Fuzz introspector: esi_parse_fuzzer
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
17 17 1 :

['WS_Overflowed']

33 35 WS_Reset call site: 00323 /src/varnish-cache/bin/varnishd/cache/cache_ws_emu.c:205
16 16 1 :

['WS_MarkOverflow']

16 16 ws_emu_alloc call site: 00057 /src/varnish-cache/bin/varnishd/cache/cache_ws_emu.c:282
14 14 1 :

['VAS_Fail']

14 32 VSB_newbuf call site: 00069 /src/varnish-cache/lib/libvarnish/vsb.c:193
14 14 2 :

['crc_word_big', 'byte_swap']

14 14 z_crc32_z call site: 00092 /src/varnish-cache/lib/libvgz/crc32.c:794
0 117 1 :

['vep_mark_skip']

0 117 VEP_Parse call site: 00301 /src/varnish-cache/bin/varnishd/cache/cache_esi_parse.c:1041
0 26 1 :

['VSB_extend']

0 26 _vsb_indent call site: 00080 /src/varnish-cache/lib/libvarnish/vsb.c:166
0 2 1 :

['VSLb']

0 2 VEP_Init call site: 00051 /src/varnish-cache/bin/varnishd/cache/cache_esi_parse.c:1075
0 0 None 261 2275 VEP_Parse call site: 00168 /src/varnish-cache/bin/varnishd/cache/cache_esi_parse.c:773
0 0 None 261 2275 VEP_Parse call site: 00172 /src/varnish-cache/bin/varnishd/cache/cache_esi_parse.c:796
0 0 None 261 2275 VEP_Parse call site: 00175 /src/varnish-cache/bin/varnishd/cache/cache_esi_parse.c:811
0 0 None 261 2275 VEP_Parse call site: 00244 /src/varnish-cache/bin/varnishd/cache/cache_esi_parse.c:814
0 0 None 261 2275 VEP_Parse call site: 00254 /src/varnish-cache/bin/varnishd/cache/cache_esi_parse.c:837

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 VAS_Fail [function] [call site] 00001
2 __errno_location [call site] 00002
2 fprintf [call site] 00003
2 fprintf [call site] 00004
2 fprintf [call site] 00005
2 fprintf [call site] 00006
2 strerror [call site] 00007
2 fprintf [call site] 00008
2 abort [call site] 00009
1 WS_Init [function] [call site] 00010
2 COM_DO_DEBUG [function] [call site] 00011
2 WRK_Log [function] [call site] 00012
2 VAS_Fail [function] [call site] 00013
2 VAS_Fail [function] [call site] 00014
2 VAS_Fail [function] [call site] 00015
2 VAS_Fail [function] [call site] 00016
2 strlen [call site] 00017
2 VAS_Fail [function] [call site] 00018
2 WS_Assert [function] [call site] 00019
3 VAS_Fail [function] [call site] 00020
3 VAS_Fail [function] [call site] 00021
3 VAS_Fail [function] [call site] 00022
3 VAS_Fail [function] [call site] 00023
3 VAS_Fail [function] [call site] 00024
3 ws_emu [function] [call site] 00025
4 VAS_Fail [function] [call site] 00026
3 pdiff [function] [call site] 00027
4 VAS_Fail [function] [call site] 00028
4 VAS_Fail [function] [call site] 00029
4 VAS_Fail [function] [call site] 00030
3 VAS_Fail [function] [call site] 00031
3 VAS_Fail [function] [call site] 00032
3 VAS_Fail [function] [call site] 00033
3 VAS_Fail [function] [call site] 00034
3 VAS_Fail [function] [call site] 00035
3 VAS_Fail [function] [call site] 00036
3 VAS_Fail [function] [call site] 00037
3 VAS_Fail [function] [call site] 00038
3 VAS_Fail [function] [call site] 00039
3 VAS_Fail [function] [call site] 00040
3 VAS_Fail [function] [call site] 00041
3 VAS_Fail [function] [call site] 00042
3 VAS_Fail [function] [call site] 00043
3 VAS_Fail [function] [call site] 00044
3 COM_DO_DEBUG [function] [call site] 00045
3 pdiff [function] [call site] 00046
3 WRK_Log [function] [call site] 00047
1 VEP_Init [function] [call site] 00048
2 VAS_Fail [function] [call site] 00049
2 VAS_Fail [function] [call site] 00050
2 WS_Alloc [function] [call site] 00051
3 VAS_Fail [function] [call site] 00052
3 ws_emu_alloc [function] [call site] 00053
4 WS_Assert [function] [call site] 00054
4 VAS_Fail [function] [call site] 00055
4 ws_emu [function] [call site] 00056
4 VAS_Fail [function] [call site] 00057
4 WS_MarkOverflow [function] [call site] 00058
5 VAS_Fail [function] [call site] 00059
4 calloc [call site] 00060
4 VAS_Fail [function] [call site] 00061
4 VAS_Fail [function] [call site] 00062
3 WS_Assert [function] [call site] 00063
3 VAS_Fail [function] [call site] 00064
3 COM_DO_DEBUG [function] [call site] 00065
3 WRK_Log [function] [call site] 00066
2 VSLb [function] [call site] 00067
2 VSB_new_auto [function] [call site] 00068
3 VSB_newbuf [function] [call site] 00069
4 VAS_Fail [function] [call site] 00070
4 VSB_extendsize [function] [call site] 00071
2 VAS_Fail [function] [call site] 00072
2 VSB_printf [function] [call site] 00073
3 VSB_vprintf [function] [call site] 00074
4 _assert_VSB_integrity [function] [call site] 00075
5 VAS_Fail [function] [call site] 00076
5 VAS_Fail [function] [call site] 00077
4 _assert_VSB_state [function] [call site] 00078
4 VAS_Fail [function] [call site] 00079
4 _vsb_indent [function] [call site] 00080
5 VSB_extend [function] [call site] 00081
6 VSB_extendsize [function] [call site] 00082
6 realloc [call site] 00083
4 vsnprintf [call site] 00084
4 __errno_location [call site] 00085
4 VSB_extend [function] [call site] 00086
4 VAS_Fail [function] [call site] 00087
2 vep_default_cb [function] [call site] 00088
3 VAS_Fail [function] [call site] 00089
3 VAS_Fail [function] [call site] 00090
2 z_crc32 [function] [call site] 00091
3 z_crc32_z [function] [call site] 00092
4 crc_word [function] [call site] 00093
4 crc_word [function] [call site] 00094
4 crc_word [function] [call site] 00095
4 crc_word [function] [call site] 00096
4 crc_word [function] [call site] 00097
4 byte_swap [function] [call site] 00098
4 crc_word_big [function] [call site] 00099
4 crc_word_big [function] [call site] 00100
4 crc_word_big [function] [call site] 00101
4 crc_word_big [function] [call site] 00102
4 crc_word_big [function] [call site] 00103
4 byte_swap [function] [call site] 00104
2 z_crc32 [function] [call site] 00105
1 VAS_Fail [function] [call site] 00106
1 VEP_Parse [function] [call site] 00107
2 VAS_Fail [function] [call site] 00108
2 VAS_Fail [function] [call site] 00109
2 vep_mark_common [function] [call site] 00110
3 VAS_Fail [function] [call site] 00111
3 vep_emit_common [function] [call site] 00112
4 VAS_Fail [function] [call site] 00113
4 VAS_Fail [function] [call site] 00114
4 vep_emit_skip [function] [call site] 00115
5 vep_emit_len [function] [call site] 00116
6 VAS_Fail [function] [call site] 00117
6 VAS_Fail [function] [call site] 00118
6 VSB_bcat [function] [call site] 00119
7 _assert_VSB_integrity [function] [call site] 00120
7 _assert_VSB_state [function] [call site] 00121
7 _vsb_indent [function] [call site] 00122
7 VSB_extend [function] [call site] 00123
6 vbe16enc [function] [call site] 00124
6 vbe16dec [function] [call site] 00125
6 VAS_Fail [function] [call site] 00126
6 VSB_bcat [function] [call site] 00127
6 vbe64enc [function] [call site] 00128
7 vbe32enc [function] [call site] 00129
7 vbe32enc [function] [call site] 00130
6 vbe64dec [function] [call site] 00131
7 vbe32dec [function] [call site] 00132
6 VAS_Fail [function] [call site] 00133
6 VSB_bcat [function] [call site] 00134
4 vep_emit_verbatim [function] [call site] 00135
5 vep_emit_len [function] [call site] 00136
5 vep_emit_len [function] [call site] 00137
5 vbe32enc [function] [call site] 00138
5 VSB_bcat [function] [call site] 00139
4 z_crc32 [function] [call site] 00140
3 z_crc32_combine [function] [call site] 00141
4 z_crc32_combine64 [function] [call site] 00142
5 x2nmodp [function] [call site] 00143
6 multmodp [function] [call site] 00144
3 z_crc32 [function] [call site] 00145
3 VAS_Fail [function] [call site] 00146
3 VAS_Fail [function] [call site] 00147
3 z_crc32 [function] [call site] 00148
2 VAS_Fail [function] [call site] 00149
2 VAS_Fail [function] [call site] 00150
2 VAS_Fail [function] [call site] 00151
2 COM_FEATURE [function] [call site] 00152
2 vep_mark_skip [function] [call site] 00153
3 vep_mark_common [function] [call site] 00154
2 COM_FEATURE [function] [call site] 00155
2 vct_is [function] [call site] 00156
2 vep_mark_verbatim [function] [call site] 00157
3 vep_mark_common [function] [call site] 00158
2 VSLb [function] [call site] 00159
2 VSLb [function] [call site] 00160
2 vep_mark_verbatim [function] [call site] 00161
2 COM_FEATURE [function] [call site] 00162
2 vep_mark_verbatim [function] [call site] 00163
2 vep_mark_verbatim [function] [call site] 00164
2 vep_mark_skip [function] [call site] 00165
2 vep_mark_verbatim [function] [call site] 00166
2 VAS_Fail [function] [call site] 00167
2 vep_mark_verbatim [function] [call site] 00168
2 vep_error [function] [call site] 00169
3 VSLb [function] [call site] 00170
2 vep_mark_skip [function] [call site] 00171
2 vep_mark_skip [function] [call site] 00172
2 vep_error [function] [call site] 00173
2 vep_error [function] [call site] 00174
2 vep_do_include [function] [call site] 00175
3 strcmp [call site] 00176
3 include_attr_src [function] [call site] 00177
4 vep_error [function] [call site] 00178
4 VSB_destroy [function] [call site] 00179
5 VAS_Fail [function] [call site] 00180
5 _assert_VSB_integrity [function] [call site] 00181
5 VAS_Fail [function] [call site] 00182
5 VAS_Fail [function] [call site] 00183
4 VSB_destroy [function] [call site] 00184
4 VSB_data [function] [call site] 00185
5 _assert_VSB_integrity [function] [call site] 00186
5 _assert_VSB_state [function] [call site] 00187
4 vct_is [function] [call site] 00188
4 vep_error [function] [call site] 00189
4 VSB_destroy [function] [call site] 00190
4 VSB_destroy [function] [call site] 00191
3 strcmp [call site] 00192
3 include_attr_onerror [function] [call site] 00193
4 VSB_data [function] [call site] 00194
4 strcmp [call site] 00195
4 VSB_destroy [function] [call site] 00196
3 VAS_Fail [function] [call site] 00197
3 VAS_Fail [function] [call site] 00198
3 vep_warn [function] [call site] 00199
4 VSLb [function] [call site] 00200
3 vep_error [function] [call site] 00201
3 VAS_Fail [function] [call site] 00202
3 VSB_data [function] [call site] 00203
3 VSB_len [function] [call site] 00204
4 _assert_VSB_integrity [function] [call site] 00205
3 memcmp [call site] 00206
3 strchr [call site] 00207
3 vep_error [function] [call site] 00208
3 VAS_Fail [function] [call site] 00209
3 VSB_destroy [function] [call site] 00210
3 VSB_printf [function] [call site] 00211
3 VSB_printf [function] [call site] 00212
3 memcmp [call site] 00213
3 COM_FEATURE [function] [call site] 00214
3 vep_warn [function] [call site] 00215
3 VAS_Fail [function] [call site] 00216
3 VSB_destroy [function] [call site] 00217
3 vep_warn [function] [call site] 00218
3 strchr [call site] 00219
3 vep_error [function] [call site] 00220
3 VAS_Fail [function] [call site] 00221
3 VSB_destroy [function] [call site] 00222
3 VSB_printf [function] [call site] 00223
3 VSB_printf [function] [call site] 00224
3 VSB_printf [function] [call site] 00225
3 VSB_printf [function] [call site] 00226
3 VSB_printf [function] [call site] 00227
3 VSB_printf [function] [call site] 00228
3 VSB_printf [function] [call site] 00229
3 VSB_data [function] [call site] 00230
3 memcmp [call site] 00231
3 VSB_printf [function] [call site] 00232
3 memcmp [call site] 00233
3 VSB_printf [function] [call site] 00234
3 memcmp [call site] 00235
3 VSB_printf [function] [call site] 00236
3 memcmp [call site] 00237
3 VSB_printf [function] [call site] 00238
3 memcmp [call site] 00239
3 VSB_printf [function] [call site] 00240
3 VSB_printf [function] [call site] 00241
3 VSB_printf [function] [call site] 00242
3 VSB_destroy [function] [call site] 00243
2 vep_do_remove [function] [call site] 00244
3 VAS_Fail [function] [call site] 00245
3 vep_error [function] [call site] 00246
3 vep_error [function] [call site] 00247
3 vep_error [function] [call site] 00248
2 vep_error [function] [call site] 00249
2 vep_error [function] [call site] 00250
2 vep_do_comment [function] [call site] 00251
3 VAS_Fail [function] [call site] 00252
3 vep_error [function] [call site] 00253
2 vep_error [function] [call site] 00254
2 vct_is [function] [call site] 00255
2 VAS_Fail [function] [call site] 00256
2 vep_mark_skip [function] [call site] 00257
2 vep_error [function] [call site] 00258
2 vct_is [function] [call site] 00259
2 vep_error [function] [call site] 00260
2 vep_mark_skip [function] [call site] 00261
2 VSB_destroy [function] [call site] 00262
2 VAS_Fail [function] [call site] 00263
2 VAS_Fail [function] [call site] 00264
2 vct_is [function] [call site] 00265
2 vct_is [function] [call site] 00266
2 vep_error [function] [call site] 00267
2 VAS_Fail [function] [call site] 00268
2 VSB_new_auto [function] [call site] 00269
2 VAS_Fail [function] [call site] 00270
2 vct_is [function] [call site] 00271
2 vep_error [function] [call site] 00272
2 vct_is [function] [call site] 00273
2 VSB_putc [function] [call site] 00274
3 VSB_put_byte [function] [call site] 00275
4 _assert_VSB_integrity [function] [call site] 00276
4 _assert_VSB_state [function] [call site] 00277
4 _vsb_indent [function] [call site] 00278
4 VSB_extend [function] [call site] 00279
2 vep_error [function] [call site] 00280
2 VSB_finish [function] [call site] 00281
3 _assert_VSB_integrity [function] [call site] 00282
3 __errno_location [call site] 00283
2 VAS_Fail [function] [call site] 00284
2 VSB_destroy [function] [call site] 00285
2 VSB_finish [function] [call site] 00286
2 VAS_Fail [function] [call site] 00287
2 VAS_Fail [function] [call site] 00288
2 vep_match [function] [call site] 00289
3 VAS_Fail [function] [call site] 00290
3 strlen [call site] 00291
3 VAS_Fail [function] [call site] 00292
2 strlen [call site] 00293
2 VAS_Fail [function] [call site] 00294
2 VAS_Fail [function] [call site] 00295
2 vep_match [function] [call site] 00296
2 VAS_Fail [function] [call site] 00297
2 strlen [call site] 00298
2 vep_mark_verbatim [function] [call site] 00299
2 VAS_Fail [function] [call site] 00300
2 vep_mark_skip [function] [call site] 00301
2 vep_mark_skip [function] [call site] 00302
2 vep_mark_pending [function] [call site] 00303
3 VAS_Fail [function] [call site] 00304
3 z_crc32 [function] [call site] 00305
1 VEP_Finish [function] [call site] 00306
2 VAS_Fail [function] [call site] 00307
2 VSB_destroy [function] [call site] 00308
2 VSB_destroy [function] [call site] 00309
2 vep_error [function] [call site] 00310
2 vep_mark_common [function] [call site] 00311
2 vep_emit_common [function] [call site] 00312
2 VSB_finish [function] [call site] 00313
2 VAS_Fail [function] [call site] 00314
2 VSB_len [function] [call site] 00315
2 VSB_destroy [function] [call site] 00316
1 VSB_destroy [function] [call site] 00317
1 WS_Rollback [function] [call site] 00318
2 ws_ClearOverflow [function] [call site] 00319
3 VAS_Fail [function] [call site] 00320
2 WS_Reset [function] [call site] 00321
3 WS_Assert [function] [call site] 00322
3 VAS_Fail [function] [call site] 00323
3 COM_DO_DEBUG [function] [call site] 00324
3 WRK_Log [function] [call site] 00325
3 WS_Overflowed [function] [call site] 00326
4 VAS_Fail [function] [call site] 00327
3 VAS_Fail [function] [call site] 00328
3 COM_DO_DEBUG [function] [call site] 00329
3 WRK_Log [function] [call site] 00330
3 VAS_Fail [function] [call site] 00331
3 ws_emu [function] [call site] 00332
3 ws_alloc_free [function] [call site] 00333
4 VAS_Fail [function] [call site] 00334
4 VAS_Fail [function] [call site] 00335
4 memset [call site] 00336
3 VAS_Fail [function] [call site] 00337
3 WS_Assert [function] [call site] 00338