] 00252