Fuzz introspector: xrow_header_decode_fuzzer
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
488 488 1 :

['fiber_delete']

488 488 cord_collect_garbage call site: 00000 /src/tarantool/src/lib/core/fiber.c:1909
97 97 1 :

['ev_loop_destroy']

97 1098 cord_destroy call site: 00000 /src/tarantool/src/lib/core/fiber.c:1941
23 23 3 :

['__errno_location', '_say_strerror', 'say_log_level_is_enabled.370']

23 23 signal_stack_free call site: 00000 /src/tarantool/src/lib/core/fiber.c:260
21 21 1 :

['mmap_checked']

21 34 slab_arena_create call site: 00000 /src/tarantool/src/lib/small/small/slab_arena.c:204
4 564 6 :

['__errno_location', 'diag_set_error', 'say_log_level_is_enabled', 'dump_row_hex', 'diag_get', 'BuildClientError']

4 564 xrow_header_decode call site: 00067 /src/tarantool/src/box/xrow.c:238
4 4 4 :

['malloc', 'exit', 'realloc', 'say_log_level_is_enabled.370']

4 4 fiber_set_name_n call site: 00237 /src/tarantool/src/lib/core/fiber.c:1223
2 2 1 :

['abort']

2 2 mh_strnptr_resize call site: 00000 /src/tarantool/src/lib/salad/mhash.h:494
0 262 1 :

['cord_on_demand']

4 266 fiber_set_name_n call site: 00236 /src/tarantool/src/lib/core/fiber.c:1220
0 56 1 :

['mh_strnptr_put']

0 56 mh_strnptr_put call site: 00000 /src/tarantool/src/lib/salad/mhash.h:319
0 5 3 :

['error_payload_destroy', 'error_msg_is_malloced', 'free']

0 5 error_unref call site: 00353 /src/tarantool/src/lib/core/diag.c:67
0 0 None 15 19 dump_row_hex call site: 00361 /src/tarantool/src/box/xrow.c:125
0 0 None 6 6 madvise_checked call site: 00000 /src/tarantool/src/lib/small/small/slab_arena.c:50

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 mp_check [function] [call site] 00001
2 mp_load_u8 [function] [call site] 00002
2 mp_load_u8 [function] [call site] 00003
2 mp_load_u8 [function] [call site] 00004
2 mp_load_u16 [function] [call site] 00005
2 mp_load_u32 [function] [call site] 00006
2 mp_load_u16 [function] [call site] 00007
2 mp_load_u32 [function] [call site] 00008
2 mp_load_u16 [function] [call site] 00009
2 mp_load_u32 [function] [call site] 00010
2 mp_load_u8 [function] [call site] 00011
2 mp_load_u8 [function] [call site] 00012
2 mp_load_u16 [function] [call site] 00013
2 mp_load_u8 [function] [call site] 00014
2 mp_load_u32 [function] [call site] 00015
2 mp_load_u8 [function] [call site] 00016
2 __assert_fail [call site] 00017
2 __assert_fail [call site] 00018
1 xrow_header_decode [function] [call site] 00019
2 mp_decode_map [function] [call site] 00021
3 mp_load_u8 [function] [call site] 00022
3 mp_load_u16 [function] [call site] 00023
3 mp_load_u32 [function] [call site] 00024
3 __assert_fail [call site] 00025
2 mp_decode_uint [function] [call site] 00026
3 mp_load_u8 [function] [call site] 00027
3 mp_load_u8 [function] [call site] 00028
3 mp_load_u16 [function] [call site] 00029
3 mp_load_u32 [function] [call site] 00030
3 mp_load_u64 [function] [call site] 00031
3 __assert_fail [call site] 00032
2 mp_decode_uint [function] [call site] 00033
2 mp_decode_uint [function] [call site] 00034
2 mp_decode_uint [function] [call site] 00035
2 mp_decode_uint [function] [call site] 00036
2 mp_decode_uint [function] [call site] 00037
2 mp_decode_double [function] [call site] 00038
3 mp_load_u8 [function] [call site] 00039
3 __assert_fail [call site] 00040
3 mp_load_double [function] [call site] 00041
2 mp_decode_uint [function] [call site] 00042
2 mp_decode_uint [function] [call site] 00043
2 mp_decode_uint [function] [call site] 00044
2 mp_decode_uint [function] [call site] 00045
2 mp_next [function] [call site] 00046
3 mp_load_u8 [function] [call site] 00047
3 mp_load_u8 [function] [call site] 00048
3 mp_next_slowpath [function] [call site] 00049
4 mp_load_u8 [function] [call site] 00050
4 mp_load_u64 [function] [call site] 00051
4 mp_load_u8 [function] [call site] 00052
4 mp_load_u16 [function] [call site] 00053
4 mp_load_u32 [function] [call site] 00054
4 mp_load_u16 [function] [call site] 00055
4 mp_load_u32 [function] [call site] 00056
4 mp_load_u16 [function] [call site] 00057
4 mp_load_u32 [function] [call site] 00058
4 mp_load_u8 [function] [call site] 00059
4 mp_load_u8 [function] [call site] 00060
4 mp_load_u16 [function] [call site] 00061
4 mp_load_u8 [function] [call site] 00062
4 mp_load_u32 [function] [call site] 00063
4 mp_load_u8 [function] [call site] 00064
4 __assert_fail [call site] 00065
2 __assert_fail [call site] 00066
2 __errno_location [call site] 00068
2 say_log_level_is_enabled [function] [call site] 00069
2 BuildClientError [function] [call site] 00070
3 Exception::operator new(unsigned long) [function] [call site] 00071
4 alloc_failure(char const*, int, unsigned long) [function] [call site] 00072
5 fprintf [call site] 00073
5 exit [call site] 00074
3 ClientError::ClientError(char const*, unsigned int, unsigned int, ...) [function] [call site] 00075
4 ClientError::ClientError(type_info const*, char const*, unsigned int, unsigned int) [function] [call site] 00076
5 Exception::Exception(type_info const*, char const*, unsigned int) [function] [call site] 00077
6 error_create [function] [call site] 00078
7 error_payload_create [function] [call site] 00079
7 error_set_location [function] [call site] 00080
8 snprintf [call site] 00081
6 exception_destroy(error*) [function] [call site] 00082
7 Exception::~Exception() [function] [call site] 00083
5 rmean_collect [function] [call site] 00084
6 __assert_fail [call site] 00085
5 Exception::~Exception() [function] [call site] 00086
6 __assert_fail [call site] 00087
4 client_error_create(error*, __va_list_tag*) [function] [call site] 00088
5 tnt_errcode_record(unsigned int) [function] [call site] 00089
5 error_vformat_msg [function] [call site] 00090
6 error_msg_is_malloced [function] [call site] 00091
6 vsnprintf [call site] 00092
6 alloc_failure [function] [call site] 00093
6 vsnprintf [call site] 00094
6 __assert_fail [call site] 00095
5 error_set_str(error*, char const*, char const*) [function] [call site] 00096
6 error_payload_set_str [function] [call site] 00097
7 strlen [call site] 00098
7 mp_sizeof_str [function] [call site] 00099
8 mp_sizeof_strl [function] [call site] 00100
7 error_payload_prepare [function] [call site] 00101
8 grp_alloc_initializer [function] [call site] 00102
8 strcmp [call site] 00103
8 realloc [call site] 00104
8 alloc_failure [function] [call site] 00105
8 grp_alloc_reserve_data [function] [call site] 00106
8 grp_alloc_reserve_str0 [function] [call site] 00107
9 strlen [call site] 00108
9 grp_alloc_reserve_str [function] [call site] 00109
8 grp_alloc_reserve_data [function] [call site] 00110
8 grp_alloc_size [function] [call site] 00111
8 alloc_failure [function] [call site] 00112
8 grp_alloc_create_data [function] [call site] 00113
8 grp_alloc_create_str0 [function] [call site] 00114
9 strlen [call site] 00115
9 grp_alloc_create_str [function] [call site] 00116
8 grp_alloc_create_data [function] [call site] 00117
8 grp_alloc_size [function] [call site] 00118
7 mp_encode_str [function] [call site] 00119
8 mp_encode_strl [function] [call site] 00120
9 mp_store_u8 [function] [call site] 00121
9 mp_store_u8 [function] [call site] 00122
9 mp_store_u8 [function] [call site] 00123
9 mp_store_u8 [function] [call site] 00124
9 mp_store_u16 [function] [call site] 00125
9 mp_store_u8 [function] [call site] 00126
9 mp_store_u32 [function] [call site] 00127
8 mp_memcpy [function] [call site] 00128
5 error_set_int(error*, char const*, long) [function] [call site] 00129
6 error_payload_set_int [function] [call site] 00130
7 error_payload_set_uint [function] [call site] 00131
8 mp_sizeof_uint [function] [call site] 00132
8 error_payload_prepare [function] [call site] 00133
8 mp_encode_uint [function] [call site] 00134
9 mp_store_u8 [function] [call site] 00135
9 mp_store_u8 [function] [call site] 00136
9 mp_store_u8 [function] [call site] 00137
9 mp_store_u8 [function] [call site] 00138
9 mp_store_u16 [function] [call site] 00139
9 mp_store_u8 [function] [call site] 00140
9 mp_store_u32 [function] [call site] 00141
9 mp_store_u8 [function] [call site] 00142
9 mp_store_u64 [function] [call site] 00143
7 mp_sizeof_int [function] [call site] 00144
8 __assert_fail [call site] 00145
7 error_payload_prepare [function] [call site] 00146
7 mp_encode_int [function] [call site] 00147
8 __assert_fail [call site] 00148
8 mp_store_u8 [function] [call site] 00149
8 mp_store_u8 [function] [call site] 00150
8 mp_store_u8 [function] [call site] 00151
8 mp_store_u8 [function] [call site] 00152
8 mp_store_u16 [function] [call site] 00153
8 mp_store_u8 [function] [call site] 00154
8 mp_store_u32 [function] [call site] 00155
8 mp_store_u8 [function] [call site] 00156
8 mp_store_u64 [function] [call site] 00157
5 error_set_uint(error*, char const*, unsigned long) [function] [call site] 00158
5 error_set_int(error*, char const*, long) [function] [call site] 00159
5 error_set_uint(error*, char const*, unsigned long) [function] [call site] 00160
5 error_set_int(error*, char const*, long) [function] [call site] 00161
5 error_set_uint(error*, char const*, unsigned long) [function] [call site] 00162
5 error_set_str(error*, char const*, char const*) [function] [call site] 00163
5 __assert_fail [call site] 00164
5 error_set_mp(error*, char const*, char const*, unsigned int) [function] [call site] 00166
6 error_payload_set_mp [function] [call site] 00167
7 error_payload_prepare [function] [call site] 00168
7 error_payload_prepare [function] [call site] 00169
5 __assert_fail [call site] 00170
5 tuple_data(tuple*) [function] [call site] 00171
6 tuple_data_offset(tuple*) [function] [call site] 00172
7 __assert_fail [call site] 00173
5 tuple_bsize(tuple*) [function] [call site] 00174
5 error_set_mp(error*, char const*, char const*, unsigned int) [function] [call site] 00175
5 __assert_fail [call site] 00176
5 strncmp [call site] 00177
5 error_set_str(error*, char const*, char const*) [function] [call site] 00178
4 ClientError::~ClientError() [function] [call site] 00179
5 Exception::~Exception() [function] [call site] 00180
3 client_error_create(error*, __va_list_tag*) [function] [call site] 00181
3 __cxa_begin_catch [call site] 00182
3 __cxa_end_catch [call site] 00183
2 diag_get [function] [call site] 00184
3 cord_on_demand [function] [call site] 00185
4 CordOnDemand::get() [function] [call site] 00186
5 CordOnDemand::CordOnDemand() [function] [call site] 00187
6 calloc [call site] 00188
6 alloc_failure(char const*, int, unsigned long) [function] [call site] 00189
6 cord_create [function] [call site] 00190
7 cord_on_demand [function] [call site] 00191
7 slab_cache_set_thread [function] [call site] 00192
8 pthread_self [call site] 00193
7 pthread_self [call site] 00194
7 slab_cache_create [function] [call site] 00195
8 small_getpagesize [function] [call site] 00196
9 sysconf [call site] 00197
8 __assert_fail [call site] 00198
8 slab_list_create [function] [call site] 00201
9 small_stats_reset [function] [call site] 00202
8 slab_list_create [function] [call site] 00203
8 slab_cache_set_thread [function] [call site] 00204
7 mempool_create [function] [call site] 00205
8 slab_order [function] [call site] 00206
8 __assert_fail [call site] 00207
8 mempool_create_with_order [function] [call site] 00208
9 __assert_fail [call site] 00209
9 slab_list_create [function] [call site] 00210
9 mslab_tree_new [function] [call site] 00211
9 slab_order_size [function] [call site] 00212
9 mslab_sizeof [function] [call site] 00213
10 small_align [function] [call site] 00214
11 __assert_fail [call site] 00215
11 __assert_fail [call site] 00216
9 __assert_fail [call site] 00217
9 slab_order_size [function] [call site] 00218
7 mh_i64ptr_new [function] [call site] 00219
8 calloc [call site] 00220
8 alloc_failure [function] [call site] 00221
8 calloc [call site] 00222
8 alloc_failure [function] [call site] 00223
8 calloc [call site] 00224
8 alloc_failure [function] [call site] 00225
8 calloc [call site] 00226
8 alloc_failure [function] [call site] 00227
7 fiber_reset [function] [call site] 00228
8 clock_stat_reset [function] [call site] 00229
7 diag_create [function] [call site] 00230
7 region_create [function] [call site] 00231
8 slab_list_create [function] [call site] 00232
7 fiber_gc_checker_init [function] [call site] 00233
7 fiber_set_name [function] [call site] 00234
8 strlen [call site] 00235
8 fiber_set_name_n [function] [call site] 00236
9 cord_on_demand [function] [call site] 00237
9 realloc [call site] 00238
9 say_log_level_is_enabled [function] [call site] 00239
9 exit [call site] 00240
7 fiber_schedule_wakeup [function] [call site] 00241
8 cord_on_demand [function] [call site] 00242
8 fiber_check_gc [function] [call site] 00243
9 cord_on_demand [function] [call site] 00244
9 region_used [function] [call site] 00245
9 __assert_fail [call site] 00246
9 region_used [function] [call site] 00247
9 say_log_level_is_enabled [function] [call site] 00248
9 abort [call site] 00249
8 fiber_schedule_list [function] [call site] 00250
9 __assert_fail [call site] 00251
9 __assert_fail [call site] 00252
9 cord_on_demand [function] [call site] 00253
9 cord_on_demand [function] [call site] 00254
9 __assert_fail [call site] 00255
9 cord_on_demand [function] [call site] 00256
9 clock_set_on_csw [function] [call site] 00257
10 cord_on_demand [function] [call site] 00258
10 cpu_stat_on_csw [function] [call site] 00259
11 clock_monotonic64 [function] [call site] 00260
12 clock_gettime [call site] 00261
12 say_log_level_is_enabled [function] [call site] 00262
12 __errno_location [call site] 00263
12 tt_strerror [function] [call site] 00264
13 tt_static_buf [function] [call site] 00265
14 static_aligned_alloc [function] [call site] 00266
15 static_aligned_reserve [function] [call site] 00267
16 static_reserve [function] [call site] 00268
16 small_align [function] [call site] 00269
13 strerror_r [call site] 00270
10 cord_on_demand [function] [call site] 00271
10 clock_stat_add_delta [function] [call site] 00272
10 clock_stat_add_delta [function] [call site] 00273
9 fiber_call_impl [function] [call site] 00274
10 cord_on_demand [function] [call site] 00275
10 cord_on_demand [function] [call site] 00276
10 __assert_fail [call site] 00277
10 __assert_fail [call site] 00278
10 __assert_fail [call site] 00279
10 __assert_fail [call site] 00280
10 __assert_fail [call site] 00281
10 __assert_fail [call site] 00282
10 __assert_fail [call site] 00283
10 __assert_fail [call site] 00284
10 cord_is_main [function] [call site] 00285
11 cord_on_demand [function] [call site] 00286
10 cord_reset_slice [function] [call site] 00287
11 cord_is_main [function] [call site] 00288
11 __assert_fail [call site] 00289
11 clock_lowres_monotonic [function] [call site] 00290
12 clock_lowres_thread_is_owner [function] [call site] 00291
13 pthread_self [call site] 00292
12 __assert_fail [call site] 00293
11 cord_on_demand [function] [call site] 00294
11 cord_on_demand [function] [call site] 00295
11 cord_on_demand [function] [call site] 00296
10 coro_transfer [call site] 00297
7 fiber_schedule_idle [function] [call site] 00298
7 cord_is_main [function] [call site] 00299
7 fiber_top_init [function] [call site] 00300
8 cord_on_demand [function] [call site] 00301
8 loop_on_iteration_end [function] [call site] 00302
9 cord_on_demand [function] [call site] 00303
9 __assert_fail [call site] 00304
9 cord_on_demand [function] [call site] 00305
9 clock_set_on_csw [function] [call site] 00306
9 cord_on_demand [function] [call site] 00307
9 cord_on_demand [function] [call site] 00308
9 cpu_stat_end [function] [call site] 00309
10 clock_thread64 [function] [call site] 00310
11 clock_gettime [call site] 00311
11 say_log_level_is_enabled [function] [call site] 00312
11 __errno_location [call site] 00313
11 tt_strerror [function] [call site] 00314
10 cord_on_demand [function] [call site] 00315
9 cord_on_demand [function] [call site] 00316
9 clock_stat_update [function] [call site] 00317
10 clock_diff_accumulate [function] [call site] 00318
9 cord_on_demand [function] [call site] 00319
9 clock_stat_update [function] [call site] 00320
9 cord_on_demand [function] [call site] 00321
9 clock_stat_update [function] [call site] 00322
8 cord_on_demand [function] [call site] 00323
8 loop_on_iteration_start [function] [call site] 00324
9 cord_on_demand [function] [call site] 00325
9 cpu_stat_start [function] [call site] 00326
10 clock_monotonic64 [function] [call site] 00327
10 clock_thread64 [function] [call site] 00328
7 cord_set_name [function] [call site] 00329
8 cord_on_demand [function] [call site] 00330
8 snprintf [call site] 00331
8 cord_is_main [function] [call site] 00332
8 tt_pthread_setname [function] [call site] 00333
9 snprintf [call site] 00334
9 pthread_self [call site] 00335
7 trigger_init_in_thread [function] [call site] 00336
8 cord_on_demand [function] [call site] 00337
8 mempool_create(mempool*, slab_cache*, unsigned int) [function] [call site] 00338
7 signal_stack_init [function] [call site] 00339
8 alloc_failure [function] [call site] 00340
8 say_log_level_is_enabled [function] [call site] 00341
8 __errno_location [call site] 00342
8 _say_strerror [function] [call site] 00343
9 tt_strerror [function] [call site] 00344
2 diag_set_error [function] [call site] 00345
3 __assert_fail [call site] 00346
3 error_ref [function] [call site] 00347
4 say_log_level_is_enabled [function] [call site] 00348
3 diag_clear [function] [call site] 00349
4 error_unref [function] [call site] 00350
5 __assert_fail [call site] 00351
5 error_msg_is_malloced [function] [call site] 00352
5 error_payload_destroy [function] [call site] 00353
3 error_unlink_effect [function] [call site] 00354
4 __assert_fail [call site] 00355
4 error_unref [function] [call site] 00356
2 say_log_level_is_enabled [function] [call site] 00357
2 BuildClientError [function] [call site] 00358
2 diag_set_error [function] [call site] 00360
2 dump_row_hex [function] [call site] 00361
3 tt_static_buf [function] [call site] 00362
3 say_log_level_is_enabled [function] [call site] 00363
3 snprintf [call site] 00364
3 snprintf [call site] 00365
3 say_log_level_is_enabled [function] [call site] 00366