Fuzz introspector: esi_parse_fuzzer
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
114 114 1 :

['WS_Overflowed']

227 229 WS_Reset call site: 00292 /src/varnish-cache/bin/varnishd/cache/cache_ws_emu.c:205
113 113 1 :

['WS_MarkOverflow']

113 113 ws_emu_alloc call site: 00118 /src/varnish-cache/bin/varnishd/cache/cache_ws_emu.c:283
111 111 1 :

['VAS_Fail']

111 222 VSB_newbuf call site: 00016 /src/varnish-cache/lib/libvarnish/vsb.c:193
14 14 2 :

['byte_swap', 'crc_word_big']

14 14 z_crc32_z call site: 00134 /src/varnish-cache/lib/libvgz/crc32.c:731
0 183 1 :

['vep_mark_skip']

0 183 VEP_Parse call site: 00268 /src/varnish-cache/bin/varnishd/cache/cache_esi_parse.c:1041
0 111 1 :

['VSB_extend']

0 111 _vsb_indent call site: 00030 /src/varnish-cache/lib/libvarnish/vsb.c:166
0 2 1 :

['VSLb']

0 2 VEP_Init call site: 00112 /src/varnish-cache/bin/varnishd/cache/cache_esi_parse.c:1075
0 0 None 1789 5543 VEP_Parse call site: 00207 /src/varnish-cache/bin/varnishd/cache/cache_esi_parse.c:773
0 0 None 1789 5543 VEP_Parse call site: 00211 /src/varnish-cache/bin/varnishd/cache/cache_esi_parse.c:796
0 0 None 1789 5543 VEP_Parse call site: 00213 /src/varnish-cache/bin/varnishd/cache/cache_esi_parse.c:811
0 0 None 1789 5543 VEP_Parse call site: 00213 /src/varnish-cache/bin/varnishd/cache/cache_esi_parse.c:814
0 0 None 1789 5543 VEP_Parse call site: 00216 /src/varnish-cache/bin/varnishd/cache/cache_esi_parse.c:837

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 VAS_Fail [function] [call site] 00001
2 vas_default [function] [call site] 00002
3 __errno_location [call site] 00003
3 fprintf [call site] 00004
3 fprintf [call site] 00005
3 fprintf [call site] 00006
3 fprintf [call site] 00007
3 strerror [call site] 00008
3 fprintf [call site] 00009
3 VBT_dump [function] [call site] 00010
4 VSB_init [function] [call site] 00011
5 VAS_Fail [function] [call site] 00012
6 abort [call site] 00013
5 VAS_Fail [function] [call site] 00014
5 VAS_Fail [function] [call site] 00015
5 VSB_newbuf [function] [call site] 00016
6 VAS_Fail [function] [call site] 00017
6 VSB_extendsize [function] [call site] 00018
7 VAS_Fail [function] [call site] 00019
4 VSB_printf [function] [call site] 00020
5 VSB_vprintf [function] [call site] 00021
6 _assert_VSB_integrity [function] [call site] 00022
7 VAS_Fail [function] [call site] 00023
7 VAS_Fail [function] [call site] 00024
7 VAS_Fail [function] [call site] 00025
7 VAS_Fail [function] [call site] 00026
6 _assert_VSB_state [function] [call site] 00027
7 VAS_Fail [function] [call site] 00028
6 VAS_Fail [function] [call site] 00029
6 _vsb_indent [function] [call site] 00030
7 VSB_extend [function] [call site] 00031
8 VSB_extendsize [function] [call site] 00032
8 realloc [call site] 00033
6 vsnprintf [call site] 00034
6 __errno_location [call site] 00035
6 VSB_extend [function] [call site] 00036
6 VAS_Fail [function] [call site] 00037
4 VSB_indent [function] [call site] 00038
5 _assert_VSB_integrity [function] [call site] 00039
4 VBT_format [function] [call site] 00040
5 vbt_execinfo [function] [call site] 00041
6 backtrace [call site] 00042
6 VSB_printf [function] [call site] 00043
6 snprintf [call site] 00044
6 VAS_Fail [function] [call site] 00045
6 VSB_printf [function] [call site] 00046
6 backtrace_symbols [call site] 00047
6 VSB_cat [function] [call site] 00048
7 _assert_VSB_integrity [function] [call site] 00049
7 _assert_VSB_state [function] [call site] 00050
7 VAS_Fail [function] [call site] 00051
7 strchr [call site] 00052
7 VSB_bcat [function] [call site] 00053
8 _assert_VSB_integrity [function] [call site] 00054
8 _assert_VSB_state [function] [call site] 00055
8 VAS_Fail [function] [call site] 00056
8 _vsb_indent [function] [call site] 00057
8 VSB_extend [function] [call site] 00058
7 strlen [call site] 00059
7 VSB_bcat [function] [call site] 00060
6 strlen [call site] 00061
6 memcmp [call site] 00062
6 strlen [call site] 00063
6 VSB_cat [function] [call site] 00064
6 VSB_cat [function] [call site] 00065
4 VSB_indent [function] [call site] 00066
3 __errno_location [call site] 00067
3 strerror [call site] 00068
3 snprintf [call site] 00069
3 VAS_Fail [function] [call site] 00070
3 syslog [call site] 00071
1 WS_Init [function] [call site] 00072
2 COM_DO_DEBUG [function] [call site] 00073
2 WRK_Log [function] [call site] 00074
2 VAS_Fail [function] [call site] 00075
2 VAS_Fail [function] [call site] 00076
2 VAS_Fail [function] [call site] 00077
2 VAS_Fail [function] [call site] 00078
2 strlen [call site] 00079
2 VAS_Fail [function] [call site] 00080
2 strcpy [call site] 00081
2 WS_Assert [function] [call site] 00082
3 VAS_Fail [function] [call site] 00083
3 VAS_Fail [function] [call site] 00084
3 VAS_Fail [function] [call site] 00085
3 VAS_Fail [function] [call site] 00086
3 VAS_Fail [function] [call site] 00087
3 ws_emu [function] [call site] 00088
4 VAS_Fail [function] [call site] 00089
3 pdiff [function] [call site] 00090
4 VAS_Fail [function] [call site] 00091
4 VAS_Fail [function] [call site] 00092
4 VAS_Fail [function] [call site] 00093
3 VAS_Fail [function] [call site] 00094
3 VAS_Fail [function] [call site] 00095
3 VAS_Fail [function] [call site] 00096
3 VAS_Fail [function] [call site] 00097
3 VAS_Fail [function] [call site] 00098
3 VAS_Fail [function] [call site] 00099
3 VAS_Fail [function] [call site] 00100
3 VAS_Fail [function] [call site] 00101
3 VAS_Fail [function] [call site] 00102
3 VAS_Fail [function] [call site] 00103
3 VAS_Fail [function] [call site] 00104
3 VAS_Fail [function] [call site] 00105
3 COM_DO_DEBUG [function] [call site] 00106
3 pdiff [function] [call site] 00107
3 WRK_Log [function] [call site] 00108
1 VEP_Init [function] [call site] 00109
2 VAS_Fail [function] [call site] 00110
2 VAS_Fail [function] [call site] 00111
2 WS_Alloc [function] [call site] 00112
3 VAS_Fail [function] [call site] 00113
3 ws_emu_alloc [function] [call site] 00114
4 WS_Assert [function] [call site] 00115
4 VAS_Fail [function] [call site] 00116
4 ws_emu [function] [call site] 00117
4 VAS_Fail [function] [call site] 00118
4 WS_MarkOverflow [function] [call site] 00119
5 VAS_Fail [function] [call site] 00120
4 calloc [call site] 00121
4 VAS_Fail [function] [call site] 00122
4 VAS_Fail [function] [call site] 00123
3 WS_Assert [function] [call site] 00124
3 VAS_Fail [function] [call site] 00125
3 COM_DO_DEBUG [function] [call site] 00126
3 WRK_Log [function] [call site] 00127
2 VSLb [function] [call site] 00128
2 VSB_new_auto [function] [call site] 00129
3 VSB_newbuf [function] [call site] 00130
2 VAS_Fail [function] [call site] 00131
2 VSB_printf [function] [call site] 00132
2 z_crc32 [function] [call site] 00133
3 z_crc32_z [function] [call site] 00134
4 crc_word [function] [call site] 00135
4 crc_word [function] [call site] 00136
4 crc_word [function] [call site] 00137
4 crc_word [function] [call site] 00138
4 crc_word [function] [call site] 00139
4 byte_swap [function] [call site] 00140
4 crc_word_big [function] [call site] 00141
4 crc_word_big [function] [call site] 00142
4 crc_word_big [function] [call site] 00143
4 crc_word_big [function] [call site] 00144
4 crc_word_big [function] [call site] 00145
4 byte_swap [function] [call site] 00146
2 z_crc32 [function] [call site] 00147
1 VAS_Fail [function] [call site] 00148
1 VEP_Parse [function] [call site] 00149
2 VAS_Fail [function] [call site] 00150
2 VAS_Fail [function] [call site] 00151
2 vep_mark_common [function] [call site] 00152
3 VAS_Fail [function] [call site] 00153
3 vep_emit_common [function] [call site] 00154
4 VAS_Fail [function] [call site] 00155
4 VAS_Fail [function] [call site] 00156
4 vep_emit_skip [function] [call site] 00157
5 vep_emit_len [function] [call site] 00158
6 VAS_Fail [function] [call site] 00159
6 VAS_Fail [function] [call site] 00160
6 VSB_bcat [function] [call site] 00161
6 vbe16enc [function] [call site] 00162
6 vbe16dec [function] [call site] 00163
6 VAS_Fail [function] [call site] 00164
6 VSB_bcat [function] [call site] 00165
6 vbe64enc [function] [call site] 00166
7 vbe32enc [function] [call site] 00167
7 vbe32enc [function] [call site] 00168
6 vbe64dec [function] [call site] 00169
7 vbe32dec [function] [call site] 00170
6 VAS_Fail [function] [call site] 00171
6 VSB_bcat [function] [call site] 00172
4 vep_emit_verbatim [function] [call site] 00173
5 vep_emit_len [function] [call site] 00174
5 vep_emit_len [function] [call site] 00175
5 vbe32enc [function] [call site] 00176
5 VSB_bcat [function] [call site] 00177
4 z_crc32 [function] [call site] 00178
3 z_crc32_combine [function] [call site] 00179
4 z_crc32_combine64 [function] [call site] 00180
5 x2nmodp [function] [call site] 00181
6 multmodp [function] [call site] 00182
5 multmodp [function] [call site] 00183
3 z_crc32 [function] [call site] 00184
3 VAS_Fail [function] [call site] 00185
3 VAS_Fail [function] [call site] 00186
3 z_crc32 [function] [call site] 00187
2 VAS_Fail [function] [call site] 00188
2 VAS_Fail [function] [call site] 00189
2 VAS_Fail [function] [call site] 00190
2 COM_FEATURE [function] [call site] 00191
2 vep_mark_skip [function] [call site] 00192
3 vep_mark_common [function] [call site] 00193
2 COM_FEATURE [function] [call site] 00194
2 vct_is [function] [call site] 00195
2 vep_mark_verbatim [function] [call site] 00196
3 vep_mark_common [function] [call site] 00197
2 VSLb [function] [call site] 00198
2 VSLb [function] [call site] 00199
2 vep_mark_verbatim [function] [call site] 00200
2 COM_FEATURE [function] [call site] 00201
2 vep_mark_verbatim [function] [call site] 00202
2 vep_mark_verbatim [function] [call site] 00203
2 vep_mark_skip [function] [call site] 00204
2 vep_mark_verbatim [function] [call site] 00205
2 VAS_Fail [function] [call site] 00206
2 vep_mark_verbatim [function] [call site] 00207
2 vep_error [function] [call site] 00208
3 VSLb [function] [call site] 00209
2 vep_mark_skip [function] [call site] 00210
2 vep_mark_skip [function] [call site] 00211
2 vep_error [function] [call site] 00212
2 vep_error [function] [call site] 00213
2 vep_error [function] [call site] 00214
2 vep_error [function] [call site] 00215
2 vep_error [function] [call site] 00216
2 vct_is [function] [call site] 00217
2 VAS_Fail [function] [call site] 00218
2 vep_mark_skip [function] [call site] 00219
2 vep_error [function] [call site] 00220
2 vct_is [function] [call site] 00221
2 vep_error [function] [call site] 00222
2 vep_mark_skip [function] [call site] 00223
2 VSB_destroy [function] [call site] 00224
3 VAS_Fail [function] [call site] 00225
3 _assert_VSB_integrity [function] [call site] 00226
3 VAS_Fail [function] [call site] 00227
3 VAS_Fail [function] [call site] 00228
2 VAS_Fail [function] [call site] 00229
2 VAS_Fail [function] [call site] 00230
2 vct_is [function] [call site] 00231
2 vct_is [function] [call site] 00232
2 vep_error [function] [call site] 00233
2 VAS_Fail [function] [call site] 00234
2 VSB_new_auto [function] [call site] 00235
2 VAS_Fail [function] [call site] 00236
2 vct_is [function] [call site] 00237
2 vep_error [function] [call site] 00238
2 vct_is [function] [call site] 00239
2 VSB_putc [function] [call site] 00240
3 VSB_put_byte [function] [call site] 00241
4 _assert_VSB_integrity [function] [call site] 00242
4 _assert_VSB_state [function] [call site] 00243
4 _vsb_indent [function] [call site] 00244
4 VSB_extend [function] [call site] 00245
2 vep_error [function] [call site] 00246
2 VSB_finish [function] [call site] 00247
3 _assert_VSB_integrity [function] [call site] 00248
3 _assert_VSB_state [function] [call site] 00249
3 __errno_location [call site] 00250
2 VAS_Fail [function] [call site] 00251
2 VSB_destroy [function] [call site] 00252
2 VSB_finish [function] [call site] 00253
2 VAS_Fail [function] [call site] 00254
2 VAS_Fail [function] [call site] 00255
2 vep_match [function] [call site] 00256
3 VAS_Fail [function] [call site] 00257
3 strlen [call site] 00258
3 VAS_Fail [function] [call site] 00259
2 strlen [call site] 00260
2 VAS_Fail [function] [call site] 00261
2 VAS_Fail [function] [call site] 00262
2 vep_match [function] [call site] 00263
2 VAS_Fail [function] [call site] 00264
2 strlen [call site] 00265
2 vep_mark_verbatim [function] [call site] 00266
2 VAS_Fail [function] [call site] 00267
2 vep_mark_skip [function] [call site] 00268
2 vep_mark_skip [function] [call site] 00269
2 vep_mark_pending [function] [call site] 00270
3 VAS_Fail [function] [call site] 00271
3 z_crc32 [function] [call site] 00272
1 VEP_Finish [function] [call site] 00273
2 VAS_Fail [function] [call site] 00274
2 VSB_destroy [function] [call site] 00275
2 VSB_destroy [function] [call site] 00276
2 vep_error [function] [call site] 00277
2 vep_mark_common [function] [call site] 00278
2 vep_emit_common [function] [call site] 00279
2 VSB_finish [function] [call site] 00280
2 VAS_Fail [function] [call site] 00281
2 VSB_len [function] [call site] 00282
3 _assert_VSB_integrity [function] [call site] 00283
2 VSB_destroy [function] [call site] 00284
1 VSB_destroy [function] [call site] 00285
1 WS_Rollback [function] [call site] 00286
2 WS_Assert [function] [call site] 00287
2 ws_ClearOverflow [function] [call site] 00288
3 VAS_Fail [function] [call site] 00289
2 WS_Reset [function] [call site] 00290
3 WS_Assert [function] [call site] 00291
3 VAS_Fail [function] [call site] 00292
3 COM_DO_DEBUG [function] [call site] 00293
3 WRK_Log [function] [call site] 00294
3 WS_Overflowed [function] [call site] 00295
4 VAS_Fail [function] [call site] 00296
3 VAS_Fail [function] [call site] 00297
3 COM_DO_DEBUG [function] [call site] 00298
3 WRK_Log [function] [call site] 00299
3 VAS_Fail [function] [call site] 00300
3 ws_emu [function] [call site] 00301
3 ws_alloc_free [function] [call site] 00302
4 VAS_Fail [function] [call site] 00303
4 VAS_Fail [function] [call site] 00304
3 VAS_Fail [function] [call site] 00305
3 WS_Assert [function] [call site] 00306