Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
4	2 : View List ['free', 'va_log']	0	4	usbredirparser_queue	call site: 00129	/work/build/../../src/spice-usbredir/usbredirparser/usbredirparser.c:1237
4	2 : View List ['free', 'va_log']	0	4	serialize_alloc	call site: 00198	/work/build/../../src/spice-usbredir/usbredirparser/usbredirparser.c:1599
0	None	2	261	usbredirparser_unserialize	call site: 00191	/work/build/../../src/spice-usbredir/usbredirparser/usbredirparser.c:1813
0	None	2	55	usbredirparser_unserialize	call site: 00191	/work/build/../../src/spice-usbredir/usbredirparser/usbredirparser.c:1991
0	None	2	2	usbredirparser_do_write	call site: 00249	/work/build/../../src/spice-usbredir/usbredirparser/usbredirparser.c:1177
0	None	0	11	usbredirparser_unserialize	call site: 00191	/work/build/../../src/spice-usbredir/usbredirparser/usbredirparser.c:1942
0	None	0	4	usbredirparser_queue	call site: 00082	/work/build/../../src/spice-usbredir/usbredirparser/usbredirparser.c:1223
0	None	0	4	usbredirparser_queue	call site: 00092	/work/build/../../src/spice-usbredir/usbredirparser/usbredirparser.c:1228
0	None	0	4	unserialize_data	call site: 00162	/work/build/../../src/spice-usbredir/usbredirparser/usbredirparser.c:1691

Fuzzer calltree


         LLVMFuzzerTestOneInput

[function] [call site] 00000


           usbredirparser_create

[function] [call site] 00001


             calloc

[call site] 00002


           (anonymous namespace)::parser_log(void*, int, char const*)

[function] [call site] 00003


           (anonymous namespace)::parser_read(void*, unsigned char*, int)

[function] [call site] 00004


             (anonymous namespace)::wobbly_read_write_count(int)

[function] [call site] 00005


           (anonymous namespace)::parser_write(void*, unsigned char*, int)

[function] [call site] 00006


             (anonymous namespace)::wobbly_read_write_count(int)

[function] [call site] 00007


             (anonymous namespace)::read_all(void const*, unsigned long)

[function] [call site] 00008


           (anonymous namespace)::parser_device_connect(void*, usb_redir_device_connect_header*)

[function] [call site] 00009


           (anonymous namespace)::parser_device_disconnect(void*)

[function] [call site] 00010


           (anonymous namespace)::parser_reset(void*)

[function] [call site] 00011


           (anonymous namespace)::parser_interface_info(void*, usb_redir_interface_info_header*)

[function] [call site] 00012


           (anonymous namespace)::parser_ep_info(void*, usb_redir_ep_info_header*)

[function] [call site] 00013


           (anonymous namespace)::parser_set_configuration(void*, unsigned long, usb_redir_set_configuration_header*)

[function] [call site] 00014


           (anonymous namespace)::parser_get_configuration(void*, unsigned long)

[function] [call site] 00015


           (anonymous namespace)::parser_configuration_status(void*, unsigned long, usb_redir_configuration_status_header*)

[function] [call site] 00016


           (anonymous namespace)::parser_set_alt_setting(void*, unsigned long, usb_redir_set_alt_setting_header*)

[function] [call site] 00017


           (anonymous namespace)::parser_get_alt_setting(void*, unsigned long, usb_redir_get_alt_setting_header*)

[function] [call site] 00018


           (anonymous namespace)::parser_alt_setting_status(void*, unsigned long, usb_redir_alt_setting_status_header*)

[function] [call site] 00019


           (anonymous namespace)::parser_start_iso_stream(void*, unsigned long, usb_redir_start_iso_stream_header*)

[function] [call site] 00020


           (anonymous namespace)::parser_stop_iso_stream(void*, unsigned long, usb_redir_stop_iso_stream_header*)

[function] [call site] 00021


           (anonymous namespace)::parser_iso_stream_status(void*, unsigned long, usb_redir_iso_stream_status_header*)

[function] [call site] 00022


           (anonymous namespace)::parser_start_interrupt_receiving(void*, unsigned long, usb_redir_start_interrupt_receiving_header*)

[function] [call site] 00023


           (anonymous namespace)::parser_stop_interrupt_receiving(void*, unsigned long, usb_redir_stop_interrupt_receiving_header*)

[function] [call site] 00024


           (anonymous namespace)::parser_interrupt_receiving_status(void*, unsigned long, usb_redir_interrupt_receiving_status_header*)

[function] [call site] 00025


           (anonymous namespace)::parser_alloc_bulk_streams(void*, unsigned long, usb_redir_alloc_bulk_streams_header*)

[function] [call site] 00026


           (anonymous namespace)::parser_free_bulk_streams(void*, unsigned long, usb_redir_free_bulk_streams_header*)

[function] [call site] 00027


           (anonymous namespace)::parser_bulk_streams_status(void*, unsigned long, usb_redir_bulk_streams_status_header*)

[function] [call site] 00028


           (anonymous namespace)::parser_cancel_data_packet(void*, unsigned long)

[function] [call site] 00029


           (anonymous namespace)::parser_control_packet(void*, unsigned long, usb_redir_control_packet_header*, unsigned char*, int)

[function] [call site] 00030


             void (anonymous namespace)::read_all
             
              (usb_redir_control_packet_header const*)

[function] [call site] 00031


               (anonymous namespace)::read_all(void const*, unsigned long)

[function] [call site] 00032


             (anonymous namespace)::read_all(void const*, unsigned long)

[function] [call site] 00033


             usbredirparser_free_packet_data

[function] [call site] 00034


           (anonymous namespace)::parser_bulk_packet(void*, unsigned long, usb_redir_bulk_packet_header*, unsigned char*, int)

[function] [call site] 00035


             void (anonymous namespace)::read_all
             
              (usb_redir_bulk_packet_header const*)

[function] [call site] 00036


             (anonymous namespace)::read_all(void const*, unsigned long)

[function] [call site] 00037


             usbredirparser_free_packet_data

[function] [call site] 00038


           (anonymous namespace)::parser_iso_packet(void*, unsigned long, usb_redir_iso_packet_header*, unsigned char*, int)

[function] [call site] 00039


             void (anonymous namespace)::read_all
             
              (usb_redir_iso_packet_header const*)

[function] [call site] 00040


             (anonymous namespace)::read_all(void const*, unsigned long)

[function] [call site] 00041


             usbredirparser_free_packet_data

[function] [call site] 00042


           (anonymous namespace)::parser_interrupt_packet(void*, unsigned long, usb_redir_interrupt_packet_header*, unsigned char*, int)

[function] [call site] 00043


             void (anonymous namespace)::read_all
             
              (usb_redir_interrupt_packet_header const*)

[function] [call site] 00044


             (anonymous namespace)::read_all(void const*, unsigned long)

[function] [call site] 00045


             usbredirparser_free_packet_data

[function] [call site] 00046


           (anonymous namespace)::parser_alloc_lock()

[function] [call site] 00047


           (anonymous namespace)::parser_lock(void*)

[function] [call site] 00048


           (anonymous namespace)::parser_unlock(void*)

[function] [call site] 00049


           (anonymous namespace)::parser_free_lock(void*)

[function] [call site] 00050


           (anonymous namespace)::parser_hello(void*, usb_redir_hello_header*)

[function] [call site] 00051


           (anonymous namespace)::parser_filter_reject(void*)

[function] [call site] 00052


           (anonymous namespace)::parser_filter_filter(void*, usbredirfilter_rule*, int)

[function] [call site] 00053


             usbredirfilter_free

[function] [call site] 00054


           (anonymous namespace)::parser_device_disconnect_ack(void*)

[function] [call site] 00055


           (anonymous namespace)::parser_start_bulk_receiving(void*, unsigned long, usb_redir_start_bulk_receiving_header*)

[function] [call site] 00056


             void (anonymous namespace)::read_all
             
              (usb_redir_start_bulk_receiving_header const*)

[function] [call site] 00057


           (anonymous namespace)::parser_stop_bulk_receiving(void*, unsigned long, usb_redir_stop_bulk_receiving_header*)

[function] [call site] 00058


             void (anonymous namespace)::read_all
             
              (usb_redir_stop_bulk_receiving_header const*)

[function] [call site] 00059


           (anonymous namespace)::parser_bulk_receiving_status(void*, unsigned long, usb_redir_bulk_receiving_status_header*)

[function] [call site] 00060


             void (anonymous namespace)::read_all
             
              (usb_redir_bulk_receiving_status_header const*)

[function] [call site] 00061


           (anonymous namespace)::parser_buffered_bulk_packet(void*, unsigned long, usb_redir_buffered_bulk_packet_header*, unsigned char*, int)

[function] [call site] 00062


             void (anonymous namespace)::read_all
             
              (usb_redir_buffered_bulk_packet_header const*)

[function] [call site] 00063


             (anonymous namespace)::read_all(void const*, unsigned long)

[function] [call site] 00064


             usbredirparser_free_packet_data

[function] [call site] 00065


           usbredirparser_init

[function] [call site] 00066


             snprintf

[call site] 00067


             usbredirparser_caps_set_cap

[function] [call site] 00068


             usbredirparser_verify_caps

[function] [call site] 00069


               usbredirparser_caps_get_cap

[function] [call site] 00070


                 va_log

[function] [call site] 00071


                   vsnprintf

[call site] 00072


               usbredirparser_caps_get_cap

[function] [call site] 00073


               va_log

[function] [call site] 00074


             usbredirparser_queue

[function] [call site] 00075


               usbredirparser_get_header_len

[function] [call site] 00076


                 usbredirparser_using_32bits_ids

[function] [call site] 00077


                   usbredirparser_have_cap

[function] [call site] 00078


                     usbredirparser_caps_get_cap

[function] [call site] 00079


                   usbredirparser_peer_has_cap

[function] [call site] 00080


                     usbredirparser_caps_get_cap

[function] [call site] 00081


               usbredirparser_get_type_header_len

[function] [call site] 00082


                 usbredirparser_have_cap

[function] [call site] 00083


                 usbredirparser_peer_has_cap

[function] [call site] 00084


                 usbredirparser_have_cap

[function] [call site] 00085


                 usbredirparser_peer_has_cap

[function] [call site] 00086


                 usbredirparser_have_cap

[function] [call site] 00087


                 usbredirparser_peer_has_cap

[function] [call site] 00088


                 usbredirparser_have_cap

[function] [call site] 00089


                 usbredirparser_peer_has_cap

[function] [call site] 00090


               va_log

[function] [call site] 00091


               usbredirparser_verify_type_header

[function] [call site] 00092


                 va_log

[function] [call site] 00093


                 va_log

[function] [call site] 00094


                 va_log

[function] [call site] 00095


                 va_log

[function] [call site] 00096


                 usbredirparser_peer_has_cap

[function] [call site] 00097


                 usbredirparser_have_cap

[function] [call site] 00098


                 va_log

[function] [call site] 00099


                 usbredirparser_peer_has_cap

[function] [call site] 00100


                 usbredirparser_have_cap

[function] [call site] 00101


                 va_log

[function] [call site] 00102


                 va_log

[function] [call site] 00103


                 va_log

[function] [call site] 00104


                 usbredirparser_peer_has_cap

[function] [call site] 00105


                 usbredirparser_have_cap

[function] [call site] 00106


                 va_log

[function] [call site] 00107


                 usbredirparser_verify_bulk_recv_cap

[function] [call site] 00108


                   usbredirparser_peer_has_cap

[function] [call site] 00109


                   usbredirparser_have_cap

[function] [call site] 00110


                   va_log

[function] [call site] 00111


                 va_log

[function] [call site] 00112


                 va_log

[function] [call site] 00113


                 usbredirparser_verify_bulk_recv_cap

[function] [call site] 00114


                 va_log

[function] [call site] 00115


                 usbredirparser_verify_bulk_recv_cap

[function] [call site] 00116


                 va_log

[function] [call site] 00117


                 usbredirparser_have_cap

[function] [call site] 00118


                 usbredirparser_peer_has_cap

[function] [call site] 00119


                 va_log

[function] [call site] 00120


                 usbredirparser_verify_bulk_recv_cap

[function] [call site] 00121


                 va_log

[function] [call site] 00122


                 va_log

[function] [call site] 00123


                 va_log

[function] [call site] 00124


                 va_log

[function] [call site] 00125


                 va_log

[function] [call site] 00126


                 va_log

[function] [call site] 00127


               va_log

[function] [call site] 00128


               calloc

[call site] 00129


               va_log

[function] [call site] 00130


               usbredirparser_using_32bits_ids

[function] [call site] 00131


           (anonymous namespace)::try_unserialize(usbredirparser*, FuzzedDataProvider*)

[function] [call site] 00132


             __assert_fail

[call site] 00133


             usbredirparser_unserialize

[function] [call site] 00134


               usbredirparser_assert_invariants

[function] [call site] 00135


                 __assert_fail

[call site] 00136


                 __assert_fail

[call site] 00137


                 __assert_fail

[call site] 00138


                 __assert_fail

[call site] 00139


                 __assert_fail

[call site] 00140


                 __assert_fail

[call site] 00141


                 __assert_fail

[call site] 00142


                 __assert_fail

[call site] 00143


                 __assert_fail

[call site] 00144


                 __assert_fail

[call site] 00145


                 __assert_fail

[call site] 00146


                 __assert_fail

[call site] 00147


                 __assert_fail

[call site] 00148


                 __assert_fail

[call site] 00149


                 __assert_fail

[call site] 00150


                 __assert_fail

[call site] 00151


                 __assert_fail

[call site] 00152


               unserialize_int

[function] [call site] 00153


                 va_log

[function] [call site] 00154


                 va_log

[function] [call site] 00155


               va_log

[function] [call site] 00156


               va_log

[function] [call site] 00157


               unserialize_int

[function] [call site] 00158


               va_log

[function] [call site] 00159


               unserialize_data

[function] [call site] 00160


                 va_log

[function] [call site] 00161


                 va_log

[function] [call site] 00162


                 va_log

[function] [call site] 00163


                 va_log

[function] [call site] 00164


                 va_log

[function] [call site] 00165


                 va_log

[function] [call site] 00166


               va_log

[function] [call site] 00167


               va_log

[function] [call site] 00168


               unserialize_data

[function] [call site] 00169


               unserialize_int

[function] [call site] 00170


               usbredirparser_get_header_len

[function] [call site] 00171


               unserialize_data

[function] [call site] 00172


               va_log

[function] [call site] 00173


               usbredirparser_get_type_header_len

[function] [call site] 00174


               usbredirparser_expect_extra_data

[function] [call site] 00175


               va_log

[function] [call site] 00176


               usbredirparser_assert_invariants

[function] [call site] 00177


               unserialize_data

[function] [call site] 00178


               va_log

[function] [call site] 00179


               unserialize_data

[function] [call site] 00180


               unserialize_int

[function] [call site] 00181


               usbredirparser_assert_invariants

[function] [call site] 00182


               unserialize_data

[function] [call site] 00183


               usbredirparser_assert_invariants

[function] [call site] 00184


               va_log

[function] [call site] 00185


               usbredirparser_assert_invariants

[function] [call site] 00186


               calloc

[call site] 00187


               va_log

[function] [call site] 00188


               usbredirparser_assert_invariants

[function] [call site] 00189


               va_log

[function] [call site] 00190


               usbredirparser_assert_invariants

[function] [call site] 00191


           usbredirparser_has_data_to_write

[function] [call site] 00192


           (anonymous namespace)::try_serialize(usbredirparser*)

[function] [call site] 00193


             usbredirparser_serialize

[function] [call site] 00194


               serialize_int

[function] [call site] 00195


                 va_log

[function] [call site] 00196


                 serialize_alloc

[function] [call site] 00197


                   realloc

[call site] 00198


                   va_log

[function] [call site] 00199


               serialize_int

[function] [call site] 00200


               serialize_data

[function] [call site] 00201


                 va_log

[function] [call site] 00202


                 va_log

[function] [call site] 00203


                 serialize_alloc

[function] [call site] 00204


               serialize_data

[function] [call site] 00205


               serialize_int

[function] [call site] 00206


               serialize_int

[function] [call site] 00207


               serialize_data

[function] [call site] 00208


               serialize_data

[function] [call site] 00209


               serialize_data

[function] [call site] 00210


               serialize_int

[function] [call site] 00211


               serialize_data

[function] [call site] 00212


           usbredirparser_do_read

[function] [call site] 00213


             usbredirparser_get_header_len

[function] [call site] 00214


             usbredirparser_assert_invariants

[function] [call site] 00215


             usbredirparser_assert_invariants

[function] [call site] 00216


             usbredirparser_get_type_header_len

[function] [call site] 00217


             va_log

[function] [call site] 00218


             va_log

[function] [call site] 00219


             va_log

[function] [call site] 00220


             usbredirparser_expect_extra_data

[function] [call site] 00221


             va_log

[function] [call site] 00222


             va_log

[function] [call site] 00223


             usbredirparser_verify_type_header

[function] [call site] 00224


             usbredirparser_call_type_func

[function] [call site] 00225


               usbredirparser_using_32bits_ids

[function] [call site] 00226


               usbredirparser_handle_hello

[function] [call site] 00227


                 strncpy

[call site] 00228


                 usbredirparser_verify_caps

[function] [call site] 00229


                 usbredirparser_using_32bits_ids

[function] [call site] 00230


               usbredirparser_peer_has_cap

[function] [call site] 00231


               usbredirparser_queue

[function] [call site] 00232


               usbredirfilter_string_to_rules

[function] [call site] 00233


                 strspn

[call site] 00234


                 strcspn

[call site] 00235


                 calloc

[call site] 00236


                 strdup

[call site] 00237


                 strtok_r

[call site] 00238


                 strtok_r

[call site] 00239


                 strtol

[call site] 00240


                 strtok_r

[call site] 00241


                 usbredirfilter_verify

[function] [call site] 00242


                 strtok_r

[call site] 00243


               va_log

[function] [call site] 00244


             usbredirparser_get_header_len

[function] [call site] 00245


           (anonymous namespace)::try_serialize(usbredirparser*)

[function] [call site] 00246


           usbredirparser_has_data_to_write

[function] [call site] 00247


           usbredirparser_do_write

[function] [call site] 00248


             __assert_fail

[call site] 00249


             abort

[call site] 00250