Fuzz introspector: inspector/source-codezlib_uncompress_fuzzer.cc
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
14 14 2 :

['crc_word_big', 'byte_swap']

14 14 crc32_z call site: 00014 /src/zlib/crc32.c:731
8 8 2 :

['malloc', 'strlen']

8 8 gz_error call site: 00000 /src/zlib/gzlib.c:546
4 17 3 :

['__errno_location', 'strerror', 'gz_error']

4 17 gz_load call site: 00000 /src/zlib/gzread.c:27
2 2 1 :

['perror']

2 2 file_compress call site: 00000 /src/minigzip_fuzzer.c:385
2 2 1 :

['perror']

2 2 file_uncompress call site: 00000 /src/minigzip_fuzzer.c:434
0 510 1 :

['gz_zero']

2 1048 gzclose_w call site: 00000 /src/zlib/gzwrite.c:609
0 510 1 :

['gz_zero']

0 2016 gz_write call site: 00000 /src/zlib/gzwrite.c:185
0 502 1 :

['gz_comp']

0 502 gzvprintf call site: 00000 /src/zlib/gzwrite.c:418
0 423 1 :

['gz_skip']

0 1230 gz_read call site: 00000 /src/zlib/gzread.c:277
0 70 1 :

['deflateReset']

6 505 gz_comp call site: 00000 /src/zlib/gzwrite.c:90
0 59 3 :

['_tr_stored_block', 'read_buf', 'flush_pending']

0 59 deflate_stored call site: 00000 /src/zlib/deflate.c:1757
0 25 1 :

['gzrewind']

0 25 gzseek64 call site: 00000 /src/zlib/gzlib.c:387

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 uncompress [function] [call site] 00001
2 uncompress2 [function] [call site] 00002
3 inflateInit_ [function] [call site] 00003
4 inflateInit2_ [function] [call site] 00004
5 inflateReset2 [function] [call site] 00005
6 inflateStateCheck [function] [call site] 00006
6 inflateReset [function] [call site] 00007
7 inflateStateCheck [function] [call site] 00008
7 inflateResetKeep [function] [call site] 00009
8 inflateStateCheck [function] [call site] 00010
3 inflate [function] [call site] 00011
4 inflateStateCheck [function] [call site] 00012
4 crc32 [function] [call site] 00013
5 crc32_z [function] [call site] 00014
6 crc_word [function] [call site] 00015
6 crc_word [function] [call site] 00016
6 crc_word [function] [call site] 00017
6 crc_word [function] [call site] 00018
6 crc_word [function] [call site] 00019
6 byte_swap [function] [call site] 00020
6 crc_word_big [function] [call site] 00021
6 crc_word_big [function] [call site] 00022
6 crc_word_big [function] [call site] 00023
6 crc_word_big [function] [call site] 00024
6 crc_word_big [function] [call site] 00025
6 byte_swap [function] [call site] 00026
4 crc32 [function] [call site] 00027
4 adler32 [function] [call site] 00028
5 adler32_z [function] [call site] 00029
4 crc32 [function] [call site] 00030
4 crc32 [function] [call site] 00031
4 crc32 [function] [call site] 00032
4 crc32 [function] [call site] 00033
4 crc32 [function] [call site] 00034
4 crc32 [function] [call site] 00035
4 crc32 [function] [call site] 00036
4 crc32 [function] [call site] 00037
4 adler32 [function] [call site] 00038
4 fixedtables [function] [call site] 00039
4 inflate_table [function] [call site] 00040
4 inflate_table [function] [call site] 00041
4 inflate_table [function] [call site] 00042
4 inflate_fast [function] [call site] 00043
4 crc32 [function] [call site] 00044
4 adler32 [function] [call site] 00045
4 updatewindow [function] [call site] 00046
4 crc32 [function] [call site] 00047
4 adler32 [function] [call site] 00048
3 inflateEnd [function] [call site] 00049
4 inflateStateCheck [function] [call site] 00050