Fuzz introspector: selabel_file_text-fuzzer
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
16 16 3 :

['__errno_location', 'pthread_mutex_lock', 'pthread_mutex_unlock']

16 16 compat_validate call site: 00100 /src/selinux/libselinux/src/matchpathcon.c:52
11 11 1 :

['file_kind_to_string']

93 216 spec_node_cmp call site: 00184 /src/selinux/libselinux/src/label_file.c:2353
10 10 4 :

['pthread_mutex_lock', '__errno_location', 'fmt_stem', 'pthread_mutex_unlock']

10 10 spec_node_cmp call site: 00199 /src/selinux/libselinux/src/label_file.c:2436
6 6 2 :

['statvfs64', 'set_selinuxmnt']

6 6 verify_selinuxmnt call site: 00000 /src/selinux/libselinux/src/init.c:39
4 4 2 :

['pthread_mutex_lock', 'pthread_mutex_unlock']

10 10 insert_spec call site: 00111 /src/selinux/libselinux/src/./label_file.h:660
2 2 2 :

['strlen', 'free']

2 15 selabel_sub_key call site: 00233 /src/selinux/libselinux/src/label_file.c:1388
2 2 1 :

['__errno_location']

2 2 validate_context call site: 00000 /src/selinux/libselinux/fuzz/selabel_file_compiled-fuzzer.c:29
2 2 1 :

['fclose']

2 2 convert_data call site: 00013 /src/selinux/libselinux/fuzz/selabel_file_compiled-fuzzer.c:80
2 2 1 :

['fclose']

2 2 init_selinuxmnt call site: 00000 /src/selinux/libselinux/src/init.c:128
2 2 1 :

['abort']

2 2 regex_format_error call site: 00089 /src/selinux/libselinux/src/regex.c:601
0 0 None 257 380 spec_node_cmp call site: 00152 /src/selinux/libselinux/src/label_file.c:2218
0 0 None 257 380 spec_node_cmp call site: 00153 /src/selinux/libselinux/src/label_file.c:2228

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 memmem [call site] 00001
1 selinux_set_callback [function] [call site] 00002
1 selinux_set_callback [function] [call site] 00003
1 calloc [call site] 00004
1 convert_data [function] [call site] 00005
2 memfd_create [call site] 00006
2 write_full [function] [call site] 00007
3 write [call site] 00008
3 __errno_location [call site] 00009
2 close [call site] 00010
2 fdopen [call site] 00011
2 close [call site] 00012
2 fseek [call site] 00013
2 fclose [call site] 00014
1 __errno_location [call site] 00015
1 process_text_file [function] [call site] 00016
2 getline [call site] 00017
2 process_line [function] [call site] 00018
3 strchr [call site] 00019
3 __errno_location [call site] 00020
3 read_spec_entries [function] [call site] 00021
4 __ctype_b_loc [call site] 00022
4 read_spec_entry [function] [call site] 00023
5 __ctype_b_loc [call site] 00024
5 __ctype_b_loc [call site] 00025
5 __errno_location [call site] 00026
5 __errno_location [call site] 00027
5 strndup [call site] 00028
3 __errno_location [call site] 00029
3 pthread_mutex_lock [call site] 00030
3 pthread_mutex_unlock [call site] 00031
3 __errno_location [call site] 00032
3 pthread_mutex_lock [call site] 00033
3 pthread_mutex_unlock [call site] 00034
3 __errno_location [call site] 00035
3 pthread_mutex_lock [call site] 00036
3 pthread_mutex_unlock [call site] 00037
3 __errno_location [call site] 00038
3 string_to_file_kind [function] [call site] 00039
3 __errno_location [call site] 00040
3 pthread_mutex_lock [call site] 00041
3 pthread_mutex_unlock [call site] 00042
3 __errno_location [call site] 00043
3 insert_spec [function] [call site] 00044
4 __errno_location [call site] 00045
4 regex_has_meta_chars [function] [call site] 00046
5 __ctype_b_loc [call site] 00047
5 __errno_location [call site] 00048
5 pthread_mutex_lock [call site] 00049
5 pthread_mutex_unlock [call site] 00050
4 __assert_fail [call site] 00051
4 strchr [call site] 00052
4 regex_simplify [function] [call site] 00053
5 __errno_location [call site] 00054
5 pthread_mutex_lock [call site] 00055
5 pthread_mutex_unlock [call site] 00056
4 strlen [call site] 00057
4 strcmp [call site] 00058
4 strncmp [call site] 00059
4 __errno_location [call site] 00060
4 reallocarray [call site] 00061
4 __errno_location [call site] 00062
4 reallocarray [call site] 00063
4 compile_regex [function] [call site] 00064
5 __errno_location [call site] 00065
5 pthread_mutex_lock [call site] 00066
5 pthread_mutex_unlock [call site] 00067
5 strlen [call site] 00068
5 pthread_mutex_unlock [call site] 00069
5 snprintf [call site] 00070
5 __errno_location [call site] 00071
5 pthread_mutex_unlock [call site] 00072
5 snprintf [call site] 00073
5 regex_prepare_data [function] [call site] 00074
6 regex_data_create [function] [call site] 00075
7 calloc [call site] 00076
7 pthread_mutex_init [call site] 00077
6 pcre2_compile_8 [call site] 00078
6 pcre2_match_data_create_from_pattern_8 [call site] 00079
6 regex_data_free [function] [call site] 00080
7 pcre2_code_free_8 [call site] 00081
7 pcre2_match_data_free_8 [call site] 00082
7 pthread_mutex_destroy [call site] 00083
5 regex_format_error [function] [call site] 00084
6 snprintf [call site] 00085
6 abort [call site] 00086
6 snprintf [call site] 00087
6 abort [call site] 00088
6 snprintf [call site] 00089
6 abort [call site] 00090
6 pcre2_get_error_message_8 [call site] 00091
5 pthread_mutex_unlock [call site] 00092
5 __errno_location [call site] 00093
5 pthread_mutex_unlock [call site] 00094
4 __errno_location [call site] 00095
4 pthread_mutex_lock [call site] 00096
4 pthread_mutex_unlock [call site] 00097
4 strcmp [call site] 00098
4 compat_validate [function] [call site] 00099
5 selabel_validate [function] [call site] 00100
6 pthread_mutex_lock [call site] 00101
6 pthread_mutex_unlock [call site] 00102
6 pthread_mutex_unlock [call site] 00103
5 __errno_location [call site] 00104
5 pthread_mutex_lock [call site] 00105
5 pthread_mutex_unlock [call site] 00106
5 __errno_location [call site] 00107
5 pthread_mutex_lock [call site] 00108
5 pthread_mutex_unlock [call site] 00109
4 strlen [call site] 00110
4 regex_simplify [function] [call site] 00111
4 __errno_location [call site] 00112
4 pthread_mutex_lock [call site] 00113
4 pthread_mutex_unlock [call site] 00114
4 __errno_location [call site] 00115
4 strchr [call site] 00116
4 __assert_fail [call site] 00117
4 strncmp [call site] 00118
4 strncmp [call site] 00119
4 __errno_location [call site] 00120
4 reallocarray [call site] 00121
4 strndup [call site] 00122
4 __errno_location [call site] 00123
4 reallocarray [call site] 00124
4 strlen [call site] 00125
4 __assert_fail [call site] 00126
4 strcmp [call site] 00127
4 compat_validate [function] [call site] 00128
1 __errno_location [call site] 00129
1 __assert_fail [call site] 00130
1 sort_specs [function] [call site] 00131
2 sort_spec_node [function] [call site] 00132
3 __assert_fail [call site] 00133
3 __assert_fail [call site] 00134
3 __assert_fail [call site] 00135
3 qsort [call site] 00136
3 compare_literal_spec [function] [call site] 00137
4 strcmp [call site] 00138
3 qsort [call site] 00139
3 compare_spec_node [function] [call site] 00140
4 strcmp [call site] 00141
4 __assert_fail [call site] 00142
3 sort_spec_node [function] [call site] 00143
1 cmp [function] [call site] 00144
2 __assert_fail [call site] 00145
2 spec_node_cmp [function] [call site] 00146
3 strcmp [call site] 00147
3 __errno_location [call site] 00148
3 pthread_mutex_lock [call site] 00149
3 fmt_stem [function] [call site] 00150
3 pthread_mutex_unlock [call site] 00151
3 strcmp [call site] 00152
3 lspec_incomp [function] [call site] 00153
4 __errno_location [call site] 00154
4 pthread_mutex_lock [call site] 00155
4 fmt_stem [function] [call site] 00156
4 file_kind_to_string [function] [call site] 00157
4 pthread_mutex_unlock [call site] 00158
3 lspec_incomp [function] [call site] 00159
3 lspec_incomp [function] [call site] 00160
3 lspec_incomp [function] [call site] 00161
3 __errno_location [call site] 00162
3 pthread_mutex_lock [call site] 00163
3 fmt_stem [function] [call site] 00164
3 pthread_mutex_unlock [call site] 00165
3 __errno_location [call site] 00166
3 pthread_mutex_lock [call site] 00167
3 fmt_stem [function] [call site] 00168
3 pthread_mutex_unlock [call site] 00169
3 strcmp [call site] 00170
3 __assert_fail [call site] 00171
3 strcmp [call site] 00172
3 strcmp [call site] 00173
3 rspec_incomp [function] [call site] 00174
4 __errno_location [call site] 00175
4 pthread_mutex_lock [call site] 00176
4 fmt_stem [function] [call site] 00177
4 file_kind_to_string [function] [call site] 00178
4 pthread_mutex_unlock [call site] 00179
3 __errno_location [call site] 00180
3 pthread_mutex_lock [call site] 00181
3 fmt_stem [function] [call site] 00182
3 file_kind_to_string [function] [call site] 00183
3 pthread_mutex_unlock [call site] 00184
3 __errno_location [call site] 00185
3 pthread_mutex_lock [call site] 00186
3 fmt_stem [function] [call site] 00187
3 file_kind_to_string [function] [call site] 00188
3 pthread_mutex_unlock [call site] 00189
3 strcmp [call site] 00190
3 __errno_location [call site] 00191
3 pthread_mutex_lock [call site] 00192
3 fmt_stem [function] [call site] 00193
3 pthread_mutex_unlock [call site] 00194
3 __errno_location [call site] 00195
3 pthread_mutex_lock [call site] 00196
3 fmt_stem [function] [call site] 00197
3 pthread_mutex_unlock [call site] 00198
3 spec_node_cmp [function] [call site] 00199
4 __errno_location [call site] 00200
4 pthread_mutex_lock [call site] 00201
4 fmt_stem [function] [call site] 00202
4 pthread_mutex_unlock [call site] 00203
4 __errno_location [call site] 00204
4 pthread_mutex_lock [call site] 00205
4 fmt_stem [function] [call site] 00206
4 pthread_mutex_unlock [call site] 00207
4 __errno_location [call site] 00208
4 pthread_mutex_lock [call site] 00209
4 fmt_stem [function] [call site] 00210
4 pthread_mutex_unlock [call site] 00211
4 __errno_location [call site] 00212
4 pthread_mutex_lock [call site] 00213
4 fmt_stem [function] [call site] 00214
4 pthread_mutex_unlock [call site] 00215
4 __errno_location [call site] 00216
4 pthread_mutex_lock [call site] 00217
4 fmt_stem [function] [call site] 00218
4 pthread_mutex_unlock [call site] 00219
1 __assert_fail [call site] 00220
1 __errno_location [call site] 00221
1 lookup_all [function] [call site] 00222
2 mode_to_file_kind [function] [call site] 00223
2 __errno_location [call site] 00224
2 __errno_location [call site] 00225
2 strstr [call site] 00226
2 strlen [call site] 00227
2 strstr [call site] 00228
2 strcpy [call site] 00229
2 strlen [call site] 00230
2 __errno_location [call site] 00231
2 selabel_sub_key [function] [call site] 00232
3 selabel_apply_subs [function] [call site] 00233
4 strncmp [call site] 00234
4 strcmp [call site] 00235
3 strlen [call site] 00236
3 selabel_apply_subs [function] [call site] 00237
3 selabel_apply_subs [function] [call site] 00238
2 lookup_find_deepest_node [function] [call site] 00239
3 strchr [call site] 00240
3 search_child_node [function] [call site] 00241
4 strncmp [call site] 00242
2 lookup_check_node [function] [call site] 00243
3 strlen [call site] 00244
3 __assert_fail [call site] 00245
3 search_literal_spec [function] [call site] 00246
4 strncmp [call site] 00247
4 strcmp [call site] 00248
4 strncmp [call site] 00249
4 strcmp [call site] 00250
3 strcmp [call site] 00251
3 __errno_location [call site] 00252
3 strncmp [call site] 00253
3 strcmp [call site] 00254
3 compile_regex [function] [call site] 00255
3 __errno_location [call site] 00256
3 pthread_mutex_lock [call site] 00257
3 pthread_mutex_unlock [call site] 00258
3 regex_match [function] [call site] 00259
4 pthread_mutex_lock [call site] 00260
4 pcre2_match_8 [call site] 00261
4 pthread_mutex_unlock [call site] 00262
3 strcmp [call site] 00263
3 __errno_location [call site] 00264
3 __errno_location [call site] 00265
3 __errno_location [call site] 00266
3 free_lookup_result [function] [call site] 00267
1 __errno_location [call site] 00268
1 __assert_fail [call site] 00269
1 __assert_fail [call site] 00270
1 __assert_fail [call site] 00271
1 __assert_fail [call site] 00272
1 __assert_fail [call site] 00273
1 strcmp [call site] 00274
1 __assert_fail [call site] 00275
1 __assert_fail [call site] 00276
1 __assert_fail [call site] 00277
1 strlen [call site] 00278
1 __assert_fail [call site] 00279
1 free_lookup_result [function] [call site] 00280
1 fclose [call site] 00281
1 free_spec_node [function] [call site] 00282
2 pthread_mutex_destroy [call site] 00283
2 pthread_mutex_destroy [call site] 00284
2 regex_data_free [function] [call site] 00285
2 pthread_mutex_destroy [call site] 00286
2 free_spec_node [function] [call site] 00287
1 munmap [call site] 00288
1 __assert_fail [call site] 00289