Fuzz introspector: Tss2_Sys_HierarchyChangeAuth_Complete
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
152 152 2 :

['Tss2_MU_TPM2_ST_Unmarshal', 'Tss2_MU_UINT32_Unmarshal']

152 152 CommonComplete call site: 00000 /src/tpm2-tss/src/tss2-sys/sysapi_util.c:123
8 8 1 :

['tcti_type_from_name']

16 16 get_test_opts_from_env call site: 00002 /src/tpm2-tss/test/integration/sys-test-options.c:130
4 4 2 :

['strerror', '__errno_location']

4 4 tcti_fuzzing_init call site: 00058 /src/tpm2-tss/test/integration/sys-context-util.c:160
2 2 1 :

['strtol']

2 2 get_test_opts_from_env call site: 00008 /src/tpm2-tss/test/integration/sys-test-options.c:139
0 0 None 152 154 CommonComplete call site: 00000 /src/tpm2-tss/src/tss2-sys/sysapi_util.c:114
0 0 None 63 67 Tss2_Sys_Initialize call site: 00068 /src/tpm2-tss/src/tss2-sys/api/Tss2_Sys_Initialize.c:38
0 0 None 63 67 Tss2_Sys_Initialize call site: 00068 /src/tpm2-tss/src/tss2-sys/api/Tss2_Sys_Initialize.c:44
0 0 None 6 6 get_test_opts_from_env call site: 00006 /src/tpm2-tss/test/integration/sys-test-options.c:133
0 0 None 4 4 get_test_opts_from_env call site: 00007 /src/tpm2-tss/test/integration/sys-test-options.c:136
0 0 None 0 98 Tss2_Sys_HierarchyChangeAuth_Complete call site: 00079 /src/tpm2-tss/src/tss2-sys/api/Tss2_Sys_HierarchyChangeAuth.c:63
0 0 None 0 0 Tss2_Sys_GetContextSize call site: 00064 /src/tpm2-tss/src/tss2-sys/api/Tss2_Sys_GetContextSize.c:17
0 0 None 0 0 Tss2_Sys_GetTctiContext call site: 00082 /src/tpm2-tss/src/tss2-sys/api/Tss2_Sys_GetTctiContext.c:21

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 get_test_opts_from_env [function] [call site] 00001
2 getenv [call site] 00002
2 tcti_type_from_name [function] [call site] 00003
3 strcmp [call site] 00004
3 fprintf [call site] 00005
2 getenv [call site] 00006
2 getenv [call site] 00007
2 getenv [call site] 00008
2 strtol [call site] 00009
1 sanity_check_test_opts [function] [call site] 00010
2 fprintf [call site] 00011
2 fprintf [call site] 00012
2 fprintf [call site] 00013
2 fprintf [call site] 00014
1 doLog [function] [call site] 00015
2 getLogLevel [function] [call site] 00016
3 getenv [call site] 00017
3 strchr [call site] 00018
3 case_insensitive_strncmp [function] [call site] 00019
4 tolower [call site] 00020
3 strlen [call site] 00021
3 strlen [call site] 00022
3 case_insensitive_strncmp [function] [call site] 00023
3 log_stringlevel [function] [call site] 00024
4 strlen [call site] 00025
4 case_insensitive_strncmp [function] [call site] 00026
2 snprintf [call site] 00027
2 snprintf [call site] 00028
2 getLogFile [function] [call site] 00029
3 getenv [call site] 00030
3 case_insensitive_strncmp [function] [call site] 00031
3 strcmp [call site] 00032
3 case_insensitive_strncmp [function] [call site] 00033
3 fopen [call site] 00034
3 __errno_location [call site] 00035
2 vfprintf [call site] 00036
2 fflush [call site] 00037
1 exit [call site] 00038
1 sys_init_from_opts [function] [call site] 00039
2 tcti_init_from_opts [function] [call site] 00040
3 tcti_fuzzing_init [function] [call site] 00041
4 Tss2_Tcti_Fuzzing_Init [function] [call site] 00042
5 tcti_fuzzing_init_context_data [function] [call site] 00043
6 tcti_fuzzing_transmit [function] [call site] 00044
6 tcti_fuzzing_receive [function] [call site] 00045
7 tcti_fuzzing_context_cast [function] [call site] 00046
7 tcti_fuzzing_down_cast [function] [call site] 00047
7 tcti_common_receive_checks [function] [call site] 00048
7 doLog [function] [call site] 00049
7 doLog [function] [call site] 00050
7 doLog [function] [call site] 00051
6 tcti_fuzzing_finalize [function] [call site] 00052
6 tcti_fuzzing_cancel [function] [call site] 00053
6 tcti_fuzzing_get_poll_handles [function] [call site] 00054
6 tcti_fuzzing_set_locality [function] [call site] 00055
6 tcti_make_sticky_not_implemented [function] [call site] 00056
4 fprintf [call site] 00057
4 calloc [call site] 00058
4 __errno_location [call site] 00059
4 fprintf [call site] 00060
4 Tss2_Tcti_Fuzzing_Init [function] [call site] 00061
4 fprintf [call site] 00062
2 sys_init_from_tcti_ctx [function] [call site] 00063
3 Tss2_Sys_GetContextSize [function] [call site] 00064
3 calloc [call site] 00065
3 fprintf [call site] 00066
3 Tss2_Sys_Initialize [function] [call site] 00067
4 syscontext_cast [function] [call site] 00068
4 doLog [function] [call site] 00069
4 InitSysContextPtrs [function] [call site] 00070
4 InitSysContextFields [function] [call site] 00071
3 fprintf [call site] 00072
1 doLog [function] [call site] 00073
1 exit [call site] 00074
1 syscontext_cast [function] [call site] 00075
1 tcti_fuzzing_context_cast [function] [call site] 00076
1 test_invoke [function] [call site] 00077
2 Tss2_Sys_HierarchyChangeAuth_Complete [function] [call site] 00078
3 syscontext_cast [function] [call site] 00079
1 sys_teardown_full [function] [call site] 00080
2 Tss2_Sys_GetTctiContext [function] [call site] 00081
3 syscontext_cast [function] [call site] 00082
2 sys_teardown [function] [call site] 00083
3 Tss2_Sys_Finalize [function] [call site] 00084
2 tcti_teardown [function] [call site] 00085
1 doLog [function] [call site] 00086
1 exit [call site] 00087