Fuzz introspector: inspector/light/source_fileszlib_uncompress_fuzzer.cc
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
14 14 2 :

['byte_swap', 'crc_word_big']

14 14 crc32_z call site: 00014 /src/zlib/crc32.c:731
7 7 1 :

['_tr_align']

7 31 deflate call site: 00000 /src/zlib/deflate.c:1212
0 474 6 :

['updatewindow', 'crc32', 'inflate_table', 'fixedtables', 'inflate_fast', 'adler32']

0 474 inflate call site: 00037 /src/zlib/inflate.c:817
0 21 1 :

['crc32']

451 630 deflate call site: 00000 /src/zlib/deflate.c:1160
0 21 1 :

['deflateEnd']

0 21 deflateInit2_ call site: 00000 /src/zlib/deflate.c:499
0 21 1 :

['crc32']

0 21 read_buf call site: 00000 /src/zlib/deflate.c:227
0 17 2 :

['_tr_stored_block', 'flush_pending']

0 17 deflate_stored call site: 00000 /src/zlib/deflate.c:1800
0 7 1 :

['_tr_stored_block']

0 14 _tr_flush_block call site: 00000 /src/zlib/trees.c:1047
0 0 None 451 879 deflate call site: 00000 /src/zlib/deflate.c:974
0 0 None 451 869 deflate call site: 00000 /src/zlib/deflate.c:1009
0 0 None 451 869 deflate call site: 00000 /src/zlib/deflate.c:1011
0 0 None 451 869 deflate call site: 00000 /src/zlib/deflate.c:1013

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 uncompress [function] [call site] 00001
2 uncompress2 [function] [call site] 00002
3 inflateInit_ [function] [call site] 00003
4 inflateInit2_ [function] [call site] 00004
5 inflateReset2 [function] [call site] 00005
6 inflateStateCheck [function] [call site] 00006
6 inflateReset [function] [call site] 00007
7 inflateStateCheck [function] [call site] 00008
7 inflateResetKeep [function] [call site] 00009
8 inflateStateCheck [function] [call site] 00010
3 inflate [function] [call site] 00011
4 inflateStateCheck [function] [call site] 00012
4 crc32 [function] [call site] 00013
5 crc32_z [function] [call site] 00014
6 crc_word [function] [call site] 00015
6 crc_word [function] [call site] 00016
6 crc_word [function] [call site] 00017
6 crc_word [function] [call site] 00018
6 crc_word [function] [call site] 00019
6 byte_swap [function] [call site] 00020
6 crc_word_big [function] [call site] 00021
6 crc_word_big [function] [call site] 00022
6 crc_word_big [function] [call site] 00023
6 crc_word_big [function] [call site] 00024
6 crc_word_big [function] [call site] 00025
6 byte_swap [function] [call site] 00026
4 crc32 [function] [call site] 00027
4 adler32 [function] [call site] 00028
5 adler32_z [function] [call site] 00029
4 crc32 [function] [call site] 00030
4 crc32 [function] [call site] 00031
4 crc32 [function] [call site] 00032
4 crc32 [function] [call site] 00033
4 crc32 [function] [call site] 00034
4 crc32 [function] [call site] 00035
4 crc32 [function] [call site] 00036
4 crc32 [function] [call site] 00037
4 adler32 [function] [call site] 00038
4 fixedtables [function] [call site] 00039
4 inflate_table [function] [call site] 00040
4 inflate_table [function] [call site] 00041
4 inflate_table [function] [call site] 00042
4 inflate_fast [function] [call site] 00043
4 crc32 [function] [call site] 00044
4 adler32 [function] [call site] 00045
4 updatewindow [function] [call site] 00046
4 crc32 [function] [call site] 00047
4 adler32 [function] [call site] 00048
3 inflateEnd [function] [call site] 00049
4 inflateStateCheck [function] [call site] 00050