Fuzz introspector: scripts/fuzz/fuzz_rtp_parser.c
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
1798 1798 2 :

['init_config_bail', 'rtpp_cfile_process']

1826 1846 init_config call site: 00000 /src/rtpproxy/src/main.c:756
1029 1064 9 :

['handle_stun_full', 'stun_reply', 'strlen', 'ice_switch_local_role', 'str_isset', 'handle_stun_lite', 're_regex', 'pl_strcmp', 'stun_msg_attr']

1029 1496 icem_stund_recv call site: 00000 /src/rtpproxy/libre/../external/libre/src/ice/stunsrv.c:248
338 338 1 :

['cand_decode']

338 338 icem_sdp_decode call site: 00000 /src/rtpproxy/libre/../external/libre/src/ice/icesdp.c:298
88 95 9 :

['_rtpp_log_lock', '__errno_location', 'ftime', '_rtpp_log_unlock', 'strerror', 'vsyslog_async', 'fflush', 'strlvl', 'getdtime']

88 95 _rtpp_log_ewrite_va call site: 00000 /src/rtpproxy/src/rtpp_log_stand.c:302
76 83 7 :

['_rtpp_log_lock', 'getdtime', '_rtpp_log_unlock', 'ftime', 'fflush', 'strlvl', 'vsyslog_async']

76 83 _rtpp_log_write_va call site: 00000 /src/rtpproxy/src/rtpp_log_stand.c:259
69 69 1 :

['rtp_resizer_enqueue']

69 69 resizer_injest call site: 00000 /src/rtpproxy/src/rtpp_stream.c:228
53 84 5 :

['rtpp_queue_get_item', 'rtpp_queue_get_item_by', 'run_servers', 'dtime2mtimespec', 'getdtime']

57 90 rtpp_proc_servers_run call site: 00000 /src/rtpproxy/src/rtpp_proc_servers.c:188
52 52 1 :

['syslog_async_init']

62 72 _rtpp_log_open call site: 00000 /src/rtpproxy/src/rtpp_log_stand.c:89
52 52 4 :

['tls_peer_fingerprint', 'strcmp', 'setup_srtp_stream', 'tls_srtp_keyinfo']

54 54 rtpp_dtls_conn_dtls_recv call site: 00000 /src/rtpproxy/modules/dtls_gw/rtpp_dtls_conn.c:417
48 48 1 :

['__rtpp_stream_fill_addr']

48 48 _rtpp_stream_latch call site: 00000 /src/rtpproxy/src/rtpp_stream.c:611
47 47 2 :

['getcwd', 'rtpp_daemon']

134 2338 _rtpp_main call site: 00000 /src/rtpproxy/src/main.c:1095
42 42 1 :

['rtpp_anetio_sendto_na']

42 42 rtpc_reply_deliver call site: 00000 /src/rtpproxy/src/rtpp_command_reply.c:142

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 rtpp_log_ctor [function] [call site] 00001
2 rtpp_rzmalloc [function] [call site] 00002
2 PVT_RCOFFS [function] [call site] 00003
2 CALL_SMETHOD [function] [call site] 00004
1 assert [function] [call site] 00005
1 rtpp_analyzer_ctor [function] [call site] 00006
2 rtpp_rzmalloc [function] [call site] 00007
2 PVT_RCOFFS [function] [call site] 00008
2 rtpp_stats_init [function] [call site] 00009
3 memset [function] [call site] 00010
3 rtp_analyze_jt_ctor [function] [call site] 00011
4 rtpp_zmalloc [function] [call site] 00012
4 rtp_analyze_jdata_ctor [function] [call site] 00013
5 rtpp_zmalloc [function] [call site] 00014
5 rtpp_ringbuf_ctor [function] [call site] 00015
6 rtpp_rzmalloc [function] [call site] 00016
6 PVT_RCOFFS [function] [call site] 00017
6 rtpp_zmalloc [function] [call site] 00018
6 PUBINST_FININIT [function] [call site] 00019
6 RTPP_OBJ_DECREF [function] [call site] 00020
5 free [function] [call site] 00021
4 free [function] [call site] 00022
2 RTPP_OBJ_INCREF [function] [call site] 00023
2 PUBINST_FININIT [function] [call site] 00024
2 RTPP_OBJ_DECREF [function] [call site] 00025
1 assert [function] [call site] 00026
1 rtp_packet_alloc [function] [call site] 00027
2 rtpp_rzmalloc [function] [call site] 00028
2 PVT_RCOFFS [function] [call site] 00029
1 assert [function] [call site] 00030
1 memcpy [function] [call site] 00031
1 CALL_SMETHOD [function] [call site] 00032
1 RTPP_OBJ_DECREF [function] [call site] 00033