Fuzz introspector: /src/tinyusb/test/fuzz/device/cdc/src/fuzz.cc
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
94 94 1 :

['proc_write10_host_data']

255 255 mscd_xfer_cb call site: 00000 /src/tinyusb/src/class/msc/msc_device.c:418
22 22 4 :

['tud_msc_write10_complete_cb', 'prepare_cbw', 'tud_msc_read10_complete_cb', 'tud_msc_scsi_complete_cb']

50 50 mscd_xfer_cb call site: 00000 /src/tinyusb/src/class/msc/msc_device.c:418
4 4 1 :

['invoke_class_control']

4 4 process_control_request call site: 00034 /src/tinyusb/src/device/usbd.c:774
0 0 None 314 342 mscd_xfer_cb call site: 00000 /src/tinyusb/src/class/msc/msc_device.c:422
0 0 None 28 28 mscd_xfer_cb call site: 00000 /src/tinyusb/src/class/msc/msc_device.c:418
0 0 None 0 80 dcd_int_handler call site: 00009 /src/tinyusb/test/fuzz/dcd_fuzz.cc:58
0 0 None 0 41 usbd_control_xfer_cb call site: 00088 /src/tinyusb/src/device/usbd_control.c:156
0 0 None 0 41 usbd_control_xfer_cb call site: 00089 /src/tinyusb/src/device/usbd_control.c:170
0 0 1 :

['std::__1::vector >::resize(unsigned long)']

0 40 dcd_int_handler call site: 00010 /src/tinyusb/test/fuzz/dcd_fuzz.cc:81
0 0 None 0 14 dcd_event_handler call site: 00011 /src/tinyusb/src/device/usbd.c:1205
0 0 None 0 14 dcd_event_handler call site: 00011 /src/tinyusb/src/device/usbd.c:1219
0 0 None 0 14 data_stage_xact call site: 00041 /src/tinyusb/src/device/usbd_control.c:94

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 fuzz_init [function] [call site] 00001
1 tud_rhport_init [function] [call site] 00002
2 tud_inited [function] [call site] 00003
2 tu_fifo_clear [function] [call site] 00004
2 usbd_app_driver_get_cb [call site] 00005
2 dcd_init [function] [call site] 00006
2 dcd_int_enable [function] [call site] 00007
1 dcd_int_handler [function] [call site] 00008
2 __assert_fail [call site] 00009
2 dcd_event_handler [function] [call site] 00010
3 tu_fifo_write [function] [call site] 00011
4 tu_fifo_full [function] [call site] 00012
4 _ff_push [function] [call site] 00013
4 advance_index [function] [call site] 00014
3 tud_event_hook_cb [function] [call site] 00015
3 tud_event_hook_cb [function] [call site] 00016
3 tud_event_hook_cb [function] [call site] 00017
2 dcd_event_handler [function] [call site] 00018
1 tud_task_ext [function] [call site] 00019
2 tud_inited [function] [call site] 00020
2 tu_fifo_read [function] [call site] 00021
3 _tu_fifo_peek [function] [call site] 00022
4 _ff_pull [function] [call site] 00023
3 advance_index [function] [call site] 00024
2 usbd_reset [function] [call site] 00025
3 configuration_reset [function] [call site] 00026
3 usbd_control_reset [function] [call site] 00027
2 usbd_reset [function] [call site] 00028
2 tud_umount_cb [function] [call site] 00029
2 process_control_request [function] [call site] 00030
3 usbd_control_set_complete_callback [function] [call site] 00031
3 usbd_control_set_complete_callback [function] [call site] 00032
3 tud_vendor_control_xfer_cb [function] [call site] 00033
3 tud_vendor_control_xfer_cb [function] [call site] 00034
3 invoke_class_control [function] [call site] 00035
4 usbd_control_set_complete_callback [function] [call site] 00036
3 usbd_control_set_request [function] [call site] 00037
3 dcd_set_address [function] [call site] 00038
4 dcd_edpt_xfer [function] [call site] 00039
3 tud_control_xfer [function] [call site] 00040
4 data_stage_xact [function] [call site] 00041
5 usbd_edpt_xfer [function] [call site] 00042
6 dcd_edpt_xfer [function] [call site] 00043
4 status_stage_xact [function] [call site] 00044
5 usbd_edpt_xfer [function] [call site] 00045
3 dcd_sof_enable [function] [call site] 00046
3 dcd_edpt_close_all [function] [call site] 00047
3 configuration_reset [function] [call site] 00048
3 process_set_config [function] [call site] 00049
4 tud_descriptor_configuration_cb [function] [call site] 00050
4 tu_edpt_bind_driver [function] [call site] 00051
3 tud_mount_cb [function] [call site] 00052
3 tud_umount_cb [function] [call site] 00053
3 tud_control_status [function] [call site] 00054
4 status_stage_xact [function] [call site] 00055
3 process_get_descriptor [function] [call site] 00056
4 tud_descriptor_device_cb [function] [call site] 00057
4 tud_control_xfer [function] [call site] 00058
4 tud_descriptor_bos_cb [function] [call site] 00059
4 tud_control_xfer [function] [call site] 00060
4 tud_descriptor_configuration_cb [function] [call site] 00061
4 tud_descriptor_other_speed_configuration_cb [function] [call site] 00062
4 tud_control_xfer [function] [call site] 00063
4 tud_descriptor_string_cb [function] [call site] 00064
5 strlen [call site] 00065
4 tud_control_xfer [function] [call site] 00066
4 tud_descriptor_device_qualifier_cb [function] [call site] 00067
4 tud_control_xfer [function] [call site] 00068
3 tud_control_status [function] [call site] 00069
3 tud_control_status [function] [call site] 00070
3 tud_control_xfer [function] [call site] 00071
3 invoke_class_control [function] [call site] 00072
3 usbd_control_set_complete_callback [function] [call site] 00073
3 tud_control_xfer [function] [call site] 00074
3 tud_control_status [function] [call site] 00075
3 invoke_class_control [function] [call site] 00076
3 usbd_edpt_stalled [function] [call site] 00077
3 tud_control_xfer [function] [call site] 00078
3 usbd_edpt_clear_stall [function] [call site] 00079
4 dcd_edpt_clear_stall [function] [call site] 00080
3 usbd_edpt_stall [function] [call site] 00081
4 dcd_edpt_stall [function] [call site] 00082
3 invoke_class_control [function] [call site] 00083
3 usbd_control_set_complete_callback [function] [call site] 00084
3 tud_control_status [function] [call site] 00085
2 dcd_edpt_stall [function] [call site] 00086
2 dcd_edpt_stall [function] [call site] 00087
2 usbd_control_xfer_cb [function] [call site] 00088
3 dcd_edpt0_status_complete [function] [call site] 00089
3 status_stage_xact [function] [call site] 00090
3 dcd_edpt_stall [function] [call site] 00091
3 dcd_edpt_stall [function] [call site] 00092
3 data_stage_xact [function] [call site] 00093
2 tud_suspend_cb [function] [call site] 00094
2 tud_resume_cb [function] [call site] 00095
2 tud_sof_cb [function] [call site] 00096
1 cdc_task [function] [call site] 00097
2 __assert_fail [call site] 00098
2 tud_cdc_n_connected [function] [call site] 00099
3 tud_mounted [function] [call site] 00100
3 tud_suspended [function] [call site] 00101
2 tud_cdc_n_get_line_state [function] [call site] 00102
2 tud_cdc_n_get_line_coding [function] [call site] 00103
2 tud_cdc_n_set_wanted_char [function] [call site] 00104
2 tud_cdc_n_available [function] [call site] 00105
3 tu_fifo_count [function] [call site] 00106
2 tud_cdc_n_read [function] [call site] 00107
3 tu_fifo_read_n [function] [call site] 00108
4 _tu_fifo_read_n [function] [call site] 00109
5 _tu_fifo_peek_n [function] [call site] 00110
6 _ff_pull_n [function] [call site] 00111
5 advance_index [function] [call site] 00112
3 _prep_out_transaction [function] [call site] 00113
4 tud_mounted [function] [call site] 00114
4 tud_suspended [function] [call site] 00115
4 tu_fifo_remaining [function] [call site] 00116
4 usbd_edpt_claim [function] [call site] 00117
5 tu_edpt_claim [function] [call site] 00118
4 tu_fifo_remaining [function] [call site] 00119
4 usbd_edpt_xfer [function] [call site] 00120
4 usbd_edpt_release [function] [call site] 00121
5 tu_edpt_release [function] [call site] 00122
2 tud_cdc_n_read [function] [call site] 00123
2 tud_cdc_n_read_flush [function] [call site] 00124
3 tu_fifo_clear [function] [call site] 00125
3 _prep_out_transaction [function] [call site] 00126
2 tud_cdc_n_peek [function] [call site] 00127
3 tu_fifo_peek [function] [call site] 00128
4 _tu_fifo_peek [function] [call site] 00129
2 tud_cdc_n_write [function] [call site] 00130
3 tu_fifo_write_n [function] [call site] 00131
4 _tu_fifo_write_n [function] [call site] 00132
5 advance_index [function] [call site] 00133
5 _ff_push_n [function] [call site] 00134
5 advance_index [function] [call site] 00135
3 tu_fifo_count [function] [call site] 00136
3 tud_cdc_n_write_flush [function] [call site] 00137
4 tud_mounted [function] [call site] 00138
4 tud_suspended [function] [call site] 00139
4 tu_fifo_count [function] [call site] 00140
4 usbd_edpt_claim [function] [call site] 00141
4 tu_fifo_read_n [function] [call site] 00142
4 usbd_edpt_xfer [function] [call site] 00143
4 usbd_edpt_release [function] [call site] 00144
2 tud_cdc_n_write [function] [call site] 00145
2 strlen [call site] 00146
2 tud_cdc_n_write [function] [call site] 00147
2 tud_cdc_n_write_flush [function] [call site] 00148
2 tud_cdc_n_write_available [function] [call site] 00149
3 tu_fifo_remaining [function] [call site] 00150
2 tud_cdc_n_write_clear [function] [call site] 00151
3 tu_fifo_clear [function] [call site] 00152