Fuzz introspector: usbredirparserfuzz
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
0 6 1 :

['va_log']

0 6 usbredirparser_caps_get_cap call site: 00007 /work/build/../../src/spice-usbredir/usbredirparser/usbredirparser.c:272
0 0 None 12 22 usbredirfilter_string_to_rules call site: 00197 /work/build/../../src/spice-usbredir/usbredirparser/usbredirfilter.c:68
0 0 None 10 20 usbredirfilter_string_to_rules call site: 00198 /work/build/../../src/spice-usbredir/usbredirparser/usbredirfilter.c:73
0 0 None 2 107 usbredirparser_unserialize call site: 00128 /work/build/../../src/spice-usbredir/usbredirparser/usbredirparser.c:1942
0 0 None 2 65 usbredirparser_unserialize call site: 00140 /work/build/../../src/spice-usbredir/usbredirparser/usbredirparser.c:1991
0 0 None 2 25 usbredirparser_queue call site: 00030 /work/build/../../src/spice-usbredir/usbredirparser/usbredirparser.c:1228
0 0 None 2 2 usbredirparser_do_write call site: 00211 /work/build/../../src/spice-usbredir/usbredirparser/usbredirparser.c:1177
0 0 None 0 391 usbredirparser_do_read call site: 00181 /work/build/../../src/spice-usbredir/usbredirparser/usbredirparser.c:1100
0 0 None 0 136 usbredirparser_init call site: 00004 /work/build/../../src/spice-usbredir/usbredirparser/usbredirparser.c:217
0 0 None 0 17 usbredirparser_queue call site: 00067 /work/build/../../src/spice-usbredir/usbredirparser/usbredirparser.c:1237
0 0 None 0 12 usbredirparser_do_read call site: 00174 /work/build/../../src/spice-usbredir/usbredirparser/usbredirparser.c:1072
0 0 None 0 12 usbredirparser_unserialize call site: 00094 /work/build/../../src/spice-usbredir/usbredirparser/usbredirparser.c:1813

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 usbredirparser_create [function] [call site] 00001
2 calloc [call site] 00002
1 usbredirparser_init [function] [call site] 00003
2 snprintf [call site] 00004
2 usbredirparser_caps_set_cap [function] [call site] 00005
2 usbredirparser_verify_caps [function] [call site] 00006
3 usbredirparser_caps_get_cap [function] [call site] 00007
4 va_log [function] [call site] 00008
5 sprintf [call site] 00009
5 vsnprintf [call site] 00010
3 usbredirparser_caps_get_cap [function] [call site] 00011
3 va_log [function] [call site] 00012
2 usbredirparser_queue [function] [call site] 00013
3 usbredirparser_get_header_len [function] [call site] 00014
4 usbredirparser_using_32bits_ids [function] [call site] 00015
5 usbredirparser_have_cap [function] [call site] 00016
6 usbredirparser_caps_get_cap [function] [call site] 00017
5 usbredirparser_peer_has_cap [function] [call site] 00018
6 usbredirparser_caps_get_cap [function] [call site] 00019
3 usbredirparser_get_type_header_len [function] [call site] 00020
4 usbredirparser_have_cap [function] [call site] 00021
4 usbredirparser_peer_has_cap [function] [call site] 00022
4 usbredirparser_have_cap [function] [call site] 00023
4 usbredirparser_peer_has_cap [function] [call site] 00024
4 usbredirparser_have_cap [function] [call site] 00025
4 usbredirparser_peer_has_cap [function] [call site] 00026
4 usbredirparser_have_cap [function] [call site] 00027
4 usbredirparser_peer_has_cap [function] [call site] 00028
3 va_log [function] [call site] 00029
3 usbredirparser_verify_type_header [function] [call site] 00030
4 va_log [function] [call site] 00031
4 va_log [function] [call site] 00032
4 va_log [function] [call site] 00033
4 va_log [function] [call site] 00034
4 usbredirparser_peer_has_cap [function] [call site] 00035
4 usbredirparser_have_cap [function] [call site] 00036
4 va_log [function] [call site] 00037
4 usbredirparser_peer_has_cap [function] [call site] 00038
4 usbredirparser_have_cap [function] [call site] 00039
4 va_log [function] [call site] 00040
4 va_log [function] [call site] 00041
4 va_log [function] [call site] 00042
4 usbredirparser_peer_has_cap [function] [call site] 00043
4 usbredirparser_have_cap [function] [call site] 00044
4 va_log [function] [call site] 00045
4 usbredirparser_verify_bulk_recv_cap [function] [call site] 00046
5 usbredirparser_peer_has_cap [function] [call site] 00047
5 usbredirparser_have_cap [function] [call site] 00048
5 va_log [function] [call site] 00049
4 va_log [function] [call site] 00050
4 va_log [function] [call site] 00051
4 usbredirparser_verify_bulk_recv_cap [function] [call site] 00052
4 va_log [function] [call site] 00053
4 usbredirparser_verify_bulk_recv_cap [function] [call site] 00054
4 va_log [function] [call site] 00055
4 usbredirparser_have_cap [function] [call site] 00056
4 usbredirparser_peer_has_cap [function] [call site] 00057
4 va_log [function] [call site] 00058
4 usbredirparser_verify_bulk_recv_cap [function] [call site] 00059
4 va_log [function] [call site] 00060
4 va_log [function] [call site] 00061
4 va_log [function] [call site] 00062
4 va_log [function] [call site] 00063
4 va_log [function] [call site] 00064
4 va_log [function] [call site] 00065
3 va_log [function] [call site] 00066
3 calloc [call site] 00067
3 va_log [function] [call site] 00068
3 usbredirparser_using_32bits_ids [function] [call site] 00069
1 (anonymous namespace)::try_unserialize(usbredirparser*, FuzzedDataProvider*) [function] [call site] 00070
2 __assert_fail [call site] 00071
2 usbredirparser_unserialize [function] [call site] 00072
3 usbredirparser_assert_invariants [function] [call site] 00073
4 __assert_fail [call site] 00074
4 __assert_fail [call site] 00075
4 __assert_fail [call site] 00076
4 __assert_fail [call site] 00077
4 __assert_fail [call site] 00078
4 __assert_fail [call site] 00079
4 __assert_fail [call site] 00080
4 __assert_fail [call site] 00081
4 __assert_fail [call site] 00082
4 __assert_fail [call site] 00083
4 __assert_fail [call site] 00084
4 __assert_fail [call site] 00085
4 __assert_fail [call site] 00086
4 __assert_fail [call site] 00087
4 __assert_fail [call site] 00088
4 __assert_fail [call site] 00089
4 __assert_fail [call site] 00090
3 unserialize_int [function] [call site] 00091
4 va_log [function] [call site] 00092
4 va_log [function] [call site] 00093
3 usbredirparser_assert_invariants [function] [call site] 00094
3 va_log [function] [call site] 00095
3 usbredirparser_assert_invariants [function] [call site] 00096
3 va_log [function] [call site] 00097
3 usbredirparser_assert_invariants [function] [call site] 00098
3 unserialize_int [function] [call site] 00099
3 usbredirparser_assert_invariants [function] [call site] 00100
3 va_log [function] [call site] 00101
3 usbredirparser_assert_invariants [function] [call site] 00102
3 unserialize_data [function] [call site] 00103
4 va_log [function] [call site] 00104
4 va_log [function] [call site] 00105
4 va_log [function] [call site] 00106
4 va_log [function] [call site] 00107
4 va_log [function] [call site] 00108
4 va_log [function] [call site] 00109
3 usbredirparser_assert_invariants [function] [call site] 00110
3 va_log [function] [call site] 00111
3 usbredirparser_assert_invariants [function] [call site] 00112
3 va_log [function] [call site] 00113
3 unserialize_data [function] [call site] 00114
3 usbredirparser_assert_invariants [function] [call site] 00115
3 unserialize_int [function] [call site] 00116
3 usbredirparser_assert_invariants [function] [call site] 00117
3 usbredirparser_get_header_len [function] [call site] 00118
3 unserialize_data [function] [call site] 00119
3 usbredirparser_assert_invariants [function] [call site] 00120
3 va_log [function] [call site] 00121
3 usbredirparser_assert_invariants [function] [call site] 00122
3 usbredirparser_get_type_header_len [function] [call site] 00123
3 usbredirparser_expect_extra_data [function] [call site] 00124
3 va_log [function] [call site] 00125
3 usbredirparser_assert_invariants [function] [call site] 00126
3 unserialize_data [function] [call site] 00127
3 usbredirparser_assert_invariants [function] [call site] 00128
3 va_log [function] [call site] 00129
3 usbredirparser_assert_invariants [function] [call site] 00130
3 unserialize_data [function] [call site] 00131
3 usbredirparser_assert_invariants [function] [call site] 00132
3 unserialize_int [function] [call site] 00133
3 usbredirparser_assert_invariants [function] [call site] 00134
3 usbredirparser_assert_invariants [function] [call site] 00135
3 unserialize_data [function] [call site] 00136
3 usbredirparser_assert_invariants [function] [call site] 00137
3 va_log [function] [call site] 00138
3 usbredirparser_assert_invariants [function] [call site] 00139
3 calloc [call site] 00140
3 va_log [function] [call site] 00141
3 usbredirparser_assert_invariants [function] [call site] 00142
3 va_log [function] [call site] 00143
3 usbredirparser_assert_invariants [function] [call site] 00144
3 usbredirparser_assert_invariants [function] [call site] 00145
1 usbredirparser_has_data_to_write [function] [call site] 00146
1 (anonymous namespace)::try_serialize(usbredirparser*) [function] [call site] 00147
2 usbredirparser_serialize [function] [call site] 00148
3 serialize_int [function] [call site] 00149
4 va_log [function] [call site] 00150
4 serialize_alloc [function] [call site] 00151
5 realloc [call site] 00152
5 va_log [function] [call site] 00153
3 serialize_int [function] [call site] 00154
3 serialize_data [function] [call site] 00155
4 va_log [function] [call site] 00156
4 va_log [function] [call site] 00157
4 serialize_alloc [function] [call site] 00158
3 serialize_data [function] [call site] 00159
3 serialize_int [function] [call site] 00160
3 serialize_int [function] [call site] 00161
3 serialize_data [function] [call site] 00162
3 serialize_data [function] [call site] 00163
3 serialize_data [function] [call site] 00164
3 serialize_int [function] [call site] 00165
3 serialize_data [function] [call site] 00166
1 usbredirparser_do_read [function] [call site] 00167
2 usbredirparser_get_header_len [function] [call site] 00168
2 usbredirparser_assert_invariants [function] [call site] 00169
2 usbredirparser_assert_invariants [function] [call site] 00170
2 usbredirparser_assert_invariants [function] [call site] 00171
2 usbredirparser_get_type_header_len [function] [call site] 00172
2 va_log [function] [call site] 00173
2 usbredirparser_assert_invariants [function] [call site] 00174
2 va_log [function] [call site] 00175
2 usbredirparser_assert_invariants [function] [call site] 00176
2 va_log [function] [call site] 00177
2 usbredirparser_assert_invariants [function] [call site] 00178
2 usbredirparser_expect_extra_data [function] [call site] 00179
2 va_log [function] [call site] 00180
2 usbredirparser_assert_invariants [function] [call site] 00181
2 va_log [function] [call site] 00182
2 usbredirparser_assert_invariants [function] [call site] 00183
2 usbredirparser_verify_type_header [function] [call site] 00184
2 usbredirparser_call_type_func [function] [call site] 00185
3 usbredirparser_using_32bits_ids [function] [call site] 00186
3 usbredirparser_handle_hello [function] [call site] 00187
4 strncpy [call site] 00188
4 usbredirparser_verify_caps [function] [call site] 00189
4 usbredirparser_using_32bits_ids [function] [call site] 00190
3 usbredirparser_peer_has_cap [function] [call site] 00191
3 usbredirparser_queue [function] [call site] 00192
3 usbredirfilter_string_to_rules [function] [call site] 00193
4 strlen [call site] 00194
4 strspn [call site] 00195
4 strcspn [call site] 00196
4 calloc [call site] 00197
4 strdup [call site] 00198
4 strtok_r [call site] 00199
4 strtok_r [call site] 00200
4 strtol [call site] 00201
4 strtok_r [call site] 00202
4 usbredirfilter_verify [function] [call site] 00203
4 strtok_r [call site] 00204
3 va_log [function] [call site] 00205
2 usbredirparser_assert_invariants [function] [call site] 00206
2 usbredirparser_get_header_len [function] [call site] 00207
1 (anonymous namespace)::try_serialize(usbredirparser*) [function] [call site] 00208
1 usbredirparser_has_data_to_write [function] [call site] 00209
1 usbredirparser_do_write [function] [call site] 00210
2 __assert_fail [call site] 00211
2 abort [call site] 00212