Fuzz introspector: fuzzer
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
0 3 1 :

['do_free']

0 3 protobuf_c_message_unpack call site: 00021 /src/protobuf-c/protobuf-c/protobuf-c.c:3304
0 3 1 :

['do_free']

0 3 protobuf_c_message_unpack call site: 00021 /src/protobuf-c/protobuf-c/protobuf-c.c:3312
0 3 1 :

['do_free']

0 3 protobuf_c_message_unpack call site: 00021 /src/protobuf-c/protobuf-c/protobuf-c.c:3320
0 0 None 179 948 protobuf_c_message_pack call site: 00000 /src/protobuf-c/protobuf-c/protobuf-c.c:1513
0 0 None 109 568 protobuf_c_message_get_packed_size call site: 00000 /src/protobuf-c/protobuf-c/protobuf-c.c:738
0 0 None 0 420 protobuf_c_message_unpack call site: 00004 /src/protobuf-c/protobuf-c/protobuf-c.c:3064
0 0 None 0 420 protobuf_c_message_unpack call site: 00004 /src/protobuf-c/protobuf-c/protobuf-c.c:3069
0 0 None 0 369 protobuf_c_message_unpack call site: 00014 /src/protobuf-c/protobuf-c/protobuf-c.c:3234
0 0 None 0 369 protobuf_c_message_unpack call site: 00019 /src/protobuf-c/protobuf-c/protobuf-c.c:3256
0 0 None 0 156 merge_messages call site: 00060 /src/protobuf-c/protobuf-c/protobuf-c.c:2205
0 0 None 0 156 merge_messages call site: 00064 /src/protobuf-c/protobuf-c/protobuf-c.c:2276
0 0 None 0 145 parse_required_member call site: 00037 /src/protobuf-c/protobuf-c/protobuf-c.c:2606

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 foo__test_mess_sub_mess__unpack [function] [call site] 00001
2 protobuf_c_message_unpack [function] [call site] 00002
3 __assert_fail [call site] 00003
3 do_alloc [function] [call site] 00004
3 do_alloc [function] [call site] 00005
3 do_free [function] [call site] 00006
3 protobuf_c_message_init [function] [call site] 00007
3 message_init_generic [function] [call site] 00008
3 parse_tag_and_wiretype [function] [call site] 00009
3 int_range_lookup [function] [call site] 00010
3 scan_length_prefixed_data [function] [call site] 00011
3 do_alloc [function] [call site] 00012
3 is_packable_type [function] [call site] 00013
3 count_packed_elements [function] [call site] 00014
4 max_b128_numbers [function] [call site] 00015
3 sizeof_elt_in_repeated_array [function] [call site] 00016
4 __assert_fail [call site] 00017
3 __assert_fail [call site] 00018
3 do_alloc [function] [call site] 00019
3 do_alloc [function] [call site] 00020
3 parse_member [function] [call site] 00021
4 do_alloc [function] [call site] 00022
4 parse_required_member [function] [call site] 00023
5 parse_int32 [function] [call site] 00024
6 parse_uint32 [function] [call site] 00025
5 parse_uint32 [function] [call site] 00026
5 parse_uint32 [function] [call site] 00027
5 parse_fixed_uint32 [function] [call site] 00028
5 parse_uint64 [function] [call site] 00029
6 parse_uint32 [function] [call site] 00030
5 parse_uint64 [function] [call site] 00031
5 parse_fixed_uint64 [function] [call site] 00032
5 parse_boolean [function] [call site] 00033
5 do_free [function] [call site] 00034
5 do_alloc [function] [call site] 00035
5 do_free [function] [call site] 00036
5 do_alloc [function] [call site] 00037
5 protobuf_c_message_unpack [function] [call site] 00038
6 do_free [function] [call site] 00039
6 do_free [function] [call site] 00040
6 protobuf_c_message_free_unpacked [function] [call site] 00041
7 __assert_fail [call site] 00042
7 do_free [function] [call site] 00043
7 do_free [function] [call site] 00044
7 protobuf_c_message_free_unpacked [function] [call site] 00045
8 do_free [function] [call site] 00046
8 do_free [function] [call site] 00047
8 do_free [function] [call site] 00048
8 protobuf_c_message_free_unpacked [function] [call site] 00049
9 do_free [function] [call site] 00050
9 do_free [function] [call site] 00051
9 do_free [function] [call site] 00052
6 do_free [function] [call site] 00053
6 do_free [function] [call site] 00054
6 do_free [function] [call site] 00055
6 do_free [function] [call site] 00056
6 do_free [function] [call site] 00057
5 merge_messages [function] [call site] 00058
6 sizeof_elt_in_repeated_array [function] [call site] 00059
6 do_alloc [function] [call site] 00060
6 do_free [function] [call site] 00061
6 do_free [function] [call site] 00062
6 int_range_lookup [function] [call site] 00063
6 merge_messages [function] [call site] 00064
7 sizeof_elt_in_repeated_array [function] [call site] 00065
5 protobuf_c_message_free_unpacked [function] [call site] 00066
4 parse_oneof_member [function] [call site] 00067
5 int_range_lookup [function] [call site] 00068
5 sizeof_elt_in_repeated_array [function] [call site] 00069
5 do_free [function] [call site] 00070
5 do_free [function] [call site] 00071
5 protobuf_c_message_free_unpacked [function] [call site] 00072
5 parse_required_member [function] [call site] 00073
4 parse_optional_member [function] [call site] 00074
5 parse_required_member [function] [call site] 00075
4 is_packable_type [function] [call site] 00076
4 parse_packed_repeated_member [function] [call site] 00077
5 sizeof_elt_in_repeated_array [function] [call site] 00078
5 scan_varint [function] [call site] 00079
5 parse_int32 [function] [call site] 00080
5 scan_varint [function] [call site] 00081
5 parse_uint32 [function] [call site] 00082
5 scan_varint [function] [call site] 00083
5 parse_uint32 [function] [call site] 00084
5 scan_varint [function] [call site] 00085
5 parse_uint64 [function] [call site] 00086
5 scan_varint [function] [call site] 00087
5 parse_uint64 [function] [call site] 00088
5 scan_varint [function] [call site] 00089
5 parse_boolean [function] [call site] 00090
5 __assert_fail [call site] 00091
4 parse_repeated_member [function] [call site] 00092
5 sizeof_elt_in_repeated_array [function] [call site] 00093
5 parse_required_member [function] [call site] 00094
4 __assert_fail [call site] 00095
1 fuzzing::memory::memory_test(void const*, unsigned long) [function] [call site] 00096
2 fuzzing::memory::memory_test_asan(void const*, unsigned long) [function] [call site] 00097
2 fuzzing::memory::memory_test_msan(void const*, unsigned long) [function] [call site] 00098
1 foo__test_field_flags__unpack [function] [call site] 00099
2 protobuf_c_message_unpack [function] [call site] 00100
1 fuzzing::memory::memory_test(void const*, unsigned long) [function] [call site] 00101
1 foo__test_message_check__unpack [function] [call site] 00102
2 protobuf_c_message_unpack [function] [call site] 00103
1 fuzzing::memory::memory_test(void const*, unsigned long) [function] [call site] 00104