Fuzz introspector: fuzz_format_dta
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2 2 1 :

['ones_to_twos_complement1']

2 2 dta_interpret_int8_bytes call site: 00185 /src/readstat/src/stata/readstat_dta_read.c:483
2 2 1 :

['ones_to_twos_complement2']

2 2 dta_interpret_int16_bytes call site: 00188 /src/readstat/src/stata/readstat_dta_read.c:506
2 2 1 :

['ones_to_twos_complement4']

2 2 dta_interpret_int32_bytes call site: 00191 /src/readstat/src/stata/readstat_dta_read.c:529
0 7 1 :

['readstat_parser_free']

0 7 readstat_parser_init call site: 00005 /src/readstat/src/readstat_parser.c:9
0 0 None 6 86 dta_handle_value_labels call site: 00201 /src/readstat/src/stata/readstat_dta_read.c:998
0 0 None 4 78 dta_handle_row call site: 00177 /src/readstat/src/stata/readstat_dta_read.c:604
0 0 None 2 26 dta_ctx_init call site: 00077 /src/readstat/src/stata/readstat_dta.c:159
0 0 None 0 568 readstat_parse_dta call site: 00093 /src/readstat/src/stata/readstat_dta_read.c:1194
0 0 None 0 568 readstat_parse_dta call site: 00093 /src/readstat/src/stata/readstat_dta_read.c:1202
0 0 None 0 140 dta_read_data call site: 00170 /src/readstat/src/stata/readstat_dta_read.c:704
0 0 None 0 34 dta_handle_variables call site: 00127 /src/readstat/src/stata/readstat_dta_read.c:934
0 0 None 0 34 dta_handle_variables call site: 00129 /src/readstat/src/stata/readstat_dta_read.c:969

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 fuzzer_parser_init [function] [call site] 00001
2 readstat_parser_init [function] [call site] 00002
3 calloc [call site] 00003
3 calloc [call site] 00004
3 unistd_io_init [function] [call site] 00005
4 readstat_set_open_handler [function] [call site] 00006
4 unistd_open_handler [function] [call site] 00007
5 open_with_unicode [function] [call site] 00008
6 open [call site] 00009
4 readstat_set_close_handler [function] [call site] 00010
4 unistd_close_handler [function] [call site] 00011
5 close [call site] 00012
4 readstat_set_seek_handler [function] [call site] 00013
4 unistd_seek_handler [function] [call site] 00014
5 lseek [call site] 00015
4 readstat_set_read_handler [function] [call site] 00016
4 unistd_read_handler [function] [call site] 00017
5 read [call site] 00018
4 readstat_set_update_handler [function] [call site] 00019
4 unistd_update_handler [function] [call site] 00020
5 lseek [call site] 00021
4 calloc [call site] 00022
4 readstat_set_io_ctx [function] [call site] 00023
3 readstat_parser_free [function] [call site] 00024
4 readstat_set_io_ctx [function] [call site] 00025
2 readstat_set_open_handler [function] [call site] 00026
2 rt_open_handler [function] [call site] 00027
2 readstat_set_close_handler [function] [call site] 00028
2 rt_close_handler [function] [call site] 00029
2 readstat_set_seek_handler [function] [call site] 00030
2 rt_seek_handler [function] [call site] 00031
2 readstat_set_read_handler [function] [call site] 00032
2 rt_read_handler [function] [call site] 00033
2 readstat_set_update_handler [function] [call site] 00034
2 rt_update_handler [function] [call site] 00035
2 readstat_set_metadata_handler [function] [call site] 00036
2 handle_metadata [function] [call site] 00037
2 readstat_set_note_handler [function] [call site] 00038
2 handle_note [function] [call site] 00039
2 readstat_set_variable_handler [function] [call site] 00040
2 handle_variable [function] [call site] 00041
2 readstat_set_fweight_handler [function] [call site] 00042
2 handle_fweight [function] [call site] 00043
2 readstat_set_value_handler [function] [call site] 00044
2 handle_value [function] [call site] 00045
2 readstat_set_value_label_handler [function] [call site] 00046
2 handle_value_label [function] [call site] 00047
1 readstat_set_io_ctx [function] [call site] 00048
1 readstat_parse_dta [function] [call site] 00049
2 dta_ctx_alloc [function] [call site] 00050
3 calloc [call site] 00051
2 snprintf [call site] 00052
2 snprintf [call site] 00053
2 strncmp [call site] 00054
2 dta_read_xmlish_header [function] [call site] 00055
3 dta_read_tag [function] [call site] 00056
4 strlen [call site] 00057
4 strncmp [call site] 00058
3 dta_read_tag [function] [call site] 00059
3 dta_read_chunk [function] [call site] 00060
4 dta_read_tag [function] [call site] 00061
4 dta_read_tag [function] [call site] 00062
3 dta_read_chunk [function] [call site] 00063
3 strncmp [call site] 00064
3 strncmp [call site] 00065
3 machine_is_little_endian [function] [call site] 00066
3 dta_read_chunk [function] [call site] 00067
3 byteswap4 [function] [call site] 00068
3 dta_read_chunk [function] [call site] 00069
3 byteswap2 [function] [call site] 00070
3 dta_read_chunk [function] [call site] 00071
3 byteswap8 [function] [call site] 00072
3 dta_read_chunk [function] [call site] 00073
3 byteswap4 [function] [call site] 00074
2 dta_ctx_init [function] [call site] 00075
3 machine_is_little_endian [function] [call site] 00076
3 readstat_calloc [function] [call site] 00077
4 calloc [call site] 00078
3 iconv_open [call site] 00079
3 iconv_open [call site] 00080
3 strcmp [call site] 00081
3 iconv_open [call site] 00082
3 readstat_malloc [function] [call site] 00083
3 readstat_malloc [function] [call site] 00084
3 readstat_malloc [function] [call site] 00085
3 readstat_malloc [function] [call site] 00086
3 readstat_malloc [function] [call site] 00087
3 readstat_malloc [function] [call site] 00088
2 dta_read_header [function] [call site] 00089
3 machine_is_little_endian [function] [call site] 00090
3 byteswap2 [function] [call site] 00091
3 byteswap4 [function] [call site] 00092
2 dta_ctx_init [function] [call site] 00093
2 dta_update_progress [function] [call site] 00094
2 dta_read_label_and_timestamp [function] [call site] 00095
3 dta_read_tag [function] [call site] 00096
3 byteswap2 [function] [call site] 00097
3 readstat_malloc [function] [call site] 00098
3 strlen [call site] 00099
3 readstat_malloc [function] [call site] 00100
3 readstat_convert [function] [call site] 00101
4 __errno_location [call site] 00102
4 __errno_location [call site] 00103
3 dta_read_tag [function] [call site] 00104
3 dta_read_tag [function] [call site] 00105
3 readstat_malloc [function] [call site] 00106
3 dta_parse_timestamp [function] [call site] 00107
4 snprintf [call site] 00108
3 mktime [call site] 00109
3 dta_read_tag [function] [call site] 00110
2 dta_read_tag [function] [call site] 00111
2 dta_read_map [function] [call site] 00112
3 dta_read_chunk [function] [call site] 00113
3 byteswap8 [function] [call site] 00114
3 byteswap8 [function] [call site] 00115
3 byteswap8 [function] [call site] 00116
2 dta_read_descriptors [function] [call site] 00117
3 readstat_malloc [function] [call site] 00118
3 dta_read_chunk [function] [call site] 00119
3 byteswap2 [function] [call site] 00120
3 dta_read_chunk [function] [call site] 00121
3 dta_read_chunk [function] [call site] 00122
3 dta_read_chunk [function] [call site] 00123
3 dta_read_chunk [function] [call site] 00124
3 dta_read_chunk [function] [call site] 00125
2 dta_type_info [function] [call site] 00126
2 dta_handle_variables [function] [call site] 00127
3 dta_type_info [function] [call site] 00128
3 dta_init_variable [function] [call site] 00129
4 calloc [call site] 00130
4 strnlen [call site] 00131
4 readstat_convert [function] [call site] 00132
4 strnlen [call site] 00133
4 readstat_convert [function] [call site] 00134
4 strnlen [call site] 00135
4 readstat_convert [function] [call site] 00136
4 __isoc99_sscanf [call site] 00137
4 __isoc99_sscanf [call site] 00138
2 dta_read_expansion_fields [function] [call site] 00139
3 snprintf [call site] 00140
3 dta_read_tag [function] [call site] 00141
3 memcmp [call site] 00142
3 dta_read_tag [function] [call site] 00143
3 memcmp [call site] 00144
3 byteswap2 [function] [call site] 00145
3 byteswap4 [function] [call site] 00146
3 readstat_realloc [function] [call site] 00147
4 realloc [call site] 00148
3 strncmp [call site] 00149
3 __isoc99_sscanf [call site] 00150
3 dta_read_tag [function] [call site] 00151
2 dta_read_strls [function] [call site] 00152
3 snprintf [call site] 00153
3 dta_read_tag [function] [call site] 00154
3 readstat_malloc [function] [call site] 00155
3 memcmp [call site] 00156
3 dta_read_strl [function] [call site] 00157
4 dta_118_read_strl [function] [call site] 00158
5 byteswap4 [function] [call site] 00159
5 byteswap8 [function] [call site] 00160
5 byteswap4 [function] [call site] 00161
4 dta_117_read_strl [function] [call site] 00162
5 byteswap4 [function] [call site] 00163
5 byteswap4 [function] [call site] 00164
5 byteswap4 [function] [call site] 00165
3 readstat_realloc [function] [call site] 00166
3 readstat_malloc [function] [call site] 00167
3 memcmp [call site] 00168
3 dta_read_tag [function] [call site] 00169
2 dta_read_data [function] [call site] 00170
3 snprintf [call site] 00171
3 dta_read_tag [function] [call site] 00172
3 dta_update_progress [function] [call site] 00173
3 dta_handle_rows [function] [call site] 00174
4 readstat_malloc [function] [call site] 00175
4 dta_handle_row [function] [call site] 00176
5 dta_type_info [function] [call site] 00177
5 strnlen [call site] 00178
5 readstat_convert [function] [call site] 00179
5 dta_interpret_strl_vo_bytes [function] [call site] 00180
6 byteswap4 [function] [call site] 00181
6 byteswap4 [function] [call site] 00182
5 bsearch [call site] 00183
5 dta_compare_strls [function] [call site] 00184
5 dta_interpret_int8_bytes [function] [call site] 00185
6 ones_to_twos_complement1 [function] [call site] 00186
5 dta_interpret_int16_bytes [function] [call site] 00187
6 byteswap2 [function] [call site] 00188
6 ones_to_twos_complement2 [function] [call site] 00189
5 dta_interpret_int32_bytes [function] [call site] 00190
6 byteswap4 [function] [call site] 00191
6 ones_to_twos_complement4 [function] [call site] 00192
5 dta_interpret_float_bytes [function] [call site] 00193
6 byteswap4 [function] [call site] 00194
5 dta_interpret_double_bytes [function] [call site] 00195
6 byteswap8 [function] [call site] 00196
4 dta_update_progress [function] [call site] 00197
3 dta_read_tag [function] [call site] 00198
2 dta_handle_value_labels [function] [call site] 00199
3 snprintf [call site] 00200
3 dta_read_tag [function] [call site] 00201
3 byteswap2 [function] [call site] 00202
3 dta_read_tag [function] [call site] 00203
3 byteswap4 [function] [call site] 00204
3 readstat_realloc [function] [call site] 00205
3 strnlen [call site] 00206
3 readstat_convert [function] [call site] 00207
3 dta_read_tag [function] [call site] 00208
3 byteswap4 [function] [call site] 00209
3 byteswap4 [function] [call site] 00210
3 realloc [call site] 00211
3 byteswap4 [function] [call site] 00212
3 dta_interpret_int32_bytes [function] [call site] 00213
3 strnlen [call site] 00214
3 readstat_convert [function] [call site] 00215
2 dta_ctx_free [function] [call site] 00216
3 iconv_close [call site] 00217
1 readstat_parser_free [function] [call site] 00218