Fuzz introspector: selabel_file_compiled-fuzzer
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
11 11 1 :

['file_kind_to_string']

93 216 spec_node_cmp call site: 00231 /src/selinux/libselinux/src/label_file.c:2353
10 10 4 :

['pthread_mutex_lock', '__errno_location', 'fmt_stem', 'pthread_mutex_unlock']

10 10 spec_node_cmp call site: 00246 /src/selinux/libselinux/src/label_file.c:2436
6 6 2 :

['__errno_location', 'munmap']

6 33 load_mmap call site: 00140 /src/selinux/libselinux/src/label_file.c:1003
6 6 2 :

['statvfs64', 'set_selinuxmnt']

6 6 verify_selinuxmnt call site: 00000 /src/selinux/libselinux/src/init.c:39
2 2 2 :

['strlen', 'free']

2 15 selabel_sub_key call site: 00280 /src/selinux/libselinux/src/label_file.c:1388
2 2 1 :

['fclose']

2 2 convert_data call site: 00015 /src/selinux/libselinux/fuzz/selabel_file_compiled-fuzzer.c:80
2 2 1 :

['fclose']

2 2 init_selinuxmnt call site: 00000 /src/selinux/libselinux/src/init.c:128
2 2 1 :

['abort']

2 2 regex_format_error call site: 00322 /src/selinux/libselinux/src/regex.c:601
0 0 None 257 380 spec_node_cmp call site: 00199 /src/selinux/libselinux/src/label_file.c:2218
0 0 None 257 380 spec_node_cmp call site: 00200 /src/selinux/libselinux/src/label_file.c:2228
0 0 None 257 380 spec_node_cmp call site: 00206 /src/selinux/libselinux/src/label_file.c:2240
0 0 None 257 380 spec_node_cmp call site: 00207 /src/selinux/libselinux/src/label_file.c:2250

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 memmem [call site] 00001
1 memmem [call site] 00002
1 memmem [call site] 00003
1 selinux_set_callback [function] [call site] 00004
1 selinux_set_callback [function] [call site] 00005
1 calloc [call site] 00006
1 convert_data [function] [call site] 00007
2 memfd_create [call site] 00008
2 write_full [function] [call site] 00009
3 write [call site] 00010
3 __errno_location [call site] 00011
2 close [call site] 00012
2 fdopen [call site] 00013
2 close [call site] 00014
2 fseek [call site] 00015
2 fclose [call site] 00016
1 __errno_location [call site] 00017
1 load_mmap [function] [call site] 00018
2 fileno [call site] 00019
2 mmap64 [call site] 00020
2 madvise [call site] 00021
2 __errno_location [call site] 00022
2 pthread_mutex_lock [call site] 00023
2 pthread_mutex_unlock [call site] 00024
2 next_entry [function] [call site] 00025
2 __bswap_32 [function] [call site] 00026
2 next_entry [function] [call site] 00027
2 __bswap_32 [function] [call site] 00028
2 __bswap_32 [function] [call site] 00029
2 __errno_location [call site] 00030
2 pthread_mutex_lock [call site] 00031
2 pthread_mutex_unlock [call site] 00032
2 regex_version [function] [call site] 00033
3 pcre2_config_8 [call site] 00034
3 pcre2_config_8 [call site] 00035
2 regex_arch_string [function] [call site] 00036
3 pthread_once [call site] 00037
3 regex_arch_string_init [function] [call site] 00038
4 snprintf [call site] 00039
2 next_entry [function] [call site] 00040
2 __bswap_32 [function] [call site] 00041
2 strlen [call site] 00042
2 next_entry [function] [call site] 00043
2 entry_size_check [function] [call site] 00044
2 next_entry [function] [call site] 00045
2 strcmp [call site] 00046
2 __errno_location [call site] 00047
2 pthread_mutex_lock [call site] 00048
2 pthread_mutex_unlock [call site] 00049
2 next_entry [function] [call site] 00050
2 __bswap_32 [function] [call site] 00051
2 strlen [call site] 00052
2 next_entry [function] [call site] 00053
2 entry_size_check [function] [call site] 00054
2 next_entry [function] [call site] 00055
2 strcmp [call site] 00056
2 __errno_location [call site] 00057
2 pthread_mutex_lock [call site] 00058
2 pthread_mutex_unlock [call site] 00059
2 next_entry [function] [call site] 00060
2 __bswap_64 [function] [call site] 00061
2 load_mmap_ctxarray [function] [call site] 00062
3 next_entry [function] [call site] 00063
3 __bswap_32 [function] [call site] 00064
3 entry_size_check [function] [call site] 00065
3 calloc [call site] 00066
3 next_entry [function] [call site] 00067
3 __bswap_16 [function] [call site] 00068
3 entry_size_check [function] [call site] 00069
3 next_entry [function] [call site] 00070
3 strcmp [call site] 00071
3 __errno_location [call site] 00072
3 pthread_mutex_lock [call site] 00073
3 pthread_mutex_unlock [call site] 00074
2 calloc [call site] 00075
2 load_mmap_spec_node [function] [call site] 00076
3 next_entry [function] [call site] 00077
3 __bswap_16 [function] [call site] 00078
3 next_entry [function] [call site] 00079
3 next_entry [function] [call site] 00080
3 __bswap_32 [function] [call site] 00081
3 entry_size_check [function] [call site] 00082
3 calloc [call site] 00083
3 load_mmap_literal_spec [function] [call site] 00084
4 next_entry [function] [call site] 00085
4 __bswap_32 [function] [call site] 00086
4 strdup [call site] 00087
4 next_entry [function] [call site] 00088
4 __bswap_16 [function] [call site] 00089
4 next_entry [function] [call site] 00090
4 next_entry [function] [call site] 00091
4 __bswap_16 [function] [call site] 00092
4 next_entry [function] [call site] 00093
4 strlen [call site] 00094
4 next_entry [function] [call site] 00095
3 next_entry [function] [call site] 00096
3 __bswap_32 [function] [call site] 00097
3 entry_size_check [function] [call site] 00098
3 calloc [call site] 00099
3 load_mmap_regex_spec [function] [call site] 00100
4 next_entry [function] [call site] 00101
4 __bswap_32 [function] [call site] 00102
4 strdup [call site] 00103
4 next_entry [function] [call site] 00104
4 __bswap_32 [function] [call site] 00105
4 next_entry [function] [call site] 00106
4 __bswap_16 [function] [call site] 00107
4 next_entry [function] [call site] 00108
4 next_entry [function] [call site] 00109
4 __bswap_16 [function] [call site] 00110
4 strlen [call site] 00111
4 next_entry [function] [call site] 00112
4 regex_load_mmap [function] [call site] 00113
5 next_entry [function] [call site] 00114
5 __bswap_32 [function] [call site] 00115
5 pcre2_serialize_get_number_of_codes_8 [call site] 00116
5 regex_data_create [function] [call site] 00117
6 calloc [call site] 00118
6 pthread_mutex_init [call site] 00119
5 pcre2_serialize_decode_8 [call site] 00120
5 pcre2_match_data_create_from_pattern_8 [call site] 00121
5 next_entry [function] [call site] 00122
5 regex_data_free [function] [call site] 00123
6 pcre2_code_free_8 [call site] 00124
6 pcre2_match_data_free_8 [call site] 00125
6 pthread_mutex_destroy [call site] 00126
4 pthread_mutex_init [call site] 00127
3 next_entry [function] [call site] 00128
3 __bswap_32 [function] [call site] 00129
3 entry_size_check [function] [call site] 00130
3 calloc [call site] 00131
3 load_mmap_spec_node [function] [call site] 00132
4 strcmp [call site] 00133
2 free_spec_node [function] [call site] 00134
3 pthread_mutex_destroy [call site] 00135
3 pthread_mutex_destroy [call site] 00136
3 regex_data_free [function] [call site] 00137
3 pthread_mutex_destroy [call site] 00138
3 free_spec_node [function] [call site] 00139
2 merge_mmap_spec_nodes [function] [call site] 00140
3 strcmp [call site] 00141
3 __assert_fail [call site] 00142
3 __assert_fail [call site] 00143
3 reallocarray [call site] 00144
3 __assert_fail [call site] 00145
3 reallocarray [call site] 00146
3 __assert_fail [call site] 00147
3 calloc [call site] 00148
3 qsort [call site] 00149
3 compare_spec_node [function] [call site] 00150
4 strcmp [call site] 00151
4 __assert_fail [call site] 00152
3 strcmp [call site] 00153
3 merge_mmap_spec_nodes [function] [call site] 00154
4 free_spec_node [function] [call site] 00155
4 __assert_fail [call site] 00156
4 __assert_fail [call site] 00157
4 __assert_fail [call site] 00158
2 free_spec_node [function] [call site] 00159
2 free_context_array [function] [call site] 00160
2 free_context_array [function] [call site] 00161
2 free_spec_node [function] [call site] 00162
2 munmap [call site] 00163
2 __errno_location [call site] 00164
2 __errno_location [call site] 00165
1 __errno_location [call site] 00166
1 __assert_fail [call site] 00167
1 fclose [call site] 00168
1 convert_data [function] [call site] 00169
1 __errno_location [call site] 00170
1 load_mmap [function] [call site] 00171
1 __errno_location [call site] 00172
1 fclose [call site] 00173
1 convert_data [function] [call site] 00174
1 __errno_location [call site] 00175
1 load_mmap [function] [call site] 00176
1 __errno_location [call site] 00177
1 __assert_fail [call site] 00178
1 fclose [call site] 00179
1 sort_specs [function] [call site] 00180
2 sort_spec_node [function] [call site] 00181
3 __assert_fail [call site] 00182
3 __assert_fail [call site] 00183
3 __assert_fail [call site] 00184
3 qsort [call site] 00185
3 compare_literal_spec [function] [call site] 00186
4 strcmp [call site] 00187
3 qsort [call site] 00188
3 compare_spec_node [function] [call site] 00189
3 sort_spec_node [function] [call site] 00190
1 cmp [function] [call site] 00191
2 __assert_fail [call site] 00192
2 spec_node_cmp [function] [call site] 00193
3 strcmp [call site] 00194
3 __errno_location [call site] 00195
3 pthread_mutex_lock [call site] 00196
3 fmt_stem [function] [call site] 00197
3 pthread_mutex_unlock [call site] 00198
3 strcmp [call site] 00199
3 lspec_incomp [function] [call site] 00200
4 __errno_location [call site] 00201
4 pthread_mutex_lock [call site] 00202
4 fmt_stem [function] [call site] 00203
4 file_kind_to_string [function] [call site] 00204
4 pthread_mutex_unlock [call site] 00205
3 lspec_incomp [function] [call site] 00206
3 lspec_incomp [function] [call site] 00207
3 lspec_incomp [function] [call site] 00208
3 __errno_location [call site] 00209
3 pthread_mutex_lock [call site] 00210
3 fmt_stem [function] [call site] 00211
3 pthread_mutex_unlock [call site] 00212
3 __errno_location [call site] 00213
3 pthread_mutex_lock [call site] 00214
3 fmt_stem [function] [call site] 00215
3 pthread_mutex_unlock [call site] 00216
3 strcmp [call site] 00217
3 __assert_fail [call site] 00218
3 strcmp [call site] 00219
3 strcmp [call site] 00220
3 rspec_incomp [function] [call site] 00221
4 __errno_location [call site] 00222
4 pthread_mutex_lock [call site] 00223
4 fmt_stem [function] [call site] 00224
4 file_kind_to_string [function] [call site] 00225
4 pthread_mutex_unlock [call site] 00226
3 __errno_location [call site] 00227
3 pthread_mutex_lock [call site] 00228
3 fmt_stem [function] [call site] 00229
3 file_kind_to_string [function] [call site] 00230
3 pthread_mutex_unlock [call site] 00231
3 __errno_location [call site] 00232
3 pthread_mutex_lock [call site] 00233
3 fmt_stem [function] [call site] 00234
3 file_kind_to_string [function] [call site] 00235
3 pthread_mutex_unlock [call site] 00236
3 strcmp [call site] 00237
3 __errno_location [call site] 00238
3 pthread_mutex_lock [call site] 00239
3 fmt_stem [function] [call site] 00240
3 pthread_mutex_unlock [call site] 00241
3 __errno_location [call site] 00242
3 pthread_mutex_lock [call site] 00243
3 fmt_stem [function] [call site] 00244
3 pthread_mutex_unlock [call site] 00245
3 spec_node_cmp [function] [call site] 00246
4 __errno_location [call site] 00247
4 pthread_mutex_lock [call site] 00248
4 fmt_stem [function] [call site] 00249
4 pthread_mutex_unlock [call site] 00250
4 __errno_location [call site] 00251
4 pthread_mutex_lock [call site] 00252
4 fmt_stem [function] [call site] 00253
4 pthread_mutex_unlock [call site] 00254
4 __errno_location [call site] 00255
4 pthread_mutex_lock [call site] 00256
4 fmt_stem [function] [call site] 00257
4 pthread_mutex_unlock [call site] 00258
4 __errno_location [call site] 00259
4 pthread_mutex_lock [call site] 00260
4 fmt_stem [function] [call site] 00261
4 pthread_mutex_unlock [call site] 00262
4 __errno_location [call site] 00263
4 pthread_mutex_lock [call site] 00264
4 fmt_stem [function] [call site] 00265
4 pthread_mutex_unlock [call site] 00266
1 __assert_fail [call site] 00267
1 __errno_location [call site] 00268
1 lookup_all [function] [call site] 00269
2 mode_to_file_kind [function] [call site] 00270
2 __errno_location [call site] 00271
2 __errno_location [call site] 00272
2 strstr [call site] 00273
2 strlen [call site] 00274
2 strstr [call site] 00275
2 strcpy [call site] 00276
2 strlen [call site] 00277
2 __errno_location [call site] 00278
2 selabel_sub_key [function] [call site] 00279
3 selabel_apply_subs [function] [call site] 00280
4 strncmp [call site] 00281
4 strcmp [call site] 00282
3 strlen [call site] 00283
3 selabel_apply_subs [function] [call site] 00284
3 selabel_apply_subs [function] [call site] 00285
2 lookup_find_deepest_node [function] [call site] 00286
3 strchr [call site] 00287
3 search_child_node [function] [call site] 00288
4 strncmp [call site] 00289
2 lookup_check_node [function] [call site] 00290
3 strlen [call site] 00291
3 __assert_fail [call site] 00292
3 search_literal_spec [function] [call site] 00293
4 strncmp [call site] 00294
4 strcmp [call site] 00295
4 strncmp [call site] 00296
4 strcmp [call site] 00297
3 strcmp [call site] 00298
3 __errno_location [call site] 00299
3 strncmp [call site] 00300
3 strcmp [call site] 00301
3 compile_regex [function] [call site] 00302
4 __errno_location [call site] 00303
4 pthread_mutex_lock [call site] 00304
4 pthread_mutex_unlock [call site] 00305
4 strlen [call site] 00306
4 pthread_mutex_unlock [call site] 00307
4 snprintf [call site] 00308
4 __errno_location [call site] 00309
4 pthread_mutex_unlock [call site] 00310
4 snprintf [call site] 00311
4 regex_prepare_data [function] [call site] 00312
5 regex_data_create [function] [call site] 00313
5 pcre2_compile_8 [call site] 00314
5 pcre2_match_data_create_from_pattern_8 [call site] 00315
5 regex_data_free [function] [call site] 00316
4 regex_format_error [function] [call site] 00317
5 snprintf [call site] 00318
5 abort [call site] 00319
5 snprintf [call site] 00320
5 abort [call site] 00321
5 snprintf [call site] 00322
5 abort [call site] 00323
5 pcre2_get_error_message_8 [call site] 00324
4 pthread_mutex_unlock [call site] 00325
4 __errno_location [call site] 00326
4 pthread_mutex_unlock [call site] 00327
3 __errno_location [call site] 00328
3 pthread_mutex_lock [call site] 00329
3 pthread_mutex_unlock [call site] 00330
3 regex_match [function] [call site] 00331
4 pthread_mutex_lock [call site] 00332
4 pcre2_match_8 [call site] 00333
4 pthread_mutex_unlock [call site] 00334
3 strcmp [call site] 00335
3 __errno_location [call site] 00336
3 __errno_location [call site] 00337
3 __errno_location [call site] 00338
3 free_lookup_result [function] [call site] 00339
1 __errno_location [call site] 00340
1 __assert_fail [call site] 00341
1 __assert_fail [call site] 00342
1 __assert_fail [call site] 00343
1 __assert_fail [call site] 00344
1 __assert_fail [call site] 00345
1 strcmp [call site] 00346
1 __assert_fail [call site] 00347
1 __assert_fail [call site] 00348
1 __assert_fail [call site] 00349
1 strlen [call site] 00350
1 __assert_fail [call site] 00351
1 free_lookup_result [function] [call site] 00352
1 fclose [call site] 00353
1 free_spec_node [function] [call site] 00354
1 munmap [call site] 00355
1 __assert_fail [call site] 00356