Fuzz introspector: fuzz
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
6 6 1 :

['is_backward_size_valid']

6 6 lzma_stream_flags_compare call site: 00115 /src/xz/src/liblzma/common/stream_flags_common.c:37
0 31 1 :

['lzma_check_update']

4 65 block_decode call site: 00045 /src/xz/src/liblzma/common/block_decoder.c:129
0 4 1 :

['lzma_free']

0 4 lzma_next_end call site: 00006 /src/xz/src/liblzma/common/common.c:153
0 3 1 :

['lzma_bufcpy']

0 3 copy_or_code call site: 00000 /src/xz/src/liblzma/simple/simple_coder.c:28
0 0 None 4 9 block_decode call site: 00061 /src/xz/src/liblzma/common/block_decoder.c:173
0 0 None 2 553 stream_decode call site: 00011 /src/xz/src/liblzma/common/stream_decoder.c:151
0 0 None 2 553 stream_decode call site: 00115 /src/xz/src/liblzma/common/stream_decoder.c:331
0 0 None 0 90 lzma_block_header_decode call site: 00021 /src/xz/src/liblzma/common/block_header_decoder.c:39
0 0 None 0 57 lzma_block_decoder_init call site: 00041 /src/xz/src/liblzma/common/block_decoder.c:224
0 0 None 0 26 lzma_decode call site: 00000 /src/xz/src/liblzma/lzma/lzma_decoder.c:398
0 0 None 0 23 lzma_lz_decoder_init call site: 00000 /src/xz/src/liblzma/lz/lz_decoder.c:247
0 0 None 0 20 lzma_raw_coder_init call site: 00077 /src/xz/src/liblzma/common/filter_common.c:300

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 lzma_stream_decoder [function] [call site] 00001
2 lzma_strm_init [function] [call site] 00002
3 lzma_alloc [function] [call site] 00003
2 lzma_stream_decoder_init [function] [call site] 00004
3 lzma_stream_decoder_init [function] [call site] 00005
4 lzma_next_end [function] [call site] 00006
5 lzma_free [function] [call site] 00007
4 lzma_alloc [function] [call site] 00008
4 stream_decode [function] [call site] 00009
5 lzma_bufcpy [function] [call site] 00010
5 lzma_stream_header_decode [function] [call site] 00011
6 memcmp [call site] 00012
6 lzma_crc32 [function] [call site] 00013
7 aligned_read32ne [function] [call site] 00014
7 aligned_read32ne [function] [call site] 00015
6 read32le [function] [call site] 00016
7 read32ne [function] [call site] 00017
6 stream_flags_decode [function] [call site] 00018
5 lzma_check_is_supported [function] [call site] 00019
5 lzma_bufcpy [function] [call site] 00020
5 lzma_block_header_decode [function] [call site] 00021
6 lzma_crc32 [function] [call site] 00022
6 read32le [function] [call site] 00023
6 lzma_vli_decode [function] [call site] 00024
6 lzma_block_unpadded_size [function] [call site] 00025
7 lzma_check_size [function] [call site] 00026
6 lzma_vli_decode [function] [call site] 00027
6 lzma_filter_flags_decode [function] [call site] 00028
7 lzma_vli_decode [function] [call site] 00029
7 lzma_vli_decode [function] [call site] 00030
7 lzma_properties_decode [function] [call site] 00031
8 decoder_find [function] [call site] 00032
6 lzma_filters_free [function] [call site] 00033
7 lzma_free [function] [call site] 00034
6 lzma_filters_free [function] [call site] 00035
5 lzma_raw_decoder_memusage [function] [call site] 00036
6 lzma_raw_coder_memusage [function] [call site] 00037
7 lzma_validate_chain [function] [call site] 00038
6 decoder_find [function] [call site] 00039
5 lzma_block_decoder_init [function] [call site] 00040
6 lzma_block_decoder_init [function] [call site] 00041
7 lzma_next_end [function] [call site] 00042
7 lzma_block_unpadded_size [function] [call site] 00043
7 lzma_alloc [function] [call site] 00044
7 block_decode [function] [call site] 00045
8 lzma_check_update [function] [call site] 00046
9 lzma_crc32 [function] [call site] 00047
9 lzma_crc64 [function] [call site] 00048
9 lzma_sha256_update [function] [call site] 00049
10 process [function] [call site] 00050
11 transform [function] [call site] 00051
12 rotr_32 [function] [call site] 00052
12 rotr_32 [function] [call site] 00053
12 rotr_32 [function] [call site] 00054
12 rotr_32 [function] [call site] 00055
12 rotr_32 [function] [call site] 00056
12 rotr_32 [function] [call site] 00057
12 rotr_32 [function] [call site] 00058
12 rotr_32 [function] [call site] 00059
8 is_size_valid [function] [call site] 00060
8 is_size_valid [function] [call site] 00061
8 lzma_check_finish [function] [call site] 00062
9 lzma_sha256_finish [function] [call site] 00063
10 process [function] [call site] 00064
10 process [function] [call site] 00065
8 lzma_check_size [function] [call site] 00066
8 lzma_check_is_supported [function] [call site] 00067
8 memcmp [call site] 00068
7 block_decoder_end [function] [call site] 00069
8 lzma_next_end [function] [call site] 00070
8 lzma_free [function] [call site] 00071
7 lzma_check_size [function] [call site] 00072
7 lzma_check_init [function] [call site] 00073
8 lzma_sha256_init [function] [call site] 00074
7 lzma_raw_decoder_init [function] [call site] 00075
8 lzma_raw_coder_init [function] [call site] 00076
9 lzma_validate_chain [function] [call site] 00077
9 lzma_next_filter_init [function] [call site] 00078
10 lzma_next_end [function] [call site] 00079
9 lzma_next_end [function] [call site] 00080
8 decoder_find [function] [call site] 00081
5 lzma_filters_free [function] [call site] 00082
5 lzma_block_unpadded_size [function] [call site] 00083
5 lzma_index_hash_append [function] [call site] 00084
6 hash_append [function] [call site] 00085
7 vli_ceil4 [function] [call site] 00086
7 lzma_vli_size [function] [call site] 00087
7 lzma_vli_size [function] [call site] 00088
7 lzma_check_update [function] [call site] 00089
6 index_size [function] [call site] 00090
7 index_size_unpadded [function] [call site] 00091
8 lzma_vli_size [function] [call site] 00092
6 index_stream_size [function] [call site] 00093
7 index_size [function] [call site] 00094
5 lzma_index_hash_decode [function] [call site] 00095
6 lzma_vli_decode [function] [call site] 00096
6 lzma_vli_decode [function] [call site] 00097
6 hash_append [function] [call site] 00098
6 index_size_unpadded [function] [call site] 00099
6 lzma_check_finish [function] [call site] 00100
6 lzma_check_finish [function] [call site] 00101
6 lzma_check_size [function] [call site] 00102
6 memcmp [call site] 00103
6 lzma_crc32 [function] [call site] 00104
6 lzma_crc32 [function] [call site] 00105
5 lzma_bufcpy [function] [call site] 00106
5 lzma_stream_footer_decode [function] [call site] 00107
6 memcmp [call site] 00108
6 lzma_crc32 [function] [call site] 00109
6 read32le [function] [call site] 00110
6 stream_flags_decode [function] [call site] 00111
6 read32le [function] [call site] 00112
5 lzma_index_hash_size [function] [call site] 00113
6 index_size [function] [call site] 00114
5 lzma_stream_flags_compare [function] [call site] 00115
6 is_backward_size_valid [function] [call site] 00116
5 stream_decoder_reset [function] [call site] 00117
6 lzma_index_hash_init [function] [call site] 00118
7 lzma_alloc [function] [call site] 00119
7 lzma_check_init [function] [call site] 00120
7 lzma_check_init [function] [call site] 00121
4 stream_decoder_end [function] [call site] 00122
5 lzma_next_end [function] [call site] 00123
5 lzma_index_hash_end [function] [call site] 00124
6 lzma_free [function] [call site] 00125
5 lzma_free [function] [call site] 00126
4 stream_decoder_get_check [function] [call site] 00127
4 stream_decoder_memconfig [function] [call site] 00128
4 stream_decoder_reset [function] [call site] 00129
1 fprintf [call site] 00130
1 abort [call site] 00131
1 lzma_code [function] [call site] 00132
1 fprintf [call site] 00133
1 abort [call site] 00134
1 lzma_end [function] [call site] 00135
2 lzma_next_end [function] [call site] 00136
2 lzma_free [function] [call site] 00137