Fuzz introspector: c/tests/fuzz/fuzz-url.c
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
357 445 17 :

['pni_consumer_readv32.2020', 'pn_free', 'pn_string_get', 'pn_string_buffer', 'pn_amqp_decode_DqEse', 'pn_string_size', 'pn_amqp_decode_DqERe', 'pnx_sasl_set_desired_state', 'pni_sasl_impl_process_mechanisms', 'consume_array', 'pn_string', 'pni_sasl_client_included_mech', 'pn_string_addf', 'pni_sasl_impl_init_client', 'pni_consumer_readv8.2021', 'make_consumer_from_bytes.2022', 'pn_string_setn']

357 445 pn_do_mechanisms call site: 00000 /src/qpid-proton/c/src/sasl/sasl.c:929
283 283 1 :

['pn_amqp_encode_DLESIoBBQDLESIsIoCQsCnCCeDLECennIe']

283 603 pni_process_link_setup call site: 00000 /src/qpid-proton/c/src/core/transport.c:2020
263 275 6 :

['pn_strndup', 'pni_sasl_impl_process_init', 'pnx_sasl_error', 'pni_sasl_server_included_mech', 'pnx_sasl_set_desired_state', 'pn_amqp_decode_DqEsze']

263 275 pn_do_init call site: 00000 /src/qpid-proton/c/src/sasl/sasl.c:897
179 838 8 :

['pn_condition_get_description', 'pni_unmap_local_channel', 'pn_condition_info', 'pn_condition_get_name', 'pn_framing_send_amqp', 'pn_amqp_encode_DLEQDLEsSCee', 'pni_pointful_buffering', 'pn_condition_is_set']

179 844 pni_process_ssn_teardown call site: 00000 /src/qpid-proton/c/src/core/transport.c:2462
164 164 3 :

['pnx_sasl_set_desired_state', 'pni_sasl_impl_process_outcome', 'pn_amqp_decode_DqEBze']

164 164 pn_do_outcome call site: 00000 /src/qpid-proton/c/src/sasl/sasl.c:1039
101 412 2 :

['pn_amqp_encode_DLESe', 'pn_framing_send_amqp']

101 1005 pn_error_amqp call site: 00000 /src/qpid-proton/c/src/core/transport.c:2554
62 62 2 :

['pn_amqp_decode_DqEze', 'pni_sasl_impl_process_challenge']

62 62 pn_do_challenge call site: 00000 /src/qpid-proton/c/src/sasl/sasl.c:997
62 62 2 :

['pn_amqp_decode_DqEze', 'pni_sasl_impl_process_response']

62 62 pn_do_response call site: 00000 /src/qpid-proton/c/src/sasl/sasl.c:1018
43 43 4 :

['free', 'X509_free', 'ssl_log', 'release_ssl_socket']

43 43 pn_ssl_free call site: 00000 /src/qpid-proton/c/src/ssl/openssl.c:954
5 5 1 :

['pni_emitter_writef64']

5 10 emit_descriptor call site: 00000 /src/qpid-proton/c/src/core/emitters.h:249
0 621 2 :

['pn_error_amqp', 'pn_dispatcher_output']

0 621 pn_output_write_amqp_header call site: 00000 /src/qpid-proton/c/src/core/transport.c:2670
0 560 1 :

['pn_connection_driver_destroy']

0 560 pn_connection_driver_init call site: 00000 /src/qpid-proton/c/src/core/connection_driver.c:56

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 pn_url_parse [function] [call site] 00001
2 pn_url [function] [call site] 00002
3 pn_class_new [function] [call site] 00003
4 pni_class_new [function] [call site] 00004
5 pni_default_new [function] [call site] 00005
6 pni_mem_zallocate [function] [call site] 00006
7 calloc [call site] 00007
3 pn_string [function] [call site] 00008
4 pn_stringn [function] [call site] 00009
5 pn_class_new [function] [call site] 00010
5 pni_mem_suballocate [function] [call site] 00011
5 pn_string_setn [function] [call site] 00012
6 pn_string_grow [function] [call site] 00013
7 pn_class [function] [call site] 00014
7 pni_mem_subreallocate [function] [call site] 00015
8 realloc [call site] 00016
4 strlen [call site] 00017
2 pn_strdup [function] [call site] 00018
3 strlen [call site] 00019
3 pni_mem_allocate [function] [call site] 00020
3 strcpy [call site] 00021
2 pni_parse_url [function] [call site] 00022
3 strchr [call site] 00023
3 strstr [call site] 00024
3 strchr [call site] 00025
3 strchr [call site] 00026
3 strchr [call site] 00027
3 strchr [call site] 00028
3 strrchr [call site] 00029
3 pni_urldecode [function] [call site] 00030
4 strtoul [call site] 00031
3 pni_urldecode [function] [call site] 00032
2 pn_strdup [function] [call site] 00033
2 pn_strdup [function] [call site] 00034
2 pn_strdup [function] [call site] 00035
2 pn_strdup [function] [call site] 00036
2 pn_strdup [function] [call site] 00037
2 pn_strdup [function] [call site] 00038
1 pn_url_free [function] [call site] 00039
2 pn_free [function] [call site] 00040
3 pni_class_refcount [function] [call site] 00041
4 pni_default_refcount [function] [call site] 00042
3 pni_class_decref [function] [call site] 00043
4 pni_default_decref [function] [call site] 00044
3 pni_class_refcount [function] [call site] 00045
3 pni_class_free [function] [call site] 00046
4 pni_default_free [function] [call site] 00047
5 pni_mem_deallocate [function] [call site] 00048