Fuzz introspector: fuzz-stun
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
157 157 2 :

['pj_stun_msg_create_response', 'pj_stun_msg_add_unknown_attr']

157 157 pj_stun_msg_decode call site: 00184 /src/pjsip/pjnath/build/../src/pjnath/stun_msg.c:2404
136 136 1 :

['create_challenge']

136 136 pj_stun_authenticate_request call site: 00312 /src/pjsip/pjnath/build/../src/pjnath/stun_auth.c:495
109 109 3 :

['pj_getaddrinfo', 'pj_memcpy.1472', 'pj_inet_pton']

109 109 pj_sockaddr_set_str_addr call site: 00000 /src/pjsip/pjlib/build/../src/pj/sock_common.c:174
105 105 1 :

['pj_stun_msg_create_response']

105 247 pj_stun_msg_decode call site: 00202 /src/pjsip/pjnath/build/../src/pjnath/stun_msg.c:2460
105 105 1 :

['pj_stun_msg_create_response']

105 105 pj_stun_msg_decode call site: 00154 /src/pjsip/pjnath/build/../src/pjnath/stun_msg.c:2381
105 105 1 :

['pj_stun_msg_create_response']

105 105 pj_stun_msg_decode call site: 00186 /src/pjsip/pjnath/build/../src/pjnath/stun_msg.c:2421
105 105 1 :

['pj_stun_msg_create_response']

105 105 pj_stun_msg_decode call site: 00217 /src/pjsip/pjnath/build/../src/pjnath/stun_msg.c:2488
105 105 1 :

['pj_stun_msg_create_response']

105 105 pj_stun_msg_decode call site: 00218 /src/pjsip/pjnath/build/../src/pjnath/stun_msg.c:2500
105 105 1 :

['pj_stun_msg_create_response']

105 105 pj_stun_msg_decode call site: 00219 /src/pjsip/pjnath/build/../src/pjnath/stun_msg.c:2514
105 105 1 :

['pj_stun_msg_create_response']

105 105 pj_stun_msg_decode call site: 00220 /src/pjsip/pjnath/build/../src/pjnath/stun_msg.c:2525
100 100 3 :

['pj_getaddrinfo', 'pj_memcpy.1472', 'pj_inet_addr']

100 100 pj_sockaddr_in_set_str_addr call site: 00000 /src/pjsip/pjlib/build/../src/pj/sock_common.c:133
78 78 2 :

['term_set_color', 'term_restore_color']

78 78 pj_log_write call site: 00000 /src/pjsip/pjlib/build/../src/pj/log_writer_stdout.c:48

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 calloc [call site] 00001
1 pj_init [function] [call site] 00002
2 pj_log_init [function] [call site] 00003
3 pj_thread_local_alloc [function] [call site] 00004
4 __assert_fail [call site] 00005
4 pthread_key_create [call site] 00006
3 pj_thread_local_alloc [function] [call site] 00007
3 pj_thread_local_free [function] [call site] 00008
4 pthread_key_delete [call site] 00009
3 pj_atexit [function] [call site] 00010
3 logging_shutdown [function] [call site] 00011
4 pj_thread_local_free [function] [call site] 00012
4 pj_thread_local_free [function] [call site] 00013
3 pj_log_get_decor [function] [call site] 00014
2 pj_thread_init [function] [call site] 00015
3 pj_thread_local_alloc [function] [call site] 00016
3 pj_thread_register [function] [call site] 00017
4 pj_str [function] [call site] 00018
5 strlen [call site] 00019
4 pj_thread_local_get [function] [call site] 00020
5 pthread_getspecific [call site] 00021
4 pj_log_get_level [function] [call site] 00022
4 pthread_self [call site] 00023
4 pj_bzero [function] [call site] 00024
4 pthread_self [call site] 00025
4 pj_strlen [function] [call site] 00026
4 snprintf [call site] 00027
4 snprintf [call site] 00028
4 pj_thread_local_set [function] [call site] 00029
5 pthread_setspecific [call site] 00030
4 pj_bzero [function] [call site] 00031
2 init_mutex [function] [call site] 00032
3 pthread_mutexattr_init [call site] 00033
3 pthread_mutexattr_settype [call site] 00034
3 pthread_mutexattr_settype [call site] 00035
3 pthread_mutex_init [call site] 00036
3 pthread_mutexattr_destroy [call site] 00037
3 pthread_mutex_destroy [call site] 00038
3 strchr [call site] 00039
3 snprintf [call site] 00040
3 pj_ansi_strxcpy [function] [call site] 00041
4 __assert_fail [call site] 00042
3 pj_log_get_level [function] [call site] 00043
2 pj_exception_id_alloc [function] [call site] 00044
3 pj_enter_critical_section [function] [call site] 00045
4 pj_mutex_lock [function] [call site] 00046
5 __assert_fail [call site] 00047
5 pj_log_get_level [function] [call site] 00048
5 pthread_mutex_lock [call site] 00049
5 pj_thread_this [function] [call site] 00050
6 pj_thread_local_get [function] [call site] 00051
6 __assert_fail [call site] 00052
5 pj_ansi_strxcpy [function] [call site] 00053
5 pj_log_get_level [function] [call site] 00054
3 pj_leave_critical_section [function] [call site] 00055
4 pj_mutex_unlock [function] [call site] 00056
5 __assert_fail [call site] 00057
5 pj_thread_this [function] [call site] 00058
5 __assert_fail [call site] 00059
5 pj_log_get_level [function] [call site] 00060
5 pthread_mutex_unlock [call site] 00061
3 pj_leave_critical_section [function] [call site] 00062
2 pj_generate_unique_string [function] [call site] 00063
3 pj_enter_critical_section [function] [call site] 00064
3 init_guid_chars [function] [call site] 00065
3 pj_leave_critical_section [function] [call site] 00066
3 pj_rand [function] [call site] 00067
4 rand [call site] 00068
2 pj_get_timestamp [function] [call site] 00069
3 clock_gettime [call site] 00070
3 __errno_location [call site] 00071
2 __assert_fail [call site] 00072
2 pj_log_get_level [function] [call site] 00073
1 pj_caching_pool_init [function] [call site] 00074
2 pj_bzero [function] [call site] 00075
2 pj_list_init [function] [call site] 00076
2 pj_list_init [function] [call site] 00077
2 pj_memcpy [function] [call site] 00078
2 pj_pool_create_on_buf [function] [call site] 00079
3 __assert_fail [call site] 00080
3 pool_buf_initialize [function] [call site] 00081
4 pj_atexit [function] [call site] 00082
4 pool_buf_cleanup [function] [call site] 00083
5 pj_thread_local_free [function] [call site] 00084
4 pj_thread_local_alloc [function] [call site] 00085
3 pj_thread_local_set [function] [call site] 00086
3 pj_pool_create_int [function] [call site] 00087
4 __assert_fail [call site] 00088
4 pj_bzero [function] [call site] 00089
4 pj_list_init [function] [call site] 00090
4 pj_list_insert_after [function] [call site] 00091
4 pj_pool_init_int [function] [call site] 00092
5 strchr [call site] 00093
5 snprintf [call site] 00094
5 pj_ansi_strxcpy [function] [call site] 00095
4 pj_log_get_level [function] [call site] 00096
2 pj_lock_create_simple_mutex [function] [call site] 00097
3 create_mutex_lock [function] [call site] 00098
4 __assert_fail [call site] 00099
4 pj_pool_alloc [function] [call site] 00100
5 pj_pool_alloc_from_block [function] [call site] 00101
5 pj_pool_allocate_find [function] [call site] 00102
6 pj_pool_alloc_from_block [function] [call site] 00103
6 pj_log_get_level [function] [call site] 00104
6 pj_log_get_level [function] [call site] 00105
6 pj_pool_create_block [function] [call site] 00106
7 __assert_fail [call site] 00107
7 pj_log_get_level [function] [call site] 00108
7 pj_list_insert_after [function] [call site] 00109
7 pj_log_get_level [function] [call site] 00110
6 pj_pool_alloc_from_block [function] [call site] 00111
6 __assert_fail [call site] 00112
4 pj_memcpy [function] [call site] 00113
4 pj_mutex_create [function] [call site] 00114
5 __assert_fail [call site] 00115
5 pj_pool_alloc [function] [call site] 00116
5 __assert_fail [call site] 00117
5 init_mutex [function] [call site] 00118
2 __assert_fail [call site] 00119
1 pj_log_set_level [function] [call site] 00120
1 stun_parse [function] [call site] 00121
2 pj_pool_create [function] [call site] 00122
2 pj_stun_msg_decode [function] [call site] 00123
3 __assert_fail [call site] 00124
3 pj_stun_msg_check [function] [call site] 00125
4 __assert_fail [call site] 00126
4 GETVAL16H [function] [call site] 00127
4 GETVAL32H [function] [call site] 00128
4 GETVAL16H [function] [call site] 00129
4 GETVAL16H [function] [call site] 00130
4 GETVAL32H [function] [call site] 00131
4 pj_crc32_calc [function] [call site] 00132
5 pj_crc32_init [function] [call site] 00133
5 pj_crc32_update [function] [call site] 00134
5 pj_crc32_final [function] [call site] 00135
3 GETVAL16H [function] [call site] 00136
3 pj_pool_zalloc [function] [call site] 00137
4 pj_pool_calloc [function] [call site] 00138
5 pj_pool_alloc [function] [call site] 00139
5 pj_bzero [function] [call site] 00140
3 pj_memcpy [function] [call site] 00141
3 pj_ntohs [function] [call site] 00142
4 ntohs [call site] 00143
3 pj_ntohs [function] [call site] 00144
3 pj_ntohl [function] [call site] 00145
4 ntohl [call site] 00146
3 GETVAL16H [function] [call site] 00147
3 GETVAL16H [function] [call site] 00148
3 pj_stun_get_attr_name [function] [call site] 00149
4 find_attr_desc [function] [call site] 00150
5 __assert_fail [call site] 00151
5 __assert_fail [call site] 00152
3 snprintf [call site] 00153
3 pj_log_get_level [function] [call site] 00154
3 pj_stun_msg_create_response [function] [call site] 00155
4 __assert_fail [call site] 00156
4 __assert_fail [call site] 00157
4 pj_stun_msg_create [function] [call site] 00158
5 __assert_fail [call site] 00159
5 pj_pool_zalloc [function] [call site] 00160
5 pj_stun_msg_init [function] [call site] 00161
6 __assert_fail [call site] 00162
6 pj_memcpy [function] [call site] 00163
6 pj_rand [function] [call site] 00164
6 pj_getpid [function] [call site] 00165
7 getpid [call site] 00166
6 pj_rand [function] [call site] 00167
6 pj_memcpy [function] [call site] 00168
4 pj_stun_msg_add_errcode_attr [function] [call site] 00169
5 pj_stun_errcode_attr_create [function] [call site] 00170
6 __assert_fail [call site] 00171
6 pj_stun_get_err_reason [function] [call site] 00172
7 pj_str [function] [call site] 00173
7 pj_str [function] [call site] 00174
6 snprintf [call site] 00175
6 pj_pool_zalloc [function] [call site] 00176
6 pj_strdup [function] [call site] 00177
7 __assert_fail [call site] 00178
7 pj_memcpy [function] [call site] 00179
5 pj_stun_msg_add_attr [function] [call site] 00180
6 __assert_fail [call site] 00181
6 __assert_fail [call site] 00182
3 find_attr_desc [function] [call site] 00183
3 pj_log_get_level [function] [call site] 00184
3 pj_stun_msg_create_response [function] [call site] 00185
3 pj_stun_msg_add_unknown_attr [function] [call site] 00186
4 pj_stun_unknown_attr_create [function] [call site] 00187
5 __assert_fail [call site] 00188
5 pj_pool_zalloc [function] [call site] 00189
4 pj_stun_msg_add_attr [function] [call site] 00190
3 pj_stun_msg_create_response [function] [call site] 00191
3 GETVAL16H [function] [call site] 00192
3 pj_stun_binary_attr_create [function] [call site] 00193
4 __assert_fail [call site] 00194
4 pj_pool_zalloc [function] [call site] 00195
4 pj_stun_binary_attr_init [function] [call site] 00196
5 __assert_fail [call site] 00197
5 pj_pool_alloc [function] [call site] 00198
5 pj_memcpy [function] [call site] 00199
3 pj_stun_msg_create_response [function] [call site] 00200
3 pj_log_get_level [function] [call site] 00201
3 pj_strerror [function] [call site] 00202
4 __assert_fail [call site] 00203
4 snprintf [call site] 00204
4 pjlib_error [function] [call site] 00205
5 strlen [call site] 00206
5 pj_memcpy [function] [call site] 00207
5 snprintf [call site] 00208
4 platform_strerror [function] [call site] 00209
5 strerror [call site] 00210
5 strlen [call site] 00211
4 snprintf [call site] 00212
3 pj_stun_get_attr_name [function] [call site] 00213
3 snprintf [call site] 00214
3 pj_stun_msg_create_response [function] [call site] 00215
3 pj_log_get_level [function] [call site] 00216
3 pj_stun_get_attr_name [function] [call site] 00217
3 pj_stun_msg_create_response [function] [call site] 00218
3 pj_stun_msg_create_response [function] [call site] 00219
3 pj_stun_msg_create_response [function] [call site] 00220
3 pj_stun_msg_create_response [function] [call site] 00221
3 pj_log_get_level [function] [call site] 00222
2 pj_bzero [function] [call site] 00223
2 pj_stun_authenticate_request [function] [call site] 00224
3 __assert_fail [call site] 00225
3 __assert_fail [call site] 00226
3 pj_bzero [function] [call site] 00227
3 __assert_fail [call site] 00228
3 pj_stun_msg_find_attr [function] [call site] 00229
4 __assert_fail [call site] 00230
3 pj_stun_msg_find_attr [function] [call site] 00231
3 pj_strcmp [function] [call site] 00232
4 __assert_fail [call site] 00233
4 __assert_fail [call site] 00234
4 pj_memcmp [function] [call site] 00235
5 memcmp [call site] 00236
3 pj_strdup [function] [call site] 00237
3 pj_stun_create_key [function] [call site] 00238
4 __assert_fail [call site] 00239
4 pj_pool_alloc [function] [call site] 00240
4 calc_md5_key [function] [call site] 00241
5 pj_md5_init [function] [call site] 00242
5 pj_md5_update [function] [call site] 00243
6 pj_memcpy [function] [call site] 00244
6 pj_memcpy [function] [call site] 00245
6 MD5Transform [function] [call site] 00246
6 pj_memcpy [function] [call site] 00247
6 MD5Transform [function] [call site] 00248
6 pj_memcpy [function] [call site] 00249
5 pj_md5_update [function] [call site] 00250
5 pj_md5_update [function] [call site] 00251
5 pj_md5_update [function] [call site] 00252
5 pj_md5_update [function] [call site] 00253
5 pj_md5_final [function] [call site] 00254
6 pj_bzero [function] [call site] 00255
6 MD5Transform [function] [call site] 00256
6 pj_bzero [function] [call site] 00257
6 pj_bzero [function] [call site] 00258
6 pj_memcpy [function] [call site] 00259
6 pj_memcpy [function] [call site] 00260
6 MD5Transform [function] [call site] 00261
6 pj_memcpy [function] [call site] 00262
6 pj_bzero [function] [call site] 00263
4 pj_strdup [function] [call site] 00264
4 __assert_fail [call site] 00265
4 pj_strdup [function] [call site] 00266
3 __assert_fail [call site] 00267
3 pj_strdup [function] [call site] 00268
3 pj_stun_create_key [function] [call site] 00269
3 __assert_fail [call site] 00270
3 __assert_fail [call site] 00271
3 pj_stun_msg_find_attr [function] [call site] 00272
3 pj_stricmp [function] [call site] 00273
4 __assert_fail [call site] 00274
4 __assert_fail [call site] 00275
4 strncasecmp [call site] 00276
3 pj_strcmp [function] [call site] 00277
3 pj_hmac_sha1_init [function] [call site] 00278
4 pj_sha1_init [function] [call site] 00279
4 pj_sha1_update [function] [call site] 00280
5 pj_memcpy [function] [call site] 00281
5 SHA1_Transform [function] [call site] 00282
5 pj_memcpy [function] [call site] 00283
5 SHA1_Transform [function] [call site] 00284
5 pj_memcpy [function] [call site] 00285
4 pj_sha1_final [function] [call site] 00286
5 pj_sha1_update [function] [call site] 00287
5 pj_sha1_update [function] [call site] 00288
5 pj_sha1_update [function] [call site] 00289
5 pj_memset [function] [call site] 00290
5 pj_memset [function] [call site] 00291
5 pj_memset [function] [call site] 00292
5 pj_memset [function] [call site] 00293
4 pj_bzero [function] [call site] 00294
4 pj_bzero [function] [call site] 00295
4 pj_memcpy [function] [call site] 00296
4 pj_memcpy [function] [call site] 00297
4 pj_sha1_init [function] [call site] 00298
4 pj_sha1_update [function] [call site] 00299
3 pj_memcpy [function] [call site] 00300
3 PUT_VAL16 [function] [call site] 00301
3 pj_hmac_sha1_update [function] [call site] 00302
4 pj_sha1_update [function] [call site] 00303
3 pj_hmac_sha1_update [function] [call site] 00304
3 pj_hmac_sha1_update [function] [call site] 00305
3 pj_hmac_sha1_final [function] [call site] 00306
4 pj_sha1_final [function] [call site] 00307
4 pj_sha1_init [function] [call site] 00308
4 pj_sha1_update [function] [call site] 00309
4 pj_sha1_update [function] [call site] 00310
4 pj_sha1_final [function] [call site] 00311
3 pj_memcmp [function] [call site] 00312
3 create_challenge [function] [call site] 00313
4 pj_cstr [function] [call site] 00314
5 strlen [call site] 00315
4 pj_stun_msg_create_response [function] [call site] 00316
4 pj_stun_msg_add_string_attr [function] [call site] 00317
5 pj_stun_string_attr_create [function] [call site] 00318
6 __assert_fail [call site] 00319
6 pj_pool_zalloc [function] [call site] 00320
6 pj_stun_string_attr_init [function] [call site] 00321
7 pj_strdup [function] [call site] 00322
5 pj_stun_msg_add_attr [function] [call site] 00323
4 pj_str [function] [call site] 00324
4 pj_stun_msg_add_string_attr [function] [call site] 00325
2 pj_pool_release [function] [call site] 00326
2 pj_pool_release [function] [call site] 00327
1 pj_caching_pool_destroy [function] [call site] 00328
2 pj_list_erase [function] [call site] 00329
3 pj_link_node [function] [call site] 00330
3 pj_list_init [function] [call site] 00331
2 pj_pool_destroy_int [function] [call site] 00332
3 pj_log_get_level [function] [call site] 00333
3 reset_pool [function] [call site] 00334
4 pj_list_erase [function] [call site] 00335
2 pj_list_erase [function] [call site] 00336
2 pj_log_get_level [function] [call site] 00337
2 pj_pool_destroy_int [function] [call site] 00338
2 pj_lock_destroy [function] [call site] 00339
3 __assert_fail [call site] 00340
2 pj_lock_create_null_mutex [function] [call site] 00341
3 __assert_fail [call site] 00342