Fuzz introspector: wget_read_hunk_fuzzer
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
725 2055 19 :

['gnutls_crypto_single_digest_register', 'read_cpuid_vals', '_gnutls_log', 'padlock_capability', 'check_avx_movbe', 'check_padlock', '_gnutls_priority_update_non_aesni', 'check_ssse3', 'check_phe_sha512', 'check_sha', 'capabilities_to_intel_cpuid', 'gnutls_crypto_single_cipher_register', 'check_optimized_aes', 'check_phe_partial', 'gnutls_crypto_single_mac_register', 'check_phe', 'capabilities_to_zhaoxin_edx', 'check_pclmul', 'check_fast_pclmul']

725 2055 register_x86_padlock_crypto call site: 00000 /src/gnutls/lib/accelerated/x86/x86-common.c:388
490 490 2 :

['sock_read', 'poll_internal']

490 490 fd_read call site: 00171 /src/wget/src/connect.c:946
490 490 2 :

['sock_peek', 'poll_internal']

490 490 fd_peek call site: 00025 /src/wget/src/connect.c:972
472 472 12 :

['fseek', 'pthread_rwlock_wrlock', 'cfg_apply', 'ini_parse_file', 'gnutls_strerror', 'ini_ctx_deinit', 'construct_system_wide_priority_string', 'fclose', '_name_val_array_clear', 'fopen', '_gnutls_buffer_clear', 'update_system_wide_priority_string']

604 604 _gnutls_update_system_priorities call site: 00000 /src/gnutls/lib/priority.c:2314
48 48 1 :

['capabilities_to_intel_cpuid']

440 1304 register_x86_intel_crypto call site: 00000 /src/gnutls/lib/accelerated/x86/x86-common.c:911
25 30 2 :

['find_cell', 'grow_hash_table']

25 30 hash_table_put call site: 00014 /src/wget/src/hash.c:436
18 18 1 :

['_gnutls_asn2err']

40 40 _gnutls_global_init call site: 00000 /src/gnutls/lib/global.c:293
16 16 1 :

['_asn1_delete_list_and_nodes']

16 16 asn1_array2tree call site: 00000 /src/gnutls/lib/minitasn1/structure.c:272
12 12 2 :

['atoi', '_gnutls_log']

22 1558 lib_init call site: 00000 /src/gnutls/lib/global.c:503
10 10 1 :

['_gnutls_log']

10 10 register_x86_intel_crypto call site: 00000 /src/gnutls/lib/accelerated/x86/x86-common.c:1170
10 10 1 :

['_gnutls_log']

10 10 _algo_register call site: 00000 /src/gnutls/lib/crypto-backend.c:67
10 10 1 :

['_gnutls_log']

10 10 _algo_register call site: 00000 /src/gnutls/lib/crypto-backend.c:87

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 calloc [call site] 00001
1 fd_register_transport [function] [call site] 00002
2 xmalloc [function] [call site] 00003
3 nonnull [function] [call site] 00004
4 xalloc_die [function] [call site] 00005
5 dgettext [call site] 00006
5 abort [call site] 00007
2 hash_table_new [function] [call site] 00008
3 xmalloc [function] [call site] 00009
3 prime_size [function] [call site] 00010
4 abort [call site] 00011
3 xmalloc [function] [call site] 00012
2 hash_table_put [function] [call site] 00013
3 find_cell [function] [call site] 00014
3 grow_hash_table [function] [call site] 00015
4 prime_size [function] [call site] 00016
4 xmalloc [function] [call site] 00017
4 rpl_free [function] [call site] 00018
5 __errno_location [call site] 00019
5 __errno_location [call site] 00020
3 find_cell [function] [call site] 00021
1 fd_read_hunk [function] [call site] 00022
2 xmalloc [function] [call site] 00023
2 fd_peek [function] [call site] 00024
3 hash_table_get [function] [call site] 00025
4 find_cell [function] [call site] 00026
3 poll_internal [function] [call site] 00027
4 sock_poll [function] [call site] 00028
5 select_fd [function] [call site] 00029
6 select_fd_internal [function] [call site] 00030
7 gettext [call site] 00031
7 logprintf [function] [call site] 00032
8 __errno_location [call site] 00033
8 check_redirect_output [function] [call site] 00034
9 tcgetpgrp [call site] 00035
9 getpgrp [call site] 00036
9 redirect_output [function] [call site] 00037
10 fprintf [call site] 00038
10 unique_create [function] [call site] 00039
11 unique_name [function] [call site] 00040
12 file_exists_p [function] [call site] 00041
13 __errno_location [call site] 00042
13 stat [call site] 00043
13 getuid [call site] 00044
13 group_member [call site] 00045
13 __errno_location [call site] 00046
13 __errno_location [call site] 00047
12 xstrdup [function] [call site] 00048
13 strlen [call site] 00049
13 xmemdup [function] [call site] 00050
14 xmalloc [function] [call site] 00051
11 fopen_excl [function] [call site] 00052
12 open [call site] 00053
12 fdopen [call site] 00054
11 __errno_location [call site] 00055
11 rpl_free [function] [call site] 00056
11 unique_name [function] [call site] 00057
11 rpl_free [function] [call site] 00058
11 rpl_free [function] [call site] 00059
10 gettext [call site] 00060
10 quote [function] [call site] 00061
11 quote_n [function] [call site] 00062
12 quote_n_mem [function] [call site] 00063
13 quotearg_n_options [function] [call site] 00064
14 __errno_location [call site] 00065
14 abort [call site] 00066
14 xpalloc [function] [call site] 00067
15 xalloc_die [function] [call site] 00068
15 xrealloc [function] [call site] 00069
16 realloc [call site] 00070
16 xalloc_die [function] [call site] 00071
14 quotearg_buffer_restyled [function] [call site] 00072
15 __ctype_get_mb_cur_max [call site] 00073
15 gettext_quote [function] [call site] 00074
16 dgettext [call site] 00075
16 locale_charset [function] [call site] 00076
17 nl_langinfo [call site] 00077
16 c_strcasecmp [function] [call site] 00078
17 c_tolower [function] [call site] 00079
17 c_tolower [function] [call site] 00080
16 c_strcasecmp [function] [call site] 00081
15 gettext_quote [function] [call site] 00082
15 strlen [call site] 00083
15 abort [call site] 00084
15 strlen [call site] 00085
15 memcmp [call site] 00086
15 __ctype_b_loc [call site] 00087
15 strlen [call site] 00088
15 rpl_mbrtowc [function] [call site] 00089
16 mbrtowc [call site] 00090
16 hard_locale [function] [call site] 00091
17 setlocale_null_r [function] [call site] 00092
18 setlocale_null_unlocked [function] [call site] 00093
19 setlocale_null_androidfix [function] [call site] 00094
20 setlocale [call site] 00095
19 strlen [call site] 00096
17 strcmp [call site] 00097
15 iswprint [call site] 00098
15 mbsinit [call site] 00099
15 quotearg_buffer_restyled [function] [call site] 00100
16 quotearg_buffer_restyled [function] [call site] 00101
14 rpl_free [function] [call site] 00102
14 xcharalloc [function] [call site] 00103
15 xmalloc [function] [call site] 00104
14 quotearg_buffer_restyled [function] [call site] 00105
14 __errno_location [call site] 00106
10 log_dump_context [function] [call site] 00107
11 get_log_fp [function] [call site] 00108
11 get_warc_log_fp [function] [call site] 00109
11 fputs [call site] 00110
11 fputs [call site] 00111
11 fputs [call site] 00112
11 fputs [call site] 00113
11 rpl_fflush [function] [call site] 00114
12 __freading [call site] 00115
12 fflush [call site] 00116
12 clear_ungetc_buffer_preserving_position [function] [call site] 00117
13 rpl_fseeko [function] [call site] 00118
14 fileno [call site] 00119
14 fseeko [call site] 00120
12 fflush [call site] 00121
11 rpl_fflush [function] [call site] 00122
10 gettext [call site] 00123
10 __errno_location [call site] 00124
10 gettext [call site] 00125
10 quote [function] [call site] 00126
10 log_dump_context [function] [call site] 00127
10 log_dump_context [function] [call site] 00128
9 redirect_output [function] [call site] 00129
8 __errno_location [call site] 00130
8 log_vprintf_internal [function] [call site] 00131
9 get_log_fp [function] [call site] 00132
9 get_warc_log_fp [function] [call site] 00133
9 vfprintf [call site] 00134
9 vsnprintf [call site] 00135
9 xrealloc [function] [call site] 00136
9 xrealloc [function] [call site] 00137
9 saved_append [function] [call site] 00138
10 strchr [call site] 00139
10 strlen [call site] 00140
10 saved_append_1 [function] [call site] 00141
11 free_log_line [function] [call site] 00142
12 rpl_free [function] [call site] 00143
11 strdupdelim [function] [call site] 00144
12 xmalloc [function] [call site] 00145
12 xstrdup [function] [call site] 00146
11 strlen [call site] 00147
11 xrealloc [function] [call site] 00148
11 strlen [call site] 00149
11 xmalloc [function] [call site] 00150
9 fputs [call site] 00151
9 fputs [call site] 00152
9 rpl_free [function] [call site] 00153
9 logflush [function] [call site] 00154
10 get_log_fp [function] [call site] 00155
10 get_warc_log_fp [function] [call site] 00156
10 rpl_fflush [function] [call site] 00157
10 rpl_fflush [function] [call site] 00158
8 __errno_location [call site] 00159
8 exit_wget [function] [call site] 00160
7 exit_wget [function] [call site] 00161
7 select [call site] 00162
7 __errno_location [call site] 00163
4 __errno_location [call site] 00164
3 sock_peek [function] [call site] 00165
4 recv [call site] 00166
4 __errno_location [call site] 00167
2 rpl_free [function] [call site] 00168
2 xrealloc [function] [call site] 00169
2 fd_read [function] [call site] 00170
3 hash_table_get [function] [call site] 00171
3 poll_internal [function] [call site] 00172
3 sock_read [function] [call site] 00173
4 read [call site] 00174
4 __errno_location [call site] 00175
2 rpl_free [function] [call site] 00176
2 rpl_free [function] [call site] 00177
2 __errno_location [call site] 00178
2 rpl_free [function] [call site] 00179
2 __errno_location [call site] 00180
2 xrealloc [function] [call site] 00181
1 response_head_terminator [function] [call site] 00182
2 memcmp [call site] 00183
1 rpl_free [function] [call site] 00184
1 connect_cleanup [function] [call site] 00185
2 hash_table_iterate [function] [call site] 00186
2 rpl_free [function] [call site] 00187
2 hash_table_destroy [function] [call site] 00188
3 rpl_free [function] [call site] 00189
3 rpl_free [function] [call site] 00190
1 rpl_free [function] [call site] 00191