Fuzz introspector: fuzz/raster_fuzzer.c
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
17 60 cairo_pdf_surface_set_metadata call site: {node_id} iso8601_to_pdf_date_string
17 175 cairo_surface_destroy call site: {node_id} cairo_device_destroy
7 29 cairo_image_surface_get_height call site: {node_id} cairo_set_source
6 106 _cairo_pdf_interchange_set_metadata call site: {node_id}
5 53 _extract_pdf_surface call site: {node_id} cairo_pdf_surface_set_metadata
5 128 cairo_list_is_empty call site: {node_id} _cairo_surface_detach_snapshot
4 113 cairo_pdf_surface_set_metadata call site: {node_id} cairo_surface_destroy
4 162 cairo_region_destroy call site: {node_id} _cairo_region_fini
3 8 fuzzer_get_tmpfile call site: {node_id}
3 12 fuzzer_get_tmpfile call site: {node_id}
3 22 fuzzer_release_tmpfile call site: {node_id} cairo_create
3 49 _cairo_paginated_surface_get_target call site: {node_id} _cairo_surface_set_error

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 fuzzer_get_tmpfile [function] [call site] 00001
2 strdup [call site] 00002
2 perror [call site] 00003
2 abort [call site] 00004
2 mkstemp [call site] 00005
2 perror [call site] 00006
2 abort [call site] 00007
2 fdopen [call site] 00008
2 perror [call site] 00009
2 close [call site] 00010
2 abort [call site] 00011
2 fwrite [call site] 00012
2 close [call site] 00013
2 fprintf [call site] 00014
2 abort [call site] 00015
2 fclose [call site] 00016
1 cairo_image_surface_create_from_png [call site] 00017
1 cairo_surface_status [function] [call site] 00018
1 fuzzer_release_tmpfile [function] [call site] 00019
2 unlink [call site] 00020
2 perror [call site] 00021
2 free [call site] 00022
1 cairo_create [call site] 00023
1 cairo_surface_get_content [function] [call site] 00024
1 cairo_image_surface_get_width [function] [call site] 00025
2 _cairo_surface_is_image [function] [call site] 00026
2 _cairo_error_throw [call site] 00027
1 cairo_image_surface_get_height [function] [call site] 00028
2 _cairo_surface_is_image [function] [call site] 00029
2 _cairo_error_throw [call site] 00030
1 calloc [call site] 00031
1 memcpy [call site] 00032
1 cairo_pattern_create_raster_source [call site] 00033
1 cairo_raster_source_pattern_set_acquire [function] [call site] 00034
1 cairo_set_source [call site] 00035
1 cairo_pdf_surface_set_page_label [function] [call site] 00036
2 _extract_pdf_surface [function] [call site] 00037
3 _cairo_surface_set_error [function] [call site] 00038
4 _cairo_status_set_error [call site] 00039
4 _cairo_error [function] [call site] 00040
5 assert [call site] 00041
5 _cairo_status_is_error [call site] 00042
3 _cairo_error [function] [call site] 00043
3 _cairo_surface_is_paginated [function] [call site] 00044
3 _cairo_surface_set_error [function] [call site] 00045
3 _cairo_error [function] [call site] 00046
3 _cairo_paginated_surface_get_target [function] [call site] 00047
4 assert [call site] 00048
4 _cairo_surface_is_paginated [function] [call site] 00049
3 _cairo_surface_set_error [function] [call site] 00050
3 _cairo_surface_set_error [function] [call site] 00051
3 _cairo_error [function] [call site] 00052
3 _cairo_surface_is_pdf [function] [call site] 00053
3 _cairo_surface_set_error [function] [call site] 00054
3 _cairo_error [function] [call site] 00055
2 free [call site] 00056
2 strdup [call site] 00057
1 cairo_pdf_surface_set_metadata [function] [call site] 00058
2 _extract_pdf_surface [function] [call site] 00059
2 _cairo_pdf_interchange_set_metadata [function] [call site] 00060
3 iso8601_to_pdf_date_string [function] [call site] 00061
4 _cairo_isdigit [function] [call site] 00062
4 strcpy [call site] 00063
4 strlen [call site] 00064
4 strncat [call site] 00065
4 strlen [call site] 00066
4 strncat [call site] 00067
4 strlen [call site] 00068
4 strncat [call site] 00069
4 strlen [call site] 00070
4 strncat [call site] 00071
4 strcat [call site] 00072
4 strlen [call site] 00073
4 strncat [call site] 00074
4 strcat [call site] 00075
4 strcat [call site] 00076
4 strdup [call site] 00077
3 _cairo_utf8_to_pdf_string [function] [call site] 00078
4 _cairo_malloc [call site] 00079
4 _cairo_error [function] [call site] 00080
4 _cairo_utf8_to_utf16 [function] [call site] 00081
5 _utf8_get_char_extended [function] [call site] 00082
6 UTF8_LENGTH [call site] 00083
5 UNICODE_VALID [call site] 00084
5 _cairo_error [function] [call site] 00085
5 _cairo_error [function] [call site] 00086
5 UTF8_NEXT_CHAR [call site] 00087
5 _cairo_malloc_ab [function] [call site] 00088
6 _cairo_mul_size_t_overflow [call site] 00089
6 _cairo_malloc [call site] 00090
5 _cairo_error [function] [call site] 00091
5 _utf8_get_char [function] [call site] 00092
6 UTF8_COMPUTE [call site] 00093
6 UTF8_GET [call site] 00094
5 _cairo_ucs4_to_utf16 [function] [call site] 00095
5 UTF8_NEXT_CHAR [call site] 00096
4 unlikely [call site] 00097
4 _cairo_malloc [call site] 00098
4 free [call site] 00099
4 _cairo_error [function] [call site] 00100
4 strcpy [call site] 00101
4 snprintf [call site] 00102
4 strcat [call site] 00103
4 free [call site] 00104
3 unlikely [call site] 00105
3 free [call site] 00106
3 free [call site] 00107
3 free [call site] 00108
3 free [call site] 00109
3 free [call site] 00110
3 free [call site] 00111
3 free [call site] 00112
2 _cairo_surface_set_error [function] [call site] 00113
1 cairo_paint [call site] 00114
1 cairo_destroy [call site] 00115
1 cairo_pattern_destroy [call site] 00116
1 cairo_surface_destroy [function] [call site] 00117
2 CAIRO_REFERENCE_COUNT_IS_INVALID [call site] 00118
2 assert [call site] 00119
2 CAIRO_REFERENCE_COUNT_HAS_REFERENCE [call site] 00120
2 _cairo_reference_count_dec_and_test [call site] 00121
2 assert [call site] 00122
2 _cairo_surface_finish_snapshots [function] [call site] 00123
3 _cairo_surface_flush [function] [call site] 00124
4 _cairo_surface_detach_snapshots [function] [call site] 00125
5 _cairo_surface_has_snapshots [function] [call site] 00126
6 cairo_list_is_empty [function] [call site] 00127
7 cairo_list_validate [function] [call site] 00128
8 cairo_list_foreach [call site] 00129
8 _cairo_list_validate [function] [call site] 00130
9 assert [call site] 00131
9 assert [call site] 00132
5 _cairo_surface_detach_snapshot [function] [call site] 00133
6 assert [call site] 00134
6 cairo_list_del [function] [call site] 00135
7 _cairo_list_del [function] [call site] 00136
8 __cairo_list_del [function] [call site] 00137
7 cairo_list_init [function] [call site] 00138
6 cairo_surface_destroy [function] [call site] 00139
5 cairo_list_first_entry [call site] 00140
4 _cairo_surface_detach_snapshot [function] [call site] 00141
4 _cairo_surface_detach_mime_data [function] [call site] 00142
5 _cairo_surface_has_mime_data [function] [call site] 00143
5 _cairo_user_data_array_fini [function] [call site] 00144
6 _cairo_array_index [function] [call site] 00145
7 assert [call site] 00146
6 _cairo_array_fini [function] [call site] 00147
7 free [call site] 00148
5 _cairo_user_data_array_init [function] [call site] 00149
6 _cairo_array_init [function] [call site] 00150
4 __cairo_surface_flush [function] [call site] 00151
2 CAIRO_REFERENCE_COUNT_GET_VALUE [call site] 00152
2 _cairo_surface_finish [function] [call site] 00153
3 unlikely [call site] 00154
3 _cairo_surface_set_error [function] [call site] 00155
3 assert [call site] 00156
3 assert [call site] 00157
3 _cairo_surface_has_snapshots [function] [call site] 00158
2 _cairo_damage_destroy [function] [call site] 00159
3 free [call site] 00160
3 cairo_region_destroy [function] [call site] 00161
4 CAIRO_REFERENCE_COUNT_IS_INVALID [call site] 00162
4 assert [call site] 00163
4 CAIRO_REFERENCE_COUNT_HAS_REFERENCE [call site] 00164
4 _cairo_reference_count_dec_and_test [call site] 00165
4 _cairo_region_fini [function] [call site] 00166
5 assert [call site] 00167
5 CAIRO_REFERENCE_COUNT_HAS_REFERENCE [call site] 00168
5 pixman_region32_fini [call site] 00169
5 VG [call site] 00170
5 VALGRIND_MAKE_MEM_UNDEFINED [call site] 00171
4 free [call site] 00172
3 free [call site] 00173
2 _cairo_user_data_array_fini [function] [call site] 00174
2 _cairo_user_data_array_fini [function] [call site] 00175
2 cairo_pattern_destroy [call site] 00176
2 cairo_device_destroy [function] [call site] 00177
3 CAIRO_REFERENCE_COUNT_IS_INVALID [call site] 00178
3 assert [call site] 00179
3 CAIRO_REFERENCE_COUNT_HAS_REFERENCE [call site] 00180
3 _cairo_reference_count_dec_and_test [call site] 00181
3 cairo_device_finish [function] [call site] 00182
4 CAIRO_REFERENCE_COUNT_IS_INVALID [call site] 00183
4 cairo_device_flush [function] [call site] 00184
5 unlikely [call site] 00185
5 _cairo_device_set_error [function] [call site] 00186
6 _cairo_status_set_error [call site] 00187
6 _cairo_error [function] [call site] 00188
3 assert [call site] 00189
3 CAIRO_MUTEX_FINI [call site] 00190
3 _cairo_user_data_array_fini [function] [call site] 00191
2 _cairo_font_options_fini [function] [call site] 00192
3 free [call site] 00193
3 free [call site] 00194
2 assert [call site] 00195
2 assert [call site] 00196
2 _cairo_surface_has_snapshots [function] [call site] 00197
2 assert [call site] 00198
2 CAIRO_REFERENCE_COUNT_HAS_REFERENCE [call site] 00199
2 free [call site] 00200
1 free [call site] 00201
1 fuzzer_release_tmpfile [function] [call site] 00202