Fuzz introspector: fuzz_decode_stream
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2 2 1 :

['abort']

2 2 fuzz_code call site: 00021 /src/xz/tests/ossfuzz/./fuzz_common.h:68
0 25 1 :

['lzma_check_update']

4 64 block_decode call site: 00000 /src/xz/src/liblzma/common/block_decoder.c:128
0 8 1 :

['lzma_bufcpy']

0 8 copy_or_code call site: 00000 /src/xz/src/liblzma/simple/simple_coder.c:27
0 4 1 :

['lzma_free']

0 4 lzma_next_end call site: 00006 /src/xz/src/liblzma/common/common.c:158
0 0 None 4 14 block_decode call site: 00000 /src/xz/src/liblzma/common/block_decoder.c:171
0 0 None 2 465 stream_decode call site: 00000 /src/xz/src/liblzma/common/stream_decoder.c:150
0 0 None 2 465 stream_decode call site: 00000 /src/xz/src/liblzma/common/stream_decoder.c:327
0 0 None 0 88 lzma_block_header_decode call site: 00000 /src/xz/src/liblzma/common/block_header_decoder.c:38
0 0 None 0 59 lzma_block_decoder_init call site: 00000 /src/xz/src/liblzma/common/block_decoder.c:221
0 0 None 0 48 lzma_decode call site: 00000 /src/xz/src/liblzma/lzma/lzma_decoder.c:680
0 0 None 0 23 lzma_lz_decoder_init call site: 00000 /src/xz/src/liblzma/lz/lz_decoder.c:254
0 0 None 0 20 lzma_raw_coder_init call site: 00000 /src/xz/src/liblzma/common/filter_common.c:308

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 lzma_stream_decoder [function] [call site] 00001
2 lzma_strm_init [function] [call site] 00002
3 lzma_alloc [function] [call site] 00003
2 lzma_stream_decoder_init [function] [call site] 00004
3 lzma_stream_decoder_init [function] [call site] 00005
4 lzma_next_end [function] [call site] 00006
5 lzma_free [function] [call site] 00007
4 lzma_alloc [function] [call site] 00008
4 stream_decoder_reset [function] [call site] 00009
5 lzma_index_hash_init [function] [call site] 00010
6 lzma_alloc [function] [call site] 00011
6 lzma_check_init [function] [call site] 00012
7 lzma_sha256_init [function] [call site] 00013
6 lzma_check_init [function] [call site] 00014
2 lzma_end [function] [call site] 00015
3 lzma_next_end [function] [call site] 00016
3 lzma_free [function] [call site] 00017
1 fprintf [call site] 00018
1 abort [call site] 00019
1 fuzz_code [function] [call site] 00020
2 lzma_code [function] [call site] 00021
3 __assert_fail [call site] 00022
2 fprintf [call site] 00023
2 abort [call site] 00024
1 lzma_end [function] [call site] 00025