Fuzz introspector: fuzzer
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
0 3 1 :

['do_free']

0 3 protobuf_c_message_unpack call site: 00021 /src/protobuf-c/protobuf-c/protobuf-c.c:3304
0 3 1 :

['do_free']

0 3 protobuf_c_message_unpack call site: 00021 /src/protobuf-c/protobuf-c/protobuf-c.c:3312
0 3 1 :

['do_free']

0 3 protobuf_c_message_unpack call site: 00021 /src/protobuf-c/protobuf-c/protobuf-c.c:3320
0 0 None 179 948 protobuf_c_message_pack call site: 00148 /src/protobuf-c/protobuf-c/protobuf-c.c:1513
0 0 None 109 568 protobuf_c_message_get_packed_size call site: 00104 /src/protobuf-c/protobuf-c/protobuf-c.c:738
0 0 None 0 420 protobuf_c_message_unpack call site: 00004 /src/protobuf-c/protobuf-c/protobuf-c.c:3064
0 0 None 0 420 protobuf_c_message_unpack call site: 00004 /src/protobuf-c/protobuf-c/protobuf-c.c:3069
0 0 None 0 369 protobuf_c_message_unpack call site: 00014 /src/protobuf-c/protobuf-c/protobuf-c.c:3234
0 0 None 0 369 protobuf_c_message_unpack call site: 00019 /src/protobuf-c/protobuf-c/protobuf-c.c:3256
0 0 None 0 156 merge_messages call site: 00062 /src/protobuf-c/protobuf-c/protobuf-c.c:2205
0 0 None 0 156 merge_messages call site: 00066 /src/protobuf-c/protobuf-c/protobuf-c.c:2276
0 0 None 0 145 parse_required_member call site: 00039 /src/protobuf-c/protobuf-c/protobuf-c.c:2606

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 foo__test_mess_sub_mess__unpack [function] [call site] 00001
2 protobuf_c_message_unpack [function] [call site] 00002
3 __assert_fail [call site] 00003
3 do_alloc [function] [call site] 00004
3 do_alloc [function] [call site] 00005
3 do_free [function] [call site] 00006
3 protobuf_c_message_init [function] [call site] 00007
3 message_init_generic [function] [call site] 00008
3 parse_tag_and_wiretype [function] [call site] 00009
3 int_range_lookup [function] [call site] 00010
3 scan_length_prefixed_data [function] [call site] 00011
3 do_alloc [function] [call site] 00012
3 is_packable_type [function] [call site] 00013
3 count_packed_elements [function] [call site] 00014
4 max_b128_numbers [function] [call site] 00015
3 sizeof_elt_in_repeated_array [function] [call site] 00016
4 __assert_fail [call site] 00017
3 __assert_fail [call site] 00018
3 do_alloc [function] [call site] 00019
3 do_alloc [function] [call site] 00020
3 parse_member [function] [call site] 00021
4 do_alloc [function] [call site] 00022
4 parse_required_member [function] [call site] 00023
5 parse_int32 [function] [call site] 00024
6 parse_uint32 [function] [call site] 00025
5 parse_uint32 [function] [call site] 00026
5 parse_uint32 [function] [call site] 00027
5 unzigzag32 [function] [call site] 00028
5 parse_fixed_uint32 [function] [call site] 00029
5 parse_uint64 [function] [call site] 00030
6 parse_uint32 [function] [call site] 00031
5 parse_uint64 [function] [call site] 00032
5 unzigzag64 [function] [call site] 00033
5 parse_fixed_uint64 [function] [call site] 00034
5 parse_boolean [function] [call site] 00035
5 do_free [function] [call site] 00036
5 do_alloc [function] [call site] 00037
5 do_free [function] [call site] 00038
5 do_alloc [function] [call site] 00039
5 protobuf_c_message_unpack [function] [call site] 00040
6 do_free [function] [call site] 00041
6 do_free [function] [call site] 00042
6 protobuf_c_message_free_unpacked [function] [call site] 00043
7 __assert_fail [call site] 00044
7 do_free [function] [call site] 00045
7 do_free [function] [call site] 00046
7 protobuf_c_message_free_unpacked [function] [call site] 00047
8 do_free [function] [call site] 00048
8 do_free [function] [call site] 00049
8 do_free [function] [call site] 00050
8 protobuf_c_message_free_unpacked [function] [call site] 00051
9 do_free [function] [call site] 00052
9 do_free [function] [call site] 00053
9 do_free [function] [call site] 00054
6 do_free [function] [call site] 00055
6 do_free [function] [call site] 00056
6 do_free [function] [call site] 00057
6 do_free [function] [call site] 00058
6 do_free [function] [call site] 00059
5 merge_messages [function] [call site] 00060
6 sizeof_elt_in_repeated_array [function] [call site] 00061
6 do_alloc [function] [call site] 00062
6 do_free [function] [call site] 00063
6 do_free [function] [call site] 00064
6 int_range_lookup [function] [call site] 00065
6 merge_messages [function] [call site] 00066
7 sizeof_elt_in_repeated_array [function] [call site] 00067
5 protobuf_c_message_free_unpacked [function] [call site] 00068
4 parse_oneof_member [function] [call site] 00069
5 int_range_lookup [function] [call site] 00070
5 sizeof_elt_in_repeated_array [function] [call site] 00071
5 do_free [function] [call site] 00072
5 do_free [function] [call site] 00073
5 protobuf_c_message_free_unpacked [function] [call site] 00074
5 parse_required_member [function] [call site] 00075
4 parse_optional_member [function] [call site] 00076
5 parse_required_member [function] [call site] 00077
4 is_packable_type [function] [call site] 00078
4 parse_packed_repeated_member [function] [call site] 00079
5 sizeof_elt_in_repeated_array [function] [call site] 00080
5 scan_varint [function] [call site] 00081
5 parse_int32 [function] [call site] 00082
5 scan_varint [function] [call site] 00083
5 parse_uint32 [function] [call site] 00084
5 unzigzag32 [function] [call site] 00085
5 scan_varint [function] [call site] 00086
5 parse_uint32 [function] [call site] 00087
5 scan_varint [function] [call site] 00088
5 parse_uint64 [function] [call site] 00089
5 unzigzag64 [function] [call site] 00090
5 scan_varint [function] [call site] 00091
5 parse_uint64 [function] [call site] 00092
5 scan_varint [function] [call site] 00093
5 parse_boolean [function] [call site] 00094
5 __assert_fail [call site] 00095
4 parse_repeated_member [function] [call site] 00096
5 sizeof_elt_in_repeated_array [function] [call site] 00097
5 parse_required_member [function] [call site] 00098
4 __assert_fail [call site] 00099
1 foo__test_mess_sub_mess__get_packed_size [function] [call site] 00100
2 __assert_fail [call site] 00101
2 protobuf_c_message_get_packed_size [function] [call site] 00102
3 __assert_fail [call site] 00103
3 required_field_get_packed_size [function] [call site] 00104
4 get_tag_size [function] [call site] 00105
4 sint32_size [function] [call site] 00106
5 zigzag32 [function] [call site] 00107
5 uint32_size [function] [call site] 00108
4 int32_size [function] [call site] 00109
4 uint32_size [function] [call site] 00110
4 sint64_size [function] [call site] 00111
5 zigzag64 [function] [call site] 00112
5 uint64_size [function] [call site] 00113
6 uint32_size [function] [call site] 00114
4 uint64_size [function] [call site] 00115
4 strlen [call site] 00116
4 uint32_size [function] [call site] 00117
4 uint32_size [function] [call site] 00118
4 protobuf_c_message_get_packed_size [function] [call site] 00119
5 oneof_field_get_packed_size [function] [call site] 00120
6 required_field_get_packed_size [function] [call site] 00121
7 uint32_size [function] [call site] 00122
7 __assert_fail [call site] 00123
5 optional_field_get_packed_size [function] [call site] 00124
6 required_field_get_packed_size [function] [call site] 00125
5 unlabeled_field_get_packed_size [function] [call site] 00126
6 field_is_zeroish [function] [call site] 00127
6 required_field_get_packed_size [function] [call site] 00128
5 repeated_field_get_packed_size [function] [call site] 00129
6 get_tag_size [function] [call site] 00130
6 sint32_size [function] [call site] 00131
6 int32_size [function] [call site] 00132
6 uint32_size [function] [call site] 00133
6 sint64_size [function] [call site] 00134
6 uint64_size [function] [call site] 00135
6 strlen [call site] 00136
6 uint32_size [function] [call site] 00137
6 uint32_size [function] [call site] 00138
6 protobuf_c_message_get_packed_size [function] [call site] 00139
7 unknown_field_get_packed_size [function] [call site] 00140
8 get_tag_size [function] [call site] 00141
6 uint32_size [function] [call site] 00142
6 uint32_size [function] [call site] 00143
1 foo__test_mess_sub_mess__pack [function] [call site] 00144
2 __assert_fail [call site] 00145
2 protobuf_c_message_pack [function] [call site] 00146
3 __assert_fail [call site] 00147
3 required_field_pack [function] [call site] 00148
4 tag_pack [function] [call site] 00149
5 uint32_pack [function] [call site] 00150
5 uint64_pack [function] [call site] 00151
6 uint32_pack [function] [call site] 00152
4 sint32_pack [function] [call site] 00153
5 zigzag32 [function] [call site] 00154
5 uint32_pack [function] [call site] 00155
4 int32_pack [function] [call site] 00156
5 uint32_pack [function] [call site] 00157
4 uint32_pack [function] [call site] 00158
4 sint64_pack [function] [call site] 00159
5 zigzag64 [function] [call site] 00160
5 uint64_pack [function] [call site] 00161
4 uint64_pack [function] [call site] 00162
4 fixed32_pack [function] [call site] 00163
4 fixed64_pack [function] [call site] 00164
4 boolean_pack [function] [call site] 00165
4 string_pack [function] [call site] 00166
5 strlen [call site] 00167
5 uint32_pack [function] [call site] 00168
4 binary_data_pack [function] [call site] 00169
5 uint32_pack [function] [call site] 00170
4 prefixed_message_pack [function] [call site] 00171
5 protobuf_c_message_pack [function] [call site] 00172
6 oneof_field_pack [function] [call site] 00173
7 required_field_pack [function] [call site] 00174
8 __assert_fail [call site] 00175
6 optional_field_pack [function] [call site] 00176
7 required_field_pack [function] [call site] 00177
6 unlabeled_field_pack [function] [call site] 00178
7 field_is_zeroish [function] [call site] 00179
7 required_field_pack [function] [call site] 00180
6 repeated_field_pack [function] [call site] 00181
7 tag_pack [function] [call site] 00182
7 get_type_min_size [function] [call site] 00183
7 uint32_size [function] [call site] 00184
7 copy_to_little_endian_32 [function] [call site] 00185
7 copy_to_little_endian_64 [function] [call site] 00186
7 int32_pack [function] [call site] 00187
7 sint32_pack [function] [call site] 00188
7 sint64_pack [function] [call site] 00189
7 uint32_pack [function] [call site] 00190
7 uint64_pack [function] [call site] 00191
7 boolean_pack [function] [call site] 00192
7 __assert_fail [call site] 00193
7 uint32_size [function] [call site] 00194
7 __assert_fail [call site] 00195
7 uint32_pack [function] [call site] 00196
7 sizeof_elt_in_repeated_array [function] [call site] 00197
7 required_field_pack [function] [call site] 00198
6 unknown_field_pack [function] [call site] 00199
7 tag_pack [function] [call site] 00200
5 uint32_size [function] [call site] 00201
5 uint32_pack [function] [call site] 00202
1 fuzzing::memory::memory_test(void const*, unsigned long) [function] [call site] 00203
2 fuzzing::memory::memory_test_asan(void const*, unsigned long) [function] [call site] 00204
2 fuzzing::memory::memory_test_msan(void const*, unsigned long) [function] [call site] 00205
1 foo__test_mess_sub_mess__free_unpacked [function] [call site] 00206
2 __assert_fail [call site] 00207
2 protobuf_c_message_free_unpacked [function] [call site] 00208
1 foo__test_field_flags__unpack [function] [call site] 00209
2 protobuf_c_message_unpack [function] [call site] 00210
1 foo__test_field_flags__get_packed_size [function] [call site] 00211
2 __assert_fail [call site] 00212
2 protobuf_c_message_get_packed_size [function] [call site] 00213
1 foo__test_field_flags__pack [function] [call site] 00214
2 __assert_fail [call site] 00215
2 protobuf_c_message_pack [function] [call site] 00216
1 fuzzing::memory::memory_test(void const*, unsigned long) [function] [call site] 00217
1 foo__test_field_flags__free_unpacked [function] [call site] 00218
2 __assert_fail [call site] 00219
2 protobuf_c_message_free_unpacked [function] [call site] 00220
1 foo__test_message_check__unpack [function] [call site] 00221
2 protobuf_c_message_unpack [function] [call site] 00222
1 foo__test_message_check__get_packed_size [function] [call site] 00223
2 __assert_fail [call site] 00224
2 protobuf_c_message_get_packed_size [function] [call site] 00225
1 foo__test_message_check__pack [function] [call site] 00226
2 __assert_fail [call site] 00227
2 protobuf_c_message_pack [function] [call site] 00228
1 fuzzing::memory::memory_test(void const*, unsigned long) [function] [call site] 00229
1 foo__test_message_check__free_unpacked [function] [call site] 00230
2 __assert_fail [call site] 00231
2 protobuf_c_message_free_unpacked [function] [call site] 00232