Fuzz introspector: quic-rcidm
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2719 2738 2 :

['CONF_modules_load', 'OSSL_LIB_CTX_get_conf_diagnostics']

2726 2762 CONF_modules_load_file_ex call site: 00000 /src/openssl/crypto/conf/conf_mod.c:217
2037 2346 14 :

['CRYPTO_THREAD_unlock', 'CRYPTO_free', 'DSO_ctrl', 'DSO_load', 'DSO_free', 'DSO_bind_func', 'CRYPTO_THREAD_read_lock', 'ossl_safe_getenv', 'DSO_merge', 'CRYPTO_strdup', 'DSO_new', 'get_provider_store', 'DSO_convert_filename', 'ossl_get_modulesdir']

2051 3162 provider_init call site: 00000 /src/openssl/crypto/provider_core.c:959
1247 1247 2 :

['def_load_bio', 'BIO_free']

1247 1247 def_load call site: 00000 /src/openssl/crypto/conf/conf_def.c:177
661 661 5 :

['BIO_s_file', 'fclose', 'BIO_ctrl', 'BIO_clear_flags', 'BIO_new']

661 661 BIO_new_file call site: 00000 /src/openssl/crypto/bio/bss_file.c:66
649 677 8 :

['CRYPTO_free', 'ERR_unload_strings', 'sk_INFOPAIR_pop_free', 'ossl_init_thread_deregister', 'ossl_provider_teardown', 'DSO_free', 'CRYPTO_FREE_REF.9121', 'CRYPTO_THREAD_lock_free']

649 677 ossl_provider_free call site: 00000 /src/openssl/crypto/provider_core.c:739
639 639 2 :

['sk_INFOPAIR_new_null', 'ossl_provider_info_add_parameter']

639 1578 ossl_provider_new call site: 00000 /src/openssl/crypto/provider_core.c:574
438 880 5 :

['CRYPTO_free', 'CRYPTO_FREE_REF.6938', 'EVP_RAND_CTX_free', 'EVP_RAND_free', 'CRYPTO_DOWN_REF.6937']

438 880 EVP_RAND_CTX_free call site: 00000 /src/openssl/crypto/evp/evp_rand.c:390
40 40 2 :

['ossl_strtouint64', 'ossl_strchr']

44 44 OPENSSL_cpuid_setup call site: 00000 /src/openssl/crypto/cpuid.c:107
26 458 2 :

['ossl_provider_up_ref_parent', 'ossl_provider_free']

26 458 ossl_provider_up_ref call site: 00000 /src/openssl/crypto/provider_core.c:484
26 26 1 :

['ossl_provider_free_parent']

26 26 provider_deactivate call site: 00000 /src/openssl/crypto/provider_core.c:1244
18 37 6 :

['OPENSSL_LH_set_down_load', 'lh_CONF_VALUE_doall_LH_CONF_VALUE', 'OPENSSL_LH_free', 'OPENSSL_LH_doall', 'ossl_check_CONF_VALUE_lh_type', 'ossl_check_CONF_VALUE_lh_doallfunc_type']

18 37 _CONF_free_data call site: 00000 /src/openssl/crypto/conf/conf_api.c:142
7 7 1 :

['pqueue_force_bottom']

7 26 ossl_pqueue_remove call site: 00034 /src/openssl/ssl/priority_queue.c:275

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 FuzzerTestOneInput [function] [call site] 00001
2 PACKET_buf_init [function] [call site] 00002
2 ossl_quic_rcidm_new [function] [call site] 00003
3 ossl_pqueue_RCID_new [function] [call site] 00004
4 ossl_pqueue_new [function] [call site] 00005
5 ossl_pqueue_free [function] [call site] 00006
5 pqueue_add_freelist [function] [call site] 00007
3 rcid_cmp [function] [call site] 00008
3 rcidm_update [function] [call site] 00009
4 ossl_pqueue_RCID_peek [function] [call site] 00010
5 ossl_pqueue_peek [function] [call site] 00011
6 __assert_fail [call site] 00012
4 rcidm_transition_rcid [function] [call site] 00013
5 __assert_fail [call site] 00014
5 rcidm_check_rcid [function] [call site] 00015
6 __assert_fail [call site] 00016
6 __assert_fail [call site] 00017
6 __assert_fail [call site] 00018
6 ossl_list_retiring_next [function] [call site] 00019
7 __assert_fail [call site] 00020
6 ossl_list_retiring_prev [function] [call site] 00021
6 ossl_list_retiring_head [function] [call site] 00022
6 __assert_fail [call site] 00023
6 __assert_fail [call site] 00024
6 __assert_fail [call site] 00025
6 __assert_fail [call site] 00026
6 __assert_fail [call site] 00027
6 __assert_fail [call site] 00028
6 __assert_fail [call site] 00029
6 __assert_fail [call site] 00030
5 rcidm_transition_rcid [function] [call site] 00031
6 __assert_fail [call site] 00032
6 ossl_pqueue_RCID_remove [function] [call site] 00033
7 ossl_pqueue_remove [function] [call site] 00034
8 pqueue_force_bottom [function] [call site] 00035
9 __assert_fail [call site] 00036
9 __assert_fail [call site] 00037
9 pqueue_swap_elem [function] [call site] 00038
10 __assert_fail [call site] 00039
10 __assert_fail [call site] 00040
8 ossl_pqueue_pop [function] [call site] 00041
9 __assert_fail [call site] 00042
9 pqueue_move_elem [function] [call site] 00043
10 __assert_fail [call site] 00044
9 pqueue_move_up [function] [call site] 00045
10 __assert_fail [call site] 00046
10 __assert_fail [call site] 00047
10 __assert_fail [call site] 00048
10 __assert_fail [call site] 00049
10 pqueue_swap_elem [function] [call site] 00050
10 __assert_fail [call site] 00051
6 ossl_list_retiring_insert_tail [function] [call site] 00052
6 rcidm_check_rcid [function] [call site] 00053
4 __assert_fail [call site] 00054
4 rcidm_check_rcid [function] [call site] 00055
4 rcidm_set_preferred_rcid [function] [call site] 00056
5 ossl_quic_conn_id_eq [function] [call site] 00057
6 memcmp [call site] 00058
4 rcidm_set_preferred_rcid [function] [call site] 00059
4 rcidm_set_preferred_rcid [function] [call site] 00060
4 rcidm_set_preferred_rcid [function] [call site] 00061
2 PACKET_remaining [function] [call site] 00062
2 PACKET_get_1 [function] [call site] 00063
3 PACKET_peek_1 [function] [call site] 00064
4 PACKET_remaining [function] [call site] 00065
3 packet_forward [function] [call site] 00066
2 get_cid [function] [call site] 00067
3 PACKET_get_1 [function] [call site] 00068
3 PACKET_copy_bytes [function] [call site] 00069
4 PACKET_peek_copy_bytes [function] [call site] 00070
5 PACKET_remaining [function] [call site] 00071
4 packet_forward [function] [call site] 00072
2 ossl_quic_rcidm_free [function] [call site] 00073
3 ossl_pqueue_RCID_pop [function] [call site] 00074
4 ossl_pqueue_pop [function] [call site] 00075
3 ossl_list_retiring_head [function] [call site] 00076
3 ossl_list_retiring_next [function] [call site] 00077
3 ossl_pqueue_RCID_free [function] [call site] 00078
4 ossl_pqueue_free [function] [call site] 00079
2 ossl_quic_rcidm_new [function] [call site] 00080
2 ossl_quic_rcidm_free [function] [call site] 00081
2 ossl_quic_rcidm_new [function] [call site] 00082
2 get_cid [function] [call site] 00083
2 ossl_quic_rcidm_add_from_initial [function] [call site] 00084
3 rcidm_create_rcid [function] [call site] 00085
4 ossl_pqueue_RCID_num [function] [call site] 00086
5 ossl_pqueue_num [function] [call site] 00087
4 ossl_pqueue_RCID_push [function] [call site] 00088
5 ossl_pqueue_push [function] [call site] 00089
6 ossl_pqueue_reserve [function] [call site] 00090
7 compute_pqueue_growth [function] [call site] 00091
8 safe_muldiv_size_t [function] [call site] 00092
9 safe_mul_size_t [function] [call site] 00093
9 safe_add_size_t [function] [call site] 00094
7 ERR_new [function] [call site] 00095
8 err_get_slot [function] [call site] 00096
8 err_clear [function] [call site] 00097
9 err_clear_data [function] [call site] 00098
7 ERR_set_debug [function] [call site] 00099
8 err_set_debug [function] [call site] 00100
9 strlen [call site] 00101
9 strcpy [call site] 00102
9 strlen [call site] 00103
9 strcpy [call site] 00104
7 ERR_set_error [function] [call site] 00105
8 ERR_vset_error [function] [call site] 00106
9 BIO_vsnprintf [function] [call site] 00107
10 _dopr [function] [call site] 00108
11 doapr_outch [function] [call site] 00109
12 ossl_assert_int [function] [call site] 00110
12 ossl_assert_int [function] [call site] 00111
12 ossl_assert_int [function] [call site] 00112
11 ossl_isdigit [function] [call site] 00113
11 ossl_isdigit [function] [call site] 00114
11 fmtint [function] [call site] 00115
12 strlen [call site] 00116
12 doapr_outch [function] [call site] 00117
12 doapr_outch [function] [call site] 00118
12 doapr_outch [function] [call site] 00119
12 doapr_outch [function] [call site] 00120
12 doapr_outch [function] [call site] 00121
12 doapr_outch [function] [call site] 00122
11 fmtint [function] [call site] 00123
11 fmtfp [function] [call site] 00124
12 abs_val [function] [call site] 00125
12 pow_10 [function] [call site] 00126
12 doapr_outch [function] [call site] 00127
12 doapr_outch [function] [call site] 00128
12 pow_10 [function] [call site] 00129
12 roundv [function] [call site] 00130
12 pow_10 [function] [call site] 00131
12 roundv [function] [call site] 00132
12 doapr_outch [function] [call site] 00133
12 doapr_outch [function] [call site] 00134
12 doapr_outch [function] [call site] 00135
12 doapr_outch [function] [call site] 00136
12 doapr_outch [function] [call site] 00137
12 doapr_outch [function] [call site] 00138
12 doapr_outch [function] [call site] 00139
12 doapr_outch [function] [call site] 00140
12 doapr_outch [function] [call site] 00141
12 doapr_outch [function] [call site] 00142
12 doapr_outch [function] [call site] 00143
12 doapr_outch [function] [call site] 00144
12 doapr_outch [function] [call site] 00145
12 doapr_outch [function] [call site] 00146
11 fmtfp [function] [call site] 00147
11 fmtfp [function] [call site] 00148
11 doapr_outch [function] [call site] 00149
11 fmtstr [function] [call site] 00150
12 OPENSSL_strnlen [function] [call site] 00151
12 doapr_outch [function] [call site] 00152
12 doapr_outch [function] [call site] 00153
12 doapr_outch [function] [call site] 00154
11 fmtint [function] [call site] 00155
11 doapr_outch [function] [call site] 00156
11 doapr_outch [function] [call site] 00157
9 err_clear_data [function] [call site] 00158
9 err_set_error [function] [call site] 00159
9 err_set_data [function] [call site] 00160
7 pqueue_add_freelist [function] [call site] 00161
6 pqueue_move_down [function] [call site] 00162
7 __assert_fail [call site] 00163
7 __assert_fail [call site] 00164
7 pqueue_swap_elem [function] [call site] 00165
4 ossl_list_retiring_insert_tail [function] [call site] 00166
4 rcidm_check_rcid [function] [call site] 00167
3 rcidm_tick [function] [call site] 00168
4 rcidm_should_roll [function] [call site] 00169
4 rcidm_roll [function] [call site] 00170
5 ossl_pqueue_RCID_peek [function] [call site] 00171
5 rcidm_transition_rcid [function] [call site] 00172
4 rcidm_update [function] [call site] 00173
2 get_cid [function] [call site] 00174
2 ossl_quic_rcidm_add_from_server_retry [function] [call site] 00175
3 rcidm_tick [function] [call site] 00176
2 PACKET_get_net_8 [function] [call site] 00177
3 PACKET_peek_net_8 [function] [call site] 00178
4 PACKET_remaining [function] [call site] 00179
3 packet_forward [function] [call site] 00180
2 PACKET_get_net_8 [function] [call site] 00181
2 get_cid [function] [call site] 00182
2 ossl_quic_rcidm_add_from_ncid [function] [call site] 00183
3 rcidm_create_rcid [function] [call site] 00184
3 rcidm_handle_retire_prior_to [function] [call site] 00185
4 rcidm_transition_rcid [function] [call site] 00186
4 ossl_pqueue_RCID_peek [function] [call site] 00187
4 rcidm_transition_rcid [function] [call site] 00188
3 rcidm_tick [function] [call site] 00189
2 ossl_quic_rcidm_on_handshake_complete [function] [call site] 00190
3 rcidm_tick [function] [call site] 00191
2 PACKET_get_net_8 [function] [call site] 00192
2 ossl_quic_rcidm_on_packet_sent [function] [call site] 00193
3 rcidm_tick [function] [call site] 00194
2 ossl_quic_rcidm_request_roll [function] [call site] 00195
3 rcidm_tick [function] [call site] 00196
2 ossl_quic_rcidm_pop_retire_seq_num [function] [call site] 00197
3 rcidm_get_retire [function] [call site] 00198
4 ossl_list_retiring_head [function] [call site] 00199
4 rcidm_free_rcid [function] [call site] 00200
5 rcidm_check_rcid [function] [call site] 00201
5 ossl_pqueue_RCID_remove [function] [call site] 00202
5 ossl_list_retiring_remove [function] [call site] 00203
5 __assert_fail [call site] 00204
2 ossl_quic_rcidm_peek_retire_seq_num [function] [call site] 00205
3 rcidm_get_retire [function] [call site] 00206
2 ossl_quic_rcidm_get_preferred_tx_dcid [function] [call site] 00207
2 PACKET_get_1 [function] [call site] 00208
2 ossl_quic_rcidm_get_preferred_tx_dcid_changed [function] [call site] 00209
2 ossl_quic_rcidm_free [function] [call site] 00210