Fuzz introspector: fuzz-server-hello
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
572 1131 14 :

['ptls__key_schedule_update_hash', 'send_certificate_verify', 'derive_secret', 'ptls_iovec_init', 'push_change_cipher_spec', 'key_schedule_extract', 'free', 'ptls_buffer__do_pushv', 'commission_handshake_secret', 'ptls_buffer__adjust_quic_blocksize', 'derive_exporter_secret', 'send_certificate', 'send_finished', 'setup_traffic_protection']

572 1131 client_handle_finished call site: 00000 /src/picotls/lib/picotls.c:3428
144 144 2 :

['free', 'client_ech_select_hello']

144 1117 client_handle_hello call site: 00000 /src/picotls/lib/picotls.c:2803
144 144 1 :

['client_ech_select_hello']

144 660 client_handle_hello call site: 00000 /src/picotls/lib/picotls.c:2823
82 164 2 :

['calc_verify_data', 'derive_secret_with_empty_digest']

282 1437 send_client_hello call site: 00143 /src/picotls/lib/picotls.c:2447
73 73 1 :

['buffer_encrypt_record']

73 73 commit_record_message call site: 00000 /src/picotls/lib/picotls.c:849
47 214 2 :

['setup_traffic_protection', 'push_change_cipher_spec']

192 359 send_client_hello call site: 00168 /src/picotls/lib/picotls.c:2529
8 906 8 :

['ptls_buffer_reserve', 'ptls_iovec_init', 'encode_client_hello', 'ptls_aead_encrypt', 'malloc', 'ptls__key_schedule_update_hash', 'strlen', 'outer_ech_header_size']

200 1265 send_client_hello call site: 00158 /src/picotls/lib/picotls.c:2459
7 107 7 :

['ptls_iovec_init', 'ptls_decode_quicint', 'ptls_decode16', 'ptls_decode24', 'malloc', 'ptls__key_schedule_update_hash', 'client_do_handle_certificate']

7 107 client_handle_compressed_certificate call site: 00000 /src/picotls/lib/picotls.c:3305
5 7 2 :

['ptls_is_ech_handshake', 'ptls_is_server']

5 7 handle_certificate call site: 00000 /src/picotls/lib/picotls.c:3252
2 2 1 :

['posix_memalign']

2 5 ptls_buffer_reserve_aligned call site: 00028 /src/picotls/lib/picotls.c:580
0 87 1 :

['key_schedule_extract']

0 87 key_schedule_select_cipher call site: 00000 /src/picotls/lib/picotls.c:1346
0 82 2 :

['malloc', 'derive_secret']

0 82 client_handle_hello call site: 00000 /src/picotls/lib/picotls.c:2859

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 ptls_new [function] [call site] 00001
2 ptls_server_new [function] [call site] 00002
3 new_instance [function] [call site] 00003
4 __assert_fail [call site] 00004
4 __assert_fail [call site] 00005
4 __assert_fail [call site] 00006
4 update_open_count [function] [call site] 00007
3 ptls_skip_tracing [function] [call site] 00008
3 ptls_buffer_init [function] [call site] 00009
4 __assert_fail [call site] 00010
1 ptls_buffer_init [function] [call site] 00011
1 ptls_handshake [function] [call site] 00012
2 __assert_fail [call site] 00013
2 init_record_message_emitter [function] [call site] 00014
2 __assert_fail [call site] 00015
2 send_client_hello [function] [call site] 00016
3 ptls_buffer_init [function] [call site] 00017
3 ptls_server_name_is_ipaddr [function] [call site] 00018
4 inet_pton [call site] 00019
4 inet_pton [call site] 00020
3 client_decode_ech_config_list [function] [call site] 00021
4 ptls_decode_quicint [function] [call site] 00022
4 ptls_iovec_init [function] [call site] 00023
3 client_setup_ech [function] [call site] 00024
4 ptls_buffer_init [function] [call site] 00025
4 ptls_buffer__do_pushv [function] [call site] 00026
5 ptls_buffer_reserve [function] [call site] 00027
6 ptls_buffer_reserve_aligned [function] [call site] 00028
7 posix_memalign [call site] 00029
7 ptls_buffer__release_memory [function] [call site] 00030
4 ptls_buffer__do_pushv [function] [call site] 00031
4 ptls_iovec_init [function] [call site] 00032
4 ptls_hpke_setup_base_s [function] [call site] 00033
5 ptls_iovec_init [function] [call site] 00034
5 dh_encap [function] [call site] 00035
6 ptls_iovec_init [function] [call site] 00036
6 dh_derive [function] [call site] 00037
7 extract_and_expand [function] [call site] 00038
8 ptls_buffer_init [function] [call site] 00039
8 ptls_buffer__do_pushv [function] [call site] 00040
8 ptls_buffer__do_pushv [function] [call site] 00041
8 ptls_iovec_init [function] [call site] 00042
8 labeled_extract [function] [call site] 00043
9 ptls_buffer_init [function] [call site] 00044
9 ptls_buffer__do_pushv [function] [call site] 00045
9 build_suite_id [function] [call site] 00046
10 ptls_buffer__do_pushv [function] [call site] 00047
10 ptls_buffer__do_pushv [function] [call site] 00048
10 ptls_buffer__do_pushv [function] [call site] 00049
10 ptls_buffer__do_pushv [function] [call site] 00050
10 ptls_buffer__do_pushv [function] [call site] 00051
10 ptls_buffer__do_pushv [function] [call site] 00052
9 strlen [call site] 00053
9 ptls_buffer__do_pushv [function] [call site] 00054
9 ptls_buffer__do_pushv [function] [call site] 00055
9 ptls_iovec_init [function] [call site] 00056
9 ptls_hkdf_extract [function] [call site] 00057
10 ptls_iovec_init [function] [call site] 00058
10 ptls_hmac_create [function] [call site] 00059
11 __assert_fail [call site] 00060
11 hmac_apply_key [function] [call site] 00061
9 ptls_buffer_dispose [function] [call site] 00062
10 ptls_buffer__release_memory [function] [call site] 00063
8 ptls_iovec_init [function] [call site] 00064
8 ptls_iovec_init [function] [call site] 00065
8 labeled_expand [function] [call site] 00066
9 __assert_fail [call site] 00067
9 ptls_buffer_init [function] [call site] 00068
9 ptls_buffer__do_pushv [function] [call site] 00069
9 ptls_buffer__do_pushv [function] [call site] 00070
9 build_suite_id [function] [call site] 00071
9 strlen [call site] 00072
9 ptls_buffer__do_pushv [function] [call site] 00073
9 ptls_buffer__do_pushv [function] [call site] 00074
9 ptls_iovec_init [function] [call site] 00075
9 ptls_hkdf_expand [function] [call site] 00076
10 ptls_hmac_create [function] [call site] 00077
9 ptls_buffer_dispose [function] [call site] 00078
8 ptls_buffer_dispose [function] [call site] 00079
6 ptls_iovec_init [function] [call site] 00080
5 key_schedule [function] [call site] 00081
6 ptls_buffer_init [function] [call site] 00082
6 ptls_buffer__do_pushv [function] [call site] 00083
6 ptls_buffer_reserve [function] [call site] 00084
6 ptls_iovec_init [function] [call site] 00085
6 ptls_iovec_init [function] [call site] 00086
6 labeled_extract [function] [call site] 00087
6 ptls_buffer_reserve [function] [call site] 00088
6 ptls_iovec_init [function] [call site] 00089
6 labeled_extract [function] [call site] 00090
6 ptls_iovec_init [function] [call site] 00091
6 ptls_iovec_init [function] [call site] 00092
6 labeled_extract [function] [call site] 00093
6 ptls_iovec_init [function] [call site] 00094
6 ptls_iovec_init [function] [call site] 00095
6 labeled_expand [function] [call site] 00096
6 ptls_iovec_init [function] [call site] 00097
6 ptls_iovec_init [function] [call site] 00098
6 labeled_expand [function] [call site] 00099
6 ptls_aead_new_direct [function] [call site] 00100
6 ptls_buffer_dispose [function] [call site] 00101
5 ptls_iovec_init [function] [call site] 00102
4 duplicate_as_str [function] [call site] 00103
4 clear_ech [function] [call site] 00104
5 ptls_aead_free [function] [call site] 00105
5 ptls_iovec_init [function] [call site] 00106
5 ptls_iovec_init [function] [call site] 00107
3 client_setup_ech_grease [function] [call site] 00108
4 ptls_aead_new_direct [function] [call site] 00109
4 strlen [call site] 00110
4 duplicate_as_str [function] [call site] 00111
4 clear_ech [function] [call site] 00112
3 __assert_fail [call site] 00113
3 __assert_fail [call site] 00114
3 decode_stored_session_ticket [function] [call site] 00115
4 ptls_decode64 [function] [call site] 00116
5 ntoh64 [function] [call site] 00117
4 ptls_decode16 [function] [call site] 00118
5 ntoh16 [function] [call site] 00119
4 ptls_decode16 [function] [call site] 00120
4 ptls_decode_quicint [function] [call site] 00121
4 ptls_decode_quicint [function] [call site] 00122
4 ptls_iovec_init [function] [call site] 00123
3 ptls_iovec_init [function] [call site] 00124
3 __assert_fail [call site] 00125
3 key_schedule_new [function] [call site] 00126
4 key_schedule_free [function] [call site] 00127
3 key_schedule_extract [function] [call site] 00128
4 ptls_iovec_init [function] [call site] 00129
4 ptls_iovec_init [function] [call site] 00130
4 ptls_iovec_init [function] [call site] 00131
4 ptls_hkdf_expand_label [function] [call site] 00132
5 ptls_buffer_init [function] [call site] 00133
5 ptls_buffer__do_pushv [function] [call site] 00134
5 ptls_buffer__do_pushv [function] [call site] 00135
5 strlen [call site] 00136
5 ptls_buffer__do_pushv [function] [call site] 00137
5 ptls_iovec_init [function] [call site] 00138
5 ptls_hkdf_expand [function] [call site] 00139
5 ptls_buffer_dispose [function] [call site] 00140
4 ptls_iovec_init [function] [call site] 00141
4 ptls_hkdf_extract [function] [call site] 00142
3 encode_client_hello [function] [call site] 00143
4 __assert_fail [call site] 00144
4 ptls_buffer__do_pushv [function] [call site] 00145
4 __assert_fail [call site] 00146
3 derive_secret_with_empty_digest [function] [call site] 00147
4 derive_secret_with_hash [function] [call site] 00148
5 ptls_iovec_init [function] [call site] 00149
5 ptls_iovec_init [function] [call site] 00150
5 ptls_hkdf_expand_label [function] [call site] 00151
3 ptls__key_schedule_update_hash [function] [call site] 00152
3 calc_verify_data [function] [call site] 00153
4 ptls_iovec_init [function] [call site] 00154
4 ptls_iovec_init [function] [call site] 00155
4 ptls_hkdf_expand_label [function] [call site] 00156
4 ptls_hmac_create [function] [call site] 00157
3 ptls__key_schedule_update_hash [function] [call site] 00158
3 ptls_iovec_init [function] [call site] 00159
3 encode_client_hello [function] [call site] 00160
3 strlen [call site] 00161
3 ptls_buffer_reserve [function] [call site] 00162
3 ptls_iovec_init [function] [call site] 00163
3 encode_client_hello [function] [call site] 00164
3 ptls_aead_encrypt [function] [call site] 00165
3 outer_ech_header_size [function] [call site] 00166
3 outer_ech_header_size [function] [call site] 00167
3 ptls__key_schedule_update_hash [function] [call site] 00168
3 __assert_fail [call site] 00169
3 setup_traffic_protection [function] [call site] 00170
4 derive_secret [function] [call site] 00171
5 derive_secret_with_hash [function] [call site] 00172
4 ptls_is_server [function] [call site] 00173
4 ptls_iovec_init [function] [call site] 00174
4 ptls_aead_free [function] [call site] 00175
4 ptls_aead_new [function] [call site] 00176
5 ptls_iovec_init [function] [call site] 00177
5 new_aead [function] [call site] 00178
6 get_traffic_keys [function] [call site] 00179
7 get_traffic_key [function] [call site] 00180
8 ptls_iovec_init [function] [call site] 00181
8 ptls_hkdf_expand_label [function] [call site] 00182
7 get_traffic_key [function] [call site] 00183
6 ptls_aead_new_direct [function] [call site] 00184
3 push_change_cipher_spec [function] [call site] 00185
4 ptls_buffer__do_pushv [function] [call site] 00186
3 derive_exporter_secret [function] [call site] 00187
4 __assert_fail [call site] 00188
4 derive_secret [function] [call site] 00189
4 ptls_iovec_init [function] [call site] 00190
4 log_secret [function] [call site] 00191
5 ptls_skip_tracing [function] [call site] 00192
5 ptls_buffer_init [function] [call site] 00193
5 ptls_hexdump [function] [call site] 00194
6 byte_to_hex [function] [call site] 00195
3 ptls_buffer_dispose [function] [call site] 00196
2 server_finish_handshake [function] [call site] 00197
3 send_certificate_verify [function] [call site] 00198
4 ptls_buffer__do_pushv [function] [call site] 00199
4 ptls_iovec_init [function] [call site] 00200
4 __assert_fail [call site] 00201
3 send_finished [function] [call site] 00202
4 ptls_buffer__do_pushv [function] [call site] 00203
3 __assert_fail [call site] 00204
3 ptls_iovec_init [function] [call site] 00205
3 key_schedule_extract [function] [call site] 00206
3 setup_traffic_protection [function] [call site] 00207
3 derive_secret [function] [call site] 00208
3 derive_exporter_secret [function] [call site] 00209
3 commission_handshake_secret [function] [call site] 00210
4 ptls_is_server [function] [call site] 00211
4 __assert_fail [call site] 00212
4 setup_traffic_protection [function] [call site] 00213
3 send_session_ticket [function] [call site] 00214
4 __assert_fail [call site] 00215
4 __assert_fail [call site] 00216
4 ptls_buffer_init [function] [call site] 00217
4 __assert_fail [call site] 00218
4 ptls_buffer__do_pushv [function] [call site] 00219
4 ptls_buffer__do_pushv [function] [call site] 00220
4 ptls_iovec_init [function] [call site] 00221
4 encode_session_identifier [function] [call site] 00222
5 ptls_buffer__do_pushv [function] [call site] 00223
5 strlen [call site] 00224
4 ptls_buffer__do_pushv [function] [call site] 00225
4 ptls_iovec_init [function] [call site] 00226
4 ptls_buffer_dispose [function] [call site] 00227
2 ptls_buffer_init [function] [call site] 00228
2 handle_input [function] [call site] 00229
3 parse_record [function] [call site] 00230
4 __assert_fail [call site] 00231
4 parse_record_header [function] [call site] 00232
5 ntoh16 [function] [call site] 00233
5 ntoh16 [function] [call site] 00234
4 ptls_buffer_init [function] [call site] 00235
4 ptls_buffer_reserve [function] [call site] 00236
4 parse_record_header [function] [call site] 00237
4 ptls_buffer_reserve [function] [call site] 00238
3 __assert_fail [call site] 00239
3 ptls_buffer_reserve [function] [call site] 00240
3 aead_decrypt [function] [call site] 00241
3 handle_handshake_record [function] [call site] 00242
4 message_buffer_is_overflow [function] [call site] 00243
4 ptls_buffer_reserve [function] [call site] 00244
4 ntoh24 [function] [call site] 00245
4 ptls_iovec_init [function] [call site] 00246
4 ptls_buffer_dispose [function] [call site] 00247
4 message_buffer_is_overflow [function] [call site] 00248
4 ptls_buffer_init [function] [call site] 00249
4 ptls_buffer_reserve [function] [call site] 00250
4 ptls_buffer_dispose [function] [call site] 00251
3 handle_alert [function] [call site] 00252
3 ptls_buffer_dispose [function] [call site] 00253
2 __assert_fail [call site] 00254
2 ptls_buffer_dispose [function] [call site] 00255
2 ptls_send_alert [function] [call site] 00256
3 ptls_buffer__do_pushv [function] [call site] 00257
3 buffer_encrypt_record [function] [call site] 00258
4 ptls_buffer_reserve_aligned [function] [call site] 00259
4 aead_encrypt [function] [call site] 00260
4 __assert_fail [call site] 00261
4 buffer_push_encrypted_records [function] [call site] 00262
5 ptls_buffer__do_pushv [function] [call site] 00263
5 __assert_fail [call site] 00264
5 ptls_aead_encrypt [function] [call site] 00265
5 ptls_buffer__do_pushv [function] [call site] 00266
1 ptls_buffer_dispose [function] [call site] 00267
1 ptls_buffer_init [function] [call site] 00268
1 ptls_handshake [function] [call site] 00269
1 ptls_buffer_dispose [function] [call site] 00270
1 ptls_buffer_init [function] [call site] 00271
1 ptls_receive [function] [call site] 00272
2 __assert_fail [call site] 00273
2 handle_input_tls12 [function] [call site] 00274
3 parse_record [function] [call site] 00275
3 __assert_fail [call site] 00276
3 __assert_fail [call site] 00277
3 ptls_decode64 [function] [call site] 00278
3 build_tls12_aad [function] [call site] 00279
3 ptls_buffer_reserve [function] [call site] 00280
3 ptls_aead_decrypt [function] [call site] 00281
3 handle_alert [function] [call site] 00282
3 ptls_buffer_dispose [function] [call site] 00283
2 handle_input [function] [call site] 00284
1 ptls_buffer_dispose [function] [call site] 00285
1 ptls_free [function] [call site] 00286
2 ptls_skip_tracing [function] [call site] 00287
2 ptls_buffer_init [function] [call site] 00288
2 ptls_buffer_dispose [function] [call site] 00289
2 ptls_buffer_dispose [function] [call site] 00290
2 free_exporter_master_secret [function] [call site] 00291
3 __assert_fail [call site] 00292
2 free_exporter_master_secret [function] [call site] 00293
2 key_schedule_free [function] [call site] 00294
2 ptls_aead_free [function] [call site] 00295
2 ptls_aead_free [function] [call site] 00296
2 clear_ech [function] [call site] 00297
2 ptls_iovec_init [function] [call site] 00298
2 ptls_iovec_init [function] [call site] 00299
2 update_open_count [function] [call site] 00300