Fuzz introspector: fuzz/pdf_surface_fuzzer.c
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
17 45 cairo_pdf_surface_set_metadata call site: {node_id} iso8601_to_pdf_date_string
17 169 cairo_surface_destroy call site: {node_id} cairo_device_destroy
6 91 _cairo_pdf_interchange_set_metadata call site: {node_id}
5 122 cairo_list_is_empty call site: {node_id} _cairo_surface_detach_snapshot
4 156 cairo_region_destroy call site: {node_id} _cairo_region_fini
3 8 fuzzer_get_tmpfile call site: {node_id}
3 12 fuzzer_get_tmpfile call site: {node_id}
3 38 _cairo_paginated_surface_get_target call site: {node_id} _cairo_surface_set_error
3 108 cairo_tag_end call site: {node_id} cairo_surface_destroy
3 152 _cairo_surface_finish call site: {node_id} _cairo_damage_destroy
2 2 fuzzer_get_tmpfile call site: {node_id}
2 5 fuzzer_get_tmpfile call site: {node_id}

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 fuzzer_get_tmpfile [function] [call site] 00001
2 strdup [call site] 00002
2 perror [call site] 00003
2 abort [call site] 00004
2 mkstemp [call site] 00005
2 perror [call site] 00006
2 abort [call site] 00007
2 fdopen [call site] 00008
2 perror [call site] 00009
2 close [call site] 00010
2 abort [call site] 00011
2 fwrite [call site] 00012
2 close [call site] 00013
2 fprintf [call site] 00014
2 abort [call site] 00015
2 fclose [call site] 00016
1 cairo_pdf_surface_create [call site] 00017
1 cairo_surface_status [function] [call site] 00018
1 fuzzer_release_tmpfile [function] [call site] 00019
2 unlink [call site] 00020
2 perror [call site] 00021
2 free [call site] 00022
1 calloc [call site] 00023
1 memcpy [call site] 00024
1 cairo_pdf_surface_set_metadata [function] [call site] 00025
2 _extract_pdf_surface [function] [call site] 00026
3 _cairo_surface_set_error [function] [call site] 00027
4 _cairo_status_set_error [call site] 00028
4 _cairo_error [function] [call site] 00029
5 assert [call site] 00030
5 _cairo_status_is_error [call site] 00031
3 _cairo_error [function] [call site] 00032
3 _cairo_surface_is_paginated [function] [call site] 00033
3 _cairo_surface_set_error [function] [call site] 00034
3 _cairo_error [function] [call site] 00035
3 _cairo_paginated_surface_get_target [function] [call site] 00036
4 assert [call site] 00037
4 _cairo_surface_is_paginated [function] [call site] 00038
3 _cairo_surface_set_error [function] [call site] 00039
3 _cairo_surface_set_error [function] [call site] 00040
3 _cairo_error [function] [call site] 00041
3 _cairo_surface_is_pdf [function] [call site] 00042
3 _cairo_surface_set_error [function] [call site] 00043
3 _cairo_error [function] [call site] 00044
2 _cairo_pdf_interchange_set_metadata [function] [call site] 00045
3 iso8601_to_pdf_date_string [function] [call site] 00046
4 _cairo_isdigit [function] [call site] 00047
4 strcpy [call site] 00048
4 strlen [call site] 00049
4 strncat [call site] 00050
4 strlen [call site] 00051
4 strncat [call site] 00052
4 strlen [call site] 00053
4 strncat [call site] 00054
4 strlen [call site] 00055
4 strncat [call site] 00056
4 strcat [call site] 00057
4 strlen [call site] 00058
4 strncat [call site] 00059
4 strcat [call site] 00060
4 strcat [call site] 00061
4 strdup [call site] 00062
3 _cairo_utf8_to_pdf_string [function] [call site] 00063
4 _cairo_malloc [call site] 00064
4 _cairo_error [function] [call site] 00065
4 _cairo_utf8_to_utf16 [function] [call site] 00066
5 _utf8_get_char_extended [function] [call site] 00067
6 UTF8_LENGTH [call site] 00068
5 UNICODE_VALID [call site] 00069
5 _cairo_error [function] [call site] 00070
5 _cairo_error [function] [call site] 00071
5 UTF8_NEXT_CHAR [call site] 00072
5 _cairo_malloc_ab [function] [call site] 00073
6 _cairo_mul_size_t_overflow [call site] 00074
6 _cairo_malloc [call site] 00075
5 _cairo_error [function] [call site] 00076
5 _utf8_get_char [function] [call site] 00077
6 UTF8_COMPUTE [call site] 00078
6 UTF8_GET [call site] 00079
5 _cairo_ucs4_to_utf16 [function] [call site] 00080
5 UTF8_NEXT_CHAR [call site] 00081
4 unlikely [call site] 00082
4 _cairo_malloc [call site] 00083
4 free [call site] 00084
4 _cairo_error [function] [call site] 00085
4 strcpy [call site] 00086
4 snprintf [call site] 00087
4 strcat [call site] 00088
4 free [call site] 00089
3 unlikely [call site] 00090
3 free [call site] 00091
3 free [call site] 00092
3 free [call site] 00093
3 free [call site] 00094
3 free [call site] 00095
3 free [call site] 00096
3 free [call site] 00097
2 _cairo_surface_set_error [function] [call site] 00098
1 cairo_create [call site] 00099
1 cairo_tag_begin [function] [call site] 00100
2 unlikely [call site] 00101
2 unlikely [call site] 00102
2 _cairo_set_error [function] [call site] 00103
3 _cairo_status_set_error [call site] 00104
3 _cairo_error [function] [call site] 00105
1 cairo_tag_end [function] [call site] 00106
2 unlikely [call site] 00107
2 unlikely [call site] 00108
2 _cairo_set_error [function] [call site] 00109
1 cairo_destroy [call site] 00110
1 cairo_surface_destroy [function] [call site] 00111
2 CAIRO_REFERENCE_COUNT_IS_INVALID [call site] 00112
2 assert [call site] 00113
2 CAIRO_REFERENCE_COUNT_HAS_REFERENCE [call site] 00114
2 _cairo_reference_count_dec_and_test [call site] 00115
2 assert [call site] 00116
2 _cairo_surface_finish_snapshots [function] [call site] 00117
3 _cairo_surface_flush [function] [call site] 00118
4 _cairo_surface_detach_snapshots [function] [call site] 00119
5 _cairo_surface_has_snapshots [function] [call site] 00120
6 cairo_list_is_empty [function] [call site] 00121
7 cairo_list_validate [function] [call site] 00122
8 cairo_list_foreach [call site] 00123
8 _cairo_list_validate [function] [call site] 00124
9 assert [call site] 00125
9 assert [call site] 00126
5 _cairo_surface_detach_snapshot [function] [call site] 00127
6 assert [call site] 00128
6 cairo_list_del [function] [call site] 00129
7 _cairo_list_del [function] [call site] 00130
8 __cairo_list_del [function] [call site] 00131
7 cairo_list_init [function] [call site] 00132
6 cairo_surface_destroy [function] [call site] 00133
5 cairo_list_first_entry [call site] 00134
4 _cairo_surface_detach_snapshot [function] [call site] 00135
4 _cairo_surface_detach_mime_data [function] [call site] 00136
5 _cairo_surface_has_mime_data [function] [call site] 00137
5 _cairo_user_data_array_fini [function] [call site] 00138
6 _cairo_array_index [function] [call site] 00139
7 assert [call site] 00140
6 _cairo_array_fini [function] [call site] 00141
7 free [call site] 00142
5 _cairo_user_data_array_init [function] [call site] 00143
6 _cairo_array_init [function] [call site] 00144
4 __cairo_surface_flush [function] [call site] 00145
2 CAIRO_REFERENCE_COUNT_GET_VALUE [call site] 00146
2 _cairo_surface_finish [function] [call site] 00147
3 unlikely [call site] 00148
3 _cairo_surface_set_error [function] [call site] 00149
3 assert [call site] 00150
3 assert [call site] 00151
3 _cairo_surface_has_snapshots [function] [call site] 00152
2 _cairo_damage_destroy [function] [call site] 00153
3 free [call site] 00154
3 cairo_region_destroy [function] [call site] 00155
4 CAIRO_REFERENCE_COUNT_IS_INVALID [call site] 00156
4 assert [call site] 00157
4 CAIRO_REFERENCE_COUNT_HAS_REFERENCE [call site] 00158
4 _cairo_reference_count_dec_and_test [call site] 00159
4 _cairo_region_fini [function] [call site] 00160
5 assert [call site] 00161
5 CAIRO_REFERENCE_COUNT_HAS_REFERENCE [call site] 00162
5 pixman_region32_fini [call site] 00163
5 VG [call site] 00164
5 VALGRIND_MAKE_MEM_UNDEFINED [call site] 00165
4 free [call site] 00166
3 free [call site] 00167
2 _cairo_user_data_array_fini [function] [call site] 00168
2 _cairo_user_data_array_fini [function] [call site] 00169
2 cairo_pattern_destroy [call site] 00170
2 cairo_device_destroy [function] [call site] 00171
3 CAIRO_REFERENCE_COUNT_IS_INVALID [call site] 00172
3 assert [call site] 00173
3 CAIRO_REFERENCE_COUNT_HAS_REFERENCE [call site] 00174
3 _cairo_reference_count_dec_and_test [call site] 00175
3 cairo_device_finish [function] [call site] 00176
4 CAIRO_REFERENCE_COUNT_IS_INVALID [call site] 00177
4 cairo_device_flush [function] [call site] 00178
5 unlikely [call site] 00179
5 _cairo_device_set_error [function] [call site] 00180
6 _cairo_status_set_error [call site] 00181
6 _cairo_error [function] [call site] 00182
3 assert [call site] 00183
3 CAIRO_MUTEX_FINI [call site] 00184
3 _cairo_user_data_array_fini [function] [call site] 00185
2 _cairo_font_options_fini [function] [call site] 00186
3 free [call site] 00187
3 free [call site] 00188
2 assert [call site] 00189
2 assert [call site] 00190
2 _cairo_surface_has_snapshots [function] [call site] 00191
2 assert [call site] 00192
2 CAIRO_REFERENCE_COUNT_HAS_REFERENCE [call site] 00193
2 free [call site] 00194
1 free [call site] 00195
1 fuzzer_release_tmpfile [function] [call site] 00196