Fuzz introspector: fuzz_format_sav
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
0 17 1 :

['sav_ctx_free']

0 17 sav_ctx_init call site: 00065 /src/readstat/src/spss/readstat_sav.c:57
0 7 1 :

['readstat_parser_free']

0 7 readstat_parser_init call site: 00005 /src/readstat/src/readstat_parser.c:9
0 0 None 2 78 sav_parse_long_string_value_labels_record call site: 00170 /src/readstat/src/spss/readstat_sav_read.c:1062
0 0 None 0 718 readstat_parse_sav call site: 00050 /src/readstat/src/spss/readstat_sav_read.c:1608
0 0 None 0 718 readstat_parse_sav call site: 00050 /src/readstat/src/spss/readstat_sav_read.c:1612
0 0 None 0 718 readstat_parse_sav call site: 00050 /src/readstat/src/spss/readstat_sav_read.c:1617
0 0 None 0 47 sav_handle_variables call site: 00194 /src/readstat/src/spss/readstat_sav_read.c:1499
0 0 None 0 47 sav_handle_variables call site: 00210 /src/readstat/src/spss/readstat_sav_read.c:1518
0 0 None 0 18 sav_read_document_record call site: 00136 /src/readstat/src/spss/readstat_sav_read.c:635
0 0 None 0 17 readstat_parse_sav call site: 00049 /src/readstat/src/spss/readstat_sav_read.c:1582
0 0 None 0 17 readstat_parse_sav call site: 00049 /src/readstat/src/spss/readstat_sav_read.c:1587
0 0 None 0 17 readstat_parse_sav call site: 00073 /src/readstat/src/spss/readstat_sav_read.c:1629

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 fuzzer_parser_init [function] [call site] 00001
2 readstat_parser_init [function] [call site] 00002
3 calloc [call site] 00003
3 calloc [call site] 00004
3 unistd_io_init [function] [call site] 00005
4 readstat_set_open_handler [function] [call site] 00006
4 unistd_open_handler [function] [call site] 00007
5 open_with_unicode [function] [call site] 00008
6 open [call site] 00009
4 readstat_set_close_handler [function] [call site] 00010
4 unistd_close_handler [function] [call site] 00011
5 close [call site] 00012
4 readstat_set_seek_handler [function] [call site] 00013
4 unistd_seek_handler [function] [call site] 00014
5 lseek [call site] 00015
4 readstat_set_read_handler [function] [call site] 00016
4 unistd_read_handler [function] [call site] 00017
5 read [call site] 00018
4 readstat_set_update_handler [function] [call site] 00019
4 unistd_update_handler [function] [call site] 00020
5 lseek [call site] 00021
4 calloc [call site] 00022
4 readstat_set_io_ctx [function] [call site] 00023
3 readstat_parser_free [function] [call site] 00024
4 readstat_set_io_ctx [function] [call site] 00025
2 readstat_set_open_handler [function] [call site] 00026
2 rt_open_handler [function] [call site] 00027
2 readstat_set_close_handler [function] [call site] 00028
2 rt_close_handler [function] [call site] 00029
2 readstat_set_seek_handler [function] [call site] 00030
2 rt_seek_handler [function] [call site] 00031
2 readstat_set_read_handler [function] [call site] 00032
2 rt_read_handler [function] [call site] 00033
2 readstat_set_update_handler [function] [call site] 00034
2 rt_update_handler [function] [call site] 00035
2 readstat_set_metadata_handler [function] [call site] 00036
2 handle_metadata [function] [call site] 00037
2 readstat_set_note_handler [function] [call site] 00038
2 handle_note [function] [call site] 00039
2 readstat_set_variable_handler [function] [call site] 00040
2 handle_variable [function] [call site] 00041
2 readstat_set_fweight_handler [function] [call site] 00042
2 handle_fweight [function] [call site] 00043
2 readstat_set_value_handler [function] [call site] 00044
2 handle_value [function] [call site] 00045
2 readstat_set_value_label_handler [function] [call site] 00046
2 handle_value_label [function] [call site] 00047
1 readstat_set_io_ctx [function] [call site] 00048
1 readstat_parse_sav [function] [call site] 00049
2 sav_ctx_init [function] [call site] 00050
3 readstat_calloc [function] [call site] 00051
4 calloc [call site] 00052
3 memcmp [call site] 00053
3 memcmp [call site] 00054
3 sav_ctx_free [function] [call site] 00055
4 spss_varinfo_free [function] [call site] 00056
4 iconv_close [call site] 00057
3 machine_is_little_endian [function] [call site] 00058
3 byteswap4 [function] [call site] 00059
3 byteswap4 [function] [call site] 00060
3 byteswap4 [function] [call site] 00061
3 byteswap4 [function] [call site] 00062
3 byteswap_double [function] [call site] 00063
4 byteswap8 [function] [call site] 00064
3 readstat_calloc [function] [call site] 00065
3 sav_ctx_free [function] [call site] 00066
2 sav_parse_timestamp [function] [call site] 00067
3 sav_parse_time [function] [call site] 00068
4 snprintf [call site] 00069
3 sav_parse_date [function] [call site] 00070
4 snprintf [call site] 00071
3 mktime [call site] 00072
2 sav_parse_records_pass1 [function] [call site] 00073
3 byteswap4 [function] [call site] 00074
3 sav_skip_variable_record [function] [call site] 00075
4 byteswap4 [function] [call site] 00076
4 byteswap4 [function] [call site] 00077
4 abs [call site] 00078
3 sav_skip_value_label_record [function] [call site] 00079
4 byteswap4 [function] [call site] 00080
4 byteswap4 [function] [call site] 00081
4 byteswap4 [function] [call site] 00082
3 sav_skip_document_record [function] [call site] 00083
4 byteswap4 [function] [call site] 00084
3 byteswap4 [function] [call site] 00085
3 sav_parse_machine_integer_info_record [function] [call site] 00086
4 byteswap4 [function] [call site] 00087
4 snprintf [call site] 00088
4 iconv_open [call site] 00089
4 iconv_close [call site] 00090
2 sav_update_progress [function] [call site] 00091
2 sav_parse_records_pass2 [function] [call site] 00092
3 readstat_malloc [function] [call site] 00093
3 byteswap4 [function] [call site] 00094
3 sav_read_variable_record [function] [call site] 00095
4 readstat_realloc [function] [call site] 00096
5 realloc [call site] 00097
4 byteswap4 [function] [call site] 00098
4 byteswap4 [function] [call site] 00099
4 byteswap4 [function] [call site] 00100
4 readstat_calloc [function] [call site] 00101
4 readstat_convert [function] [call site] 00102
5 iconv [call site] 00103
5 __errno_location [call site] 00104
5 __errno_location [call site] 00105
4 readstat_convert [function] [call site] 00106
4 sav_read_variable_label [function] [call site] 00107
5 byteswap4 [function] [call site] 00108
5 readstat_malloc [function] [call site] 00109
5 readstat_malloc [function] [call site] 00110
5 readstat_convert [function] [call site] 00111
4 byteswap4 [function] [call site] 00112
4 sav_read_variable_missing_values [function] [call site] 00113
5 abs [call site] 00114
5 sav_read_variable_missing_double_values [function] [call site] 00115
6 byteswap_double [function] [call site] 00116
5 sav_read_variable_missing_string_values [function] [call site] 00117
6 readstat_convert [function] [call site] 00118
4 spss_varinfo_free [function] [call site] 00119
3 sav_read_value_label_record [function] [call site] 00120
4 byteswap4 [function] [call site] 00121
4 readstat_calloc [function] [call site] 00122
4 readstat_malloc [function] [call site] 00123
4 readstat_convert [function] [call site] 00124
4 byteswap4 [function] [call site] 00125
4 byteswap4 [function] [call site] 00126
4 readstat_malloc [function] [call site] 00127
4 byteswap4 [function] [call site] 00128
4 bsearch [call site] 00129
4 spss_varinfo_compare [function] [call site] 00130
4 byteswap_double [function] [call site] 00131
4 sav_tag_missing_double [function] [call site] 00132
4 readstat_convert [function] [call site] 00133
4 sav_submit_value_labels [function] [call site] 00134
5 snprintf [call site] 00135
3 sav_read_document_record [function] [call site] 00136
4 sav_skip_document_record [function] [call site] 00137
4 byteswap4 [function] [call site] 00138
4 readstat_convert [function] [call site] 00139
3 sav_read_dictionary_termination_record [function] [call site] 00140
3 byteswap4 [function] [call site] 00141
3 readstat_realloc [function] [call site] 00142
3 sav_parse_machine_floating_point_record [function] [call site] 00143
4 byteswap8 [function] [call site] 00144
4 byteswap8 [function] [call site] 00145
4 byteswap8 [function] [call site] 00146
3 sav_store_variable_display_parameter_record [function] [call site] 00147
4 readstat_realloc [function] [call site] 00148
4 byteswap4 [function] [call site] 00149
3 sav_parse_long_variable_names_record [function] [call site] 00150
4 count_vars [function] [call site] 00151
5 strcmp [call site] 00152
4 build_lookup_table [function] [call site] 00153
5 readstat_malloc [function] [call site] 00154
5 strcmp [call site] 00155
5 qsort [call site] 00156
5 compare_varlookups [function] [call site] 00157
6 strcasecmp [call site] 00158
4 bsearch [call site] 00159
4 compare_key_varlookup [function] [call site] 00160
4 snprintf [call site] 00161
4 snprintf [call site] 00162
3 sav_parse_very_long_string_record [function] [call site] 00163
4 count_vars [function] [call site] 00164
4 readstat_malloc [function] [call site] 00165
4 build_lookup_table [function] [call site] 00166
4 bsearch [call site] 00167
4 compare_key_varlookup [function] [call site] 00168
4 snprintf [call site] 00169
3 sav_parse_long_string_value_labels_record [function] [call site] 00170
4 sav_read_pascal_string [function] [call site] 00171
5 byteswap4 [function] [call site] 00172
5 readstat_convert [function] [call site] 00173
4 strcmp [call site] 00174
4 snprintf [call site] 00175
4 byteswap4 [function] [call site] 00176
4 byteswap4 [function] [call site] 00177
4 readstat_realloc [function] [call site] 00178
4 readstat_convert [function] [call site] 00179
4 byteswap4 [function] [call site] 00180
4 readstat_realloc [function] [call site] 00181
4 readstat_convert [function] [call site] 00182
3 sav_parse_long_string_missing_values_record [function] [call site] 00183
4 sav_read_pascal_string [function] [call site] 00184
4 strcmp [call site] 00185
4 byteswap4 [function] [call site] 00186
4 readstat_convert [function] [call site] 00187
2 sav_set_n_segments_and_var_count [function] [call site] 00188
3 readstat_calloc [function] [call site] 00189
2 readstat_convert [function] [call site] 00190
2 sav_parse_variable_display_parameter_record [function] [call site] 00191
3 spss_measure_to_readstat_measure [function] [call site] 00192
3 spss_alignment_to_readstat_alignment [function] [call site] 00193
2 sav_handle_variables [function] [call site] 00194
3 spss_init_variable_for_info [function] [call site] 00195
4 calloc [call site] 00196
4 readstat_convert [function] [call site] 00197
4 readstat_convert [function] [call site] 00198
4 snprintf [call site] 00199
4 spss_format [function] [call site] 00200
5 snprintf [call site] 00201
5 snprintf [call site] 00202
4 spss_missingness_for_info [function] [call site] 00203
5 spss_boxed_missing_value [function] [call site] 00204
6 spss_boxed_double_value [function] [call site] 00205
6 spss_boxed_string_value [function] [call site] 00206
5 spss_boxed_missing_value [function] [call site] 00207
5 spss_boxed_missing_value [function] [call site] 00208
5 spss_boxed_missing_value [function] [call site] 00209
3 snprintf [call site] 00210
2 sav_handle_fweight [function] [call site] 00211
2 sav_read_data [function] [call site] 00212
3 readstat_malloc [function] [call site] 00213
3 readstat_malloc [function] [call site] 00214
3 sav_read_compressed_data [function] [call site] 00215
4 readstat_malloc [function] [call site] 00216
4 sav_update_progress [function] [call site] 00217
4 sav_decompress_row [function] [call site] 00218
5 byteswap8 [function] [call site] 00219
5 byteswap_double [function] [call site] 00220
3 zsav_read_compressed_data [function] [call site] 00221
4 byteswap8 [function] [call site] 00222
4 byteswap8 [function] [call site] 00223
4 byteswap8 [function] [call site] 00224
4 byteswap8 [function] [call site] 00225
4 byteswap8 [function] [call site] 00226
4 byteswap4 [function] [call site] 00227
4 byteswap4 [function] [call site] 00228
4 readstat_malloc [function] [call site] 00229
4 byteswap8 [function] [call site] 00230
4 byteswap8 [function] [call site] 00231
4 byteswap4 [function] [call site] 00232
4 byteswap4 [function] [call site] 00233
4 readstat_malloc [function] [call site] 00234
4 readstat_realloc [function] [call site] 00235
4 readstat_realloc [function] [call site] 00236
4 uncompress [call site] 00237
4 sav_decompress_row [function] [call site] 00238
3 sav_process_row [function] [call site] 00239
4 strcmp [call site] 00240
4 readstat_convert [function] [call site] 00241
4 byteswap_double [function] [call site] 00242
4 sav_tag_missing_double [function] [call site] 00243
3 sav_read_uncompressed_data [function] [call site] 00244
4 readstat_malloc [function] [call site] 00245
4 sav_update_progress [function] [call site] 00246
2 sav_ctx_free [function] [call site] 00247
1 readstat_parser_free [function] [call site] 00248