Fuzz introspector: /work/build/../../src/perfetto/src/ipc/buffered_frame_deserializer_fuzzer.cc
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2031 2031 1 :

['perfetto::TracingServiceImpl::ReadBuffersIntoFile(unsigned long)']

2031 2064 perfetto::TracingServiceImpl::DisableTracingNotifyConsumerAndFlushFile(perfetto::TracingServiceImpl::TracingSession*) call site: 00000 /work/build/../../src/perfetto/src/tracing/service/tracing_service_impl.cc:1864
728 810 17 :

['perfetto::base::FlatSet ::begin() const', 'std::__1::basic_string , std::__1::allocator >::~basic_string()', 'perfetto::protos::pbzero::InternedString* perfetto::protos::pbzero::InternedData::add_kernel_symbols ()', 'perfetto::base::FlatSet ::size() const', 'bool std::__1::operator!=[abi:nn180100] (std::__1::__wrap_iter const&, std::__1::__wrap_iter const&)', 'perfetto::protos::pbzero::InternedString::set_str(std::__1::basic_string , std::__1::allocator >)', 'perfetto::protos::pbzero::TracePacket::set_sequence_flags(unsigned int)', 'perfetto::protos::pbzero::InternedString::set_iid(unsigned long)', 'perfetto::protos::pbzero::InternedData* perfetto::protos::pbzero::TracePacket::set_interned_data ()', 'perfetto::KernelSymbolMap::Lookup(unsigned long)', 'std::__1::basic_string , std::__1::allocator >::empty[abi:nn180100]() const', 'std::__1::__wrap_iter ::operator++[abi:nn180100]()', 'std::__1::basic_string , std::__1::allocator >::basic_string(std::__1::basic_string , std::__1::allocator > const&)', 'std::__1::__wrap_iter ::operator*[abi:nn180100]() const', 'perfetto::LazyKernelSymbolizer::GetOrCreateKernelSymbolMap()', 'perfetto::base::FlatSet ::end() const', 'protozero::MessageHandle ::operator->() const']

817 903 perfetto::CpuReader::Bundler::FinalizeAndRunSymbolizer() call site: 00000 /work/build/../../src/perfetto/src/traced/probes/ftrace/cpu_reader.cc:358
401 401 1 :

['ZSTD_decompressSequencesLong']

401 401 ZSTD_decompressBlock_internal call site: 00000 /work/build/../../src/perfetto/buildtools/zstd/lib/decompress/zstd_decompress_block.c:2142
382 382 1 :

['HUF_decompress4X_hufOnly_wksp']

382 382 ZSTD_decodeLiteralsBlock call site: 00000 /work/build/../../src/perfetto/buildtools/zstd/lib/decompress/zstd_decompress_block.c:196
366 366 1 :

['ZSTD_decompressSequencesSplitLitBuffer']

366 366 ZSTD_decompressBlock_internal call site: 00000 /work/build/../../src/perfetto/buildtools/zstd/lib/decompress/zstd_decompress_block.c:2154
286 286 1 :

['perfetto::TracingServiceImpl::PeriodicFlushTask(unsigned long, bool)']

328 930 perfetto::TracingServiceImpl::StartTracing(unsignedlong) call site: 00000 /work/build/../../src/perfetto/src/tracing/service/tracing_service_impl.cc:1340
271 271 2 :

['ERR_isError.43961', 'ZSTD_decompress_insertDictionary']

271 271 ZSTD_decompressBegin_usingDict call site: 00000 /work/build/../../src/perfetto/buildtools/zstd/lib/decompress/zstd_decompress.c:1563
261 261 2 :

['HUF_decompress1X_usingDTable', 'HUF_decompress4X_usingDTable']

261 261 ZSTD_decodeLiteralsBlock call site: 00000 /work/build/../../src/perfetto/buildtools/zstd/lib/decompress/zstd_decompress_block.c:184
238 238 5 :

['_ZNSt3__16get_ifB8nn180100INS_6vectorIjNS_9allocatorIjEEEEJN8perfetto15trace_processor6RowMap5RangeENS6_9BitVectorES4_EEEu13__add_pointerIKT_EPKNS_7variantIJDpT0_EEE', 'perfetto::trace_processor::RowMap::NoVariantMatched()', 'std::__1::vector >::operator[][abi:nn180100](unsigned long) const', 'perfetto::trace_processor::BitVector::IndexOfNthSet(unsigned int) const', '_ZNSt3__16get_ifB8nn180100IN8perfetto15trace_processor9BitVectorEJNS2_6RowMap5RangeES3_NS_6vectorIjNS_9allocatorIjEEEEEEEu13__add_pointerIKT_EPKNS_7variantIJDpT0_EEE']

238 238 perfetto::trace_processor::RowMap::Get(unsignedint)const call site: 00000 /work/build/../../src/perfetto/src/trace_processor/containers/row_map.h:220
218 220 5 :

['perfetto::trace_processor::RowMap::InsertIntoBitVector(perfetto::trace_processor::BitVector&, unsigned int)', 'perfetto::trace_processor::BitVector::~BitVector()', 'perfetto::trace_processor::BitVector::Resize(unsigned int, bool)', 'perfetto::trace_processor::BitVector::BitVector()', '_ZNSt3__17variantIJN8perfetto15trace_processor6RowMap5RangeENS2_9BitVectorENS_6vectorIjNS_9allocatorIjEEEEEEaSB8nn180100IS5_TnNS_9enable_ifIXnt9is_same_vIu14__remove_cvrefIT_ESA_EEiE4typeELi0ES5_Lm1ETnNSC_IXaa15is_assignable_vIRT1_SD_E18is_constructible_vISH_SD_EEiE4typeELi0EEERSA_OSD_']

218 220 perfetto::trace_processor::RowMap::Insert(unsignedint) call site: 00000 /work/build/../../src/perfetto/src/trace_processor/containers/row_map.h:302
218 218 1 :

['perfetto::trace_processor::TrackEventParser::EventImporter::ParseCounterEvent()']

218 218 perfetto::trace_processor::TrackEventParser::EventImporter::Import() call site: 00000 /work/build/../../src/perfetto/src/trace_processor/importers/proto/track_event_parser.cc:234
156 212 10 :

['unwindstack::MapInfo::offset() const', 'unwindstack::MapInfo::end() const', 'unwindstack::MapInfo::set_elf_start_offset(unsigned long)', 'unwindstack::Elf::IsValidElf(unwindstack::Memory*)', 'unwindstack::MapInfo::InitFileMemoryFromPreviousReadOnlyMap(unwindstack::MemoryFileAtOffset*)', 'unsigned long const& std::__1::max[abi:nn180100] (unsigned long const&, unsigned long const&)', 'unwindstack::MapInfo::set_elf_offset(unsigned long)', 'std::__1::shared_ptr ::get[abi:nn180100]() const', 'unwindstack::Elf::GetInfo(unwindstack::Memory*, unsigned long*)', 'unwindstack::MapInfo::start() const']

201 497 unwindstack::MapInfo::CreateFileMemory() call site: 00000 /work/build/../../src/perfetto/buildtools/android-unwinding/libunwindstack/MapInfo.cpp:111

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 perfetto::ipc::BufferedFrameDeserializer::BufferedFrameDeserializer(unsigned long) [function] [call site] 00001
2 perfetto::base::PagedMemory::PagedMemory() [function] [call site] 00002
2 perfetto::base::GetSysPageSize() [function] [call site] 00003
3 perfetto::base::internal::GetSysPageSizeSlowpath() [function] [call site] 00004
4 getpagesize [call site] 00005
4 perfetto::base::Basename(char const*) [function] [call site] 00006
5 perfetto::base::StrEnd(char const*) [function] [call site] 00007
6 perfetto::base::StrEnd(char const*) [function] [call site] 00008
5 perfetto::base::BasenameRecursive(char const*, char const*, char const*) [function] [call site] 00009
6 perfetto::base::BasenameRecursive(char const*, char const*, char const*) [function] [call site] 00010
4 __errno_location [call site] 00011
4 strerror [call site] 00012
4 perfetto::base::LogMessage(perfetto::base::LogLev, char const*, int, char const*, ...) [function] [call site] 00013
5 vsnprintf [call site] 00014
5 snprintf [call site] 00015
5 __cxa_guard_acquire [call site] 00016
5 isatty [call site] 00017
5 __cxa_guard_release [call site] 00018
5 perfetto::base::StackString<10ul>::StackString(char const*, ...) [function] [call site] 00019
6 vsnprintf [call site] 00020
5 strlen [call site] 00021
5 perfetto::base::StackString<10ul>::len() const [function] [call site] 00022
5 perfetto::base::StackString<10ul>::c_str() const [function] [call site] 00023
5 perfetto::base::StackString<24ul>::StackString(char const*, ...) [function] [call site] 00024
5 perfetto::base::GetWallTimeMs() [function] [call site] 00025
6 perfetto::base::GetWallTimeNs() [function] [call site] 00026
7 perfetto::base::GetTimeInternalNs(int) [function] [call site] 00027
8 clock_gettime [call site] 00028
8 perfetto::base::Basename(char const*) [function] [call site] 00029
8 __errno_location [call site] 00030
8 strerror [call site] 00031
8 perfetto::base::LogMessage(perfetto::base::LogLev, char const*, int, char const*, ...) [function] [call site] 00032
9 perfetto::base::StackString<32ul>::StackString(char const*, ...) [function] [call site] 00033
9 perfetto::base::StackString<32ul>::c_str() const [function] [call site] 00034
9 perfetto::base::StackString<24ul>::c_str() const [function] [call site] 00035
9 fprintf [call site] 00036
9 perfetto::base::StackString<32ul>::c_str() const [function] [call site] 00037
9 perfetto::base::StackString<24ul>::c_str() const [function] [call site] 00038
9 fprintf [call site] 00039
9 perfetto::base::StackString<32ul>::string_view() const [function] [call site] 00040
10 perfetto::base::StringView::StringView(char const*, unsigned long) [function] [call site] 00041
9 perfetto::base::StackString<24ul>::string_view() const [function] [call site] 00042
9 perfetto::base::StringView::StringView(char const*, unsigned long) [function] [call site] 00043
9 perfetto::base::LogRingBuffer::Append(perfetto::base::StringView, perfetto::base::StringView, perfetto::base::StringView) [function] [call site] 00044
10 perfetto::base::StringView::size() const [function] [call site] 00045
10 perfetto::base::StringView::data() const [function] [call site] 00046
10 perfetto::base::StringView::size() const [function] [call site] 00047
10 perfetto::base::StringView::data() const [function] [call site] 00048
10 perfetto::base::StringView::size() const [function] [call site] 00049
10 perfetto::base::StringView::data() const [function] [call site] 00050
10 snprintf [call site] 00051
8 perfetto::base::MaybeSerializeLastLogsForCrashReporting() [function] [call site] 00052
9 perfetto::base::SerializeCrashKeys(char*, unsigned long) [function] [call site] 00053
10 perfetto::base::CrashKey::ToString(char*, unsigned long) [function] [call site] 00054
11 perfetto::base::SprintfTrunc(char*, unsigned long, char const*, ...) [function] [call site] 00055
12 vsnprintf [call site] 00056
11 perfetto::base::SprintfTrunc(char*, unsigned long, char const*, ...) [function] [call site] 00057
9 perfetto::base::LogRingBuffer::Read(char*, unsigned long) [function] [call site] 00058
9 fputs [call site] 00059
9 fputs [call site] 00060
9 fputs [call site] 00061
8 perfetto::base::FromPosixTimespec(timespec const&) [function] [call site] 00062
4 perfetto::base::MaybeSerializeLastLogsForCrashReporting() [function] [call site] 00063
2 perfetto::base::Basename(char const*) [function] [call site] 00064
2 __errno_location [call site] 00065
2 strerror [call site] 00066
2 perfetto::base::LogMessage(perfetto::base::LogLev, char const*, int, char const*, ...) [function] [call site] 00067
2 perfetto::base::MaybeSerializeLastLogsForCrashReporting() [function] [call site] 00068
2 perfetto::base::GetSysPageSize() [function] [call site] 00069
2 perfetto::base::Basename(char const*) [function] [call site] 00070
2 __errno_location [call site] 00071
2 strerror [call site] 00072
2 perfetto::base::LogMessage(perfetto::base::LogLev, char const*, int, char const*, ...) [function] [call site] 00073
2 perfetto::base::MaybeSerializeLastLogsForCrashReporting() [function] [call site] 00074
1 perfetto::ipc::BufferedFrameDeserializer::BeginReceive() [function] [call site] 00075
2 perfetto::base::PagedMemory::IsValid() const [function] [call site] 00076
2 perfetto::base::PagedMemory::Allocate(unsigned long, int) [function] [call site] 00077
3 perfetto::base::(anonymous namespace)::RoundUpToSysPageSize(unsigned long) [function] [call site] 00078
4 perfetto::base::GetSysPageSize() [function] [call site] 00079
3 perfetto::base::Basename(char const*) [function] [call site] 00080
3 __errno_location [call site] 00081
3 strerror [call site] 00082
3 perfetto::base::LogMessage(perfetto::base::LogLev, char const*, int, char const*, ...) [function] [call site] 00083
3 perfetto::base::MaybeSerializeLastLogsForCrashReporting() [function] [call site] 00084
3 perfetto::base::(anonymous namespace)::GuardSize() [function] [call site] 00085
4 perfetto::base::GetSysPageSize() [function] [call site] 00086
3 mmap64 [call site] 00087
3 perfetto::base::PagedMemory::PagedMemory() [function] [call site] 00088
3 perfetto::base::Basename(char const*) [function] [call site] 00089
3 __errno_location [call site] 00090
3 strerror [call site] 00091
3 perfetto::base::LogMessage(perfetto::base::LogLev, char const*, int, char const*, ...) [function] [call site] 00092
3 perfetto::base::MaybeSerializeLastLogsForCrashReporting() [function] [call site] 00093
3 perfetto::base::(anonymous namespace)::GuardSize() [function] [call site] 00094
3 perfetto::base::(anonymous namespace)::GuardSize() [function] [call site] 00095
3 mprotect [call site] 00096
3 perfetto::base::(anonymous namespace)::GuardSize() [function] [call site] 00097
3 mprotect [call site] 00098
3 perfetto::base::Basename(char const*) [function] [call site] 00099
3 __errno_location [call site] 00100
3 strerror [call site] 00101
3 perfetto::base::LogMessage(perfetto::base::LogLev, char const*, int, char const*, ...) [function] [call site] 00102
3 perfetto::base::MaybeSerializeLastLogsForCrashReporting() [function] [call site] 00103
3 perfetto::base::PagedMemory::PagedMemory(char*, unsigned long) [function] [call site] 00104
3 perfetto::base::PagedMemory::~PagedMemory() [function] [call site] 00105
4 perfetto::base::Basename(char const*) [function] [call site] 00106
4 __errno_location [call site] 00107
4 strerror [call site] 00108
4 perfetto::base::LogMessage(perfetto::base::LogLev, char const*, int, char const*, ...) [function] [call site] 00109
4 perfetto::base::MaybeSerializeLastLogsForCrashReporting() [function] [call site] 00110
4 perfetto::base::(anonymous namespace)::GuardSize() [function] [call site] 00111
4 perfetto::base::(anonymous namespace)::RoundUpToSysPageSize(unsigned long) [function] [call site] 00112
4 perfetto::base::(anonymous namespace)::GuardSize() [function] [call site] 00113
4 munmap [call site] 00114
4 perfetto::base::Basename(char const*) [function] [call site] 00115
4 __errno_location [call site] 00116
4 strerror [call site] 00117
4 perfetto::base::LogMessage(perfetto::base::LogLev, char const*, int, char const*, ...) [function] [call site] 00118
4 perfetto::base::MaybeSerializeLastLogsForCrashReporting() [function] [call site] 00119
2 perfetto::base::PagedMemory::operator=(perfetto::base::PagedMemory&&) [function] [call site] 00120
3 perfetto::base::PagedMemory::~PagedMemory() [function] [call site] 00121
3 perfetto::base::PagedMemory::PagedMemory(perfetto::base::PagedMemory&&) [function] [call site] 00122
2 perfetto::base::PagedMemory::~PagedMemory() [function] [call site] 00123
2 perfetto::base::GetSysPageSize() [function] [call site] 00124
2 perfetto::ipc::BufferedFrameDeserializer::buf() [function] [call site] 00125
3 perfetto::base::PagedMemory::Get() const [function] [call site] 00126
2 perfetto::base::PagedMemory::AdviseDontNeed(void*, unsigned long) [function] [call site] 00127
3 madvise [call site] 00128
2 perfetto::base::Basename(char const*) [function] [call site] 00129
2 __errno_location [call site] 00130
2 strerror [call site] 00131
2 perfetto::base::LogMessage(perfetto::base::LogLev, char const*, int, char const*, ...) [function] [call site] 00132
2 perfetto::base::MaybeSerializeLastLogsForCrashReporting() [function] [call site] 00133
2 perfetto::ipc::BufferedFrameDeserializer::buf() [function] [call site] 00134
1 perfetto::ipc::BufferedFrameDeserializer::EndReceive(unsigned long) [function] [call site] 00135
2 perfetto::base::GetSysPageSize() [function] [call site] 00136
2 perfetto::base::Basename(char const*) [function] [call site] 00137
2 __errno_location [call site] 00138
2 strerror [call site] 00139
2 perfetto::base::LogMessage(perfetto::base::LogLev, char const*, int, char const*, ...) [function] [call site] 00140
2 perfetto::base::MaybeSerializeLastLogsForCrashReporting() [function] [call site] 00141
2 perfetto::ipc::BufferedFrameDeserializer::buf() [function] [call site] 00142
2 unsigned int* perfetto::base::AssumeLittleEndian<unsigned int*>(unsigned int*) [function] [call site] 00143
2 perfetto::base::Basename(char const*) [function] [call site] 00144
2 perfetto::base::LogMessage(perfetto::base::LogLev, char const*, int, char const*, ...) [function] [call site] 00145
2 perfetto::ipc::BufferedFrameDeserializer::DecodeFrame(char const*, unsigned long) [function] [call site] 00146
3 perfetto::protos::gen::IPCFrame::IPCFrame() [function] [call site] 00147
4 protozero::CppMessageObj::CppMessageObj() [function] [call site] 00148
4 protozero::CopyablePtr<perfetto::protos::gen::IPCFrame_BindService>::CopyablePtr() [function] [call site] 00149
5 perfetto::protos::gen::IPCFrame_BindService::IPCFrame_BindService() [function] [call site] 00150
6 protozero::CppMessageObj::CppMessageObj() [function] [call site] 00151
4 protozero::CopyablePtr<perfetto::protos::gen::IPCFrame_BindServiceReply>::CopyablePtr() [function] [call site] 00152
5 perfetto::protos::gen::IPCFrame_BindServiceReply::IPCFrame_BindServiceReply() [function] [call site] 00153
6 protozero::CppMessageObj::CppMessageObj() [function] [call site] 00154
4 protozero::CopyablePtr<perfetto::protos::gen::IPCFrame_InvokeMethod>::CopyablePtr() [function] [call site] 00155
5 perfetto::protos::gen::IPCFrame_InvokeMethod::IPCFrame_InvokeMethod() [function] [call site] 00156
6 protozero::CppMessageObj::CppMessageObj() [function] [call site] 00157
4 protozero::CopyablePtr<perfetto::protos::gen::IPCFrame_InvokeMethodReply>::CopyablePtr() [function] [call site] 00158
5 perfetto::protos::gen::IPCFrame_InvokeMethodReply::IPCFrame_InvokeMethodReply() [function] [call site] 00159
6 protozero::CppMessageObj::CppMessageObj() [function] [call site] 00160
4 protozero::CopyablePtr<perfetto::protos::gen::IPCFrame_RequestError>::CopyablePtr() [function] [call site] 00161
5 perfetto::protos::gen::IPCFrame_RequestError::IPCFrame_RequestError() [function] [call site] 00162
6 protozero::CppMessageObj::CppMessageObj() [function] [call site] 00163
4 protozero::CopyablePtr<perfetto::protos::gen::IPCFrame_SetPeerIdentity>::CopyablePtr() [function] [call site] 00164
5 perfetto::protos::gen::IPCFrame_SetPeerIdentity::IPCFrame_SetPeerIdentity() [function] [call site] 00165
6 protozero::CppMessageObj::CppMessageObj() [function] [call site] 00166
2 perfetto::ipc::BufferedFrameDeserializer::buf() [function] [call site] 00167
2 perfetto::ipc::BufferedFrameDeserializer::buf() [function] [call site] 00168
2 perfetto::base::Basename(char const*) [function] [call site] 00169
2 __errno_location [call site] 00170
2 strerror [call site] 00171
2 perfetto::base::LogMessage(perfetto::base::LogLev, char const*, int, char const*, ...) [function] [call site] 00172
2 perfetto::base::MaybeSerializeLastLogsForCrashReporting() [function] [call site] 00173
2 perfetto::ipc::BufferedFrameDeserializer::buf() [function] [call site] 00174
2 perfetto::base::Basename(char const*) [function] [call site] 00175
2 __errno_location [call site] 00176
2 strerror [call site] 00177
2 perfetto::base::LogMessage(perfetto::base::LogLev, char const*, int, char const*, ...) [function] [call site] 00178
2 perfetto::base::MaybeSerializeLastLogsForCrashReporting() [function] [call site] 00179
2 perfetto::ipc::BufferedFrameDeserializer::buf() [function] [call site] 00180
2 perfetto::ipc::BufferedFrameDeserializer::buf() [function] [call site] 00181
2 perfetto::ipc::BufferedFrameDeserializer::buf() [function] [call site] 00182
2 perfetto::base::Basename(char const*) [function] [call site] 00183
2 __errno_location [call site] 00184
2 strerror [call site] 00185
2 perfetto::base::LogMessage(perfetto::base::LogLev, char const*, int, char const*, ...) [function] [call site] 00186
2 perfetto::base::MaybeSerializeLastLogsForCrashReporting() [function] [call site] 00187
2 perfetto::ipc::BufferedFrameDeserializer::buf() [function] [call site] 00188
2 perfetto::base::Basename(char const*) [function] [call site] 00189
2 __errno_location [call site] 00190
2 strerror [call site] 00191
2 perfetto::base::LogMessage(perfetto::base::LogLev, char const*, int, char const*, ...) [function] [call site] 00192
2 perfetto::base::MaybeSerializeLastLogsForCrashReporting() [function] [call site] 00193
2 perfetto::base::PagedMemory::AdviseDontNeed(void*, unsigned long) [function] [call site] 00194
1 perfetto::ipc::BufferedFrameDeserializer::~BufferedFrameDeserializer() [function] [call site] 00195
2 perfetto::base::PagedMemory::~PagedMemory() [function] [call site] 00196