High level conclusions

Fuzzers reach 33.98% of cyclomatic complexity.

Fuzzers reach 30.54% of all functions.

Fuzzer openssl/fuzz/driver.c is blocked:

The runtime code coverage of openssl/fuzz/driver.c covers 0.041% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer openssl/fuzz/driver.c is blocked:

The runtime code coverage of openssl/fuzz/driver.c covers 0.071% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer openssl/fuzz/driver.c is blocked:

The runtime code coverage of openssl/fuzz/driver.c covers 0.035% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer openssl/fuzz/driver.c is blocked:

The runtime code coverage of openssl/fuzz/driver.c covers 0.043% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer openssl/fuzz/driver.c is blocked:

The runtime code coverage of openssl/fuzz/driver.c covers 0.067% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer openssl/fuzz/driver.c is blocked:

The runtime code coverage of openssl/fuzz/driver.c covers 0.075% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer openssl/fuzz/driver.c is blocked:

The runtime code coverage of openssl/fuzz/driver.c covers 0.070% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer openssl/fuzz/driver.c is blocked:

The runtime code coverage of openssl/fuzz/driver.c covers 0.077% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer curl_fuzzer_pop3 is blocked:

The runtime code coverage of curl_fuzzer_pop3 covers 10.14% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer openssl/fuzz/driver.c is blocked:

The runtime code coverage of openssl/fuzz/driver.c covers 0.072% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer openssl/fuzz/driver.c is blocked:

The runtime code coverage of openssl/fuzz/driver.c covers 0.044% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer openssl/fuzz/driver.c is blocked:

The runtime code coverage of openssl/fuzz/driver.c covers 0.070% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer curl_fuzzer_tftp is blocked:

The runtime code coverage of curl_fuzzer_tftp covers 10.14% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer curl_fuzzer_dict is blocked:

The runtime code coverage of curl_fuzzer_dict covers 10.14% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer curl_fuzzer_sftp is blocked:

The runtime code coverage of curl_fuzzer_sftp covers 10.14% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer curl_fuzzer_http is blocked:

The runtime code coverage of curl_fuzzer_http covers 10.14% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer openssl/fuzz/driver.c is blocked:

The runtime code coverage of openssl/fuzz/driver.c covers 0.053% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer curl_fuzzer_rtmp is blocked:

The runtime code coverage of curl_fuzzer_rtmp covers 10.14% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer curl_fuzzer_gopher is blocked:

The runtime code coverage of curl_fuzzer_gopher covers 10.14% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer curl_fuzzer_https is blocked:

The runtime code coverage of curl_fuzzer_https covers 10.14% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer curl_fuzzer_smtp is blocked:

The runtime code coverage of curl_fuzzer_smtp covers 10.14% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer curl_fuzzer_ldap is blocked:

The runtime code coverage of curl_fuzzer_ldap covers 10.14% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer curl_fuzzer is blocked:

The runtime code coverage of curl_fuzzer covers 10.14% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer curl_fuzzer_ftp is blocked:

The runtime code coverage of curl_fuzzer_ftp covers 10.14% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer curl_fuzzer_scp is blocked:

The runtime code coverage of curl_fuzzer_scp covers 10.14% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer curl_fuzzer_file is blocked:

The runtime code coverage of curl_fuzzer_file covers 10.14% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer curl_fuzzer_mqtt is blocked:

The runtime code coverage of curl_fuzzer_mqtt covers 10.14% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer curl_fuzzer_smb is blocked:

The runtime code coverage of curl_fuzzer_smb covers 10.14% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer curl_fuzzer_rtsp is blocked:

The runtime code coverage of curl_fuzzer_rtsp covers 10.14% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer curl_fuzzer_ws is blocked:

The runtime code coverage of curl_fuzzer_ws covers 10.14% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer curl_fuzzer_imap is blocked:

The runtime code coverage of curl_fuzzer_imap covers 10.14% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Reachability and coverage overview

Functions statically reachable by fuzzers

4721 / 15455

Cyclomatic complexity statically reachable by fuzzers

29244 / 86058

Runtime code coverage of functions

138 / 15455

The following table shows data about each function in the project. The functions included in this table correspond to all functions that exist in the executables of the fuzzers. As such, there may be functions that are from third-party libraries.

For further technical details on the meaning of columns in the below table, please see the Glossary .

Func name	Functions filename	Args	Function call depth	Reached by Fuzzers	Fuzzers runtime hit	Func lines hit %	I Count	BB Count	Cyclomatic complexity	Functions reached	Reached by functions	Accumulated cyclomatic complexity	Undiscovered complexity

Fuzzer: fuzz_url

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	144	41.1%
gold	[1:9]	8	2.28%
yellow	[10:29]	13	3.71%
greenyellow	[30:49]	13	3.71%
lawngreen	50+	172	49.1%
All colors	350	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1135	2615	11 : View List ['Curl_dyn_len', 'Curl_strndup', 'dedotdotify', 'Curl_dyn_init', 'strchr', 'curl_dbg_strdup', 'Curl_dyn_add', 'urlencode_str', 'memchr', 'curl_dbg_free', 'Curl_dyn_ptr']	1135	3059	parseurl	call site: 00264	/src/curl/lib/urlapi.c:1206
4	219	3 : View List ['__errno_location', 'fflush', 'curl_dbg_log']	4	219	countcheck	call site: 00005	/src/curl/lib/memdebug.c:111
0	444	2 : View List ['free_urlhandle', 'Curl_dyn_free']	0	444	parseurl	call site: 00289	/src/curl/lib/urlapi.c:1312
0	240	1 : View List ['curl_dbg_strdup']	0	240	curl_mvaprintf	call site: 00077	/src/curl/lib/mprintf.c:1100
0	222	1 : View List ['Curl_dyn_free']	0	222	Curl_dyn_vprintf	call site: 00108	/src/curl/lib/mprintf.c:1080
0	222	1 : View List ['Curl_dyn_free']	0	222	curl_mvaprintf	call site: 00073	/src/curl/lib/mprintf.c:1096
0	0	None	1137	4113	parseurl	call site: 00183	/src/curl/lib/urlapi.c:1148
0	0	None	1137	4113	parseurl	call site: 00183	/src/curl/lib/urlapi.c:1152
0	0	None	1137	3873	parseurl	call site: 00184	/src/curl/lib/urlapi.c:1163
0	0	None	877	2837	parseurl	call site: 00177	/src/curl/lib/urlapi.c:1017
0	0	None	877	2801	parseurl	call site: 00264	/src/curl/lib/urlapi.c:1200
0	0	None	875	2561	parseurl	call site: 00272	/src/curl/lib/urlapi.c:1224

Runtime coverage analysis

Covered functions

52

Functions that are reachable but not covered

32

Reachable functions

84

Percentage of reachable functions covered

61.9%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
curl_fuzzer/fuzz_url.cc	1
curl/lib/urlapi.c	20
curl/lib/memdebug.c	7
curl/lib/mprintf.c	10
curl/lib/url.c	3
curl/lib/strcase.c	6
curl/lib/dynbuf.c	11
curl/lib/escape.c	2
curl/lib/idn.c	1
curl/lib/strdup.c	1

Fuzzer: curl_fuzzer_imap

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4035	91.8%
gold	[1:9]	29	0.66%
yellow	[10:29]	44	1.00%
greenyellow	[30:49]	35	0.79%
lawngreen	50+	249	5.66%
All colors	4392	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1442	1442	1 : View List ['curl_multi_cleanup']	1442	12361	Curl_close	call site: 01299	/src/curl/lib/url.c:248
1016	1016	1 : View List ['curl_multi_remove_handle']	2458	13377	Curl_close	call site: 01298	/src/curl/lib/url.c:243
694	2288	8 : View List ['Curl_cookie_cleanup', 'Curl_get_line', 'curl_dbg_malloc', 'remove_expired', 'curl_strnequal', 'curl_dbg_free', 'Curl_cookie_add', 'curl_dbg_fclose']	694	2288	Curl_cookie_init	call site: 00175	/src/curl/lib/cookie.c:1243
332	332	2 : View List ['Curl_infof', 'curl_easy_strerror']	332	566	Curl_flush_cookies	call site: 00349	/src/curl/lib/cookie.c:1768
296	531	3 : View List ['qsort', 'curl_dbg_calloc', 'get_netscape_format']	303	2078	cookie_output	call site: 00409	/src/curl/lib/cookie.c:1656
265	265	1 : View List ['Curl_trc_opt']	265	265	Curl_trc_init	call site: 00010	/src/curl/lib/curl_trc.c:230
229	458	2 : View List ['Curl_cookie_clearall', 'Curl_cookie_cleanup']	229	682	Curl_vsetopt	call site: 00145	/src/curl/lib/setopt.c:750
228	448	3 : View List ['curl_dbg_fopen', 'Curl_infof', 'strcmp']	922	2736	Curl_cookie_init	call site: 00170	/src/curl/lib/cookie.c:1230
6	6	3 : View List ['strlen', 'fgets', 'feof']	6	6	Curl_get_line	call site: 00185	/src/curl/lib/curl_get_line.c:45
4	219	3 : View List ['__errno_location', 'fflush', 'curl_dbg_log']	4	219	countcheck	call site: 00014	/src/curl/lib/memdebug.c:111
4	4	2 : View List ['strlen', 'ntohl']	4	4	randit	call site: 00359	/src/curl/lib/rand.c:110
4	4	2 : View List ['clock_gettime', 'gettimeofday']	4	4	Curl_now	call site: 00363	/src/curl/lib/timeval.c:96

Runtime coverage analysis

Covered functions

100

Functions that are reachable but not covered

1010

Reachable functions

1124

Percentage of reachable functions covered

10.14%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
curl_fuzzer/curl_fuzzer.cc	11
curl/lib/easy.c	5
curl/lib/../lib/easy_lock.h	2
curl/lib/curl_trc.c	6
curl/lib/memdebug.c	13
curl/lib/mprintf.c	10
curl/lib/strcase.c	10
curl/lib/asyn-thread.c	16
curl/lib/url.c	52
curl/lib/mime.c	31
curl/lib/vtls/vtls.c	12
curl/lib/dynbuf.c	12
curl/lib/getinfo.c	1
curl/lib/slist.c	5
curl_fuzzer/curl_fuzzer_tlv.cc	8
curl/lib/setopt.c	6
curl/lib/content_encoding.c	3
curl/lib/cookie.c	21
curl/lib/multi.c	59
curl/lib/curl_get_line.c	1
curl/lib/strdup.c	3
curl/lib/hostip.c	27
curl/lib/strtoofft.c	1
curl/lib/parsedate.c	10
curl/lib/warnless.c	5
curl/lib/curl_memrchr.c	1
curl/lib/share.c	2
curl/lib/fopen.c	2
curl/lib/rand.c	3
curl/lib/timeval.c	4
curl/lib/rename.c	1
curl/lib/strerror.c	3
curl/lib/altsvc.c	19
curl/lib/llist.c	5
curl/lib/formdata.c	5
curl_fuzzer/curl_fuzzer_callback.cc	4
curl/lib/hash.c	11
curl/lib/curl_addrinfo.c	8
curl/lib/conncache.c	20
curl/lib/nonblock.c	1
curl/lib/splay.c	4
curl/lib/transfer.c	17
curl/lib/curl_threads.c	4
curl/lib/hostasyn.c	2
curl/lib/connect.c	8
curl/lib/cfilters.c	31
curl/lib/progress.c	17
curl/lib/sendf.c	12
curl/lib/urlapi.c	22
curl/lib/escape.c	2
curl/lib/idn.c	2
curl/lib/ftplistparser.c	3
curl/lib/fileinfo.c	1
curl/lib/headers.c	5
curl/lib/http_digest.c	2
curl/lib/vauth/digest.c	4
curl/lib/getenv.c	2
curl/lib/noproxy.c	3
curl/lib/netrc.c	2
curl/lib/speedcheck.c	2
curl/lib/doh.c	19
curl/lib/hostip6.c	1
curl/lib/cf-https-connect.c	5
curl/lib/vquic/vquic.c	1
curl/lib/http.c	23
curl/lib/select.c	3
curl/lib/http2.c	35
nghttp2/lib/nghttp2_session.c	96
nghttp2/lib/nghttp2_mem.c	6
nghttp2/lib/nghttp2_stream.c	40
nghttp2/lib/nghttp2_pq.c	10
nghttp2/lib/nghttp2_map.c	12
nghttp2/lib/nghttp2_outbound_item.c	4
nghttp2/lib/nghttp2_frame.c	42
nghttp2/lib/nghttp2_buf.c	18
nghttp2/lib/nghttp2_hd.c	44
nghttp2/lib/nghttp2_rcbuf.c	5
curl/lib/bufq.c	29
nghttp2/lib/nghttp2_callbacks.c	10
nghttp2/lib/nghttp2_submit.c	6
nghttp2/lib/nghttp2_priority_spec.c	3
nghttp2/lib/nghttp2_helper.c	10
curl/lib/http1.c	2
curl/lib/dynhds.c	5
nghttp2/lib/nghttp2_http.c	1
nghttp2/lib/nghttp2_hd_huffman.c	2
nghttp2/lib/nghttp2_option.c	3
curl/lib/ws.c	5
curl/lib/http_chunks.c	3
curl/lib/rtsp.c	2
curl/lib/pop3.c	1
curl/lib/smtp.c	1

Fuzzer: curl_fuzzer_ws

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4035	91.8%
gold	[1:9]	35	0.79%
yellow	[10:29]	41	0.93%
greenyellow	[30:49]	33	0.75%
lawngreen	50+	248	5.64%
All colors	4392	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1442	1442	1 : View List ['curl_multi_cleanup']	1442	12361	Curl_close	call site: 01299	/src/curl/lib/url.c:248
1016	1016	1 : View List ['curl_multi_remove_handle']	2458	13377	Curl_close	call site: 01298	/src/curl/lib/url.c:243
694	2288	8 : View List ['Curl_cookie_cleanup', 'Curl_get_line', 'curl_dbg_malloc', 'remove_expired', 'curl_strnequal', 'curl_dbg_free', 'Curl_cookie_add', 'curl_dbg_fclose']	694	2288	Curl_cookie_init	call site: 00175	/src/curl/lib/cookie.c:1243
332	332	2 : View List ['Curl_infof', 'curl_easy_strerror']	332	566	Curl_flush_cookies	call site: 00349	/src/curl/lib/cookie.c:1768
296	531	3 : View List ['qsort', 'curl_dbg_calloc', 'get_netscape_format']	303	2078	cookie_output	call site: 00409	/src/curl/lib/cookie.c:1656
265	265	1 : View List ['Curl_trc_opt']	265	265	Curl_trc_init	call site: 00010	/src/curl/lib/curl_trc.c:230
229	458	2 : View List ['Curl_cookie_clearall', 'Curl_cookie_cleanup']	229	682	Curl_vsetopt	call site: 00145	/src/curl/lib/setopt.c:750
228	448	3 : View List ['curl_dbg_fopen', 'Curl_infof', 'strcmp']	922	2736	Curl_cookie_init	call site: 00170	/src/curl/lib/cookie.c:1230
6	6	3 : View List ['strlen', 'fgets', 'feof']	6	6	Curl_get_line	call site: 00185	/src/curl/lib/curl_get_line.c:45
4	219	3 : View List ['__errno_location', 'fflush', 'curl_dbg_log']	4	219	countcheck	call site: 00014	/src/curl/lib/memdebug.c:111
4	4	2 : View List ['strlen', 'ntohl']	4	4	randit	call site: 00359	/src/curl/lib/rand.c:110
4	4	2 : View List ['clock_gettime', 'gettimeofday']	4	4	Curl_now	call site: 00363	/src/curl/lib/timeval.c:96

Runtime coverage analysis

Covered functions

100

Functions that are reachable but not covered

1010

Reachable functions

1124

Percentage of reachable functions covered

10.14%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
curl_fuzzer/curl_fuzzer.cc	11
curl/lib/easy.c	5
curl/lib/../lib/easy_lock.h	2
curl/lib/curl_trc.c	6
curl/lib/memdebug.c	13
curl/lib/mprintf.c	10
curl/lib/strcase.c	10
curl/lib/asyn-thread.c	16
curl/lib/url.c	52
curl/lib/mime.c	31
curl/lib/vtls/vtls.c	12
curl/lib/dynbuf.c	12
curl/lib/getinfo.c	1
curl/lib/slist.c	5
curl_fuzzer/curl_fuzzer_tlv.cc	8
curl/lib/setopt.c	6
curl/lib/content_encoding.c	3
curl/lib/cookie.c	21
curl/lib/multi.c	59
curl/lib/curl_get_line.c	1
curl/lib/strdup.c	3
curl/lib/hostip.c	27
curl/lib/strtoofft.c	1
curl/lib/parsedate.c	10
curl/lib/warnless.c	5
curl/lib/curl_memrchr.c	1
curl/lib/share.c	2
curl/lib/fopen.c	2
curl/lib/rand.c	3
curl/lib/timeval.c	4
curl/lib/rename.c	1
curl/lib/strerror.c	3
curl/lib/altsvc.c	19
curl/lib/llist.c	5
curl/lib/formdata.c	5
curl_fuzzer/curl_fuzzer_callback.cc	4
curl/lib/hash.c	11
curl/lib/curl_addrinfo.c	8
curl/lib/conncache.c	20
curl/lib/nonblock.c	1
curl/lib/splay.c	4
curl/lib/transfer.c	17
curl/lib/curl_threads.c	4
curl/lib/hostasyn.c	2
curl/lib/connect.c	8
curl/lib/cfilters.c	31
curl/lib/progress.c	17
curl/lib/sendf.c	12
curl/lib/urlapi.c	22
curl/lib/escape.c	2
curl/lib/idn.c	2
curl/lib/ftplistparser.c	3
curl/lib/fileinfo.c	1
curl/lib/headers.c	5
curl/lib/http_digest.c	2
curl/lib/vauth/digest.c	4
curl/lib/getenv.c	2
curl/lib/noproxy.c	3
curl/lib/netrc.c	2
curl/lib/speedcheck.c	2
curl/lib/doh.c	19
curl/lib/hostip6.c	1
curl/lib/cf-https-connect.c	5
curl/lib/vquic/vquic.c	1
curl/lib/http.c	23
curl/lib/select.c	3
curl/lib/http2.c	35
nghttp2/lib/nghttp2_session.c	96
nghttp2/lib/nghttp2_mem.c	6
nghttp2/lib/nghttp2_stream.c	40
nghttp2/lib/nghttp2_pq.c	10
nghttp2/lib/nghttp2_map.c	12
nghttp2/lib/nghttp2_outbound_item.c	4
nghttp2/lib/nghttp2_frame.c	42
nghttp2/lib/nghttp2_buf.c	18
nghttp2/lib/nghttp2_hd.c	44
nghttp2/lib/nghttp2_rcbuf.c	5
curl/lib/bufq.c	29
nghttp2/lib/nghttp2_callbacks.c	10
nghttp2/lib/nghttp2_submit.c	6
nghttp2/lib/nghttp2_priority_spec.c	3
nghttp2/lib/nghttp2_helper.c	10
curl/lib/http1.c	2
curl/lib/dynhds.c	5
nghttp2/lib/nghttp2_http.c	1
nghttp2/lib/nghttp2_hd_huffman.c	2
nghttp2/lib/nghttp2_option.c	3
curl/lib/ws.c	5
curl/lib/http_chunks.c	3
curl/lib/rtsp.c	2
curl/lib/pop3.c	1
curl/lib/smtp.c	1

Fuzzer: curl_fuzzer_rtsp

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4035	91.8%
gold	[1:9]	36	0.81%
yellow	[10:29]	41	0.93%
greenyellow	[30:49]	30	0.68%
lawngreen	50+	250	5.69%
All colors	4392	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1442	1442	1 : View List ['curl_multi_cleanup']	1442	12361	Curl_close	call site: 01299	/src/curl/lib/url.c:248
1016	1016	1 : View List ['curl_multi_remove_handle']	2458	13377	Curl_close	call site: 01298	/src/curl/lib/url.c:243
694	2288	8 : View List ['Curl_cookie_cleanup', 'Curl_get_line', 'curl_dbg_malloc', 'remove_expired', 'curl_strnequal', 'curl_dbg_free', 'Curl_cookie_add', 'curl_dbg_fclose']	694	2288	Curl_cookie_init	call site: 00175	/src/curl/lib/cookie.c:1243
332	332	2 : View List ['Curl_infof', 'curl_easy_strerror']	332	566	Curl_flush_cookies	call site: 00349	/src/curl/lib/cookie.c:1768
296	531	3 : View List ['qsort', 'curl_dbg_calloc', 'get_netscape_format']	303	2078	cookie_output	call site: 00409	/src/curl/lib/cookie.c:1656
265	265	1 : View List ['Curl_trc_opt']	265	265	Curl_trc_init	call site: 00010	/src/curl/lib/curl_trc.c:230
229	458	2 : View List ['Curl_cookie_clearall', 'Curl_cookie_cleanup']	229	682	Curl_vsetopt	call site: 00145	/src/curl/lib/setopt.c:750
228	448	3 : View List ['curl_dbg_fopen', 'Curl_infof', 'strcmp']	922	2736	Curl_cookie_init	call site: 00170	/src/curl/lib/cookie.c:1230
6	6	3 : View List ['strlen', 'fgets', 'feof']	6	6	Curl_get_line	call site: 00185	/src/curl/lib/curl_get_line.c:45
4	219	3 : View List ['__errno_location', 'fflush', 'curl_dbg_log']	4	219	countcheck	call site: 00014	/src/curl/lib/memdebug.c:111
4	4	2 : View List ['strlen', 'ntohl']	4	4	randit	call site: 00359	/src/curl/lib/rand.c:110
4	4	2 : View List ['clock_gettime', 'gettimeofday']	4	4	Curl_now	call site: 00363	/src/curl/lib/timeval.c:96

Runtime coverage analysis

Covered functions

100

Functions that are reachable but not covered

1010

Reachable functions

1124

Percentage of reachable functions covered

10.14%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
curl_fuzzer/curl_fuzzer.cc	11
curl/lib/easy.c	5
curl/lib/../lib/easy_lock.h	2
curl/lib/curl_trc.c	6
curl/lib/memdebug.c	13
curl/lib/mprintf.c	10
curl/lib/strcase.c	10
curl/lib/asyn-thread.c	16
curl/lib/url.c	52
curl/lib/mime.c	31
curl/lib/vtls/vtls.c	12
curl/lib/dynbuf.c	12
curl/lib/getinfo.c	1
curl/lib/slist.c	5
curl_fuzzer/curl_fuzzer_tlv.cc	8
curl/lib/setopt.c	6
curl/lib/content_encoding.c	3
curl/lib/cookie.c	21
curl/lib/multi.c	59
curl/lib/curl_get_line.c	1
curl/lib/strdup.c	3
curl/lib/hostip.c	27
curl/lib/strtoofft.c	1
curl/lib/parsedate.c	10
curl/lib/warnless.c	5
curl/lib/curl_memrchr.c	1
curl/lib/share.c	2
curl/lib/fopen.c	2
curl/lib/rand.c	3
curl/lib/timeval.c	4
curl/lib/rename.c	1
curl/lib/strerror.c	3
curl/lib/altsvc.c	19
curl/lib/llist.c	5
curl/lib/formdata.c	5
curl_fuzzer/curl_fuzzer_callback.cc	4
curl/lib/hash.c	11
curl/lib/curl_addrinfo.c	8
curl/lib/conncache.c	20
curl/lib/nonblock.c	1
curl/lib/splay.c	4
curl/lib/transfer.c	17
curl/lib/curl_threads.c	4
curl/lib/hostasyn.c	2
curl/lib/connect.c	8
curl/lib/cfilters.c	31
curl/lib/progress.c	17
curl/lib/sendf.c	12
curl/lib/urlapi.c	22
curl/lib/escape.c	2
curl/lib/idn.c	2
curl/lib/ftplistparser.c	3
curl/lib/fileinfo.c	1
curl/lib/headers.c	5
curl/lib/http_digest.c	2
curl/lib/vauth/digest.c	4
curl/lib/getenv.c	2
curl/lib/noproxy.c	3
curl/lib/netrc.c	2
curl/lib/speedcheck.c	2
curl/lib/doh.c	19
curl/lib/hostip6.c	1
curl/lib/cf-https-connect.c	5
curl/lib/vquic/vquic.c	1
curl/lib/http.c	23
curl/lib/select.c	3
curl/lib/http2.c	35
nghttp2/lib/nghttp2_session.c	96
nghttp2/lib/nghttp2_mem.c	6
nghttp2/lib/nghttp2_stream.c	40
nghttp2/lib/nghttp2_pq.c	10
nghttp2/lib/nghttp2_map.c	12
nghttp2/lib/nghttp2_outbound_item.c	4
nghttp2/lib/nghttp2_frame.c	42
nghttp2/lib/nghttp2_buf.c	18
nghttp2/lib/nghttp2_hd.c	44
nghttp2/lib/nghttp2_rcbuf.c	5
curl/lib/bufq.c	29
nghttp2/lib/nghttp2_callbacks.c	10
nghttp2/lib/nghttp2_submit.c	6
nghttp2/lib/nghttp2_priority_spec.c	3
nghttp2/lib/nghttp2_helper.c	10
curl/lib/http1.c	2
curl/lib/dynhds.c	5
nghttp2/lib/nghttp2_http.c	1
nghttp2/lib/nghttp2_hd_huffman.c	2
nghttp2/lib/nghttp2_option.c	3
curl/lib/ws.c	5
curl/lib/http_chunks.c	3
curl/lib/rtsp.c	2
curl/lib/pop3.c	1
curl/lib/smtp.c	1

Fuzzer: curl_fuzzer_smb

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4035	91.8%
gold	[1:9]	40	0.91%
yellow	[10:29]	38	0.86%
greenyellow	[30:49]	31	0.70%
lawngreen	50+	248	5.64%
All colors	4392	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1442	1442	1 : View List ['curl_multi_cleanup']	1442	12361	Curl_close	call site: 01299	/src/curl/lib/url.c:248
1016	1016	1 : View List ['curl_multi_remove_handle']	2458	13377	Curl_close	call site: 01298	/src/curl/lib/url.c:243
694	2288	8 : View List ['Curl_cookie_cleanup', 'Curl_get_line', 'curl_dbg_malloc', 'remove_expired', 'curl_strnequal', 'curl_dbg_free', 'Curl_cookie_add', 'curl_dbg_fclose']	694	2288	Curl_cookie_init	call site: 00175	/src/curl/lib/cookie.c:1243
332	332	2 : View List ['Curl_infof', 'curl_easy_strerror']	332	566	Curl_flush_cookies	call site: 00349	/src/curl/lib/cookie.c:1768
296	531	3 : View List ['qsort', 'curl_dbg_calloc', 'get_netscape_format']	303	2078	cookie_output	call site: 00409	/src/curl/lib/cookie.c:1656
265	265	1 : View List ['Curl_trc_opt']	265	265	Curl_trc_init	call site: 00010	/src/curl/lib/curl_trc.c:230
229	458	2 : View List ['Curl_cookie_clearall', 'Curl_cookie_cleanup']	229	682	Curl_vsetopt	call site: 00145	/src/curl/lib/setopt.c:750
228	448	3 : View List ['curl_dbg_fopen', 'Curl_infof', 'strcmp']	922	2736	Curl_cookie_init	call site: 00170	/src/curl/lib/cookie.c:1230
6	6	3 : View List ['strlen', 'fgets', 'feof']	6	6	Curl_get_line	call site: 00185	/src/curl/lib/curl_get_line.c:45
4	219	3 : View List ['__errno_location', 'fflush', 'curl_dbg_log']	4	219	countcheck	call site: 00014	/src/curl/lib/memdebug.c:111
4	4	2 : View List ['strlen', 'ntohl']	4	4	randit	call site: 00359	/src/curl/lib/rand.c:110
4	4	2 : View List ['clock_gettime', 'gettimeofday']	4	4	Curl_now	call site: 00363	/src/curl/lib/timeval.c:96

Runtime coverage analysis

Covered functions

100

Functions that are reachable but not covered

1010

Reachable functions

1124

Percentage of reachable functions covered

10.14%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
curl_fuzzer/curl_fuzzer.cc	11
curl/lib/easy.c	5
curl/lib/../lib/easy_lock.h	2
curl/lib/curl_trc.c	6
curl/lib/memdebug.c	13
curl/lib/mprintf.c	10
curl/lib/strcase.c	10
curl/lib/asyn-thread.c	16
curl/lib/url.c	52
curl/lib/mime.c	31
curl/lib/vtls/vtls.c	12
curl/lib/dynbuf.c	12
curl/lib/getinfo.c	1
curl/lib/slist.c	5
curl_fuzzer/curl_fuzzer_tlv.cc	8
curl/lib/setopt.c	6
curl/lib/content_encoding.c	3
curl/lib/cookie.c	21
curl/lib/multi.c	59
curl/lib/curl_get_line.c	1
curl/lib/strdup.c	3
curl/lib/hostip.c	27
curl/lib/strtoofft.c	1
curl/lib/parsedate.c	10
curl/lib/warnless.c	5
curl/lib/curl_memrchr.c	1
curl/lib/share.c	2
curl/lib/fopen.c	2
curl/lib/rand.c	3
curl/lib/timeval.c	4
curl/lib/rename.c	1
curl/lib/strerror.c	3
curl/lib/altsvc.c	19
curl/lib/llist.c	5
curl/lib/formdata.c	5
curl_fuzzer/curl_fuzzer_callback.cc	4
curl/lib/hash.c	11
curl/lib/curl_addrinfo.c	8
curl/lib/conncache.c	20
curl/lib/nonblock.c	1
curl/lib/splay.c	4
curl/lib/transfer.c	17
curl/lib/curl_threads.c	4
curl/lib/hostasyn.c	2
curl/lib/connect.c	8
curl/lib/cfilters.c	31
curl/lib/progress.c	17
curl/lib/sendf.c	12
curl/lib/urlapi.c	22
curl/lib/escape.c	2
curl/lib/idn.c	2
curl/lib/ftplistparser.c	3
curl/lib/fileinfo.c	1
curl/lib/headers.c	5
curl/lib/http_digest.c	2
curl/lib/vauth/digest.c	4
curl/lib/getenv.c	2
curl/lib/noproxy.c	3
curl/lib/netrc.c	2
curl/lib/speedcheck.c	2
curl/lib/doh.c	19
curl/lib/hostip6.c	1
curl/lib/cf-https-connect.c	5
curl/lib/vquic/vquic.c	1
curl/lib/http.c	23
curl/lib/select.c	3
curl/lib/http2.c	35
nghttp2/lib/nghttp2_session.c	96
nghttp2/lib/nghttp2_mem.c	6
nghttp2/lib/nghttp2_stream.c	40
nghttp2/lib/nghttp2_pq.c	10
nghttp2/lib/nghttp2_map.c	12
nghttp2/lib/nghttp2_outbound_item.c	4
nghttp2/lib/nghttp2_frame.c	42
nghttp2/lib/nghttp2_buf.c	18
nghttp2/lib/nghttp2_hd.c	44
nghttp2/lib/nghttp2_rcbuf.c	5
curl/lib/bufq.c	29
nghttp2/lib/nghttp2_callbacks.c	10
nghttp2/lib/nghttp2_submit.c	6
nghttp2/lib/nghttp2_priority_spec.c	3
nghttp2/lib/nghttp2_helper.c	10
curl/lib/http1.c	2
curl/lib/dynhds.c	5
nghttp2/lib/nghttp2_http.c	1
nghttp2/lib/nghttp2_hd_huffman.c	2
nghttp2/lib/nghttp2_option.c	3
curl/lib/ws.c	5
curl/lib/http_chunks.c	3
curl/lib/rtsp.c	2
curl/lib/pop3.c	1
curl/lib/smtp.c	1

Fuzzer: curl_fuzzer_mqtt

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4035	91.8%
gold	[1:9]	33	0.75%
yellow	[10:29]	45	1.02%
greenyellow	[30:49]	29	0.66%
lawngreen	50+	250	5.69%
All colors	4392	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1442	1442	1 : View List ['curl_multi_cleanup']	1442	12361	Curl_close	call site: 01299	/src/curl/lib/url.c:248
1016	1016	1 : View List ['curl_multi_remove_handle']	2458	13377	Curl_close	call site: 01298	/src/curl/lib/url.c:243
694	2288	8 : View List ['Curl_cookie_cleanup', 'Curl_get_line', 'curl_dbg_malloc', 'remove_expired', 'curl_strnequal', 'curl_dbg_free', 'Curl_cookie_add', 'curl_dbg_fclose']	694	2288	Curl_cookie_init	call site: 00175	/src/curl/lib/cookie.c:1243
332	332	2 : View List ['Curl_infof', 'curl_easy_strerror']	332	566	Curl_flush_cookies	call site: 00349	/src/curl/lib/cookie.c:1768
296	531	3 : View List ['qsort', 'curl_dbg_calloc', 'get_netscape_format']	303	2078	cookie_output	call site: 00409	/src/curl/lib/cookie.c:1656
265	265	1 : View List ['Curl_trc_opt']	265	265	Curl_trc_init	call site: 00010	/src/curl/lib/curl_trc.c:230
229	458	2 : View List ['Curl_cookie_clearall', 'Curl_cookie_cleanup']	229	682	Curl_vsetopt	call site: 00145	/src/curl/lib/setopt.c:750
228	448	3 : View List ['curl_dbg_fopen', 'Curl_infof', 'strcmp']	922	2736	Curl_cookie_init	call site: 00170	/src/curl/lib/cookie.c:1230
6	6	3 : View List ['strlen', 'fgets', 'feof']	6	6	Curl_get_line	call site: 00185	/src/curl/lib/curl_get_line.c:45
4	219	3 : View List ['__errno_location', 'fflush', 'curl_dbg_log']	4	219	countcheck	call site: 00014	/src/curl/lib/memdebug.c:111
4	4	2 : View List ['strlen', 'ntohl']	4	4	randit	call site: 00359	/src/curl/lib/rand.c:110
4	4	2 : View List ['clock_gettime', 'gettimeofday']	4	4	Curl_now	call site: 00363	/src/curl/lib/timeval.c:96

Runtime coverage analysis

Covered functions

100

Functions that are reachable but not covered

1010

Reachable functions

1124

Percentage of reachable functions covered

10.14%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
curl_fuzzer/curl_fuzzer.cc	11
curl/lib/easy.c	5
curl/lib/../lib/easy_lock.h	2
curl/lib/curl_trc.c	6
curl/lib/memdebug.c	13
curl/lib/mprintf.c	10
curl/lib/strcase.c	10
curl/lib/asyn-thread.c	16
curl/lib/url.c	52
curl/lib/mime.c	31
curl/lib/vtls/vtls.c	12
curl/lib/dynbuf.c	12
curl/lib/getinfo.c	1
curl/lib/slist.c	5
curl_fuzzer/curl_fuzzer_tlv.cc	8
curl/lib/setopt.c	6
curl/lib/content_encoding.c	3
curl/lib/cookie.c	21
curl/lib/multi.c	59
curl/lib/curl_get_line.c	1
curl/lib/strdup.c	3
curl/lib/hostip.c	27
curl/lib/strtoofft.c	1
curl/lib/parsedate.c	10
curl/lib/warnless.c	5
curl/lib/curl_memrchr.c	1
curl/lib/share.c	2
curl/lib/fopen.c	2
curl/lib/rand.c	3
curl/lib/timeval.c	4
curl/lib/rename.c	1
curl/lib/strerror.c	3
curl/lib/altsvc.c	19
curl/lib/llist.c	5
curl/lib/formdata.c	5
curl_fuzzer/curl_fuzzer_callback.cc	4
curl/lib/hash.c	11
curl/lib/curl_addrinfo.c	8
curl/lib/conncache.c	20
curl/lib/nonblock.c	1
curl/lib/splay.c	4
curl/lib/transfer.c	17
curl/lib/curl_threads.c	4
curl/lib/hostasyn.c	2
curl/lib/connect.c	8
curl/lib/cfilters.c	31
curl/lib/progress.c	17
curl/lib/sendf.c	12
curl/lib/urlapi.c	22
curl/lib/escape.c	2
curl/lib/idn.c	2
curl/lib/ftplistparser.c	3
curl/lib/fileinfo.c	1
curl/lib/headers.c	5
curl/lib/http_digest.c	2
curl/lib/vauth/digest.c	4
curl/lib/getenv.c	2
curl/lib/noproxy.c	3
curl/lib/netrc.c	2
curl/lib/speedcheck.c	2
curl/lib/doh.c	19
curl/lib/hostip6.c	1
curl/lib/cf-https-connect.c	5
curl/lib/vquic/vquic.c	1
curl/lib/http.c	23
curl/lib/select.c	3
curl/lib/http2.c	35
nghttp2/lib/nghttp2_session.c	96
nghttp2/lib/nghttp2_mem.c	6
nghttp2/lib/nghttp2_stream.c	40
nghttp2/lib/nghttp2_pq.c	10
nghttp2/lib/nghttp2_map.c	12
nghttp2/lib/nghttp2_outbound_item.c	4
nghttp2/lib/nghttp2_frame.c	42
nghttp2/lib/nghttp2_buf.c	18
nghttp2/lib/nghttp2_hd.c	44
nghttp2/lib/nghttp2_rcbuf.c	5
curl/lib/bufq.c	29
nghttp2/lib/nghttp2_callbacks.c	10
nghttp2/lib/nghttp2_submit.c	6
nghttp2/lib/nghttp2_priority_spec.c	3
nghttp2/lib/nghttp2_helper.c	10
curl/lib/http1.c	2
curl/lib/dynhds.c	5
nghttp2/lib/nghttp2_http.c	1
nghttp2/lib/nghttp2_hd_huffman.c	2
nghttp2/lib/nghttp2_option.c	3
curl/lib/ws.c	5
curl/lib/http_chunks.c	3
curl/lib/rtsp.c	2
curl/lib/pop3.c	1
curl/lib/smtp.c	1

Fuzzer: curl_fuzzer_file

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4035	91.8%
gold	[1:9]	37	0.84%
yellow	[10:29]	41	0.93%
greenyellow	[30:49]	31	0.70%
lawngreen	50+	248	5.64%
All colors	4392	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1442	1442	1 : View List ['curl_multi_cleanup']	1442	12361	Curl_close	call site: 01299	/src/curl/lib/url.c:248
1016	1016	1 : View List ['curl_multi_remove_handle']	2458	13377	Curl_close	call site: 01298	/src/curl/lib/url.c:243
694	2288	8 : View List ['Curl_cookie_cleanup', 'Curl_get_line', 'curl_dbg_malloc', 'remove_expired', 'curl_strnequal', 'curl_dbg_free', 'Curl_cookie_add', 'curl_dbg_fclose']	694	2288	Curl_cookie_init	call site: 00175	/src/curl/lib/cookie.c:1243
332	332	2 : View List ['Curl_infof', 'curl_easy_strerror']	332	566	Curl_flush_cookies	call site: 00349	/src/curl/lib/cookie.c:1768
296	531	3 : View List ['qsort', 'curl_dbg_calloc', 'get_netscape_format']	303	2078	cookie_output	call site: 00409	/src/curl/lib/cookie.c:1656
265	265	1 : View List ['Curl_trc_opt']	265	265	Curl_trc_init	call site: 00010	/src/curl/lib/curl_trc.c:230
229	458	2 : View List ['Curl_cookie_clearall', 'Curl_cookie_cleanup']	229	682	Curl_vsetopt	call site: 00145	/src/curl/lib/setopt.c:750
228	448	3 : View List ['curl_dbg_fopen', 'Curl_infof', 'strcmp']	922	2736	Curl_cookie_init	call site: 00170	/src/curl/lib/cookie.c:1230
6	6	3 : View List ['strlen', 'fgets', 'feof']	6	6	Curl_get_line	call site: 00185	/src/curl/lib/curl_get_line.c:45
4	219	3 : View List ['__errno_location', 'fflush', 'curl_dbg_log']	4	219	countcheck	call site: 00014	/src/curl/lib/memdebug.c:111
4	4	2 : View List ['strlen', 'ntohl']	4	4	randit	call site: 00359	/src/curl/lib/rand.c:110
4	4	2 : View List ['clock_gettime', 'gettimeofday']	4	4	Curl_now	call site: 00363	/src/curl/lib/timeval.c:96

Runtime coverage analysis

Covered functions

100

Functions that are reachable but not covered

1010

Reachable functions

1124

Percentage of reachable functions covered

10.14%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
curl_fuzzer/curl_fuzzer.cc	11
curl/lib/easy.c	5
curl/lib/../lib/easy_lock.h	2
curl/lib/curl_trc.c	6
curl/lib/memdebug.c	13
curl/lib/mprintf.c	10
curl/lib/strcase.c	10
curl/lib/asyn-thread.c	16
curl/lib/url.c	52
curl/lib/mime.c	31
curl/lib/vtls/vtls.c	12
curl/lib/dynbuf.c	12
curl/lib/getinfo.c	1
curl/lib/slist.c	5
curl_fuzzer/curl_fuzzer_tlv.cc	8
curl/lib/setopt.c	6
curl/lib/content_encoding.c	3
curl/lib/cookie.c	21
curl/lib/multi.c	59
curl/lib/curl_get_line.c	1
curl/lib/strdup.c	3
curl/lib/hostip.c	27
curl/lib/strtoofft.c	1
curl/lib/parsedate.c	10
curl/lib/warnless.c	5
curl/lib/curl_memrchr.c	1
curl/lib/share.c	2
curl/lib/fopen.c	2
curl/lib/rand.c	3
curl/lib/timeval.c	4
curl/lib/rename.c	1
curl/lib/strerror.c	3
curl/lib/altsvc.c	19
curl/lib/llist.c	5
curl/lib/formdata.c	5
curl_fuzzer/curl_fuzzer_callback.cc	4
curl/lib/hash.c	11
curl/lib/curl_addrinfo.c	8
curl/lib/conncache.c	20
curl/lib/nonblock.c	1
curl/lib/splay.c	4
curl/lib/transfer.c	17
curl/lib/curl_threads.c	4
curl/lib/hostasyn.c	2
curl/lib/connect.c	8
curl/lib/cfilters.c	31
curl/lib/progress.c	17
curl/lib/sendf.c	12
curl/lib/urlapi.c	22
curl/lib/escape.c	2
curl/lib/idn.c	2
curl/lib/ftplistparser.c	3
curl/lib/fileinfo.c	1
curl/lib/headers.c	5
curl/lib/http_digest.c	2
curl/lib/vauth/digest.c	4
curl/lib/getenv.c	2
curl/lib/noproxy.c	3
curl/lib/netrc.c	2
curl/lib/speedcheck.c	2
curl/lib/doh.c	19
curl/lib/hostip6.c	1
curl/lib/cf-https-connect.c	5
curl/lib/vquic/vquic.c	1
curl/lib/http.c	23
curl/lib/select.c	3
curl/lib/http2.c	35
nghttp2/lib/nghttp2_session.c	96
nghttp2/lib/nghttp2_mem.c	6
nghttp2/lib/nghttp2_stream.c	40
nghttp2/lib/nghttp2_pq.c	10
nghttp2/lib/nghttp2_map.c	12
nghttp2/lib/nghttp2_outbound_item.c	4
nghttp2/lib/nghttp2_frame.c	42
nghttp2/lib/nghttp2_buf.c	18
nghttp2/lib/nghttp2_hd.c	44
nghttp2/lib/nghttp2_rcbuf.c	5
curl/lib/bufq.c	29
nghttp2/lib/nghttp2_callbacks.c	10
nghttp2/lib/nghttp2_submit.c	6
nghttp2/lib/nghttp2_priority_spec.c	3
nghttp2/lib/nghttp2_helper.c	10
curl/lib/http1.c	2
curl/lib/dynhds.c	5
nghttp2/lib/nghttp2_http.c	1
nghttp2/lib/nghttp2_hd_huffman.c	2
nghttp2/lib/nghttp2_option.c	3
curl/lib/ws.c	5
curl/lib/http_chunks.c	3
curl/lib/rtsp.c	2
curl/lib/pop3.c	1
curl/lib/smtp.c	1

Fuzzer: curl_fuzzer_scp

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4035	91.8%
gold	[1:9]	33	0.75%
yellow	[10:29]	44	1.00%
greenyellow	[30:49]	34	0.77%
lawngreen	50+	246	5.60%
All colors	4392	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1442	1442	1 : View List ['curl_multi_cleanup']	1442	12361	Curl_close	call site: 01299	/src/curl/lib/url.c:248
1016	1016	1 : View List ['curl_multi_remove_handle']	2458	13377	Curl_close	call site: 01298	/src/curl/lib/url.c:243
694	2288	8 : View List ['Curl_cookie_cleanup', 'Curl_get_line', 'curl_dbg_malloc', 'remove_expired', 'curl_strnequal', 'curl_dbg_free', 'Curl_cookie_add', 'curl_dbg_fclose']	694	2288	Curl_cookie_init	call site: 00175	/src/curl/lib/cookie.c:1243
332	332	2 : View List ['Curl_infof', 'curl_easy_strerror']	332	566	Curl_flush_cookies	call site: 00349	/src/curl/lib/cookie.c:1768
296	531	3 : View List ['qsort', 'curl_dbg_calloc', 'get_netscape_format']	303	2078	cookie_output	call site: 00409	/src/curl/lib/cookie.c:1656
265	265	1 : View List ['Curl_trc_opt']	265	265	Curl_trc_init	call site: 00010	/src/curl/lib/curl_trc.c:230
229	458	2 : View List ['Curl_cookie_clearall', 'Curl_cookie_cleanup']	229	682	Curl_vsetopt	call site: 00145	/src/curl/lib/setopt.c:750
228	448	3 : View List ['curl_dbg_fopen', 'Curl_infof', 'strcmp']	922	2736	Curl_cookie_init	call site: 00170	/src/curl/lib/cookie.c:1230
6	6	3 : View List ['strlen', 'fgets', 'feof']	6	6	Curl_get_line	call site: 00185	/src/curl/lib/curl_get_line.c:45
4	219	3 : View List ['__errno_location', 'fflush', 'curl_dbg_log']	4	219	countcheck	call site: 00014	/src/curl/lib/memdebug.c:111
4	4	2 : View List ['strlen', 'ntohl']	4	4	randit	call site: 00359	/src/curl/lib/rand.c:110
4	4	2 : View List ['clock_gettime', 'gettimeofday']	4	4	Curl_now	call site: 00363	/src/curl/lib/timeval.c:96

Runtime coverage analysis

Covered functions

100

Functions that are reachable but not covered

1010

Reachable functions

1124

Percentage of reachable functions covered

10.14%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
curl_fuzzer/curl_fuzzer.cc	11
curl/lib/easy.c	5
curl/lib/../lib/easy_lock.h	2
curl/lib/curl_trc.c	6
curl/lib/memdebug.c	13
curl/lib/mprintf.c	10
curl/lib/strcase.c	10
curl/lib/asyn-thread.c	16
curl/lib/url.c	52
curl/lib/mime.c	31
curl/lib/vtls/vtls.c	12
curl/lib/dynbuf.c	12
curl/lib/getinfo.c	1
curl/lib/slist.c	5
curl_fuzzer/curl_fuzzer_tlv.cc	8
curl/lib/setopt.c	6
curl/lib/content_encoding.c	3
curl/lib/cookie.c	21
curl/lib/multi.c	59
curl/lib/curl_get_line.c	1
curl/lib/strdup.c	3
curl/lib/hostip.c	27
curl/lib/strtoofft.c	1
curl/lib/parsedate.c	10
curl/lib/warnless.c	5
curl/lib/curl_memrchr.c	1
curl/lib/share.c	2
curl/lib/fopen.c	2
curl/lib/rand.c	3
curl/lib/timeval.c	4
curl/lib/rename.c	1
curl/lib/strerror.c	3
curl/lib/altsvc.c	19
curl/lib/llist.c	5
curl/lib/formdata.c	5
curl_fuzzer/curl_fuzzer_callback.cc	4
curl/lib/hash.c	11
curl/lib/curl_addrinfo.c	8
curl/lib/conncache.c	20
curl/lib/nonblock.c	1
curl/lib/splay.c	4
curl/lib/transfer.c	17
curl/lib/curl_threads.c	4
curl/lib/hostasyn.c	2
curl/lib/connect.c	8
curl/lib/cfilters.c	31
curl/lib/progress.c	17
curl/lib/sendf.c	12
curl/lib/urlapi.c	22
curl/lib/escape.c	2
curl/lib/idn.c	2
curl/lib/ftplistparser.c	3
curl/lib/fileinfo.c	1
curl/lib/headers.c	5
curl/lib/http_digest.c	2
curl/lib/vauth/digest.c	4
curl/lib/getenv.c	2
curl/lib/noproxy.c	3
curl/lib/netrc.c	2
curl/lib/speedcheck.c	2
curl/lib/doh.c	19
curl/lib/hostip6.c	1
curl/lib/cf-https-connect.c	5
curl/lib/vquic/vquic.c	1
curl/lib/http.c	23
curl/lib/select.c	3
curl/lib/http2.c	35
nghttp2/lib/nghttp2_session.c	96
nghttp2/lib/nghttp2_mem.c	6
nghttp2/lib/nghttp2_stream.c	40
nghttp2/lib/nghttp2_pq.c	10
nghttp2/lib/nghttp2_map.c	12
nghttp2/lib/nghttp2_outbound_item.c	4
nghttp2/lib/nghttp2_frame.c	42
nghttp2/lib/nghttp2_buf.c	18
nghttp2/lib/nghttp2_hd.c	44
nghttp2/lib/nghttp2_rcbuf.c	5
curl/lib/bufq.c	29
nghttp2/lib/nghttp2_callbacks.c	10
nghttp2/lib/nghttp2_submit.c	6
nghttp2/lib/nghttp2_priority_spec.c	3
nghttp2/lib/nghttp2_helper.c	10
curl/lib/http1.c	2
curl/lib/dynhds.c	5
nghttp2/lib/nghttp2_http.c	1
nghttp2/lib/nghttp2_hd_huffman.c	2
nghttp2/lib/nghttp2_option.c	3
curl/lib/ws.c	5
curl/lib/http_chunks.c	3
curl/lib/rtsp.c	2
curl/lib/pop3.c	1
curl/lib/smtp.c	1

Fuzzer: curl_fuzzer_ftp

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4035	91.8%
gold	[1:9]	37	0.84%
yellow	[10:29]	40	0.91%
greenyellow	[30:49]	32	0.72%
lawngreen	50+	248	5.64%
All colors	4392	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1442	1442	1 : View List ['curl_multi_cleanup']	1442	12361	Curl_close	call site: 01299	/src/curl/lib/url.c:248
1016	1016	1 : View List ['curl_multi_remove_handle']	2458	13377	Curl_close	call site: 01298	/src/curl/lib/url.c:243
694	2288	8 : View List ['Curl_cookie_cleanup', 'Curl_get_line', 'curl_dbg_malloc', 'remove_expired', 'curl_strnequal', 'curl_dbg_free', 'Curl_cookie_add', 'curl_dbg_fclose']	694	2288	Curl_cookie_init	call site: 00175	/src/curl/lib/cookie.c:1243
332	332	2 : View List ['Curl_infof', 'curl_easy_strerror']	332	566	Curl_flush_cookies	call site: 00349	/src/curl/lib/cookie.c:1768
296	531	3 : View List ['qsort', 'curl_dbg_calloc', 'get_netscape_format']	303	2078	cookie_output	call site: 00409	/src/curl/lib/cookie.c:1656
265	265	1 : View List ['Curl_trc_opt']	265	265	Curl_trc_init	call site: 00010	/src/curl/lib/curl_trc.c:230
229	458	2 : View List ['Curl_cookie_clearall', 'Curl_cookie_cleanup']	229	682	Curl_vsetopt	call site: 00145	/src/curl/lib/setopt.c:750
228	448	3 : View List ['curl_dbg_fopen', 'Curl_infof', 'strcmp']	922	2736	Curl_cookie_init	call site: 00170	/src/curl/lib/cookie.c:1230
6	6	3 : View List ['strlen', 'fgets', 'feof']	6	6	Curl_get_line	call site: 00185	/src/curl/lib/curl_get_line.c:45
4	219	3 : View List ['__errno_location', 'fflush', 'curl_dbg_log']	4	219	countcheck	call site: 00014	/src/curl/lib/memdebug.c:111
4	4	2 : View List ['strlen', 'ntohl']	4	4	randit	call site: 00359	/src/curl/lib/rand.c:110
4	4	2 : View List ['clock_gettime', 'gettimeofday']	4	4	Curl_now	call site: 00363	/src/curl/lib/timeval.c:96

Runtime coverage analysis

Covered functions

100

Functions that are reachable but not covered

1010

Reachable functions

1124

Percentage of reachable functions covered

10.14%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
curl_fuzzer/curl_fuzzer.cc	11
curl/lib/easy.c	5
curl/lib/../lib/easy_lock.h	2
curl/lib/curl_trc.c	6
curl/lib/memdebug.c	13
curl/lib/mprintf.c	10
curl/lib/strcase.c	10
curl/lib/asyn-thread.c	16
curl/lib/url.c	52
curl/lib/mime.c	31
curl/lib/vtls/vtls.c	12
curl/lib/dynbuf.c	12
curl/lib/getinfo.c	1
curl/lib/slist.c	5
curl_fuzzer/curl_fuzzer_tlv.cc	8
curl/lib/setopt.c	6
curl/lib/content_encoding.c	3
curl/lib/cookie.c	21
curl/lib/multi.c	59
curl/lib/curl_get_line.c	1
curl/lib/strdup.c	3
curl/lib/hostip.c	27
curl/lib/strtoofft.c	1
curl/lib/parsedate.c	10
curl/lib/warnless.c	5
curl/lib/curl_memrchr.c	1
curl/lib/share.c	2
curl/lib/fopen.c	2
curl/lib/rand.c	3
curl/lib/timeval.c	4
curl/lib/rename.c	1
curl/lib/strerror.c	3
curl/lib/altsvc.c	19
curl/lib/llist.c	5
curl/lib/formdata.c	5
curl_fuzzer/curl_fuzzer_callback.cc	4
curl/lib/hash.c	11
curl/lib/curl_addrinfo.c	8
curl/lib/conncache.c	20
curl/lib/nonblock.c	1
curl/lib/splay.c	4
curl/lib/transfer.c	17
curl/lib/curl_threads.c	4
curl/lib/hostasyn.c	2
curl/lib/connect.c	8
curl/lib/cfilters.c	31
curl/lib/progress.c	17
curl/lib/sendf.c	12
curl/lib/urlapi.c	22
curl/lib/escape.c	2
curl/lib/idn.c	2
curl/lib/ftplistparser.c	3
curl/lib/fileinfo.c	1
curl/lib/headers.c	5
curl/lib/http_digest.c	2
curl/lib/vauth/digest.c	4
curl/lib/getenv.c	2
curl/lib/noproxy.c	3
curl/lib/netrc.c	2
curl/lib/speedcheck.c	2
curl/lib/doh.c	19
curl/lib/hostip6.c	1
curl/lib/cf-https-connect.c	5
curl/lib/vquic/vquic.c	1
curl/lib/http.c	23
curl/lib/select.c	3
curl/lib/http2.c	35
nghttp2/lib/nghttp2_session.c	96
nghttp2/lib/nghttp2_mem.c	6
nghttp2/lib/nghttp2_stream.c	40
nghttp2/lib/nghttp2_pq.c	10
nghttp2/lib/nghttp2_map.c	12
nghttp2/lib/nghttp2_outbound_item.c	4
nghttp2/lib/nghttp2_frame.c	42
nghttp2/lib/nghttp2_buf.c	18
nghttp2/lib/nghttp2_hd.c	44
nghttp2/lib/nghttp2_rcbuf.c	5
curl/lib/bufq.c	29
nghttp2/lib/nghttp2_callbacks.c	10
nghttp2/lib/nghttp2_submit.c	6
nghttp2/lib/nghttp2_priority_spec.c	3
nghttp2/lib/nghttp2_helper.c	10
curl/lib/http1.c	2
curl/lib/dynhds.c	5
nghttp2/lib/nghttp2_http.c	1
nghttp2/lib/nghttp2_hd_huffman.c	2
nghttp2/lib/nghttp2_option.c	3
curl/lib/ws.c	5
curl/lib/http_chunks.c	3
curl/lib/rtsp.c	2
curl/lib/pop3.c	1
curl/lib/smtp.c	1

Fuzzer: curl_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4035	91.8%
gold	[1:9]	34	0.77%
yellow	[10:29]	66	1.50%
greenyellow	[30:49]	12	0.27%
lawngreen	50+	245	5.57%
All colors	4392	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1442	1442	1 : View List ['curl_multi_cleanup']	1442	12361	Curl_close	call site: 01299	/src/curl/lib/url.c:248
1016	1016	1 : View List ['curl_multi_remove_handle']	2458	13377	Curl_close	call site: 01298	/src/curl/lib/url.c:243
694	2288	8 : View List ['Curl_cookie_cleanup', 'Curl_get_line', 'curl_dbg_malloc', 'remove_expired', 'curl_strnequal', 'curl_dbg_free', 'Curl_cookie_add', 'curl_dbg_fclose']	694	2288	Curl_cookie_init	call site: 00175	/src/curl/lib/cookie.c:1243
332	332	2 : View List ['Curl_infof', 'curl_easy_strerror']	332	566	Curl_flush_cookies	call site: 00349	/src/curl/lib/cookie.c:1768
296	531	3 : View List ['qsort', 'curl_dbg_calloc', 'get_netscape_format']	303	2078	cookie_output	call site: 00409	/src/curl/lib/cookie.c:1656
265	265	1 : View List ['Curl_trc_opt']	265	265	Curl_trc_init	call site: 00010	/src/curl/lib/curl_trc.c:230
229	458	2 : View List ['Curl_cookie_clearall', 'Curl_cookie_cleanup']	229	682	Curl_vsetopt	call site: 00145	/src/curl/lib/setopt.c:750
228	448	3 : View List ['curl_dbg_fopen', 'Curl_infof', 'strcmp']	922	2736	Curl_cookie_init	call site: 00170	/src/curl/lib/cookie.c:1230
6	6	3 : View List ['strlen', 'fgets', 'feof']	6	6	Curl_get_line	call site: 00185	/src/curl/lib/curl_get_line.c:45
4	219	3 : View List ['__errno_location', 'fflush', 'curl_dbg_log']	4	219	countcheck	call site: 00014	/src/curl/lib/memdebug.c:111
4	4	2 : View List ['strlen', 'ntohl']	4	4	randit	call site: 00359	/src/curl/lib/rand.c:110
4	4	2 : View List ['clock_gettime', 'gettimeofday']	4	4	Curl_now	call site: 00363	/src/curl/lib/timeval.c:96

Runtime coverage analysis

Covered functions

100

Functions that are reachable but not covered

1010

Reachable functions

1124

Percentage of reachable functions covered

10.14%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
curl_fuzzer/curl_fuzzer.cc	11
curl/lib/easy.c	5
curl/lib/../lib/easy_lock.h	2
curl/lib/curl_trc.c	6
curl/lib/memdebug.c	13
curl/lib/mprintf.c	10
curl/lib/strcase.c	10
curl/lib/asyn-thread.c	16
curl/lib/url.c	52
curl/lib/mime.c	31
curl/lib/vtls/vtls.c	12
curl/lib/dynbuf.c	12
curl/lib/getinfo.c	1
curl/lib/slist.c	5
curl_fuzzer/curl_fuzzer_tlv.cc	8
curl/lib/setopt.c	6
curl/lib/content_encoding.c	3
curl/lib/cookie.c	21
curl/lib/multi.c	59
curl/lib/curl_get_line.c	1
curl/lib/strdup.c	3
curl/lib/hostip.c	27
curl/lib/strtoofft.c	1
curl/lib/parsedate.c	10
curl/lib/warnless.c	5
curl/lib/curl_memrchr.c	1
curl/lib/share.c	2
curl/lib/fopen.c	2
curl/lib/rand.c	3
curl/lib/timeval.c	4
curl/lib/rename.c	1
curl/lib/strerror.c	3
curl/lib/altsvc.c	19
curl/lib/llist.c	5
curl/lib/formdata.c	5
curl_fuzzer/curl_fuzzer_callback.cc	4
curl/lib/hash.c	11
curl/lib/curl_addrinfo.c	8
curl/lib/conncache.c	20
curl/lib/nonblock.c	1
curl/lib/splay.c	4
curl/lib/transfer.c	17
curl/lib/curl_threads.c	4
curl/lib/hostasyn.c	2
curl/lib/connect.c	8
curl/lib/cfilters.c	31
curl/lib/progress.c	17
curl/lib/sendf.c	12
curl/lib/urlapi.c	22
curl/lib/escape.c	2
curl/lib/idn.c	2
curl/lib/ftplistparser.c	3
curl/lib/fileinfo.c	1
curl/lib/headers.c	5
curl/lib/http_digest.c	2
curl/lib/vauth/digest.c	4
curl/lib/getenv.c	2
curl/lib/noproxy.c	3
curl/lib/netrc.c	2
curl/lib/speedcheck.c	2
curl/lib/doh.c	19
curl/lib/hostip6.c	1
curl/lib/cf-https-connect.c	5
curl/lib/vquic/vquic.c	1
curl/lib/http.c	23
curl/lib/select.c	3
curl/lib/http2.c	35
nghttp2/lib/nghttp2_session.c	96
nghttp2/lib/nghttp2_mem.c	6
nghttp2/lib/nghttp2_stream.c	40
nghttp2/lib/nghttp2_pq.c	10
nghttp2/lib/nghttp2_map.c	12
nghttp2/lib/nghttp2_outbound_item.c	4
nghttp2/lib/nghttp2_frame.c	42
nghttp2/lib/nghttp2_buf.c	18
nghttp2/lib/nghttp2_hd.c	44
nghttp2/lib/nghttp2_rcbuf.c	5
curl/lib/bufq.c	29
nghttp2/lib/nghttp2_callbacks.c	10
nghttp2/lib/nghttp2_submit.c	6
nghttp2/lib/nghttp2_priority_spec.c	3
nghttp2/lib/nghttp2_helper.c	10
curl/lib/http1.c	2
curl/lib/dynhds.c	5
nghttp2/lib/nghttp2_http.c	1
nghttp2/lib/nghttp2_hd_huffman.c	2
nghttp2/lib/nghttp2_option.c	3
curl/lib/ws.c	5
curl/lib/http_chunks.c	3
curl/lib/rtsp.c	2
curl/lib/pop3.c	1
curl/lib/smtp.c	1

Fuzzer: curl_fuzzer_ldap

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4035	91.8%
gold	[1:9]	33	0.75%
yellow	[10:29]	46	1.04%
greenyellow	[30:49]	30	0.68%
lawngreen	50+	248	5.64%
All colors	4392	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1442	1442	1 : View List ['curl_multi_cleanup']	1442	12361	Curl_close	call site: 01299	/src/curl/lib/url.c:248
1016	1016	1 : View List ['curl_multi_remove_handle']	2458	13377	Curl_close	call site: 01298	/src/curl/lib/url.c:243
694	2288	8 : View List ['Curl_cookie_cleanup', 'Curl_get_line', 'curl_dbg_malloc', 'remove_expired', 'curl_strnequal', 'curl_dbg_free', 'Curl_cookie_add', 'curl_dbg_fclose']	694	2288	Curl_cookie_init	call site: 00175	/src/curl/lib/cookie.c:1243
332	332	2 : View List ['Curl_infof', 'curl_easy_strerror']	332	566	Curl_flush_cookies	call site: 00349	/src/curl/lib/cookie.c:1768
296	531	3 : View List ['qsort', 'curl_dbg_calloc', 'get_netscape_format']	303	2078	cookie_output	call site: 00409	/src/curl/lib/cookie.c:1656
265	265	1 : View List ['Curl_trc_opt']	265	265	Curl_trc_init	call site: 00010	/src/curl/lib/curl_trc.c:230
229	458	2 : View List ['Curl_cookie_clearall', 'Curl_cookie_cleanup']	229	682	Curl_vsetopt	call site: 00145	/src/curl/lib/setopt.c:750
228	448	3 : View List ['curl_dbg_fopen', 'Curl_infof', 'strcmp']	922	2736	Curl_cookie_init	call site: 00170	/src/curl/lib/cookie.c:1230
6	6	3 : View List ['strlen', 'fgets', 'feof']	6	6	Curl_get_line	call site: 00185	/src/curl/lib/curl_get_line.c:45
4	219	3 : View List ['__errno_location', 'fflush', 'curl_dbg_log']	4	219	countcheck	call site: 00014	/src/curl/lib/memdebug.c:111
4	4	2 : View List ['strlen', 'ntohl']	4	4	randit	call site: 00359	/src/curl/lib/rand.c:110
4	4	2 : View List ['clock_gettime', 'gettimeofday']	4	4	Curl_now	call site: 00363	/src/curl/lib/timeval.c:96

Runtime coverage analysis

Covered functions

100

Functions that are reachable but not covered

1010

Reachable functions

1124

Percentage of reachable functions covered

10.14%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
curl_fuzzer/curl_fuzzer.cc	11
curl/lib/easy.c	5
curl/lib/../lib/easy_lock.h	2
curl/lib/curl_trc.c	6
curl/lib/memdebug.c	13
curl/lib/mprintf.c	10
curl/lib/strcase.c	10
curl/lib/asyn-thread.c	16
curl/lib/url.c	52
curl/lib/mime.c	31
curl/lib/vtls/vtls.c	12
curl/lib/dynbuf.c	12
curl/lib/getinfo.c	1
curl/lib/slist.c	5
curl_fuzzer/curl_fuzzer_tlv.cc	8
curl/lib/setopt.c	6
curl/lib/content_encoding.c	3
curl/lib/cookie.c	21
curl/lib/multi.c	59
curl/lib/curl_get_line.c	1
curl/lib/strdup.c	3
curl/lib/hostip.c	27
curl/lib/strtoofft.c	1
curl/lib/parsedate.c	10
curl/lib/warnless.c	5
curl/lib/curl_memrchr.c	1
curl/lib/share.c	2
curl/lib/fopen.c	2
curl/lib/rand.c	3
curl/lib/timeval.c	4
curl/lib/rename.c	1
curl/lib/strerror.c	3
curl/lib/altsvc.c	19
curl/lib/llist.c	5
curl/lib/formdata.c	5
curl_fuzzer/curl_fuzzer_callback.cc	4
curl/lib/hash.c	11
curl/lib/curl_addrinfo.c	8
curl/lib/conncache.c	20
curl/lib/nonblock.c	1
curl/lib/splay.c	4
curl/lib/transfer.c	17
curl/lib/curl_threads.c	4
curl/lib/hostasyn.c	2
curl/lib/connect.c	8
curl/lib/cfilters.c	31
curl/lib/progress.c	17
curl/lib/sendf.c	12
curl/lib/urlapi.c	22
curl/lib/escape.c	2
curl/lib/idn.c	2
curl/lib/ftplistparser.c	3
curl/lib/fileinfo.c	1
curl/lib/headers.c	5
curl/lib/http_digest.c	2
curl/lib/vauth/digest.c	4
curl/lib/getenv.c	2
curl/lib/noproxy.c	3
curl/lib/netrc.c	2
curl/lib/speedcheck.c	2
curl/lib/doh.c	19
curl/lib/hostip6.c	1
curl/lib/cf-https-connect.c	5
curl/lib/vquic/vquic.c	1
curl/lib/http.c	23
curl/lib/select.c	3
curl/lib/http2.c	35
nghttp2/lib/nghttp2_session.c	96
nghttp2/lib/nghttp2_mem.c	6
nghttp2/lib/nghttp2_stream.c	40
nghttp2/lib/nghttp2_pq.c	10
nghttp2/lib/nghttp2_map.c	12
nghttp2/lib/nghttp2_outbound_item.c	4
nghttp2/lib/nghttp2_frame.c	42
nghttp2/lib/nghttp2_buf.c	18
nghttp2/lib/nghttp2_hd.c	44
nghttp2/lib/nghttp2_rcbuf.c	5
curl/lib/bufq.c	29
nghttp2/lib/nghttp2_callbacks.c	10
nghttp2/lib/nghttp2_submit.c	6
nghttp2/lib/nghttp2_priority_spec.c	3
nghttp2/lib/nghttp2_helper.c	10
curl/lib/http1.c	2
curl/lib/dynhds.c	5
nghttp2/lib/nghttp2_http.c	1
nghttp2/lib/nghttp2_hd_huffman.c	2
nghttp2/lib/nghttp2_option.c	3
curl/lib/ws.c	5
curl/lib/http_chunks.c	3
curl/lib/rtsp.c	2
curl/lib/pop3.c	1
curl/lib/smtp.c	1

Fuzzer: curl_fuzzer_smtp

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4035	91.8%
gold	[1:9]	39	0.88%
yellow	[10:29]	32	0.72%
greenyellow	[30:49]	37	0.84%
lawngreen	50+	249	5.66%
All colors	4392	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1442	1442	1 : View List ['curl_multi_cleanup']	1442	12361	Curl_close	call site: 01299	/src/curl/lib/url.c:248
1016	1016	1 : View List ['curl_multi_remove_handle']	2458	13377	Curl_close	call site: 01298	/src/curl/lib/url.c:243
694	2288	8 : View List ['Curl_cookie_cleanup', 'Curl_get_line', 'curl_dbg_malloc', 'remove_expired', 'curl_strnequal', 'curl_dbg_free', 'Curl_cookie_add', 'curl_dbg_fclose']	694	2288	Curl_cookie_init	call site: 00175	/src/curl/lib/cookie.c:1243
332	332	2 : View List ['Curl_infof', 'curl_easy_strerror']	332	566	Curl_flush_cookies	call site: 00349	/src/curl/lib/cookie.c:1768
296	531	3 : View List ['qsort', 'curl_dbg_calloc', 'get_netscape_format']	303	2078	cookie_output	call site: 00409	/src/curl/lib/cookie.c:1656
265	265	1 : View List ['Curl_trc_opt']	265	265	Curl_trc_init	call site: 00010	/src/curl/lib/curl_trc.c:230
229	458	2 : View List ['Curl_cookie_clearall', 'Curl_cookie_cleanup']	229	682	Curl_vsetopt	call site: 00145	/src/curl/lib/setopt.c:750
228	448	3 : View List ['curl_dbg_fopen', 'Curl_infof', 'strcmp']	922	2736	Curl_cookie_init	call site: 00170	/src/curl/lib/cookie.c:1230
6	6	3 : View List ['strlen', 'fgets', 'feof']	6	6	Curl_get_line	call site: 00185	/src/curl/lib/curl_get_line.c:45
4	219	3 : View List ['__errno_location', 'fflush', 'curl_dbg_log']	4	219	countcheck	call site: 00014	/src/curl/lib/memdebug.c:111
4	4	2 : View List ['strlen', 'ntohl']	4	4	randit	call site: 00359	/src/curl/lib/rand.c:110
4	4	2 : View List ['clock_gettime', 'gettimeofday']	4	4	Curl_now	call site: 00363	/src/curl/lib/timeval.c:96

Runtime coverage analysis

Covered functions

100

Functions that are reachable but not covered

1010

Reachable functions

1124

Percentage of reachable functions covered

10.14%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
curl_fuzzer/curl_fuzzer.cc	11
curl/lib/easy.c	5
curl/lib/../lib/easy_lock.h	2
curl/lib/curl_trc.c	6
curl/lib/memdebug.c	13
curl/lib/mprintf.c	10
curl/lib/strcase.c	10
curl/lib/asyn-thread.c	16
curl/lib/url.c	52
curl/lib/mime.c	31
curl/lib/vtls/vtls.c	12
curl/lib/dynbuf.c	12
curl/lib/getinfo.c	1
curl/lib/slist.c	5
curl_fuzzer/curl_fuzzer_tlv.cc	8
curl/lib/setopt.c	6
curl/lib/content_encoding.c	3
curl/lib/cookie.c	21
curl/lib/multi.c	59
curl/lib/curl_get_line.c	1
curl/lib/strdup.c	3
curl/lib/hostip.c	27
curl/lib/strtoofft.c	1
curl/lib/parsedate.c	10
curl/lib/warnless.c	5
curl/lib/curl_memrchr.c	1
curl/lib/share.c	2
curl/lib/fopen.c	2
curl/lib/rand.c	3
curl/lib/timeval.c	4
curl/lib/rename.c	1
curl/lib/strerror.c	3
curl/lib/altsvc.c	19
curl/lib/llist.c	5
curl/lib/formdata.c	5
curl_fuzzer/curl_fuzzer_callback.cc	4
curl/lib/hash.c	11
curl/lib/curl_addrinfo.c	8
curl/lib/conncache.c	20
curl/lib/nonblock.c	1
curl/lib/splay.c	4
curl/lib/transfer.c	17
curl/lib/curl_threads.c	4
curl/lib/hostasyn.c	2
curl/lib/connect.c	8
curl/lib/cfilters.c	31
curl/lib/progress.c	17
curl/lib/sendf.c	12
curl/lib/urlapi.c	22
curl/lib/escape.c	2
curl/lib/idn.c	2
curl/lib/ftplistparser.c	3
curl/lib/fileinfo.c	1
curl/lib/headers.c	5
curl/lib/http_digest.c	2
curl/lib/vauth/digest.c	4
curl/lib/getenv.c	2
curl/lib/noproxy.c	3
curl/lib/netrc.c	2
curl/lib/speedcheck.c	2
curl/lib/doh.c	19
curl/lib/hostip6.c	1
curl/lib/cf-https-connect.c	5
curl/lib/vquic/vquic.c	1
curl/lib/http.c	23
curl/lib/select.c	3
curl/lib/http2.c	35
nghttp2/lib/nghttp2_session.c	96
nghttp2/lib/nghttp2_mem.c	6
nghttp2/lib/nghttp2_stream.c	40
nghttp2/lib/nghttp2_pq.c	10
nghttp2/lib/nghttp2_map.c	12
nghttp2/lib/nghttp2_outbound_item.c	4
nghttp2/lib/nghttp2_frame.c	42
nghttp2/lib/nghttp2_buf.c	18
nghttp2/lib/nghttp2_hd.c	44
nghttp2/lib/nghttp2_rcbuf.c	5
curl/lib/bufq.c	29
nghttp2/lib/nghttp2_callbacks.c	10
nghttp2/lib/nghttp2_submit.c	6
nghttp2/lib/nghttp2_priority_spec.c	3
nghttp2/lib/nghttp2_helper.c	10
curl/lib/http1.c	2
curl/lib/dynhds.c	5
nghttp2/lib/nghttp2_http.c	1
nghttp2/lib/nghttp2_hd_huffman.c	2
nghttp2/lib/nghttp2_option.c	3
curl/lib/ws.c	5
curl/lib/http_chunks.c	3
curl/lib/rtsp.c	2
curl/lib/pop3.c	1
curl/lib/smtp.c	1

Fuzzer: curl_fuzzer_https

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4035	91.8%
gold	[1:9]	42	0.95%
yellow	[10:29]	36	0.81%
greenyellow	[30:49]	31	0.70%
lawngreen	50+	248	5.64%
All colors	4392	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1442	1442	1 : View List ['curl_multi_cleanup']	1442	12361	Curl_close	call site: 01299	/src/curl/lib/url.c:248
1016	1016	1 : View List ['curl_multi_remove_handle']	2458	13377	Curl_close	call site: 01298	/src/curl/lib/url.c:243
694	2288	8 : View List ['Curl_cookie_cleanup', 'Curl_get_line', 'curl_dbg_malloc', 'remove_expired', 'curl_strnequal', 'curl_dbg_free', 'Curl_cookie_add', 'curl_dbg_fclose']	694	2288	Curl_cookie_init	call site: 00175	/src/curl/lib/cookie.c:1243
332	332	2 : View List ['Curl_infof', 'curl_easy_strerror']	332	566	Curl_flush_cookies	call site: 00349	/src/curl/lib/cookie.c:1768
296	531	3 : View List ['qsort', 'curl_dbg_calloc', 'get_netscape_format']	303	2078	cookie_output	call site: 00409	/src/curl/lib/cookie.c:1656
265	265	1 : View List ['Curl_trc_opt']	265	265	Curl_trc_init	call site: 00010	/src/curl/lib/curl_trc.c:230
229	458	2 : View List ['Curl_cookie_clearall', 'Curl_cookie_cleanup']	229	682	Curl_vsetopt	call site: 00145	/src/curl/lib/setopt.c:750
228	448	3 : View List ['curl_dbg_fopen', 'Curl_infof', 'strcmp']	922	2736	Curl_cookie_init	call site: 00170	/src/curl/lib/cookie.c:1230
6	6	3 : View List ['strlen', 'fgets', 'feof']	6	6	Curl_get_line	call site: 00185	/src/curl/lib/curl_get_line.c:45
4	219	3 : View List ['__errno_location', 'fflush', 'curl_dbg_log']	4	219	countcheck	call site: 00014	/src/curl/lib/memdebug.c:111
4	4	2 : View List ['strlen', 'ntohl']	4	4	randit	call site: 00359	/src/curl/lib/rand.c:110
4	4	2 : View List ['clock_gettime', 'gettimeofday']	4	4	Curl_now	call site: 00363	/src/curl/lib/timeval.c:96

Runtime coverage analysis

Covered functions

100

Functions that are reachable but not covered

1010

Reachable functions

1124

Percentage of reachable functions covered

10.14%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
curl_fuzzer/curl_fuzzer.cc	11
curl/lib/easy.c	5
curl/lib/../lib/easy_lock.h	2
curl/lib/curl_trc.c	6
curl/lib/memdebug.c	13
curl/lib/mprintf.c	10
curl/lib/strcase.c	10
curl/lib/asyn-thread.c	16
curl/lib/url.c	52
curl/lib/mime.c	31
curl/lib/vtls/vtls.c	12
curl/lib/dynbuf.c	12
curl/lib/getinfo.c	1
curl/lib/slist.c	5
curl_fuzzer/curl_fuzzer_tlv.cc	8
curl/lib/setopt.c	6
curl/lib/content_encoding.c	3
curl/lib/cookie.c	21
curl/lib/multi.c	59
curl/lib/curl_get_line.c	1
curl/lib/strdup.c	3
curl/lib/hostip.c	27
curl/lib/strtoofft.c	1
curl/lib/parsedate.c	10
curl/lib/warnless.c	5
curl/lib/curl_memrchr.c	1
curl/lib/share.c	2
curl/lib/fopen.c	2
curl/lib/rand.c	3
curl/lib/timeval.c	4
curl/lib/rename.c	1
curl/lib/strerror.c	3
curl/lib/altsvc.c	19
curl/lib/llist.c	5
curl/lib/formdata.c	5
curl_fuzzer/curl_fuzzer_callback.cc	4
curl/lib/hash.c	11
curl/lib/curl_addrinfo.c	8
curl/lib/conncache.c	20
curl/lib/nonblock.c	1
curl/lib/splay.c	4
curl/lib/transfer.c	17
curl/lib/curl_threads.c	4
curl/lib/hostasyn.c	2
curl/lib/connect.c	8
curl/lib/cfilters.c	31
curl/lib/progress.c	17
curl/lib/sendf.c	12
curl/lib/urlapi.c	22
curl/lib/escape.c	2
curl/lib/idn.c	2
curl/lib/ftplistparser.c	3
curl/lib/fileinfo.c	1
curl/lib/headers.c	5
curl/lib/http_digest.c	2
curl/lib/vauth/digest.c	4
curl/lib/getenv.c	2
curl/lib/noproxy.c	3
curl/lib/netrc.c	2
curl/lib/speedcheck.c	2
curl/lib/doh.c	19
curl/lib/hostip6.c	1
curl/lib/cf-https-connect.c	5
curl/lib/vquic/vquic.c	1
curl/lib/http.c	23
curl/lib/select.c	3
curl/lib/http2.c	35
nghttp2/lib/nghttp2_session.c	96
nghttp2/lib/nghttp2_mem.c	6
nghttp2/lib/nghttp2_stream.c	40
nghttp2/lib/nghttp2_pq.c	10
nghttp2/lib/nghttp2_map.c	12
nghttp2/lib/nghttp2_outbound_item.c	4
nghttp2/lib/nghttp2_frame.c	42
nghttp2/lib/nghttp2_buf.c	18
nghttp2/lib/nghttp2_hd.c	44
nghttp2/lib/nghttp2_rcbuf.c	5
curl/lib/bufq.c	29
nghttp2/lib/nghttp2_callbacks.c	10
nghttp2/lib/nghttp2_submit.c	6
nghttp2/lib/nghttp2_priority_spec.c	3
nghttp2/lib/nghttp2_helper.c	10
curl/lib/http1.c	2
curl/lib/dynhds.c	5
nghttp2/lib/nghttp2_http.c	1
nghttp2/lib/nghttp2_hd_huffman.c	2
nghttp2/lib/nghttp2_option.c	3
curl/lib/ws.c	5
curl/lib/http_chunks.c	3
curl/lib/rtsp.c	2
curl/lib/pop3.c	1
curl/lib/smtp.c	1

Fuzzer: curl_fuzzer_gopher

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4035	91.8%
gold	[1:9]	34	0.77%
yellow	[10:29]	40	0.91%
greenyellow	[30:49]	34	0.77%
lawngreen	50+	249	5.66%
All colors	4392	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1442	1442	1 : View List ['curl_multi_cleanup']	1442	12361	Curl_close	call site: 01299	/src/curl/lib/url.c:248
1016	1016	1 : View List ['curl_multi_remove_handle']	2458	13377	Curl_close	call site: 01298	/src/curl/lib/url.c:243
694	2288	8 : View List ['Curl_cookie_cleanup', 'Curl_get_line', 'curl_dbg_malloc', 'remove_expired', 'curl_strnequal', 'curl_dbg_free', 'Curl_cookie_add', 'curl_dbg_fclose']	694	2288	Curl_cookie_init	call site: 00175	/src/curl/lib/cookie.c:1243
332	332	2 : View List ['Curl_infof', 'curl_easy_strerror']	332	566	Curl_flush_cookies	call site: 00349	/src/curl/lib/cookie.c:1768
296	531	3 : View List ['qsort', 'curl_dbg_calloc', 'get_netscape_format']	303	2078	cookie_output	call site: 00409	/src/curl/lib/cookie.c:1656
265	265	1 : View List ['Curl_trc_opt']	265	265	Curl_trc_init	call site: 00010	/src/curl/lib/curl_trc.c:230
229	458	2 : View List ['Curl_cookie_clearall', 'Curl_cookie_cleanup']	229	682	Curl_vsetopt	call site: 00145	/src/curl/lib/setopt.c:750
228	448	3 : View List ['curl_dbg_fopen', 'Curl_infof', 'strcmp']	922	2736	Curl_cookie_init	call site: 00170	/src/curl/lib/cookie.c:1230
6	6	3 : View List ['strlen', 'fgets', 'feof']	6	6	Curl_get_line	call site: 00185	/src/curl/lib/curl_get_line.c:45
4	219	3 : View List ['__errno_location', 'fflush', 'curl_dbg_log']	4	219	countcheck	call site: 00014	/src/curl/lib/memdebug.c:111
4	4	2 : View List ['strlen', 'ntohl']	4	4	randit	call site: 00359	/src/curl/lib/rand.c:110
4	4	2 : View List ['clock_gettime', 'gettimeofday']	4	4	Curl_now	call site: 00363	/src/curl/lib/timeval.c:96

Runtime coverage analysis

Covered functions

100

Functions that are reachable but not covered

1010

Reachable functions

1124

Percentage of reachable functions covered

10.14%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
curl_fuzzer/curl_fuzzer.cc	11
curl/lib/easy.c	5
curl/lib/../lib/easy_lock.h	2
curl/lib/curl_trc.c	6
curl/lib/memdebug.c	13
curl/lib/mprintf.c	10
curl/lib/strcase.c	10
curl/lib/asyn-thread.c	16
curl/lib/url.c	52
curl/lib/mime.c	31
curl/lib/vtls/vtls.c	12
curl/lib/dynbuf.c	12
curl/lib/getinfo.c	1
curl/lib/slist.c	5
curl_fuzzer/curl_fuzzer_tlv.cc	8
curl/lib/setopt.c	6
curl/lib/content_encoding.c	3
curl/lib/cookie.c	21
curl/lib/multi.c	59
curl/lib/curl_get_line.c	1
curl/lib/strdup.c	3
curl/lib/hostip.c	27
curl/lib/strtoofft.c	1
curl/lib/parsedate.c	10
curl/lib/warnless.c	5
curl/lib/curl_memrchr.c	1
curl/lib/share.c	2
curl/lib/fopen.c	2
curl/lib/rand.c	3
curl/lib/timeval.c	4
curl/lib/rename.c	1
curl/lib/strerror.c	3
curl/lib/altsvc.c	19
curl/lib/llist.c	5
curl/lib/formdata.c	5
curl_fuzzer/curl_fuzzer_callback.cc	4
curl/lib/hash.c	11
curl/lib/curl_addrinfo.c	8
curl/lib/conncache.c	20
curl/lib/nonblock.c	1
curl/lib/splay.c	4
curl/lib/transfer.c	17
curl/lib/curl_threads.c	4
curl/lib/hostasyn.c	2
curl/lib/connect.c	8
curl/lib/cfilters.c	31
curl/lib/progress.c	17
curl/lib/sendf.c	12
curl/lib/urlapi.c	22
curl/lib/escape.c	2
curl/lib/idn.c	2
curl/lib/ftplistparser.c	3
curl/lib/fileinfo.c	1
curl/lib/headers.c	5
curl/lib/http_digest.c	2
curl/lib/vauth/digest.c	4
curl/lib/getenv.c	2
curl/lib/noproxy.c	3
curl/lib/netrc.c	2
curl/lib/speedcheck.c	2
curl/lib/doh.c	19
curl/lib/hostip6.c	1
curl/lib/cf-https-connect.c	5
curl/lib/vquic/vquic.c	1
curl/lib/http.c	23
curl/lib/select.c	3
curl/lib/http2.c	35
nghttp2/lib/nghttp2_session.c	96
nghttp2/lib/nghttp2_mem.c	6
nghttp2/lib/nghttp2_stream.c	40
nghttp2/lib/nghttp2_pq.c	10
nghttp2/lib/nghttp2_map.c	12
nghttp2/lib/nghttp2_outbound_item.c	4
nghttp2/lib/nghttp2_frame.c	42
nghttp2/lib/nghttp2_buf.c	18
nghttp2/lib/nghttp2_hd.c	44
nghttp2/lib/nghttp2_rcbuf.c	5
curl/lib/bufq.c	29
nghttp2/lib/nghttp2_callbacks.c	10
nghttp2/lib/nghttp2_submit.c	6
nghttp2/lib/nghttp2_priority_spec.c	3
nghttp2/lib/nghttp2_helper.c	10
curl/lib/http1.c	2
curl/lib/dynhds.c	5
nghttp2/lib/nghttp2_http.c	1
nghttp2/lib/nghttp2_hd_huffman.c	2
nghttp2/lib/nghttp2_option.c	3
curl/lib/ws.c	5
curl/lib/http_chunks.c	3
curl/lib/rtsp.c	2
curl/lib/pop3.c	1
curl/lib/smtp.c	1

Fuzzer: curl_fuzzer_rtmp

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4035	91.8%
gold	[1:9]	32	0.72%
yellow	[10:29]	47	1.07%
greenyellow	[30:49]	32	0.72%
lawngreen	50+	246	5.60%
All colors	4392	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1442	1442	1 : View List ['curl_multi_cleanup']	1442	12361	Curl_close	call site: 01299	/src/curl/lib/url.c:248
1016	1016	1 : View List ['curl_multi_remove_handle']	2458	13377	Curl_close	call site: 01298	/src/curl/lib/url.c:243
694	2288	8 : View List ['Curl_cookie_cleanup', 'Curl_get_line', 'curl_dbg_malloc', 'remove_expired', 'curl_strnequal', 'curl_dbg_free', 'Curl_cookie_add', 'curl_dbg_fclose']	694	2288	Curl_cookie_init	call site: 00175	/src/curl/lib/cookie.c:1243
332	332	2 : View List ['Curl_infof', 'curl_easy_strerror']	332	566	Curl_flush_cookies	call site: 00349	/src/curl/lib/cookie.c:1768
296	531	3 : View List ['qsort', 'curl_dbg_calloc', 'get_netscape_format']	303	2078	cookie_output	call site: 00409	/src/curl/lib/cookie.c:1656
265	265	1 : View List ['Curl_trc_opt']	265	265	Curl_trc_init	call site: 00010	/src/curl/lib/curl_trc.c:230
229	458	2 : View List ['Curl_cookie_clearall', 'Curl_cookie_cleanup']	229	682	Curl_vsetopt	call site: 00145	/src/curl/lib/setopt.c:750
228	448	3 : View List ['curl_dbg_fopen', 'Curl_infof', 'strcmp']	922	2736	Curl_cookie_init	call site: 00170	/src/curl/lib/cookie.c:1230
6	6	3 : View List ['strlen', 'fgets', 'feof']	6	6	Curl_get_line	call site: 00185	/src/curl/lib/curl_get_line.c:45
4	219	3 : View List ['__errno_location', 'fflush', 'curl_dbg_log']	4	219	countcheck	call site: 00014	/src/curl/lib/memdebug.c:111
4	4	2 : View List ['strlen', 'ntohl']	4	4	randit	call site: 00359	/src/curl/lib/rand.c:110
4	4	2 : View List ['clock_gettime', 'gettimeofday']	4	4	Curl_now	call site: 00363	/src/curl/lib/timeval.c:96

Runtime coverage analysis

Covered functions

100

Functions that are reachable but not covered

1010

Reachable functions

1124

Percentage of reachable functions covered

10.14%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
curl_fuzzer/curl_fuzzer.cc	11
curl/lib/easy.c	5
curl/lib/../lib/easy_lock.h	2
curl/lib/curl_trc.c	6
curl/lib/memdebug.c	13
curl/lib/mprintf.c	10
curl/lib/strcase.c	10
curl/lib/asyn-thread.c	16
curl/lib/url.c	52
curl/lib/mime.c	31
curl/lib/vtls/vtls.c	12
curl/lib/dynbuf.c	12
curl/lib/getinfo.c	1
curl/lib/slist.c	5
curl_fuzzer/curl_fuzzer_tlv.cc	8
curl/lib/setopt.c	6
curl/lib/content_encoding.c	3
curl/lib/cookie.c	21
curl/lib/multi.c	59
curl/lib/curl_get_line.c	1
curl/lib/strdup.c	3
curl/lib/hostip.c	27
curl/lib/strtoofft.c	1
curl/lib/parsedate.c	10
curl/lib/warnless.c	5
curl/lib/curl_memrchr.c	1
curl/lib/share.c	2
curl/lib/fopen.c	2
curl/lib/rand.c	3
curl/lib/timeval.c	4
curl/lib/rename.c	1
curl/lib/strerror.c	3
curl/lib/altsvc.c	19
curl/lib/llist.c	5
curl/lib/formdata.c	5
curl_fuzzer/curl_fuzzer_callback.cc	4
curl/lib/hash.c	11
curl/lib/curl_addrinfo.c	8
curl/lib/conncache.c	20
curl/lib/nonblock.c	1
curl/lib/splay.c	4
curl/lib/transfer.c	17
curl/lib/curl_threads.c	4
curl/lib/hostasyn.c	2
curl/lib/connect.c	8
curl/lib/cfilters.c	31
curl/lib/progress.c	17
curl/lib/sendf.c	12
curl/lib/urlapi.c	22
curl/lib/escape.c	2
curl/lib/idn.c	2
curl/lib/ftplistparser.c	3
curl/lib/fileinfo.c	1
curl/lib/headers.c	5
curl/lib/http_digest.c	2
curl/lib/vauth/digest.c	4
curl/lib/getenv.c	2
curl/lib/noproxy.c	3
curl/lib/netrc.c	2
curl/lib/speedcheck.c	2
curl/lib/doh.c	19
curl/lib/hostip6.c	1
curl/lib/cf-https-connect.c	5
curl/lib/vquic/vquic.c	1
curl/lib/http.c	23
curl/lib/select.c	3
curl/lib/http2.c	35
nghttp2/lib/nghttp2_session.c	96
nghttp2/lib/nghttp2_mem.c	6
nghttp2/lib/nghttp2_stream.c	40
nghttp2/lib/nghttp2_pq.c	10
nghttp2/lib/nghttp2_map.c	12
nghttp2/lib/nghttp2_outbound_item.c	4
nghttp2/lib/nghttp2_frame.c	42
nghttp2/lib/nghttp2_buf.c	18
nghttp2/lib/nghttp2_hd.c	44
nghttp2/lib/nghttp2_rcbuf.c	5
curl/lib/bufq.c	29
nghttp2/lib/nghttp2_callbacks.c	10
nghttp2/lib/nghttp2_submit.c	6
nghttp2/lib/nghttp2_priority_spec.c	3
nghttp2/lib/nghttp2_helper.c	10
curl/lib/http1.c	2
curl/lib/dynhds.c	5
nghttp2/lib/nghttp2_http.c	1
nghttp2/lib/nghttp2_hd_huffman.c	2
nghttp2/lib/nghttp2_option.c	3
curl/lib/ws.c	5
curl/lib/http_chunks.c	3
curl/lib/rtsp.c	2
curl/lib/pop3.c	1
curl/lib/smtp.c	1

Fuzzer: openssl/fuzz/driver.c

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	5586	99.9%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	1	0.01%
All colors	5587	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1442	1442	1 : View List ['curl_multi_cleanup']	1442	12361	Curl_close	call site: 00000	/src/curl/lib/url.c:248
1135	2615	11 : View List ['Curl_dyn_len', 'Curl_strndup', 'dedotdotify', 'Curl_dyn_init', 'strchr', 'curl_dbg_strdup', 'Curl_dyn_add', 'urlencode_str', 'memchr', 'curl_dbg_free', 'Curl_dyn_ptr']	1135	3059	parseurl	call site: 00000	/src/curl/lib/urlapi.c:1206
1016	1016	1 : View List ['curl_multi_remove_handle']	2458	13377	Curl_close	call site: 00000	/src/curl/lib/url.c:243
679	2288	8 : View List ['Curl_cookie_cleanup', 'Curl_get_line', 'curl_dbg_malloc', 'remove_expired', 'curl_strnequal', 'curl_dbg_free', 'Curl_cookie_add', 'curl_dbg_fclose']	679	2288	Curl_cookie_init	call site: 00000	/src/curl/lib/cookie.c:1243
332	332	2 : View List ['Curl_infof', 'curl_easy_strerror']	332	566	Curl_flush_cookies	call site: 00000	/src/curl/lib/cookie.c:1768
296	531	3 : View List ['qsort', 'curl_dbg_calloc', 'get_netscape_format']	303	2078	cookie_output	call site: 00000	/src/curl/lib/cookie.c:1656
265	265	1 : View List ['Curl_trc_opt']	265	265	Curl_trc_init	call site: 00000	/src/curl/lib/curl_trc.c:230
229	458	2 : View List ['Curl_cookie_clearall', 'Curl_cookie_cleanup']	229	682	Curl_vsetopt	call site: 00000	/src/curl/lib/setopt.c:750
228	448	3 : View List ['curl_dbg_fopen', 'Curl_infof', 'strcmp']	907	2736	Curl_cookie_init	call site: 00000	/src/curl/lib/cookie.c:1230
6	6	3 : View List ['strlen', 'fgets', 'feof']	6	6	Curl_get_line	call site: 00000	/src/curl/lib/curl_get_line.c:45
4	219	3 : View List ['__errno_location', 'fflush', 'curl_dbg_log']	4	219	countcheck	call site: 00000	/src/curl/lib/memdebug.c:111
4	4	2 : View List ['strlen', 'ntohl']	4	4	randit	call site: 00000	/src/curl/lib/rand.c:110

Runtime coverage analysis

Covered functions

139

Functions that are reachable but not covered

1872

Reachable functions

1873

Percentage of reachable functions covered

0.05%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
openssl/fuzz/driver.c	1
openssl/fuzz/x509.c	1
openssl/crypto/x509/x_x509.c	5
openssl/crypto/asn1/tasn_dec.c	14
openssl/crypto/err/err_blocks.c	2
openssl/crypto/err/err.c	30
openssl/crypto/init.c	39
openssl/crypto/err/err_local.h	5
openssl/crypto/mem.c	7
openssl/crypto/threads_pthread.c	13
openssl/crypto/cpuid.c	4
openssl/crypto/ctype.c	5
openssl/crypto/initthread.c	21
openssl/crypto/stack/stack.c	16
openssl/crypto/comp/c_zlib.c	1
openssl/crypto/async/async.c	6
openssl/crypto/rand/rand_lib.c	9
openssl/providers/implementations/rands/seeding/rand_unix.c	4
openssl/crypto/engine/eng_init.c	4
openssl/crypto/cryptlib.c	2
openssl/crypto/engine/eng_lib.c	22
openssl/include/internal/refcount.h	2
openssl/crypto/engine/tb_pkmeth.c	7
openssl/crypto/evp/pmeth_lib.c	31
openssl/crypto/engine/tb_asnmth.c	9
openssl/crypto/asn1/ameth_lib.c	9
openssl/crypto/engine/eng_list.c	10
openssl/crypto/ex_data.c	14
openssl/crypto/context.c	15
openssl/include/internal/cryptlib.h	7
openssl/include/openssl/crypto.h	2
openssl/crypto/property/property_parse.c	25
openssl/crypto/property/property_string.c	12
openssl/crypto/lhash/lhash.c	15
openssl/crypto/conf/conf_mod.c	34
openssl/crypto/dso/dso_lib.c	9
openssl/crypto/engine/eng_local.h	14
openssl/crypto/store/store_init.c	1
openssl/crypto/store/store_register.c	1
openssl/crypto/store/store_local.h	1
openssl/crypto/bio/bio_lib.c	17
openssl/crypto/bio/bio_sock.c	1
openssl/crypto/evp/names.c	9
openssl/crypto/objects/o_names.c	12
openssl/crypto/objects/obj_local.h	18
openssl/crypto/evp/evp_pbe.c	6
openssl/crypto/evp/evp_local.h	3
openssl/crypto/objects/obj_xref.c	5
openssl/crypto/objects/obj_xref.h	4
openssl/include/crypto/evp.h	8
openssl/crypto/objects/obj_dat.c	23
openssl/crypto/asn1/a_object.c	7
openssl/include/openssl/err.h	4
openssl/crypto/mem_sec.c	18
openssl/crypto/cmp/cmp_util.c	1
openssl/crypto/trace.c	2
openssl/crypto/err/err_all.c	1
openssl/crypto/evp/c_allc.c	1
openssl/crypto/evp/e_des.c	6
openssl/crypto/evp/c_alld.c	1
openssl/crypto/evp/legacy_md4.c	1
openssl/crypto/conf/conf_sap.c	2
openssl/crypto/getenv.c	1
openssl/crypto/o_str.c	12
openssl/crypto/x509/x509_def.c	1
openssl/crypto/bio/bio_print.c	11
openssl/crypto/engine/eng_openssl.c	20
openssl/crypto/evp/evp_lib.c	37
openssl/crypto/provider_core.c	44
openssl/crypto/provider_local.h	4
openssl/crypto/provider_child.c	2
openssl/crypto/evp/cmeth_lib.c	8
openssl/crypto/evp/evp_enc.c	24
openssl/crypto/rsa/rsa_ossl.c	1
openssl/crypto/engine/tb_rsa.c	4
openssl/crypto/dsa/dsa_ossl.c	1
openssl/crypto/engine/tb_dsa.c	4
openssl/crypto/ec/ec_kmeth.c	1
openssl/crypto/engine/tb_eckey.c	4
openssl/crypto/dh/dh_key.c	1
openssl/crypto/engine/tb_dh.c	4
openssl/crypto/rand/rand_meth.c	1
openssl/crypto/engine/tb_rand.c	4
openssl/crypto/engine/tb_cipher.c	7
openssl/crypto/params.c	45
openssl/crypto/evp/evp_utils.c	5
openssl/crypto/engine/tb_digest.c	7
openssl/crypto/evp/digest.c	17
openssl/crypto/sha/sha_local.h	1
openssl/include/crypto/md32_common.h	2
openssl/crypto/engine/eng_pkey.c	1
openssl/crypto/bio/bss_file.c	2
openssl/crypto/o_fopen.c	1
openssl/crypto/pem/pem_pkey.c	5
openssl/crypto/bio/bf_readbuff.c	1
openssl/crypto/pem/pem_lib.c	15
openssl/crypto/evp/evp_key.c	3
openssl/crypto/ui/ui_lib.c	27
openssl/crypto/ui/ui_openssl.c	1
openssl/crypto/ui/ui_null.c	1
openssl/include/openssl/ui.h	2
openssl/crypto/err/err_prn.c	2
openssl/crypto/passphrase.c	10
openssl/crypto/encode_decode/decoder_pkey.c	13
openssl/crypto/encode_decode/decoder_meth.c	17
openssl/crypto/encode_decode/decoder_lib.c	23
openssl/crypto/evp/keymgmt_meth.c	21
openssl/crypto/evp/evp_fetch.c	16
openssl/crypto/core_namemap.c	20
openssl/crypto/engine/eng_rdrand.c	4
openssl/crypto/engine/eng_dyn.c	12
openssl/include/openssl/safestack.h	4
openssl/crypto/dso/dso_dlfcn.c	1
openssl/engines/e_padlock.c	22
openssl/crypto/asn1/evp_asn1.c	1
openssl/crypto/asn1/tasn_typ.c	17
openssl/crypto/asn1/asn1_lib.c	12
openssl/crypto/asn1/a_octet.c	1
openssl/crypto/asn1/a_type.c	1
openssl/crypto/asn1/tasn_fre.c	5
openssl/engines/e_afalg.c	27
openssl/engines/e_afalg_err.c	3
openssl/crypto/engine/eng_fat.c	5
openssl/crypto/engine/eng_table.c	8
openssl/crypto/async/async_wait.c	3
openssl/crypto/async/arch/async_posix.h	1
openssl/crypto/bsearch.c	1
openssl/crypto/bn/bn_word.c	4
openssl/crypto/bn/bn_lib.c	23
openssl/crypto/bn/bn_local.h	1
openssl/crypto/bn/bn_shift.c	2
openssl/crypto/bn/bn_conv.c	4
openssl/include/internal/constant_time.h	4
openssl/crypto/bn/asm/x86_64-gcc.c	2
openssl/include/crypto/asn1.h	3
openssl/crypto/property/property.c	25
openssl/crypto/sparse_array.c	1
openssl/crypto/core_fetch.c	3
openssl/crypto/core_algorithm.c	4
openssl/include/openssl/core_dispatch.h	81
openssl/crypto/provider.c	2
openssl/crypto/property/property_query.c	3
openssl/crypto/encode_decode/encoder_local.h	10
openssl/crypto/evp/keymgmt_lib.c	14
openssl/crypto/evp/p_lib.c	24
openssl/include/openssl/x509.h	3
openssl/crypto/x509/x_attrib.c	2
openssl/include/openssl/asn1t.h	2
openssl/crypto/asn1/tasn_utl.c	13
openssl/crypto/asn1/a_int.c	10
openssl/crypto/bio/bss_mem.c	3
openssl/crypto/bio/ossl_core_bio.c	3
openssl/crypto/ui/ui_util.c	8
openssl/crypto/evp/encode.c	7
openssl/crypto/evp/legacy_md5.c	1
openssl/crypto/evp/m_sigver.c	7
openssl/crypto/evp/signature.c	9
openssl/crypto/evp/exchange.c	2
openssl/crypto/evp/kem.c	2
openssl/crypto/evp/asymcipher.c	2
openssl/crypto/evp/ctrl_params_translate.c	10
openssl/crypto/params_from_text.c	3
openssl/crypto/asn1/p8_pkey.c	4
openssl/crypto/evp/evp_pkey.c	1
openssl/crypto/asn1/x_sig.c	3
openssl/crypto/pkcs12/p12_p8d.c	2
openssl/crypto/pkcs12/p12_decr.c	2
openssl/crypto/asn1/d2i_pr.c	1
openssl/crypto/x509/x_pubkey.c	8
openssl/crypto/conf/conf_lib.c	10
openssl/crypto/conf/conf_def.c	1
openssl/crypto/conf/conf_api.c	3
openssl/include/openssl/conf.h	3
openssl/crypto/conf/conf_mall.c	1
openssl/crypto/asn1/asn_moid.c	3
openssl/crypto/objects/obj_lib.c	1
openssl/crypto/asn1/asn_mstbl.c	3
openssl/crypto/x509/v3_utl.c	6
openssl/crypto/asn1/asn1_gen.c	3
openssl/crypto/asn1/a_strnid.c	6
openssl/include/openssl/asn1.h	4
openssl/crypto/engine/eng_cnf.c	5
openssl/crypto/engine/eng_all.c	1
openssl/crypto/engine/eng_ctrl.c	7
openssl/crypto/evp/evp_cnf.c	2
openssl/crypto/conf/conf_ssl.c	3
openssl/crypto/provider_conf.c	10
openssl/crypto/encode_decode/encoder_meth.c	18
openssl/crypto/store/store_meth.c	3
openssl/crypto/evp/legacy_md5_sha1.c	1
openssl/crypto/evp/legacy_sha.c	13
openssl/crypto/evp/legacy_mdc2.c	1
openssl/crypto/evp/legacy_ripemd.c	1
openssl/crypto/evp/legacy_wp.c	1
openssl/crypto/sm3/legacy_sm3.c	1
openssl/crypto/evp/legacy_blake2.c	2
openssl/crypto/evp/e_des3.c	11
openssl/crypto/evp/e_xcbc_d.c	1
openssl/crypto/evp/e_rc4.c	2
openssl/crypto/evp/e_rc4_hmac_md5.c	1
openssl/crypto/evp/e_idea.c	4
openssl/crypto/evp/e_seed.c	4
openssl/crypto/evp/e_sm4.c	5
openssl/crypto/evp/e_rc2.c	6
openssl/crypto/evp/e_bf.c	4
openssl/crypto/evp/e_cast.c	4
openssl/crypto/evp/e_rc5.c	4
openssl/crypto/evp/e_aes.c	38
openssl/crypto/evp/e_aes_cbc_hmac_sha1.c	2
openssl/crypto/evp/e_aes_cbc_hmac_sha256.c	2
openssl/crypto/evp/e_aria.c	27
openssl/crypto/evp/e_camellia.c	21
openssl/crypto/evp/e_chacha20_poly1305.c	2
openssl/crypto/bn/bn_err.c	1
openssl/crypto/rsa/rsa_err.c	1
openssl/crypto/dh/dh_err.c	1
openssl/crypto/evp/evp_err.c	1
openssl/crypto/buffer/buf_err.c	1
openssl/crypto/objects/obj_err.c	1
openssl/crypto/pem/pem_err.c	1
openssl/crypto/dsa/dsa_err.c	1
openssl/crypto/x509/x509_err.c	1
openssl/crypto/asn1/asn1_err.c	1
openssl/crypto/conf/conf_err.c	1
openssl/crypto/cpt_err.c	1
openssl/crypto/comp/comp_err.c	1
openssl/crypto/ec/ec_err.c	1
openssl/crypto/bio/bio_err.c	1
openssl/crypto/pkcs7/pkcs7err.c	1
openssl/crypto/x509/v3err.c	1
openssl/crypto/pkcs12/pk12err.c	1
openssl/crypto/rand/rand_err.c	1
openssl/crypto/dso/dso_err.c	1
openssl/crypto/ts/ts_err.c	1
openssl/crypto/engine/eng_err.c	1
openssl/crypto/http/http_err.c	1
openssl/crypto/ocsp/ocsp_err.c	1
openssl/crypto/ui/ui_err.c	1
openssl/crypto/cms/cms_err.c	1
openssl/crypto/crmf/crmf_err.c	1
openssl/crypto/cmp/cmp_err.c	1
openssl/crypto/ct/ct_err.c	1
openssl/crypto/ess/ess_err.c	1
openssl/crypto/async/async_err.c	1
openssl/crypto/store/store_err.c	1
openssl/crypto/property/property_err.c	1
openssl/providers/common/provider_err.c	1
openssl/crypto/buffer/buffer.c	5
openssl/crypto/asn1/tasn_new.c	9
openssl/crypto/asn1/a_bitstr.c	2
openssl/crypto/bio/bss_null.c	1
openssl/crypto/x509/t_x509.c	5
openssl/crypto/x509/x509_set.c	7
openssl/crypto/x509/x509_cmp.c	5
openssl/crypto/bio/bio_dump.c	4
openssl/crypto/asn1/a_strex.c	8
openssl/crypto/x509/x_name.c	1
openssl/crypto/x509/x509_obj.c	1
openssl/crypto/x509/x509name.c	5
openssl/crypto/asn1/asn1_parse.c	4
openssl/crypto/asn1/tasn_enc.c	8
openssl/crypto/asn1/asn1_local.h	3
openssl/crypto/asn1/a_utf8.c	2
openssl/include/internal/unicode.h	1
openssl/crypto/asn1/a_time.c	4
openssl/crypto/o_time.c	4
openssl/crypto/bio/bf_prefix.c	1
openssl/crypto/encode_decode/encoder_pkey.c	7
openssl/crypto/encode_decode/encoder_lib.c	17
openssl/crypto/x509/v3_prn.c	4
openssl/crypto/x509/x509_v3.c	3
openssl/crypto/x509/v3_lib.c	4
openssl/include/openssl/x509v3.h	2
openssl/crypto/asn1/a_print.c	1
openssl/crypto/x509/x_x509a.c	5

Fuzzer: curl_fuzzer_http

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4035	91.8%
gold	[1:9]	30	0.68%
yellow	[10:29]	46	1.04%
greenyellow	[30:49]	30	0.68%
lawngreen	50+	251	5.71%
All colors	4392	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1442	1442	1 : View List ['curl_multi_cleanup']	1442	12361	Curl_close	call site: 01299	/src/curl/lib/url.c:248
1016	1016	1 : View List ['curl_multi_remove_handle']	2458	13377	Curl_close	call site: 01298	/src/curl/lib/url.c:243
694	2288	8 : View List ['Curl_cookie_cleanup', 'Curl_get_line', 'curl_dbg_malloc', 'remove_expired', 'curl_strnequal', 'curl_dbg_free', 'Curl_cookie_add', 'curl_dbg_fclose']	694	2288	Curl_cookie_init	call site: 00175	/src/curl/lib/cookie.c:1243
332	332	2 : View List ['Curl_infof', 'curl_easy_strerror']	332	566	Curl_flush_cookies	call site: 00349	/src/curl/lib/cookie.c:1768
296	531	3 : View List ['qsort', 'curl_dbg_calloc', 'get_netscape_format']	303	2078	cookie_output	call site: 00409	/src/curl/lib/cookie.c:1656
265	265	1 : View List ['Curl_trc_opt']	265	265	Curl_trc_init	call site: 00010	/src/curl/lib/curl_trc.c:230
229	458	2 : View List ['Curl_cookie_clearall', 'Curl_cookie_cleanup']	229	682	Curl_vsetopt	call site: 00145	/src/curl/lib/setopt.c:750
228	448	3 : View List ['curl_dbg_fopen', 'Curl_infof', 'strcmp']	922	2736	Curl_cookie_init	call site: 00170	/src/curl/lib/cookie.c:1230
6	6	3 : View List ['strlen', 'fgets', 'feof']	6	6	Curl_get_line	call site: 00185	/src/curl/lib/curl_get_line.c:45
4	219	3 : View List ['__errno_location', 'fflush', 'curl_dbg_log']	4	219	countcheck	call site: 00014	/src/curl/lib/memdebug.c:111
4	4	2 : View List ['strlen', 'ntohl']	4	4	randit	call site: 00359	/src/curl/lib/rand.c:110
4	4	2 : View List ['clock_gettime', 'gettimeofday']	4	4	Curl_now	call site: 00363	/src/curl/lib/timeval.c:96

Runtime coverage analysis

Covered functions

100

Functions that are reachable but not covered

1010

Reachable functions

1124

Percentage of reachable functions covered

10.14%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
curl_fuzzer/curl_fuzzer.cc	11
curl/lib/easy.c	5
curl/lib/../lib/easy_lock.h	2
curl/lib/curl_trc.c	6
curl/lib/memdebug.c	13
curl/lib/mprintf.c	10
curl/lib/strcase.c	10
curl/lib/asyn-thread.c	16
curl/lib/url.c	52
curl/lib/mime.c	31
curl/lib/vtls/vtls.c	12
curl/lib/dynbuf.c	12
curl/lib/getinfo.c	1
curl/lib/slist.c	5
curl_fuzzer/curl_fuzzer_tlv.cc	8
curl/lib/setopt.c	6
curl/lib/content_encoding.c	3
curl/lib/cookie.c	21
curl/lib/multi.c	59
curl/lib/curl_get_line.c	1
curl/lib/strdup.c	3
curl/lib/hostip.c	27
curl/lib/strtoofft.c	1
curl/lib/parsedate.c	10
curl/lib/warnless.c	5
curl/lib/curl_memrchr.c	1
curl/lib/share.c	2
curl/lib/fopen.c	2
curl/lib/rand.c	3
curl/lib/timeval.c	4
curl/lib/rename.c	1
curl/lib/strerror.c	3
curl/lib/altsvc.c	19
curl/lib/llist.c	5
curl/lib/formdata.c	5
curl_fuzzer/curl_fuzzer_callback.cc	4
curl/lib/hash.c	11
curl/lib/curl_addrinfo.c	8
curl/lib/conncache.c	20
curl/lib/nonblock.c	1
curl/lib/splay.c	4
curl/lib/transfer.c	17
curl/lib/curl_threads.c	4
curl/lib/hostasyn.c	2
curl/lib/connect.c	8
curl/lib/cfilters.c	31
curl/lib/progress.c	17
curl/lib/sendf.c	12
curl/lib/urlapi.c	22
curl/lib/escape.c	2
curl/lib/idn.c	2
curl/lib/ftplistparser.c	3
curl/lib/fileinfo.c	1
curl/lib/headers.c	5
curl/lib/http_digest.c	2
curl/lib/vauth/digest.c	4
curl/lib/getenv.c	2
curl/lib/noproxy.c	3
curl/lib/netrc.c	2
curl/lib/speedcheck.c	2
curl/lib/doh.c	19
curl/lib/hostip6.c	1
curl/lib/cf-https-connect.c	5
curl/lib/vquic/vquic.c	1
curl/lib/http.c	23
curl/lib/select.c	3
curl/lib/http2.c	35
nghttp2/lib/nghttp2_session.c	96
nghttp2/lib/nghttp2_mem.c	6
nghttp2/lib/nghttp2_stream.c	40
nghttp2/lib/nghttp2_pq.c	10
nghttp2/lib/nghttp2_map.c	12
nghttp2/lib/nghttp2_outbound_item.c	4
nghttp2/lib/nghttp2_frame.c	42
nghttp2/lib/nghttp2_buf.c	18
nghttp2/lib/nghttp2_hd.c	44
nghttp2/lib/nghttp2_rcbuf.c	5
curl/lib/bufq.c	29
nghttp2/lib/nghttp2_callbacks.c	10
nghttp2/lib/nghttp2_submit.c	6
nghttp2/lib/nghttp2_priority_spec.c	3
nghttp2/lib/nghttp2_helper.c	10
curl/lib/http1.c	2
curl/lib/dynhds.c	5
nghttp2/lib/nghttp2_http.c	1
nghttp2/lib/nghttp2_hd_huffman.c	2
nghttp2/lib/nghttp2_option.c	3
curl/lib/ws.c	5
curl/lib/http_chunks.c	3
curl/lib/rtsp.c	2
curl/lib/pop3.c	1
curl/lib/smtp.c	1

Fuzzer: curl_fuzzer_sftp

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4035	91.8%
gold	[1:9]	36	0.81%
yellow	[10:29]	43	0.97%
greenyellow	[30:49]	32	0.72%
lawngreen	50+	246	5.60%
All colors	4392	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1442	1442	1 : View List ['curl_multi_cleanup']	1442	12361	Curl_close	call site: 01299	/src/curl/lib/url.c:248
1016	1016	1 : View List ['curl_multi_remove_handle']	2458	13377	Curl_close	call site: 01298	/src/curl/lib/url.c:243
694	2288	8 : View List ['Curl_cookie_cleanup', 'Curl_get_line', 'curl_dbg_malloc', 'remove_expired', 'curl_strnequal', 'curl_dbg_free', 'Curl_cookie_add', 'curl_dbg_fclose']	694	2288	Curl_cookie_init	call site: 00175	/src/curl/lib/cookie.c:1243
332	332	2 : View List ['Curl_infof', 'curl_easy_strerror']	332	566	Curl_flush_cookies	call site: 00349	/src/curl/lib/cookie.c:1768
296	531	3 : View List ['qsort', 'curl_dbg_calloc', 'get_netscape_format']	303	2078	cookie_output	call site: 00409	/src/curl/lib/cookie.c:1656
265	265	1 : View List ['Curl_trc_opt']	265	265	Curl_trc_init	call site: 00010	/src/curl/lib/curl_trc.c:230
229	458	2 : View List ['Curl_cookie_clearall', 'Curl_cookie_cleanup']	229	682	Curl_vsetopt	call site: 00145	/src/curl/lib/setopt.c:750
228	448	3 : View List ['curl_dbg_fopen', 'Curl_infof', 'strcmp']	922	2736	Curl_cookie_init	call site: 00170	/src/curl/lib/cookie.c:1230
6	6	3 : View List ['strlen', 'fgets', 'feof']	6	6	Curl_get_line	call site: 00185	/src/curl/lib/curl_get_line.c:45
4	219	3 : View List ['__errno_location', 'fflush', 'curl_dbg_log']	4	219	countcheck	call site: 00014	/src/curl/lib/memdebug.c:111
4	4	2 : View List ['strlen', 'ntohl']	4	4	randit	call site: 00359	/src/curl/lib/rand.c:110
4	4	2 : View List ['clock_gettime', 'gettimeofday']	4	4	Curl_now	call site: 00363	/src/curl/lib/timeval.c:96

Runtime coverage analysis

Covered functions

100

Functions that are reachable but not covered

1010

Reachable functions

1124

Percentage of reachable functions covered

10.14%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
curl_fuzzer/curl_fuzzer.cc	11
curl/lib/easy.c	5
curl/lib/../lib/easy_lock.h	2
curl/lib/curl_trc.c	6
curl/lib/memdebug.c	13
curl/lib/mprintf.c	10
curl/lib/strcase.c	10
curl/lib/asyn-thread.c	16
curl/lib/url.c	52
curl/lib/mime.c	31
curl/lib/vtls/vtls.c	12
curl/lib/dynbuf.c	12
curl/lib/getinfo.c	1
curl/lib/slist.c	5
curl_fuzzer/curl_fuzzer_tlv.cc	8
curl/lib/setopt.c	6
curl/lib/content_encoding.c	3
curl/lib/cookie.c	21
curl/lib/multi.c	59
curl/lib/curl_get_line.c	1
curl/lib/strdup.c	3
curl/lib/hostip.c	27
curl/lib/strtoofft.c	1
curl/lib/parsedate.c	10
curl/lib/warnless.c	5
curl/lib/curl_memrchr.c	1
curl/lib/share.c	2
curl/lib/fopen.c	2
curl/lib/rand.c	3
curl/lib/timeval.c	4
curl/lib/rename.c	1
curl/lib/strerror.c	3
curl/lib/altsvc.c	19
curl/lib/llist.c	5
curl/lib/formdata.c	5
curl_fuzzer/curl_fuzzer_callback.cc	4
curl/lib/hash.c	11
curl/lib/curl_addrinfo.c	8
curl/lib/conncache.c	20
curl/lib/nonblock.c	1
curl/lib/splay.c	4
curl/lib/transfer.c	17
curl/lib/curl_threads.c	4
curl/lib/hostasyn.c	2
curl/lib/connect.c	8
curl/lib/cfilters.c	31
curl/lib/progress.c	17
curl/lib/sendf.c	12
curl/lib/urlapi.c	22
curl/lib/escape.c	2
curl/lib/idn.c	2
curl/lib/ftplistparser.c	3
curl/lib/fileinfo.c	1
curl/lib/headers.c	5
curl/lib/http_digest.c	2
curl/lib/vauth/digest.c	4
curl/lib/getenv.c	2
curl/lib/noproxy.c	3
curl/lib/netrc.c	2
curl/lib/speedcheck.c	2
curl/lib/doh.c	19
curl/lib/hostip6.c	1
curl/lib/cf-https-connect.c	5
curl/lib/vquic/vquic.c	1
curl/lib/http.c	23
curl/lib/select.c	3
curl/lib/http2.c	35
nghttp2/lib/nghttp2_session.c	96
nghttp2/lib/nghttp2_mem.c	6
nghttp2/lib/nghttp2_stream.c	40
nghttp2/lib/nghttp2_pq.c	10
nghttp2/lib/nghttp2_map.c	12
nghttp2/lib/nghttp2_outbound_item.c	4
nghttp2/lib/nghttp2_frame.c	42
nghttp2/lib/nghttp2_buf.c	18
nghttp2/lib/nghttp2_hd.c	44
nghttp2/lib/nghttp2_rcbuf.c	5
curl/lib/bufq.c	29
nghttp2/lib/nghttp2_callbacks.c	10
nghttp2/lib/nghttp2_submit.c	6
nghttp2/lib/nghttp2_priority_spec.c	3
nghttp2/lib/nghttp2_helper.c	10
curl/lib/http1.c	2
curl/lib/dynhds.c	5
nghttp2/lib/nghttp2_http.c	1
nghttp2/lib/nghttp2_hd_huffman.c	2
nghttp2/lib/nghttp2_option.c	3
curl/lib/ws.c	5
curl/lib/http_chunks.c	3
curl/lib/rtsp.c	2
curl/lib/pop3.c	1
curl/lib/smtp.c	1

Fuzzer: curl_fuzzer_dict

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4035	91.8%
gold	[1:9]	33	0.75%
yellow	[10:29]	43	0.97%
greenyellow	[30:49]	33	0.75%
lawngreen	50+	248	5.64%
All colors	4392	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1442	1442	1 : View List ['curl_multi_cleanup']	1442	12361	Curl_close	call site: 01299	/src/curl/lib/url.c:248
1016	1016	1 : View List ['curl_multi_remove_handle']	2458	13377	Curl_close	call site: 01298	/src/curl/lib/url.c:243
694	2288	8 : View List ['Curl_cookie_cleanup', 'Curl_get_line', 'curl_dbg_malloc', 'remove_expired', 'curl_strnequal', 'curl_dbg_free', 'Curl_cookie_add', 'curl_dbg_fclose']	694	2288	Curl_cookie_init	call site: 00175	/src/curl/lib/cookie.c:1243
332	332	2 : View List ['Curl_infof', 'curl_easy_strerror']	332	566	Curl_flush_cookies	call site: 00349	/src/curl/lib/cookie.c:1768
296	531	3 : View List ['qsort', 'curl_dbg_calloc', 'get_netscape_format']	303	2078	cookie_output	call site: 00409	/src/curl/lib/cookie.c:1656
265	265	1 : View List ['Curl_trc_opt']	265	265	Curl_trc_init	call site: 00010	/src/curl/lib/curl_trc.c:230
229	458	2 : View List ['Curl_cookie_clearall', 'Curl_cookie_cleanup']	229	682	Curl_vsetopt	call site: 00145	/src/curl/lib/setopt.c:750
228	448	3 : View List ['curl_dbg_fopen', 'Curl_infof', 'strcmp']	922	2736	Curl_cookie_init	call site: 00170	/src/curl/lib/cookie.c:1230
6	6	3 : View List ['strlen', 'fgets', 'feof']	6	6	Curl_get_line	call site: 00185	/src/curl/lib/curl_get_line.c:45
4	219	3 : View List ['__errno_location', 'fflush', 'curl_dbg_log']	4	219	countcheck	call site: 00014	/src/curl/lib/memdebug.c:111
4	4	2 : View List ['strlen', 'ntohl']	4	4	randit	call site: 00359	/src/curl/lib/rand.c:110
4	4	2 : View List ['clock_gettime', 'gettimeofday']	4	4	Curl_now	call site: 00363	/src/curl/lib/timeval.c:96

Runtime coverage analysis

Covered functions

100

Functions that are reachable but not covered

1010

Reachable functions

1124

Percentage of reachable functions covered

10.14%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
curl_fuzzer/curl_fuzzer.cc	11
curl/lib/easy.c	5
curl/lib/../lib/easy_lock.h	2
curl/lib/curl_trc.c	6
curl/lib/memdebug.c	13
curl/lib/mprintf.c	10
curl/lib/strcase.c	10
curl/lib/asyn-thread.c	16
curl/lib/url.c	52
curl/lib/mime.c	31
curl/lib/vtls/vtls.c	12
curl/lib/dynbuf.c	12
curl/lib/getinfo.c	1
curl/lib/slist.c	5
curl_fuzzer/curl_fuzzer_tlv.cc	8
curl/lib/setopt.c	6
curl/lib/content_encoding.c	3
curl/lib/cookie.c	21
curl/lib/multi.c	59
curl/lib/curl_get_line.c	1
curl/lib/strdup.c	3
curl/lib/hostip.c	27
curl/lib/strtoofft.c	1
curl/lib/parsedate.c	10
curl/lib/warnless.c	5
curl/lib/curl_memrchr.c	1
curl/lib/share.c	2
curl/lib/fopen.c	2
curl/lib/rand.c	3
curl/lib/timeval.c	4
curl/lib/rename.c	1
curl/lib/strerror.c	3
curl/lib/altsvc.c	19
curl/lib/llist.c	5
curl/lib/formdata.c	5
curl_fuzzer/curl_fuzzer_callback.cc	4
curl/lib/hash.c	11
curl/lib/curl_addrinfo.c	8
curl/lib/conncache.c	20
curl/lib/nonblock.c	1
curl/lib/splay.c	4
curl/lib/transfer.c	17
curl/lib/curl_threads.c	4
curl/lib/hostasyn.c	2
curl/lib/connect.c	8
curl/lib/cfilters.c	31
curl/lib/progress.c	17
curl/lib/sendf.c	12
curl/lib/urlapi.c	22
curl/lib/escape.c	2
curl/lib/idn.c	2
curl/lib/ftplistparser.c	3
curl/lib/fileinfo.c	1
curl/lib/headers.c	5
curl/lib/http_digest.c	2
curl/lib/vauth/digest.c	4
curl/lib/getenv.c	2
curl/lib/noproxy.c	3
curl/lib/netrc.c	2
curl/lib/speedcheck.c	2
curl/lib/doh.c	19
curl/lib/hostip6.c	1
curl/lib/cf-https-connect.c	5
curl/lib/vquic/vquic.c	1
curl/lib/http.c	23
curl/lib/select.c	3
curl/lib/http2.c	35
nghttp2/lib/nghttp2_session.c	96
nghttp2/lib/nghttp2_mem.c	6
nghttp2/lib/nghttp2_stream.c	40
nghttp2/lib/nghttp2_pq.c	10
nghttp2/lib/nghttp2_map.c	12
nghttp2/lib/nghttp2_outbound_item.c	4
nghttp2/lib/nghttp2_frame.c	42
nghttp2/lib/nghttp2_buf.c	18
nghttp2/lib/nghttp2_hd.c	44
nghttp2/lib/nghttp2_rcbuf.c	5
curl/lib/bufq.c	29
nghttp2/lib/nghttp2_callbacks.c	10
nghttp2/lib/nghttp2_submit.c	6
nghttp2/lib/nghttp2_priority_spec.c	3
nghttp2/lib/nghttp2_helper.c	10
curl/lib/http1.c	2
curl/lib/dynhds.c	5
nghttp2/lib/nghttp2_http.c	1
nghttp2/lib/nghttp2_hd_huffman.c	2
nghttp2/lib/nghttp2_option.c	3
curl/lib/ws.c	5
curl/lib/http_chunks.c	3
curl/lib/rtsp.c	2
curl/lib/pop3.c	1
curl/lib/smtp.c	1

Fuzzer: curl_fuzzer_tftp

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4035	91.8%
gold	[1:9]	37	0.84%
yellow	[10:29]	40	0.91%
greenyellow	[30:49]	32	0.72%
lawngreen	50+	248	5.64%
All colors	4392	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1442	1442	1 : View List ['curl_multi_cleanup']	1442	12361	Curl_close	call site: 01299	/src/curl/lib/url.c:248
1016	1016	1 : View List ['curl_multi_remove_handle']	2458	13377	Curl_close	call site: 01298	/src/curl/lib/url.c:243
694	2288	8 : View List ['Curl_cookie_cleanup', 'Curl_get_line', 'curl_dbg_malloc', 'remove_expired', 'curl_strnequal', 'curl_dbg_free', 'Curl_cookie_add', 'curl_dbg_fclose']	694	2288	Curl_cookie_init	call site: 00175	/src/curl/lib/cookie.c:1243
332	332	2 : View List ['Curl_infof', 'curl_easy_strerror']	332	566	Curl_flush_cookies	call site: 00349	/src/curl/lib/cookie.c:1768
296	531	3 : View List ['qsort', 'curl_dbg_calloc', 'get_netscape_format']	303	2078	cookie_output	call site: 00409	/src/curl/lib/cookie.c:1656
265	265	1 : View List ['Curl_trc_opt']	265	265	Curl_trc_init	call site: 00010	/src/curl/lib/curl_trc.c:230
229	458	2 : View List ['Curl_cookie_clearall', 'Curl_cookie_cleanup']	229	682	Curl_vsetopt	call site: 00145	/src/curl/lib/setopt.c:750
228	448	3 : View List ['curl_dbg_fopen', 'Curl_infof', 'strcmp']	922	2736	Curl_cookie_init	call site: 00170	/src/curl/lib/cookie.c:1230
6	6	3 : View List ['strlen', 'fgets', 'feof']	6	6	Curl_get_line	call site: 00185	/src/curl/lib/curl_get_line.c:45
4	219	3 : View List ['__errno_location', 'fflush', 'curl_dbg_log']	4	219	countcheck	call site: 00014	/src/curl/lib/memdebug.c:111
4	4	2 : View List ['strlen', 'ntohl']	4	4	randit	call site: 00359	/src/curl/lib/rand.c:110
4	4	2 : View List ['clock_gettime', 'gettimeofday']	4	4	Curl_now	call site: 00363	/src/curl/lib/timeval.c:96

Runtime coverage analysis

Covered functions

100

Functions that are reachable but not covered

1010

Reachable functions

1124

Percentage of reachable functions covered

10.14%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
curl_fuzzer/curl_fuzzer.cc	11
curl/lib/easy.c	5
curl/lib/../lib/easy_lock.h	2
curl/lib/curl_trc.c	6
curl/lib/memdebug.c	13
curl/lib/mprintf.c	10
curl/lib/strcase.c	10
curl/lib/asyn-thread.c	16
curl/lib/url.c	52
curl/lib/mime.c	31
curl/lib/vtls/vtls.c	12
curl/lib/dynbuf.c	12
curl/lib/getinfo.c	1
curl/lib/slist.c	5
curl_fuzzer/curl_fuzzer_tlv.cc	8
curl/lib/setopt.c	6
curl/lib/content_encoding.c	3
curl/lib/cookie.c	21
curl/lib/multi.c	59
curl/lib/curl_get_line.c	1
curl/lib/strdup.c	3
curl/lib/hostip.c	27
curl/lib/strtoofft.c	1
curl/lib/parsedate.c	10
curl/lib/warnless.c	5
curl/lib/curl_memrchr.c	1
curl/lib/share.c	2
curl/lib/fopen.c	2
curl/lib/rand.c	3
curl/lib/timeval.c	4
curl/lib/rename.c	1
curl/lib/strerror.c	3
curl/lib/altsvc.c	19
curl/lib/llist.c	5
curl/lib/formdata.c	5
curl_fuzzer/curl_fuzzer_callback.cc	4
curl/lib/hash.c	11
curl/lib/curl_addrinfo.c	8
curl/lib/conncache.c	20
curl/lib/nonblock.c	1
curl/lib/splay.c	4
curl/lib/transfer.c	17
curl/lib/curl_threads.c	4
curl/lib/hostasyn.c	2
curl/lib/connect.c	8
curl/lib/cfilters.c	31
curl/lib/progress.c	17
curl/lib/sendf.c	12
curl/lib/urlapi.c	22
curl/lib/escape.c	2
curl/lib/idn.c	2
curl/lib/ftplistparser.c	3
curl/lib/fileinfo.c	1
curl/lib/headers.c	5
curl/lib/http_digest.c	2
curl/lib/vauth/digest.c	4
curl/lib/getenv.c	2
curl/lib/noproxy.c	3
curl/lib/netrc.c	2
curl/lib/speedcheck.c	2
curl/lib/doh.c	19
curl/lib/hostip6.c	1
curl/lib/cf-https-connect.c	5
curl/lib/vquic/vquic.c	1
curl/lib/http.c	23
curl/lib/select.c	3
curl/lib/http2.c	35
nghttp2/lib/nghttp2_session.c	96
nghttp2/lib/nghttp2_mem.c	6
nghttp2/lib/nghttp2_stream.c	40
nghttp2/lib/nghttp2_pq.c	10
nghttp2/lib/nghttp2_map.c	12
nghttp2/lib/nghttp2_outbound_item.c	4
nghttp2/lib/nghttp2_frame.c	42
nghttp2/lib/nghttp2_buf.c	18
nghttp2/lib/nghttp2_hd.c	44
nghttp2/lib/nghttp2_rcbuf.c	5
curl/lib/bufq.c	29
nghttp2/lib/nghttp2_callbacks.c	10
nghttp2/lib/nghttp2_submit.c	6
nghttp2/lib/nghttp2_priority_spec.c	3
nghttp2/lib/nghttp2_helper.c	10
curl/lib/http1.c	2
curl/lib/dynhds.c	5
nghttp2/lib/nghttp2_http.c	1
nghttp2/lib/nghttp2_hd_huffman.c	2
nghttp2/lib/nghttp2_option.c	3
curl/lib/ws.c	5
curl/lib/http_chunks.c	3
curl/lib/rtsp.c	2
curl/lib/pop3.c	1
curl/lib/smtp.c	1

Fuzzer: openssl/fuzz/driver.c

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	5228	99.9%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	1	0.01%
All colors	5229	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1442	1442	1 : View List ['curl_multi_cleanup']	1442	12361	Curl_close	call site: 00000	/src/curl/lib/url.c:248
1135	2615	11 : View List ['Curl_dyn_len', 'Curl_strndup', 'dedotdotify', 'Curl_dyn_init', 'strchr', 'curl_dbg_strdup', 'Curl_dyn_add', 'urlencode_str', 'memchr', 'curl_dbg_free', 'Curl_dyn_ptr']	1135	3059	parseurl	call site: 00000	/src/curl/lib/urlapi.c:1206
1016	1016	1 : View List ['curl_multi_remove_handle']	2458	13377	Curl_close	call site: 00000	/src/curl/lib/url.c:243
679	2288	8 : View List ['Curl_cookie_cleanup', 'Curl_get_line', 'curl_dbg_malloc', 'remove_expired', 'curl_strnequal', 'curl_dbg_free', 'Curl_cookie_add', 'curl_dbg_fclose']	679	2288	Curl_cookie_init	call site: 00000	/src/curl/lib/cookie.c:1243
332	332	2 : View List ['Curl_infof', 'curl_easy_strerror']	332	566	Curl_flush_cookies	call site: 00000	/src/curl/lib/cookie.c:1768
296	531	3 : View List ['qsort', 'curl_dbg_calloc', 'get_netscape_format']	303	2078	cookie_output	call site: 00000	/src/curl/lib/cookie.c:1656
265	265	1 : View List ['Curl_trc_opt']	265	265	Curl_trc_init	call site: 00000	/src/curl/lib/curl_trc.c:230
229	458	2 : View List ['Curl_cookie_clearall', 'Curl_cookie_cleanup']	229	682	Curl_vsetopt	call site: 00000	/src/curl/lib/setopt.c:750
228	448	3 : View List ['curl_dbg_fopen', 'Curl_infof', 'strcmp']	907	2736	Curl_cookie_init	call site: 00000	/src/curl/lib/cookie.c:1230
6	6	3 : View List ['strlen', 'fgets', 'feof']	6	6	Curl_get_line	call site: 00000	/src/curl/lib/curl_get_line.c:45
4	219	3 : View List ['__errno_location', 'fflush', 'curl_dbg_log']	4	219	countcheck	call site: 00000	/src/curl/lib/memdebug.c:111
4	4	2 : View List ['strlen', 'ntohl']	4	4	randit	call site: 00000	/src/curl/lib/rand.c:110

Runtime coverage analysis

Covered functions

139

Functions that are reachable but not covered

1426

Reachable functions

1427

Percentage of reachable functions covered

0.07%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
openssl/fuzz/driver.c	1
openssl/fuzz/ct.c	1
openssl/crypto/ct/ct_oct.c	8
openssl/crypto/asn1/tasn_typ.c	14
openssl/crypto/asn1/tasn_dec.c	14
openssl/crypto/err/err_blocks.c	2
openssl/crypto/err/err.c	30
openssl/crypto/init.c	39
openssl/crypto/err/err_local.h	5
openssl/crypto/mem.c	7
openssl/crypto/threads_pthread.c	13
openssl/crypto/cpuid.c	4
openssl/crypto/ctype.c	4
openssl/crypto/initthread.c	21
openssl/crypto/stack/stack.c	16
openssl/crypto/comp/c_zlib.c	1
openssl/crypto/async/async.c	6
openssl/crypto/rand/rand_lib.c	9
openssl/providers/implementations/rands/seeding/rand_unix.c	4
openssl/crypto/engine/eng_init.c	4
openssl/crypto/cryptlib.c	2
openssl/crypto/engine/eng_lib.c	22
openssl/include/internal/refcount.h	2
openssl/crypto/engine/tb_pkmeth.c	7
openssl/crypto/evp/pmeth_lib.c	31
openssl/crypto/engine/tb_asnmth.c	9
openssl/crypto/asn1/ameth_lib.c	9
openssl/crypto/engine/eng_list.c	10
openssl/crypto/ex_data.c	14
openssl/crypto/context.c	15
openssl/include/internal/cryptlib.h	7
openssl/include/openssl/crypto.h	2
openssl/crypto/property/property_parse.c	25
openssl/crypto/property/property_string.c	12
openssl/crypto/lhash/lhash.c	15
openssl/crypto/conf/conf_mod.c	34
openssl/crypto/dso/dso_lib.c	9
openssl/crypto/engine/eng_local.h	14
openssl/crypto/store/store_init.c	1
openssl/crypto/store/store_register.c	1
openssl/crypto/store/store_local.h	1
openssl/crypto/bio/bio_lib.c	16
openssl/crypto/bio/bio_sock.c	1
openssl/crypto/evp/names.c	9
openssl/crypto/objects/o_names.c	12
openssl/crypto/objects/obj_local.h	18
openssl/crypto/evp/evp_pbe.c	6
openssl/crypto/evp/evp_local.h	3
openssl/crypto/objects/obj_xref.c	2
openssl/crypto/objects/obj_xref.h	2
openssl/include/crypto/evp.h	8
openssl/crypto/objects/obj_dat.c	23
openssl/crypto/asn1/a_object.c	6
openssl/include/openssl/err.h	4
openssl/crypto/mem_sec.c	18
openssl/crypto/cmp/cmp_util.c	1
openssl/crypto/trace.c	2
openssl/crypto/err/err_all.c	1
openssl/crypto/evp/c_allc.c	1
openssl/crypto/evp/e_des.c	6
openssl/crypto/evp/c_alld.c	1
openssl/crypto/evp/legacy_md4.c	1
openssl/crypto/conf/conf_sap.c	2
openssl/crypto/getenv.c	1
openssl/crypto/o_str.c	12
openssl/crypto/x509/x509_def.c	1
openssl/crypto/bio/bio_print.c	11
openssl/crypto/engine/eng_openssl.c	20
openssl/crypto/evp/evp_lib.c	37
openssl/crypto/provider_core.c	44
openssl/crypto/provider_local.h	4
openssl/crypto/provider_child.c	2
openssl/crypto/evp/cmeth_lib.c	8
openssl/crypto/evp/evp_enc.c	24
openssl/crypto/rsa/rsa_ossl.c	1
openssl/crypto/engine/tb_rsa.c	4
openssl/crypto/dsa/dsa_ossl.c	1
openssl/crypto/engine/tb_dsa.c	4
openssl/crypto/ec/ec_kmeth.c	1
openssl/crypto/engine/tb_eckey.c	4
openssl/crypto/dh/dh_key.c	1
openssl/crypto/engine/tb_dh.c	4
openssl/crypto/rand/rand_meth.c	1
openssl/crypto/engine/tb_rand.c	4
openssl/crypto/engine/tb_cipher.c	7
openssl/crypto/params.c	45
openssl/crypto/evp/evp_utils.c	5
openssl/crypto/engine/tb_digest.c	7
openssl/crypto/evp/digest.c	17
openssl/crypto/sha/sha_local.h	1
openssl/include/crypto/md32_common.h	2
openssl/crypto/engine/eng_pkey.c	1
openssl/crypto/bio/bss_file.c	2
openssl/crypto/o_fopen.c	1
openssl/crypto/pem/pem_pkey.c	5
openssl/crypto/bio/bf_readbuff.c	1
openssl/crypto/pem/pem_lib.c	15
openssl/crypto/evp/evp_key.c	3
openssl/crypto/ui/ui_lib.c	27
openssl/crypto/ui/ui_openssl.c	1
openssl/crypto/ui/ui_null.c	1
openssl/include/openssl/ui.h	2
openssl/crypto/err/err_prn.c	1
openssl/crypto/passphrase.c	9
openssl/crypto/encode_decode/decoder_pkey.c	13
openssl/crypto/encode_decode/decoder_meth.c	17
openssl/crypto/encode_decode/decoder_lib.c	23
openssl/crypto/evp/keymgmt_meth.c	21
openssl/crypto/evp/evp_fetch.c	16
openssl/crypto/core_namemap.c	20
openssl/crypto/engine/eng_rdrand.c	4
openssl/crypto/engine/eng_dyn.c	12
openssl/include/openssl/safestack.h	4
openssl/crypto/dso/dso_dlfcn.c	1
openssl/engines/e_padlock.c	22
openssl/crypto/asn1/evp_asn1.c	1
openssl/crypto/asn1/asn1_lib.c	14
openssl/crypto/asn1/a_octet.c	1
openssl/crypto/asn1/a_type.c	1
openssl/crypto/asn1/tasn_fre.c	5
openssl/engines/e_afalg.c	27
openssl/engines/e_afalg_err.c	3
openssl/crypto/engine/eng_fat.c	5
openssl/crypto/engine/eng_table.c	8
openssl/crypto/async/async_wait.c	3
openssl/crypto/async/arch/async_posix.h	1
openssl/crypto/bsearch.c	1
openssl/crypto/bn/bn_word.c	4
openssl/crypto/bn/bn_lib.c	23
openssl/crypto/bn/bn_local.h	1
openssl/crypto/bn/bn_shift.c	2
openssl/crypto/bn/bn_conv.c	4
openssl/include/internal/constant_time.h	4
openssl/crypto/bn/asm/x86_64-gcc.c	2
openssl/include/crypto/asn1.h	3
openssl/crypto/property/property.c	25
openssl/crypto/sparse_array.c	1
openssl/crypto/core_fetch.c	3
openssl/crypto/core_algorithm.c	4
openssl/include/openssl/core_dispatch.h	81
openssl/crypto/provider.c	2
openssl/crypto/property/property_query.c	3
openssl/crypto/encode_decode/encoder_local.h	5
openssl/crypto/evp/keymgmt_lib.c	14
openssl/crypto/evp/p_lib.c	19
openssl/include/openssl/x509.h	1
openssl/crypto/x509/x_attrib.c	2
openssl/include/openssl/asn1t.h	2
openssl/crypto/asn1/tasn_utl.c	13
openssl/crypto/asn1/a_int.c	10
openssl/crypto/bio/bss_mem.c	3
openssl/crypto/bio/ossl_core_bio.c	3
openssl/crypto/ui/ui_util.c	8
openssl/crypto/evp/encode.c	7
openssl/crypto/evp/legacy_md5.c	1
openssl/crypto/evp/m_sigver.c	7
openssl/crypto/evp/signature.c	9
openssl/crypto/evp/exchange.c	2
openssl/crypto/evp/kem.c	2
openssl/crypto/evp/asymcipher.c	2
openssl/crypto/evp/ctrl_params_translate.c	10
openssl/crypto/params_from_text.c	3
openssl/crypto/asn1/p8_pkey.c	4
openssl/crypto/evp/evp_pkey.c	1
openssl/crypto/asn1/x_sig.c	3
openssl/crypto/pkcs12/p12_p8d.c	2
openssl/crypto/pkcs12/p12_decr.c	2
openssl/crypto/asn1/d2i_pr.c	1
openssl/crypto/x509/x_pubkey.c	7
openssl/crypto/conf/conf_lib.c	10
openssl/crypto/conf/conf_def.c	1
openssl/crypto/conf/conf_api.c	3
openssl/include/openssl/conf.h	3
openssl/crypto/conf/conf_mall.c	1
openssl/crypto/asn1/asn_moid.c	3
openssl/crypto/objects/obj_lib.c	1
openssl/crypto/asn1/asn_mstbl.c	3
openssl/crypto/x509/v3_utl.c	6
openssl/crypto/asn1/asn1_gen.c	3
openssl/crypto/asn1/a_strnid.c	6
openssl/include/openssl/asn1.h	3
openssl/crypto/engine/eng_cnf.c	5
openssl/crypto/engine/eng_all.c	1
openssl/crypto/engine/eng_ctrl.c	7
openssl/crypto/evp/evp_cnf.c	2
openssl/crypto/conf/conf_ssl.c	3
openssl/crypto/provider_conf.c	10
openssl/crypto/encode_decode/encoder_meth.c	3
openssl/crypto/store/store_meth.c	3
openssl/crypto/evp/legacy_md5_sha1.c	1
openssl/crypto/evp/legacy_sha.c	13
openssl/crypto/evp/legacy_mdc2.c	1
openssl/crypto/evp/legacy_ripemd.c	1
openssl/crypto/evp/legacy_wp.c	1
openssl/crypto/sm3/legacy_sm3.c	1
openssl/crypto/evp/legacy_blake2.c	2
openssl/crypto/evp/e_des3.c	11
openssl/crypto/evp/e_xcbc_d.c	1
openssl/crypto/evp/e_rc4.c	2
openssl/crypto/evp/e_rc4_hmac_md5.c	1
openssl/crypto/evp/e_idea.c	4
openssl/crypto/evp/e_seed.c	4
openssl/crypto/evp/e_sm4.c	5
openssl/crypto/evp/e_rc2.c	6
openssl/crypto/evp/e_bf.c	4
openssl/crypto/evp/e_cast.c	4
openssl/crypto/evp/e_rc5.c	4
openssl/crypto/evp/e_aes.c	38
openssl/crypto/evp/e_aes_cbc_hmac_sha1.c	2
openssl/crypto/evp/e_aes_cbc_hmac_sha256.c	2
openssl/crypto/evp/e_aria.c	27
openssl/crypto/evp/e_camellia.c	21
openssl/crypto/evp/e_chacha20_poly1305.c	2
openssl/crypto/bn/bn_err.c	1
openssl/crypto/rsa/rsa_err.c	1
openssl/crypto/dh/dh_err.c	1
openssl/crypto/evp/evp_err.c	1
openssl/crypto/buffer/buf_err.c	1
openssl/crypto/objects/obj_err.c	1
openssl/crypto/pem/pem_err.c	1
openssl/crypto/dsa/dsa_err.c	1
openssl/crypto/x509/x509_err.c	1
openssl/crypto/asn1/asn1_err.c	1
openssl/crypto/conf/conf_err.c	1
openssl/crypto/cpt_err.c	1
openssl/crypto/comp/comp_err.c	1
openssl/crypto/ec/ec_err.c	1
openssl/crypto/bio/bio_err.c	1
openssl/crypto/pkcs7/pkcs7err.c	1
openssl/crypto/x509/v3err.c	1
openssl/crypto/pkcs12/pk12err.c	1
openssl/crypto/rand/rand_err.c	1
openssl/crypto/dso/dso_err.c	1
openssl/crypto/ts/ts_err.c	1
openssl/crypto/engine/eng_err.c	1
openssl/crypto/http/http_err.c	1
openssl/crypto/ocsp/ocsp_err.c	1
openssl/crypto/ui/ui_err.c	1
openssl/crypto/cms/cms_err.c	1
openssl/crypto/crmf/crmf_err.c	1
openssl/crypto/cmp/cmp_err.c	1
openssl/crypto/ct/ct_err.c	1
openssl/crypto/ess/ess_err.c	1
openssl/crypto/async/async_err.c	1
openssl/crypto/store/store_err.c	1
openssl/crypto/property/property_err.c	1
openssl/providers/common/provider_err.c	1
openssl/crypto/buffer/buffer.c	2
openssl/crypto/asn1/tasn_new.c	9
openssl/crypto/asn1/a_bitstr.c	2
openssl/include/openssl/ct.h	3
openssl/crypto/ct/ct_sct.c	7
openssl/crypto/bio/bss_null.c	1
openssl/crypto/ct/ct_prn.c	4
openssl/crypto/ct/ct_log.c	2
openssl/crypto/bio/bio_dump.c	1
openssl/crypto/asn1/a_gentm.c	5
openssl/crypto/o_time.c	5
openssl/crypto/asn1/a_time.c	8
openssl/crypto/asn1/tasn_enc.c	8
openssl/crypto/asn1/asn1_local.h	3

Fuzzer: openssl/fuzz/driver.c

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	6143	99.9%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	1	0.01%
All colors	6144	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1442	1442	1 : View List ['curl_multi_cleanup']	1442	12361	Curl_close	call site: 00000	/src/curl/lib/url.c:248
1135	2615	11 : View List ['Curl_dyn_len', 'Curl_strndup', 'dedotdotify', 'Curl_dyn_init', 'strchr', 'curl_dbg_strdup', 'Curl_dyn_add', 'urlencode_str', 'memchr', 'curl_dbg_free', 'Curl_dyn_ptr']	1135	3059	parseurl	call site: 00000	/src/curl/lib/urlapi.c:1206
1016	1016	1 : View List ['curl_multi_remove_handle']	2458	13377	Curl_close	call site: 00000	/src/curl/lib/url.c:243
679	2288	8 : View List ['Curl_cookie_cleanup', 'Curl_get_line', 'curl_dbg_malloc', 'remove_expired', 'curl_strnequal', 'curl_dbg_free', 'Curl_cookie_add', 'curl_dbg_fclose']	679	2288	Curl_cookie_init	call site: 00000	/src/curl/lib/cookie.c:1243
332	332	2 : View List ['Curl_infof', 'curl_easy_strerror']	332	566	Curl_flush_cookies	call site: 00000	/src/curl/lib/cookie.c:1768
296	531	3 : View List ['qsort', 'curl_dbg_calloc', 'get_netscape_format']	303	2078	cookie_output	call site: 00000	/src/curl/lib/cookie.c:1656
265	265	1 : View List ['Curl_trc_opt']	265	265	Curl_trc_init	call site: 00000	/src/curl/lib/curl_trc.c:230
229	458	2 : View List ['Curl_cookie_clearall', 'Curl_cookie_cleanup']	229	682	Curl_vsetopt	call site: 00000	/src/curl/lib/setopt.c:750
228	448	3 : View List ['curl_dbg_fopen', 'Curl_infof', 'strcmp']	907	2736	Curl_cookie_init	call site: 00000	/src/curl/lib/cookie.c:1230
6	6	3 : View List ['strlen', 'fgets', 'feof']	6	6	Curl_get_line	call site: 00000	/src/curl/lib/curl_get_line.c:45
4	219	3 : View List ['__errno_location', 'fflush', 'curl_dbg_log']	4	219	countcheck	call site: 00000	/src/curl/lib/memdebug.c:111
4	4	2 : View List ['strlen', 'ntohl']	4	4	randit	call site: 00000	/src/curl/lib/rand.c:110

Runtime coverage analysis

Covered functions

139

Functions that are reachable but not covered

2246

Reachable functions

2247

Percentage of reachable functions covered

0.04%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
openssl/fuzz/driver.c	1
openssl/fuzz/client.c	1
openssl/ssl/methods.c	1
openssl/ssl/ssl_lib.c	38
openssl/crypto/err/err_blocks.c	2
openssl/crypto/err/err.c	30
openssl/crypto/init.c	40
openssl/crypto/err/err_local.h	5
openssl/crypto/mem.c	7
openssl/crypto/threads_pthread.c	13
openssl/crypto/cpuid.c	4
openssl/crypto/ctype.c	3
openssl/crypto/initthread.c	21
openssl/crypto/stack/stack.c	20
openssl/crypto/comp/c_zlib.c	2
openssl/crypto/async/async.c	17
openssl/crypto/rand/rand_lib.c	18
openssl/providers/implementations/rands/seeding/rand_unix.c	4
openssl/crypto/engine/eng_init.c	4
openssl/crypto/cryptlib.c	2
openssl/crypto/engine/eng_lib.c	22
openssl/include/internal/refcount.h	2
openssl/crypto/engine/tb_pkmeth.c	7
openssl/crypto/evp/pmeth_lib.c	31
openssl/crypto/engine/tb_asnmth.c	9
openssl/crypto/asn1/ameth_lib.c	9
openssl/crypto/engine/eng_list.c	10
openssl/crypto/ex_data.c	14
openssl/crypto/context.c	17
openssl/include/internal/cryptlib.h	7
openssl/include/openssl/crypto.h	2
openssl/crypto/property/property_parse.c	25
openssl/crypto/property/property_string.c	12
openssl/crypto/lhash/lhash.c	15
openssl/crypto/conf/conf_mod.c	34
openssl/crypto/dso/dso_lib.c	9
openssl/crypto/engine/eng_local.h	14
openssl/crypto/store/store_init.c	1
openssl/crypto/store/store_register.c	1
openssl/crypto/store/store_local.h	1
openssl/crypto/bio/bio_lib.c	18
openssl/crypto/bio/bio_sock.c	1
openssl/crypto/evp/names.c	9
openssl/crypto/objects/o_names.c	12
openssl/crypto/objects/obj_local.h	18
openssl/crypto/evp/evp_pbe.c	6
openssl/crypto/evp/evp_local.h	3
openssl/crypto/objects/obj_xref.c	2
openssl/crypto/objects/obj_xref.h	2
openssl/include/crypto/evp.h	8
openssl/crypto/objects/obj_dat.c	23
openssl/crypto/asn1/a_object.c	6
openssl/include/openssl/err.h	4
openssl/crypto/mem_sec.c	18
openssl/crypto/cmp/cmp_util.c	1
openssl/crypto/trace.c	2
openssl/crypto/err/err_all.c	1
openssl/crypto/evp/c_allc.c	1
openssl/crypto/evp/e_des.c	6
openssl/crypto/evp/c_alld.c	1
openssl/crypto/evp/legacy_md4.c	1
openssl/crypto/conf/conf_sap.c	2
openssl/crypto/getenv.c	1
openssl/crypto/o_str.c	12
openssl/crypto/x509/x509_def.c	1
openssl/crypto/bio/bio_print.c	11
openssl/crypto/engine/eng_openssl.c	20
openssl/crypto/evp/evp_lib.c	38
openssl/crypto/provider_core.c	45
openssl/crypto/provider_local.h	4
openssl/crypto/provider_child.c	2
openssl/crypto/evp/cmeth_lib.c	8
openssl/crypto/evp/evp_enc.c	24
openssl/crypto/rsa/rsa_ossl.c	1
openssl/crypto/engine/tb_rsa.c	4
openssl/crypto/dsa/dsa_ossl.c	1
openssl/crypto/engine/tb_dsa.c	4
openssl/crypto/ec/ec_kmeth.c	1
openssl/crypto/engine/tb_eckey.c	4
openssl/crypto/dh/dh_key.c	1
openssl/crypto/engine/tb_dh.c	4
openssl/crypto/rand/rand_meth.c	1
openssl/crypto/engine/tb_rand.c	6
openssl/crypto/engine/tb_cipher.c	7
openssl/crypto/params.c	46
openssl/crypto/evp/evp_utils.c	5
openssl/crypto/engine/tb_digest.c	7
openssl/crypto/evp/digest.c	17
openssl/crypto/sha/sha_local.h	1
openssl/include/crypto/md32_common.h	2
openssl/crypto/engine/eng_pkey.c	1
openssl/crypto/bio/bss_file.c	2
openssl/crypto/o_fopen.c	1
openssl/crypto/pem/pem_pkey.c	5
openssl/crypto/bio/bf_readbuff.c	1
openssl/crypto/pem/pem_lib.c	15
openssl/crypto/evp/evp_key.c	3
openssl/crypto/ui/ui_lib.c	27
openssl/crypto/ui/ui_openssl.c	1
openssl/crypto/ui/ui_null.c	1
openssl/include/openssl/ui.h	2
openssl/crypto/err/err_prn.c	1
openssl/crypto/passphrase.c	9
openssl/crypto/encode_decode/decoder_pkey.c	13
openssl/crypto/encode_decode/decoder_meth.c	17
openssl/crypto/encode_decode/decoder_lib.c	24
openssl/crypto/evp/keymgmt_meth.c	22
openssl/crypto/evp/evp_fetch.c	16
openssl/crypto/core_namemap.c	20
openssl/crypto/engine/eng_rdrand.c	4
openssl/crypto/engine/eng_dyn.c	12
openssl/include/openssl/safestack.h	4
openssl/crypto/dso/dso_dlfcn.c	1
openssl/engines/e_padlock.c	22
openssl/crypto/asn1/evp_asn1.c	1
openssl/crypto/asn1/tasn_typ.c	11
openssl/crypto/asn1/asn1_lib.c	12
openssl/crypto/asn1/a_octet.c	1
openssl/crypto/asn1/a_type.c	1
openssl/crypto/asn1/tasn_fre.c	5
openssl/engines/e_afalg.c	27
openssl/engines/e_afalg_err.c	3
openssl/crypto/engine/eng_fat.c	5
openssl/crypto/engine/eng_table.c	8
openssl/crypto/async/async_wait.c	6
openssl/crypto/async/arch/async_posix.h	1
openssl/crypto/bsearch.c	1
openssl/crypto/bn/bn_word.c	4
openssl/crypto/bn/bn_lib.c	23
openssl/crypto/bn/bn_local.h	1
openssl/crypto/bn/bn_shift.c	2
openssl/crypto/bn/bn_conv.c	4
openssl/include/internal/constant_time.h	4
openssl/crypto/bn/asm/x86_64-gcc.c	2
openssl/include/crypto/asn1.h	3
openssl/crypto/property/property.c	25
openssl/crypto/sparse_array.c	1
openssl/crypto/core_fetch.c	3
openssl/crypto/core_algorithm.c	4
openssl/include/openssl/core_dispatch.h	104
openssl/crypto/provider.c	4
openssl/crypto/property/property_query.c	3
openssl/crypto/encode_decode/encoder_local.h	5
openssl/crypto/evp/keymgmt_lib.c	15
openssl/crypto/evp/p_lib.c	22
openssl/include/openssl/x509.h	5
openssl/crypto/x509/x_attrib.c	2
openssl/include/openssl/asn1t.h	2
openssl/crypto/asn1/tasn_utl.c	13
openssl/crypto/asn1/a_int.c	10
openssl/crypto/bio/bss_mem.c	3
openssl/crypto/bio/ossl_core_bio.c	3
openssl/crypto/ui/ui_util.c	8
openssl/crypto/evp/encode.c	7
openssl/crypto/evp/legacy_md5.c	1
openssl/crypto/evp/m_sigver.c	7
openssl/crypto/evp/signature.c	9
openssl/crypto/evp/exchange.c	5
openssl/crypto/evp/kem.c	2
openssl/crypto/evp/asymcipher.c	2
openssl/crypto/evp/ctrl_params_translate.c	10
openssl/crypto/params_from_text.c	3
openssl/crypto/asn1/p8_pkey.c	4
openssl/crypto/asn1/tasn_dec.c	14
openssl/crypto/buffer/buffer.c	4
openssl/crypto/asn1/tasn_new.c	9
openssl/crypto/asn1/a_bitstr.c	2
openssl/crypto/evp/evp_pkey.c	1
openssl/crypto/asn1/x_sig.c	3
openssl/crypto/pkcs12/p12_p8d.c	2
openssl/crypto/pkcs12/p12_decr.c	2
openssl/crypto/asn1/d2i_pr.c	4
openssl/crypto/x509/x_pubkey.c	7
openssl/crypto/conf/conf_lib.c	10
openssl/crypto/conf/conf_def.c	1
openssl/crypto/conf/conf_api.c	3
openssl/include/openssl/conf.h	3
openssl/crypto/conf/conf_mall.c	1
openssl/crypto/asn1/asn_moid.c	3
openssl/crypto/objects/obj_lib.c	1
openssl/crypto/asn1/asn_mstbl.c	3
openssl/crypto/x509/v3_utl.c	6
openssl/crypto/asn1/asn1_gen.c	3
openssl/crypto/asn1/a_strnid.c	6
openssl/include/openssl/asn1.h	7
openssl/crypto/engine/eng_cnf.c	5
openssl/crypto/engine/eng_all.c	1
openssl/crypto/engine/eng_ctrl.c	7
openssl/crypto/evp/evp_cnf.c	2
openssl/crypto/conf/conf_ssl.c	6
openssl/crypto/provider_conf.c	10
openssl/crypto/encode_decode/encoder_meth.c	3
openssl/crypto/store/store_meth.c	3
openssl/crypto/evp/legacy_md5_sha1.c	1
openssl/crypto/evp/legacy_sha.c	13
openssl/crypto/evp/legacy_mdc2.c	1
openssl/crypto/evp/legacy_ripemd.c	1
openssl/crypto/evp/legacy_wp.c	1
openssl/crypto/sm3/legacy_sm3.c	1
openssl/crypto/evp/legacy_blake2.c	2
openssl/crypto/evp/e_des3.c	11
openssl/crypto/evp/e_xcbc_d.c	1
openssl/crypto/evp/e_rc4.c	2
openssl/crypto/evp/e_rc4_hmac_md5.c	1
openssl/crypto/evp/e_idea.c	4
openssl/crypto/evp/e_seed.c	4
openssl/crypto/evp/e_sm4.c	5
openssl/crypto/evp/e_rc2.c	6
openssl/crypto/evp/e_bf.c	4
openssl/crypto/evp/e_cast.c	4
openssl/crypto/evp/e_rc5.c	4
openssl/crypto/evp/e_aes.c	38
openssl/crypto/evp/e_aes_cbc_hmac_sha1.c	2
openssl/crypto/evp/e_aes_cbc_hmac_sha256.c	2
openssl/crypto/evp/e_aria.c	27
openssl/crypto/evp/e_camellia.c	21
openssl/crypto/evp/e_chacha20_poly1305.c	2
openssl/crypto/bn/bn_err.c	1
openssl/crypto/rsa/rsa_err.c	1
openssl/crypto/dh/dh_err.c	1
openssl/crypto/evp/evp_err.c	1
openssl/crypto/buffer/buf_err.c	1
openssl/crypto/objects/obj_err.c	1
openssl/crypto/pem/pem_err.c	1
openssl/crypto/dsa/dsa_err.c	1
openssl/crypto/x509/x509_err.c	1
openssl/crypto/asn1/asn1_err.c	1
openssl/crypto/conf/conf_err.c	1
openssl/crypto/cpt_err.c	1
openssl/crypto/comp/comp_err.c	1
openssl/crypto/ec/ec_err.c	1
openssl/crypto/bio/bio_err.c	1
openssl/crypto/pkcs7/pkcs7err.c	1
openssl/crypto/x509/v3err.c	1
openssl/crypto/pkcs12/pk12err.c	1
openssl/crypto/rand/rand_err.c	1
openssl/crypto/dso/dso_err.c	1
openssl/crypto/ts/ts_err.c	1
openssl/crypto/engine/eng_err.c	1
openssl/crypto/http/http_err.c	1
openssl/crypto/ocsp/ocsp_err.c	1
openssl/crypto/ui/ui_err.c	1
openssl/crypto/cms/cms_err.c	1
openssl/crypto/crmf/crmf_err.c	1
openssl/crypto/cmp/cmp_err.c	1
openssl/crypto/ct/ct_err.c	1
openssl/crypto/ess/ess_err.c	1
openssl/crypto/async/async_err.c	1
openssl/crypto/store/store_err.c	1
openssl/crypto/property/property_err.c	1
openssl/providers/common/provider_err.c	1
openssl/ssl/ssl_init.c	8
openssl/ssl/ssl_ciph.c	21
openssl/include/openssl/ssl.h	5
openssl/crypto/comp/comp_lib.c	3
openssl/ssl/s3_lib.c	2
openssl/ssl/ssl_err.c	1
openssl/ssl/ssl_cert.c	13
openssl/ssl/ssl_local.h	6
openssl/crypto/x509/x509_lu.c	8
openssl/include/openssl/x509_vfy.h	4
openssl/crypto/x509/x509_cmp.c	6
openssl/crypto/x509/x_name.c	3
openssl/crypto/asn1/tasn_enc.c	8
openssl/crypto/asn1/asn1_local.h	3
openssl/crypto/x509/x509_vpm.c	10
openssl/crypto/ct/ct_log.c	3
openssl/include/openssl/ct.h	2
openssl/ssl/tls_depr.c	3
openssl/ssl/t1_lib.c	4
openssl/crypto/evp/evp_rand.c	18
openssl/ssl/tls_srp.c	2
openssl/ssl/ssl_mcnf.c	2
openssl/ssl/ssl_conf.c	13
openssl/ssl/ssl_rsa.c	5
openssl/crypto/x509/x_all.c	1
openssl/crypto/asn1/a_d2i_fp.c	1
openssl/ssl/ssl_sess.c	10
openssl/crypto/x509/x_x509.c	2
openssl/crypto/x509/x_crl.c	2
openssl/ssl/statem/extensions_cust.c	4
openssl/ssl/record/rec_layer_s3.c	6
openssl/ssl/record/ssl3_record.c	2
openssl/crypto/x509/x509_set.c	1
openssl/ssl/statem/statem.c	4
openssl/ssl/record/ssl3_buffer.c	3
openssl/ssl/record/rec_layer_d1.c	1
openssl/ssl/pqueue.c	2
openssl/ssl/statem/statem_lib.c	1
openssl/include/internal/dane.h	1
openssl/crypto/x509/x_exten.c	2
openssl/include/openssl/ocsp.h	1
openssl/crypto/ocsp/ocsp_asn.c	2
openssl/crypto/ct/ct_sct.c	2
openssl/crypto/async/async_local.h	4
openssl/crypto/async/arch/async_posix.c	3

Fuzzer: openssl/fuzz/driver.c

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	5096	99.9%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	1	0.01%
All colors	5097	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1442	1442	1 : View List ['curl_multi_cleanup']	1442	12361	Curl_close	call site: 00000	/src/curl/lib/url.c:248
1135	2615	11 : View List ['Curl_dyn_len', 'Curl_strndup', 'dedotdotify', 'Curl_dyn_init', 'strchr', 'curl_dbg_strdup', 'Curl_dyn_add', 'urlencode_str', 'memchr', 'curl_dbg_free', 'Curl_dyn_ptr']	1135	3059	parseurl	call site: 00000	/src/curl/lib/urlapi.c:1206
1016	1016	1 : View List ['curl_multi_remove_handle']	2458	13377	Curl_close	call site: 00000	/src/curl/lib/url.c:243
679	2288	8 : View List ['Curl_cookie_cleanup', 'Curl_get_line', 'curl_dbg_malloc', 'remove_expired', 'curl_strnequal', 'curl_dbg_free', 'Curl_cookie_add', 'curl_dbg_fclose']	679	2288	Curl_cookie_init	call site: 00000	/src/curl/lib/cookie.c:1243
332	332	2 : View List ['Curl_infof', 'curl_easy_strerror']	332	566	Curl_flush_cookies	call site: 00000	/src/curl/lib/cookie.c:1768
296	531	3 : View List ['qsort', 'curl_dbg_calloc', 'get_netscape_format']	303	2078	cookie_output	call site: 00000	/src/curl/lib/cookie.c:1656
265	265	1 : View List ['Curl_trc_opt']	265	265	Curl_trc_init	call site: 00000	/src/curl/lib/curl_trc.c:230
229	458	2 : View List ['Curl_cookie_clearall', 'Curl_cookie_cleanup']	229	682	Curl_vsetopt	call site: 00000	/src/curl/lib/setopt.c:750
228	448	3 : View List ['curl_dbg_fopen', 'Curl_infof', 'strcmp']	907	2736	Curl_cookie_init	call site: 00000	/src/curl/lib/cookie.c:1230
6	6	3 : View List ['strlen', 'fgets', 'feof']	6	6	Curl_get_line	call site: 00000	/src/curl/lib/curl_get_line.c:45
4	219	3 : View List ['__errno_location', 'fflush', 'curl_dbg_log']	4	219	countcheck	call site: 00000	/src/curl/lib/memdebug.c:111
4	4	2 : View List ['strlen', 'ntohl']	4	4	randit	call site: 00000	/src/curl/lib/rand.c:110

Runtime coverage analysis

Covered functions

139

Functions that are reachable but not covered

1375

Reachable functions

1376

Percentage of reachable functions covered

0.07%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
openssl/fuzz/driver.c	1
openssl/fuzz/asn1parse.c	1
openssl/crypto/asn1/asn1_parse.c	4
openssl/crypto/bio/bio_lib.c	16
openssl/crypto/err/err_blocks.c	2
openssl/crypto/err/err.c	30
openssl/crypto/init.c	39
openssl/crypto/err/err_local.h	5
openssl/crypto/mem.c	7
openssl/crypto/threads_pthread.c	13
openssl/crypto/cpuid.c	4
openssl/crypto/ctype.c	3
openssl/crypto/initthread.c	21
openssl/crypto/stack/stack.c	16
openssl/crypto/comp/c_zlib.c	1
openssl/crypto/async/async.c	6
openssl/crypto/rand/rand_lib.c	9
openssl/providers/implementations/rands/seeding/rand_unix.c	4
openssl/crypto/engine/eng_init.c	4
openssl/crypto/cryptlib.c	2
openssl/crypto/engine/eng_lib.c	22
openssl/include/internal/refcount.h	2
openssl/crypto/engine/tb_pkmeth.c	7
openssl/crypto/evp/pmeth_lib.c	31
openssl/crypto/engine/tb_asnmth.c	9
openssl/crypto/asn1/ameth_lib.c	9
openssl/crypto/engine/eng_list.c	10
openssl/crypto/ex_data.c	14
openssl/crypto/context.c	15
openssl/include/internal/cryptlib.h	7
openssl/include/openssl/crypto.h	2
openssl/crypto/property/property_parse.c	25
openssl/crypto/property/property_string.c	12
openssl/crypto/lhash/lhash.c	15
openssl/crypto/conf/conf_mod.c	34
openssl/crypto/dso/dso_lib.c	9
openssl/crypto/engine/eng_local.h	14
openssl/crypto/store/store_init.c	1
openssl/crypto/store/store_register.c	1
openssl/crypto/store/store_local.h	1
openssl/crypto/bio/bio_sock.c	1
openssl/crypto/evp/names.c	9
openssl/crypto/objects/o_names.c	12
openssl/crypto/objects/obj_local.h	18
openssl/crypto/evp/evp_pbe.c	6
openssl/crypto/evp/evp_local.h	3
openssl/crypto/objects/obj_xref.c	2
openssl/crypto/objects/obj_xref.h	2
openssl/include/crypto/evp.h	8
openssl/crypto/objects/obj_dat.c	23
openssl/crypto/asn1/a_object.c	7
openssl/include/openssl/err.h	4
openssl/crypto/mem_sec.c	18
openssl/crypto/cmp/cmp_util.c	1
openssl/crypto/trace.c	2
openssl/crypto/err/err_all.c	1
openssl/crypto/evp/c_allc.c	1
openssl/crypto/evp/e_des.c	6
openssl/crypto/evp/c_alld.c	1
openssl/crypto/evp/legacy_md4.c	1
openssl/crypto/conf/conf_sap.c	2
openssl/crypto/getenv.c	1
openssl/crypto/o_str.c	12
openssl/crypto/x509/x509_def.c	1
openssl/crypto/bio/bio_print.c	11
openssl/crypto/engine/eng_openssl.c	20
openssl/crypto/evp/evp_lib.c	37
openssl/crypto/provider_core.c	44
openssl/crypto/provider_local.h	4
openssl/crypto/provider_child.c	2
openssl/crypto/evp/cmeth_lib.c	8
openssl/crypto/evp/evp_enc.c	24
openssl/crypto/rsa/rsa_ossl.c	1
openssl/crypto/engine/tb_rsa.c	4
openssl/crypto/dsa/dsa_ossl.c	1
openssl/crypto/engine/tb_dsa.c	4
openssl/crypto/ec/ec_kmeth.c	1
openssl/crypto/engine/tb_eckey.c	4
openssl/crypto/dh/dh_key.c	1
openssl/crypto/engine/tb_dh.c	4
openssl/crypto/rand/rand_meth.c	1
openssl/crypto/engine/tb_rand.c	4
openssl/crypto/engine/tb_cipher.c	7
openssl/crypto/params.c	45
openssl/crypto/evp/evp_utils.c	5
openssl/crypto/engine/tb_digest.c	7
openssl/crypto/evp/digest.c	17
openssl/crypto/sha/sha_local.h	1
openssl/include/crypto/md32_common.h	2
openssl/crypto/engine/eng_pkey.c	1
openssl/crypto/bio/bss_file.c	2
openssl/crypto/o_fopen.c	1
openssl/crypto/pem/pem_pkey.c	5
openssl/crypto/bio/bf_readbuff.c	1
openssl/crypto/pem/pem_lib.c	15
openssl/crypto/evp/evp_key.c	3
openssl/crypto/ui/ui_lib.c	27
openssl/crypto/ui/ui_openssl.c	1
openssl/crypto/ui/ui_null.c	1
openssl/include/openssl/ui.h	2
openssl/crypto/err/err_prn.c	1
openssl/crypto/passphrase.c	9
openssl/crypto/encode_decode/decoder_pkey.c	13
openssl/crypto/encode_decode/decoder_meth.c	17
openssl/crypto/encode_decode/decoder_lib.c	23
openssl/crypto/evp/keymgmt_meth.c	21
openssl/crypto/evp/evp_fetch.c	16
openssl/crypto/core_namemap.c	20
openssl/crypto/engine/eng_rdrand.c	4
openssl/crypto/engine/eng_dyn.c	12
openssl/include/openssl/safestack.h	4
openssl/crypto/dso/dso_dlfcn.c	1
openssl/engines/e_padlock.c	22
openssl/crypto/asn1/evp_asn1.c	1
openssl/crypto/asn1/tasn_typ.c	16
openssl/crypto/asn1/asn1_lib.c	11
openssl/crypto/asn1/a_octet.c	1
openssl/crypto/asn1/a_type.c	1
openssl/crypto/asn1/tasn_fre.c	5
openssl/engines/e_afalg.c	27
openssl/engines/e_afalg_err.c	3
openssl/crypto/engine/eng_fat.c	5
openssl/crypto/engine/eng_table.c	8
openssl/crypto/async/async_wait.c	3
openssl/crypto/async/arch/async_posix.h	1
openssl/crypto/bsearch.c	1
openssl/crypto/bn/bn_word.c	4
openssl/crypto/bn/bn_lib.c	23
openssl/crypto/bn/bn_local.h	1
openssl/crypto/bn/bn_shift.c	2
openssl/crypto/bn/bn_conv.c	4
openssl/include/internal/constant_time.h	4
openssl/crypto/bn/asm/x86_64-gcc.c	2
openssl/include/crypto/asn1.h	3
openssl/crypto/property/property.c	25
openssl/crypto/sparse_array.c	1
openssl/crypto/core_fetch.c	3
openssl/crypto/core_algorithm.c	4
openssl/include/openssl/core_dispatch.h	81
openssl/crypto/provider.c	2
openssl/crypto/property/property_query.c	3
openssl/crypto/encode_decode/encoder_local.h	5
openssl/crypto/evp/keymgmt_lib.c	14
openssl/crypto/evp/p_lib.c	19
openssl/include/openssl/x509.h	1
openssl/crypto/x509/x_attrib.c	2
openssl/include/openssl/asn1t.h	2
openssl/crypto/asn1/tasn_utl.c	9
openssl/crypto/asn1/a_int.c	8
openssl/crypto/bio/bss_mem.c	3
openssl/crypto/bio/ossl_core_bio.c	3
openssl/crypto/ui/ui_util.c	8
openssl/crypto/evp/encode.c	7
openssl/crypto/evp/legacy_md5.c	1
openssl/crypto/evp/m_sigver.c	7
openssl/crypto/evp/signature.c	9
openssl/crypto/evp/exchange.c	2
openssl/crypto/evp/kem.c	2
openssl/crypto/evp/asymcipher.c	2
openssl/crypto/evp/ctrl_params_translate.c	10
openssl/crypto/params_from_text.c	3
openssl/crypto/asn1/p8_pkey.c	4
openssl/crypto/asn1/tasn_dec.c	14
openssl/crypto/buffer/buffer.c	2
openssl/crypto/asn1/tasn_new.c	9
openssl/crypto/asn1/a_bitstr.c	1
openssl/crypto/evp/evp_pkey.c	1
openssl/crypto/asn1/x_sig.c	3
openssl/crypto/pkcs12/p12_p8d.c	2
openssl/crypto/pkcs12/p12_decr.c	2
openssl/crypto/asn1/d2i_pr.c	1
openssl/crypto/x509/x_pubkey.c	7
openssl/crypto/conf/conf_lib.c	10
openssl/crypto/conf/conf_def.c	1
openssl/crypto/conf/conf_api.c	3
openssl/include/openssl/conf.h	3
openssl/crypto/conf/conf_mall.c	1
openssl/crypto/asn1/asn_moid.c	3
openssl/crypto/objects/obj_lib.c	1
openssl/crypto/asn1/asn_mstbl.c	3
openssl/crypto/x509/v3_utl.c	6
openssl/crypto/asn1/asn1_gen.c	3
openssl/crypto/asn1/a_strnid.c	6
openssl/include/openssl/asn1.h	3
openssl/crypto/engine/eng_cnf.c	5
openssl/crypto/engine/eng_all.c	1
openssl/crypto/engine/eng_ctrl.c	7
openssl/crypto/evp/evp_cnf.c	2
openssl/crypto/conf/conf_ssl.c	3
openssl/crypto/provider_conf.c	10
openssl/crypto/encode_decode/encoder_meth.c	3
openssl/crypto/store/store_meth.c	3
openssl/crypto/evp/legacy_md5_sha1.c	1
openssl/crypto/evp/legacy_sha.c	13
openssl/crypto/evp/legacy_mdc2.c	1
openssl/crypto/evp/legacy_ripemd.c	1
openssl/crypto/evp/legacy_wp.c	1
openssl/crypto/sm3/legacy_sm3.c	1
openssl/crypto/evp/legacy_blake2.c	2
openssl/crypto/evp/e_des3.c	11
openssl/crypto/evp/e_xcbc_d.c	1
openssl/crypto/evp/e_rc4.c	2
openssl/crypto/evp/e_rc4_hmac_md5.c	1
openssl/crypto/evp/e_idea.c	4
openssl/crypto/evp/e_seed.c	4
openssl/crypto/evp/e_sm4.c	5
openssl/crypto/evp/e_rc2.c	6
openssl/crypto/evp/e_bf.c	4
openssl/crypto/evp/e_cast.c	4
openssl/crypto/evp/e_rc5.c	4
openssl/crypto/evp/e_aes.c	38
openssl/crypto/evp/e_aes_cbc_hmac_sha1.c	2
openssl/crypto/evp/e_aes_cbc_hmac_sha256.c	2
openssl/crypto/evp/e_aria.c	27
openssl/crypto/evp/e_camellia.c	21
openssl/crypto/evp/e_chacha20_poly1305.c	2
openssl/crypto/bn/bn_err.c	1
openssl/crypto/rsa/rsa_err.c	1
openssl/crypto/dh/dh_err.c	1
openssl/crypto/evp/evp_err.c	1
openssl/crypto/buffer/buf_err.c	1
openssl/crypto/objects/obj_err.c	1
openssl/crypto/pem/pem_err.c	1
openssl/crypto/dsa/dsa_err.c	1
openssl/crypto/x509/x509_err.c	1
openssl/crypto/asn1/asn1_err.c	1
openssl/crypto/conf/conf_err.c	1
openssl/crypto/cpt_err.c	1
openssl/crypto/comp/comp_err.c	1
openssl/crypto/ec/ec_err.c	1
openssl/crypto/bio/bio_err.c	1
openssl/crypto/pkcs7/pkcs7err.c	1
openssl/crypto/x509/v3err.c	1
openssl/crypto/pkcs12/pk12err.c	1
openssl/crypto/rand/rand_err.c	1
openssl/crypto/dso/dso_err.c	1
openssl/crypto/ts/ts_err.c	1
openssl/crypto/engine/eng_err.c	1
openssl/crypto/http/http_err.c	1
openssl/crypto/ocsp/ocsp_err.c	1
openssl/crypto/ui/ui_err.c	1
openssl/crypto/cms/cms_err.c	1
openssl/crypto/crmf/crmf_err.c	1
openssl/crypto/cmp/cmp_err.c	1
openssl/crypto/ct/ct_err.c	1
openssl/crypto/ess/ess_err.c	1
openssl/crypto/async/async_err.c	1
openssl/crypto/store/store_err.c	1
openssl/crypto/property/property_err.c	1
openssl/providers/common/provider_err.c	1
openssl/crypto/bio/bf_prefix.c	1
openssl/crypto/bio/bio_dump.c	4

Fuzzer: curl_fuzzer_pop3

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4035	91.8%
gold	[1:9]	37	0.84%
yellow	[10:29]	39	0.88%
greenyellow	[30:49]	33	0.75%
lawngreen	50+	248	5.64%
All colors	4392	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1442	1442	1 : View List ['curl_multi_cleanup']	1442	12361	Curl_close	call site: 01299	/src/curl/lib/url.c:248
1016	1016	1 : View List ['curl_multi_remove_handle']	2458	13377	Curl_close	call site: 01298	/src/curl/lib/url.c:243
694	2288	8 : View List ['Curl_cookie_cleanup', 'Curl_get_line', 'curl_dbg_malloc', 'remove_expired', 'curl_strnequal', 'curl_dbg_free', 'Curl_cookie_add', 'curl_dbg_fclose']	694	2288	Curl_cookie_init	call site: 00175	/src/curl/lib/cookie.c:1243
332	332	2 : View List ['Curl_infof', 'curl_easy_strerror']	332	566	Curl_flush_cookies	call site: 00349	/src/curl/lib/cookie.c:1768
296	531	3 : View List ['qsort', 'curl_dbg_calloc', 'get_netscape_format']	303	2078	cookie_output	call site: 00409	/src/curl/lib/cookie.c:1656
265	265	1 : View List ['Curl_trc_opt']	265	265	Curl_trc_init	call site: 00010	/src/curl/lib/curl_trc.c:230
229	458	2 : View List ['Curl_cookie_clearall', 'Curl_cookie_cleanup']	229	682	Curl_vsetopt	call site: 00145	/src/curl/lib/setopt.c:750
228	448	3 : View List ['curl_dbg_fopen', 'Curl_infof', 'strcmp']	922	2736	Curl_cookie_init	call site: 00170	/src/curl/lib/cookie.c:1230
6	6	3 : View List ['strlen', 'fgets', 'feof']	6	6	Curl_get_line	call site: 00185	/src/curl/lib/curl_get_line.c:45
4	219	3 : View List ['__errno_location', 'fflush', 'curl_dbg_log']	4	219	countcheck	call site: 00014	/src/curl/lib/memdebug.c:111
4	4	2 : View List ['strlen', 'ntohl']	4	4	randit	call site: 00359	/src/curl/lib/rand.c:110
4	4	2 : View List ['clock_gettime', 'gettimeofday']	4	4	Curl_now	call site: 00363	/src/curl/lib/timeval.c:96

Runtime coverage analysis

Covered functions

100

Functions that are reachable but not covered

1010

Reachable functions

1124

Percentage of reachable functions covered

10.14%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
curl_fuzzer/curl_fuzzer.cc	11
curl/lib/easy.c	5
curl/lib/../lib/easy_lock.h	2
curl/lib/curl_trc.c	6
curl/lib/memdebug.c	13
curl/lib/mprintf.c	10
curl/lib/strcase.c	10
curl/lib/asyn-thread.c	16
curl/lib/url.c	52
curl/lib/mime.c	31
curl/lib/vtls/vtls.c	12
curl/lib/dynbuf.c	12
curl/lib/getinfo.c	1
curl/lib/slist.c	5
curl_fuzzer/curl_fuzzer_tlv.cc	8
curl/lib/setopt.c	6
curl/lib/content_encoding.c	3
curl/lib/cookie.c	21
curl/lib/multi.c	59
curl/lib/curl_get_line.c	1
curl/lib/strdup.c	3
curl/lib/hostip.c	27
curl/lib/strtoofft.c	1
curl/lib/parsedate.c	10
curl/lib/warnless.c	5
curl/lib/curl_memrchr.c	1
curl/lib/share.c	2
curl/lib/fopen.c	2
curl/lib/rand.c	3
curl/lib/timeval.c	4
curl/lib/rename.c	1
curl/lib/strerror.c	3
curl/lib/altsvc.c	19
curl/lib/llist.c	5
curl/lib/formdata.c	5
curl_fuzzer/curl_fuzzer_callback.cc	4
curl/lib/hash.c	11
curl/lib/curl_addrinfo.c	8
curl/lib/conncache.c	20
curl/lib/nonblock.c	1
curl/lib/splay.c	4
curl/lib/transfer.c	17
curl/lib/curl_threads.c	4
curl/lib/hostasyn.c	2
curl/lib/connect.c	8
curl/lib/cfilters.c	31
curl/lib/progress.c	17
curl/lib/sendf.c	12
curl/lib/urlapi.c	22
curl/lib/escape.c	2
curl/lib/idn.c	2
curl/lib/ftplistparser.c	3
curl/lib/fileinfo.c	1
curl/lib/headers.c	5
curl/lib/http_digest.c	2
curl/lib/vauth/digest.c	4
curl/lib/getenv.c	2
curl/lib/noproxy.c	3
curl/lib/netrc.c	2
curl/lib/speedcheck.c	2
curl/lib/doh.c	19
curl/lib/hostip6.c	1
curl/lib/cf-https-connect.c	5
curl/lib/vquic/vquic.c	1
curl/lib/http.c	23
curl/lib/select.c	3
curl/lib/http2.c	35
nghttp2/lib/nghttp2_session.c	96
nghttp2/lib/nghttp2_mem.c	6
nghttp2/lib/nghttp2_stream.c	40
nghttp2/lib/nghttp2_pq.c	10
nghttp2/lib/nghttp2_map.c	12
nghttp2/lib/nghttp2_outbound_item.c	4
nghttp2/lib/nghttp2_frame.c	42
nghttp2/lib/nghttp2_buf.c	18
nghttp2/lib/nghttp2_hd.c	44
nghttp2/lib/nghttp2_rcbuf.c	5
curl/lib/bufq.c	29
nghttp2/lib/nghttp2_callbacks.c	10
nghttp2/lib/nghttp2_submit.c	6
nghttp2/lib/nghttp2_priority_spec.c	3
nghttp2/lib/nghttp2_helper.c	10
curl/lib/http1.c	2
curl/lib/dynhds.c	5
nghttp2/lib/nghttp2_http.c	1
nghttp2/lib/nghttp2_hd_huffman.c	2
nghttp2/lib/nghttp2_option.c	3
curl/lib/ws.c	5
curl/lib/http_chunks.c	3
curl/lib/rtsp.c	2
curl/lib/pop3.c	1
curl/lib/smtp.c	1

Fuzzer: openssl/fuzz/driver.c

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	5015	99.9%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	1	0.01%
All colors	5016	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1442	1442	1 : View List ['curl_multi_cleanup']	1442	12361	Curl_close	call site: 00000	/src/curl/lib/url.c:248
1135	2615	11 : View List ['Curl_dyn_len', 'Curl_strndup', 'dedotdotify', 'Curl_dyn_init', 'strchr', 'curl_dbg_strdup', 'Curl_dyn_add', 'urlencode_str', 'memchr', 'curl_dbg_free', 'Curl_dyn_ptr']	1135	3059	parseurl	call site: 00000	/src/curl/lib/urlapi.c:1206
1016	1016	1 : View List ['curl_multi_remove_handle']	2458	13377	Curl_close	call site: 00000	/src/curl/lib/url.c:243
679	2288	8 : View List ['Curl_cookie_cleanup', 'Curl_get_line', 'curl_dbg_malloc', 'remove_expired', 'curl_strnequal', 'curl_dbg_free', 'Curl_cookie_add', 'curl_dbg_fclose']	679	2288	Curl_cookie_init	call site: 00000	/src/curl/lib/cookie.c:1243
332	332	2 : View List ['Curl_infof', 'curl_easy_strerror']	332	566	Curl_flush_cookies	call site: 00000	/src/curl/lib/cookie.c:1768
296	531	3 : View List ['qsort', 'curl_dbg_calloc', 'get_netscape_format']	303	2078	cookie_output	call site: 00000	/src/curl/lib/cookie.c:1656
265	265	1 : View List ['Curl_trc_opt']	265	265	Curl_trc_init	call site: 00000	/src/curl/lib/curl_trc.c:230
229	458	2 : View List ['Curl_cookie_clearall', 'Curl_cookie_cleanup']	229	682	Curl_vsetopt	call site: 00000	/src/curl/lib/setopt.c:750
228	448	3 : View List ['curl_dbg_fopen', 'Curl_infof', 'strcmp']	907	2736	Curl_cookie_init	call site: 00000	/src/curl/lib/cookie.c:1230
6	6	3 : View List ['strlen', 'fgets', 'feof']	6	6	Curl_get_line	call site: 00000	/src/curl/lib/curl_get_line.c:45
4	219	3 : View List ['__errno_location', 'fflush', 'curl_dbg_log']	4	219	countcheck	call site: 00000	/src/curl/lib/memdebug.c:111
4	4	2 : View List ['strlen', 'ntohl']	4	4	randit	call site: 00000	/src/curl/lib/rand.c:110

Runtime coverage analysis

Covered functions

139

Functions that are reachable but not covered

1296

Reachable functions

1297

Percentage of reachable functions covered

0.08%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
openssl/fuzz/driver.c	1
openssl/fuzz/conf.c	1
openssl/crypto/conf/conf_lib.c	12
openssl/crypto/conf/conf_def.c	1
openssl/crypto/err/err_blocks.c	2
openssl/crypto/err/err.c	30
openssl/crypto/init.c	39
openssl/crypto/err/err_local.h	5
openssl/crypto/mem.c	7
openssl/crypto/threads_pthread.c	13
openssl/crypto/cpuid.c	4
openssl/crypto/ctype.c	3
openssl/crypto/initthread.c	21
openssl/crypto/stack/stack.c	16
openssl/crypto/comp/c_zlib.c	1
openssl/crypto/async/async.c	6
openssl/crypto/rand/rand_lib.c	9
openssl/providers/implementations/rands/seeding/rand_unix.c	4
openssl/crypto/engine/eng_init.c	4
openssl/crypto/cryptlib.c	2
openssl/crypto/engine/eng_lib.c	22
openssl/include/internal/refcount.h	2
openssl/crypto/engine/tb_pkmeth.c	7
openssl/crypto/evp/pmeth_lib.c	31
openssl/crypto/engine/tb_asnmth.c	9
openssl/crypto/asn1/ameth_lib.c	9
openssl/crypto/engine/eng_list.c	10
openssl/crypto/ex_data.c	14
openssl/crypto/context.c	15
openssl/include/internal/cryptlib.h	7
openssl/include/openssl/crypto.h	2
openssl/crypto/property/property_parse.c	25
openssl/crypto/property/property_string.c	12
openssl/crypto/lhash/lhash.c	15
openssl/crypto/conf/conf_mod.c	34
openssl/crypto/dso/dso_lib.c	9
openssl/crypto/engine/eng_local.h	14
openssl/crypto/store/store_init.c	1
openssl/crypto/store/store_register.c	1
openssl/crypto/store/store_local.h	1
openssl/crypto/bio/bio_lib.c	16
openssl/crypto/bio/bio_sock.c	1
openssl/crypto/evp/names.c	9
openssl/crypto/objects/o_names.c	12
openssl/crypto/objects/obj_local.h	18
openssl/crypto/evp/evp_pbe.c	6
openssl/crypto/evp/evp_local.h	3
openssl/crypto/objects/obj_xref.c	2
openssl/crypto/objects/obj_xref.h	2
openssl/include/crypto/evp.h	8
openssl/crypto/objects/obj_dat.c	23
openssl/crypto/asn1/a_object.c	6
openssl/include/openssl/err.h	4
openssl/crypto/mem_sec.c	18
openssl/crypto/cmp/cmp_util.c	1
openssl/crypto/trace.c	2
openssl/crypto/err/err_all.c	1
openssl/crypto/evp/c_allc.c	1
openssl/crypto/evp/e_des.c	6
openssl/crypto/evp/c_alld.c	1
openssl/crypto/evp/legacy_md4.c	1
openssl/crypto/conf/conf_sap.c	2
openssl/crypto/getenv.c	1
openssl/crypto/o_str.c	12
openssl/crypto/x509/x509_def.c	1
openssl/crypto/bio/bio_print.c	9
openssl/crypto/engine/eng_openssl.c	20
openssl/crypto/evp/evp_lib.c	37
openssl/crypto/provider_core.c	44
openssl/crypto/provider_local.h	4
openssl/crypto/provider_child.c	2
openssl/crypto/evp/cmeth_lib.c	8
openssl/crypto/evp/evp_enc.c	24
openssl/crypto/rsa/rsa_ossl.c	1
openssl/crypto/engine/tb_rsa.c	4
openssl/crypto/dsa/dsa_ossl.c	1
openssl/crypto/engine/tb_dsa.c	4
openssl/crypto/ec/ec_kmeth.c	1
openssl/crypto/engine/tb_eckey.c	4
openssl/crypto/dh/dh_key.c	1
openssl/crypto/engine/tb_dh.c	4
openssl/crypto/rand/rand_meth.c	1
openssl/crypto/engine/tb_rand.c	4
openssl/crypto/engine/tb_cipher.c	7
openssl/crypto/params.c	45
openssl/crypto/evp/evp_utils.c	5
openssl/crypto/engine/tb_digest.c	7
openssl/crypto/evp/digest.c	17
openssl/crypto/sha/sha_local.h	1
openssl/include/crypto/md32_common.h	2
openssl/crypto/engine/eng_pkey.c	1
openssl/crypto/bio/bss_file.c	2
openssl/crypto/o_fopen.c	1
openssl/crypto/pem/pem_pkey.c	5
openssl/crypto/bio/bf_readbuff.c	1
openssl/crypto/pem/pem_lib.c	15
openssl/crypto/evp/evp_key.c	3
openssl/crypto/ui/ui_lib.c	27
openssl/crypto/ui/ui_openssl.c	1
openssl/crypto/ui/ui_null.c	1
openssl/include/openssl/ui.h	2
openssl/crypto/err/err_prn.c	1
openssl/crypto/passphrase.c	9
openssl/crypto/encode_decode/decoder_pkey.c	13
openssl/crypto/encode_decode/decoder_meth.c	17
openssl/crypto/encode_decode/decoder_lib.c	23
openssl/crypto/evp/keymgmt_meth.c	21
openssl/crypto/evp/evp_fetch.c	16
openssl/crypto/core_namemap.c	20
openssl/crypto/engine/eng_rdrand.c	4
openssl/crypto/engine/eng_dyn.c	12
openssl/include/openssl/safestack.h	4
openssl/crypto/dso/dso_dlfcn.c	1
openssl/engines/e_padlock.c	22
openssl/crypto/asn1/evp_asn1.c	1
openssl/crypto/asn1/tasn_typ.c	9
openssl/crypto/asn1/asn1_lib.c	11
openssl/crypto/asn1/a_octet.c	1
openssl/crypto/asn1/a_type.c	1
openssl/crypto/asn1/tasn_fre.c	5
openssl/engines/e_afalg.c	27
openssl/engines/e_afalg_err.c	3
openssl/crypto/engine/eng_fat.c	5
openssl/crypto/engine/eng_table.c	8
openssl/crypto/async/async_wait.c	3
openssl/crypto/async/arch/async_posix.h	1
openssl/crypto/bsearch.c	1
openssl/crypto/bn/bn_word.c	4
openssl/crypto/bn/bn_lib.c	23
openssl/crypto/bn/bn_local.h	1
openssl/crypto/bn/bn_shift.c	2
openssl/crypto/bn/bn_conv.c	4
openssl/include/internal/constant_time.h	4
openssl/crypto/bn/asm/x86_64-gcc.c	2
openssl/include/crypto/asn1.h	3
openssl/crypto/property/property.c	25
openssl/crypto/sparse_array.c	1
openssl/crypto/core_fetch.c	3
openssl/crypto/core_algorithm.c	4
openssl/include/openssl/core_dispatch.h	81
openssl/crypto/provider.c	2
openssl/crypto/property/property_query.c	3
openssl/crypto/encode_decode/encoder_local.h	5
openssl/crypto/evp/keymgmt_lib.c	14
openssl/crypto/evp/p_lib.c	19
openssl/include/openssl/x509.h	1
openssl/crypto/x509/x_attrib.c	2
openssl/include/openssl/asn1t.h	2
openssl/crypto/asn1/tasn_utl.c	9
openssl/crypto/asn1/a_int.c	8
openssl/crypto/bio/bss_mem.c	3
openssl/crypto/bio/ossl_core_bio.c	3
openssl/crypto/ui/ui_util.c	8
openssl/crypto/evp/encode.c	7
openssl/crypto/evp/legacy_md5.c	1
openssl/crypto/evp/m_sigver.c	7
openssl/crypto/evp/signature.c	9
openssl/crypto/evp/exchange.c	2
openssl/crypto/evp/kem.c	2
openssl/crypto/evp/asymcipher.c	2
openssl/crypto/evp/ctrl_params_translate.c	10
openssl/crypto/params_from_text.c	3
openssl/crypto/asn1/p8_pkey.c	4
openssl/crypto/asn1/tasn_dec.c	14
openssl/crypto/buffer/buffer.c	2
openssl/crypto/asn1/tasn_new.c	9
openssl/crypto/asn1/a_bitstr.c	1
openssl/crypto/evp/evp_pkey.c	1
openssl/crypto/asn1/x_sig.c	3
openssl/crypto/pkcs12/p12_p8d.c	2
openssl/crypto/pkcs12/p12_decr.c	2
openssl/crypto/asn1/d2i_pr.c	1
openssl/crypto/x509/x_pubkey.c	7
openssl/crypto/conf/conf_api.c	3
openssl/include/openssl/conf.h	3
openssl/crypto/conf/conf_mall.c	1
openssl/crypto/asn1/asn_moid.c	3
openssl/crypto/objects/obj_lib.c	1
openssl/crypto/asn1/asn_mstbl.c	3
openssl/crypto/x509/v3_utl.c	6
openssl/crypto/asn1/asn1_gen.c	3
openssl/crypto/asn1/a_strnid.c	6
openssl/include/openssl/asn1.h	3
openssl/crypto/engine/eng_cnf.c	5
openssl/crypto/engine/eng_all.c	1
openssl/crypto/engine/eng_ctrl.c	7
openssl/crypto/evp/evp_cnf.c	2
openssl/crypto/conf/conf_ssl.c	3
openssl/crypto/provider_conf.c	10
openssl/crypto/encode_decode/encoder_meth.c	3
openssl/crypto/store/store_meth.c	3
openssl/crypto/evp/legacy_md5_sha1.c	1
openssl/crypto/evp/legacy_sha.c	13
openssl/crypto/evp/legacy_mdc2.c	1
openssl/crypto/evp/legacy_ripemd.c	1
openssl/crypto/evp/legacy_wp.c	1
openssl/crypto/sm3/legacy_sm3.c	1
openssl/crypto/evp/legacy_blake2.c	2
openssl/crypto/evp/e_des3.c	11
openssl/crypto/evp/e_xcbc_d.c	1
openssl/crypto/evp/e_rc4.c	2
openssl/crypto/evp/e_rc4_hmac_md5.c	1
openssl/crypto/evp/e_idea.c	4
openssl/crypto/evp/e_seed.c	4
openssl/crypto/evp/e_sm4.c	5
openssl/crypto/evp/e_rc2.c	6
openssl/crypto/evp/e_bf.c	4
openssl/crypto/evp/e_cast.c	4
openssl/crypto/evp/e_rc5.c	4
openssl/crypto/evp/e_aes.c	38
openssl/crypto/evp/e_aes_cbc_hmac_sha1.c	2
openssl/crypto/evp/e_aes_cbc_hmac_sha256.c	2
openssl/crypto/evp/e_aria.c	27
openssl/crypto/evp/e_camellia.c	21
openssl/crypto/evp/e_chacha20_poly1305.c	2
openssl/crypto/bn/bn_err.c	1
openssl/crypto/rsa/rsa_err.c	1
openssl/crypto/dh/dh_err.c	1
openssl/crypto/evp/evp_err.c	1
openssl/crypto/buffer/buf_err.c	1
openssl/crypto/objects/obj_err.c	1
openssl/crypto/pem/pem_err.c	1
openssl/crypto/dsa/dsa_err.c	1
openssl/crypto/x509/x509_err.c	1
openssl/crypto/asn1/asn1_err.c	1
openssl/crypto/conf/conf_err.c	1
openssl/crypto/cpt_err.c	1
openssl/crypto/comp/comp_err.c	1
openssl/crypto/ec/ec_err.c	1
openssl/crypto/bio/bio_err.c	1
openssl/crypto/pkcs7/pkcs7err.c	1
openssl/crypto/x509/v3err.c	1
openssl/crypto/pkcs12/pk12err.c	1
openssl/crypto/rand/rand_err.c	1
openssl/crypto/dso/dso_err.c	1
openssl/crypto/ts/ts_err.c	1
openssl/crypto/engine/eng_err.c	1
openssl/crypto/http/http_err.c	1
openssl/crypto/ocsp/ocsp_err.c	1
openssl/crypto/ui/ui_err.c	1
openssl/crypto/cms/cms_err.c	1
openssl/crypto/crmf/crmf_err.c	1
openssl/crypto/cmp/cmp_err.c	1
openssl/crypto/ct/ct_err.c	1
openssl/crypto/ess/ess_err.c	1
openssl/crypto/async/async_err.c	1
openssl/crypto/store/store_err.c	1
openssl/crypto/property/property_err.c	1
openssl/providers/common/provider_err.c	1

Fuzzer: openssl/fuzz/driver.c

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	5629	99.9%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	1	0.01%
All colors	5630	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1442	1442	1 : View List ['curl_multi_cleanup']	1442	12361	Curl_close	call site: 00000	/src/curl/lib/url.c:248
1135	2615	11 : View List ['Curl_dyn_len', 'Curl_strndup', 'dedotdotify', 'Curl_dyn_init', 'strchr', 'curl_dbg_strdup', 'Curl_dyn_add', 'urlencode_str', 'memchr', 'curl_dbg_free', 'Curl_dyn_ptr']	1135	3059	parseurl	call site: 00000	/src/curl/lib/urlapi.c:1206
1016	1016	1 : View List ['curl_multi_remove_handle']	2458	13377	Curl_close	call site: 00000	/src/curl/lib/url.c:243
679	2288	8 : View List ['Curl_cookie_cleanup', 'Curl_get_line', 'curl_dbg_malloc', 'remove_expired', 'curl_strnequal', 'curl_dbg_free', 'Curl_cookie_add', 'curl_dbg_fclose']	679	2288	Curl_cookie_init	call site: 00000	/src/curl/lib/cookie.c:1243
332	332	2 : View List ['Curl_infof', 'curl_easy_strerror']	332	566	Curl_flush_cookies	call site: 00000	/src/curl/lib/cookie.c:1768
296	531	3 : View List ['qsort', 'curl_dbg_calloc', 'get_netscape_format']	303	2078	cookie_output	call site: 00000	/src/curl/lib/cookie.c:1656
265	265	1 : View List ['Curl_trc_opt']	265	265	Curl_trc_init	call site: 00000	/src/curl/lib/curl_trc.c:230
229	458	2 : View List ['Curl_cookie_clearall', 'Curl_cookie_cleanup']	229	682	Curl_vsetopt	call site: 00000	/src/curl/lib/setopt.c:750
228	448	3 : View List ['curl_dbg_fopen', 'Curl_infof', 'strcmp']	907	2736	Curl_cookie_init	call site: 00000	/src/curl/lib/cookie.c:1230
6	6	3 : View List ['strlen', 'fgets', 'feof']	6	6	Curl_get_line	call site: 00000	/src/curl/lib/curl_get_line.c:45
4	219	3 : View List ['__errno_location', 'fflush', 'curl_dbg_log']	4	219	countcheck	call site: 00000	/src/curl/lib/memdebug.c:111
4	4	2 : View List ['strlen', 'ntohl']	4	4	randit	call site: 00000	/src/curl/lib/rand.c:110

Runtime coverage analysis

Covered functions

139

Functions that are reachable but not covered

1414

Reachable functions

1415

Percentage of reachable functions covered

0.07%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
openssl/fuzz/driver.c	1
openssl/fuzz/bignum.c	1
openssl/crypto/bn/bn_lib.c	39
openssl/crypto/mem.c	7
openssl/crypto/err/err_blocks.c	2
openssl/crypto/err/err.c	30
openssl/crypto/init.c	39
openssl/crypto/err/err_local.h	5
openssl/crypto/threads_pthread.c	13
openssl/crypto/cpuid.c	4
openssl/crypto/ctype.c	3
openssl/crypto/initthread.c	21
openssl/crypto/stack/stack.c	16
openssl/crypto/comp/c_zlib.c	1
openssl/crypto/async/async.c	6
openssl/crypto/rand/rand_lib.c	9
openssl/providers/implementations/rands/seeding/rand_unix.c	4
openssl/crypto/engine/eng_init.c	4
openssl/crypto/cryptlib.c	2
openssl/crypto/engine/eng_lib.c	22
openssl/include/internal/refcount.h	2
openssl/crypto/engine/tb_pkmeth.c	7
openssl/crypto/evp/pmeth_lib.c	31
openssl/crypto/engine/tb_asnmth.c	9
openssl/crypto/asn1/ameth_lib.c	9
openssl/crypto/engine/eng_list.c	10
openssl/crypto/ex_data.c	14
openssl/crypto/context.c	15
openssl/include/internal/cryptlib.h	7
openssl/include/openssl/crypto.h	2
openssl/crypto/property/property_parse.c	25
openssl/crypto/property/property_string.c	12
openssl/crypto/lhash/lhash.c	15
openssl/crypto/conf/conf_mod.c	34
openssl/crypto/dso/dso_lib.c	9
openssl/crypto/engine/eng_local.h	14
openssl/crypto/store/store_init.c	1
openssl/crypto/store/store_register.c	1
openssl/crypto/store/store_local.h	1
openssl/crypto/bio/bio_lib.c	16
openssl/crypto/bio/bio_sock.c	1
openssl/crypto/evp/names.c	9
openssl/crypto/objects/o_names.c	12
openssl/crypto/objects/obj_local.h	18
openssl/crypto/evp/evp_pbe.c	6
openssl/crypto/evp/evp_local.h	3
openssl/crypto/objects/obj_xref.c	2
openssl/crypto/objects/obj_xref.h	2
openssl/include/crypto/evp.h	8
openssl/crypto/objects/obj_dat.c	23
openssl/crypto/asn1/a_object.c	6
openssl/include/openssl/err.h	4
openssl/crypto/mem_sec.c	18
openssl/crypto/cmp/cmp_util.c	1
openssl/crypto/trace.c	2
openssl/crypto/err/err_all.c	1
openssl/crypto/evp/c_allc.c	1
openssl/crypto/evp/e_des.c	6
openssl/crypto/evp/c_alld.c	1
openssl/crypto/evp/legacy_md4.c	1
openssl/crypto/conf/conf_sap.c	2
openssl/crypto/getenv.c	1
openssl/crypto/o_str.c	12
openssl/crypto/x509/x509_def.c	1
openssl/crypto/bio/bio_print.c	9
openssl/crypto/engine/eng_openssl.c	20
openssl/crypto/evp/evp_lib.c	37
openssl/crypto/provider_core.c	44
openssl/crypto/provider_local.h	4
openssl/crypto/provider_child.c	2
openssl/crypto/evp/cmeth_lib.c	8
openssl/crypto/evp/evp_enc.c	24
openssl/crypto/rsa/rsa_ossl.c	1
openssl/crypto/engine/tb_rsa.c	4
openssl/crypto/dsa/dsa_ossl.c	1
openssl/crypto/engine/tb_dsa.c	4
openssl/crypto/ec/ec_kmeth.c	1
openssl/crypto/engine/tb_eckey.c	4
openssl/crypto/dh/dh_key.c	1
openssl/crypto/engine/tb_dh.c	4
openssl/crypto/rand/rand_meth.c	1
openssl/crypto/engine/tb_rand.c	4
openssl/crypto/engine/tb_cipher.c	7
openssl/crypto/params.c	45
openssl/crypto/evp/evp_utils.c	5
openssl/crypto/engine/tb_digest.c	7
openssl/crypto/evp/digest.c	17
openssl/crypto/sha/sha_local.h	1
openssl/include/crypto/md32_common.h	2
openssl/crypto/engine/eng_pkey.c	1
openssl/crypto/bio/bss_file.c	2
openssl/crypto/o_fopen.c	1
openssl/crypto/pem/pem_pkey.c	5
openssl/crypto/bio/bf_readbuff.c	1
openssl/crypto/pem/pem_lib.c	15
openssl/crypto/evp/evp_key.c	3
openssl/crypto/ui/ui_lib.c	27
openssl/crypto/ui/ui_openssl.c	1
openssl/crypto/ui/ui_null.c	1
openssl/include/openssl/ui.h	2
openssl/crypto/err/err_prn.c	1
openssl/crypto/passphrase.c	9
openssl/crypto/encode_decode/decoder_pkey.c	13
openssl/crypto/encode_decode/decoder_meth.c	17
openssl/crypto/encode_decode/decoder_lib.c	23
openssl/crypto/evp/keymgmt_meth.c	21
openssl/crypto/evp/evp_fetch.c	16
openssl/crypto/core_namemap.c	20
openssl/crypto/engine/eng_rdrand.c	4
openssl/crypto/engine/eng_dyn.c	12
openssl/include/openssl/safestack.h	4
openssl/crypto/dso/dso_dlfcn.c	1
openssl/engines/e_padlock.c	22
openssl/crypto/asn1/evp_asn1.c	1
openssl/crypto/asn1/tasn_typ.c	9
openssl/crypto/asn1/asn1_lib.c	11
openssl/crypto/asn1/a_octet.c	1
openssl/crypto/asn1/a_type.c	1
openssl/crypto/asn1/tasn_fre.c	5
openssl/engines/e_afalg.c	27
openssl/engines/e_afalg_err.c	3
openssl/crypto/engine/eng_fat.c	5
openssl/crypto/engine/eng_table.c	8
openssl/crypto/async/async_wait.c	3
openssl/crypto/async/arch/async_posix.h	1
openssl/crypto/bsearch.c	1
openssl/crypto/bn/bn_word.c	4
openssl/crypto/bn/bn_local.h	1
openssl/crypto/bn/bn_shift.c	6
openssl/crypto/bn/bn_conv.c	4
openssl/include/internal/constant_time.h	6
openssl/crypto/bn/asm/x86_64-gcc.c	10
openssl/include/crypto/asn1.h	3
openssl/crypto/property/property.c	25
openssl/crypto/sparse_array.c	1
openssl/crypto/core_fetch.c	3
openssl/crypto/core_algorithm.c	4
openssl/include/openssl/core_dispatch.h	81
openssl/crypto/provider.c	2
openssl/crypto/property/property_query.c	3
openssl/crypto/encode_decode/encoder_local.h	5
openssl/crypto/evp/keymgmt_lib.c	14
openssl/crypto/evp/p_lib.c	19
openssl/include/openssl/x509.h	1
openssl/crypto/x509/x_attrib.c	2
openssl/include/openssl/asn1t.h	2
openssl/crypto/asn1/tasn_utl.c	9
openssl/crypto/asn1/a_int.c	8
openssl/crypto/bio/bss_mem.c	3
openssl/crypto/bio/ossl_core_bio.c	3
openssl/crypto/ui/ui_util.c	8
openssl/crypto/evp/encode.c	7
openssl/crypto/evp/legacy_md5.c	1
openssl/crypto/evp/m_sigver.c	7
openssl/crypto/evp/signature.c	9
openssl/crypto/evp/exchange.c	2
openssl/crypto/evp/kem.c	2
openssl/crypto/evp/asymcipher.c	2
openssl/crypto/evp/ctrl_params_translate.c	10
openssl/crypto/params_from_text.c	3
openssl/crypto/asn1/p8_pkey.c	4
openssl/crypto/asn1/tasn_dec.c	14
openssl/crypto/buffer/buffer.c	2
openssl/crypto/asn1/tasn_new.c	9
openssl/crypto/asn1/a_bitstr.c	1
openssl/crypto/evp/evp_pkey.c	1
openssl/crypto/asn1/x_sig.c	3
openssl/crypto/pkcs12/p12_p8d.c	2
openssl/crypto/pkcs12/p12_decr.c	2
openssl/crypto/asn1/d2i_pr.c	1
openssl/crypto/x509/x_pubkey.c	7
openssl/crypto/conf/conf_lib.c	10
openssl/crypto/conf/conf_def.c	1
openssl/crypto/conf/conf_api.c	3
openssl/include/openssl/conf.h	3
openssl/crypto/conf/conf_mall.c	1
openssl/crypto/asn1/asn_moid.c	3
openssl/crypto/objects/obj_lib.c	1
openssl/crypto/asn1/asn_mstbl.c	3
openssl/crypto/x509/v3_utl.c	6
openssl/crypto/asn1/asn1_gen.c	3
openssl/crypto/asn1/a_strnid.c	6
openssl/include/openssl/asn1.h	3
openssl/crypto/engine/eng_cnf.c	5
openssl/crypto/engine/eng_all.c	1
openssl/crypto/engine/eng_ctrl.c	7
openssl/crypto/evp/evp_cnf.c	2
openssl/crypto/conf/conf_ssl.c	3
openssl/crypto/provider_conf.c	10
openssl/crypto/encode_decode/encoder_meth.c	3
openssl/crypto/store/store_meth.c	3
openssl/crypto/evp/legacy_md5_sha1.c	1
openssl/crypto/evp/legacy_sha.c	13
openssl/crypto/evp/legacy_mdc2.c	1
openssl/crypto/evp/legacy_ripemd.c	1
openssl/crypto/evp/legacy_wp.c	1
openssl/crypto/sm3/legacy_sm3.c	1
openssl/crypto/evp/legacy_blake2.c	2
openssl/crypto/evp/e_des3.c	11
openssl/crypto/evp/e_xcbc_d.c	1
openssl/crypto/evp/e_rc4.c	2
openssl/crypto/evp/e_rc4_hmac_md5.c	1
openssl/crypto/evp/e_idea.c	4
openssl/crypto/evp/e_seed.c	4
openssl/crypto/evp/e_sm4.c	5
openssl/crypto/evp/e_rc2.c	6
openssl/crypto/evp/e_bf.c	4
openssl/crypto/evp/e_cast.c	4
openssl/crypto/evp/e_rc5.c	4
openssl/crypto/evp/e_aes.c	38
openssl/crypto/evp/e_aes_cbc_hmac_sha1.c	2
openssl/crypto/evp/e_aes_cbc_hmac_sha256.c	2
openssl/crypto/evp/e_aria.c	27
openssl/crypto/evp/e_camellia.c	21
openssl/crypto/evp/e_chacha20_poly1305.c	2
openssl/crypto/bn/bn_err.c	1
openssl/crypto/rsa/rsa_err.c	1
openssl/crypto/dh/dh_err.c	1
openssl/crypto/evp/evp_err.c	1
openssl/crypto/buffer/buf_err.c	1
openssl/crypto/objects/obj_err.c	1
openssl/crypto/pem/pem_err.c	1
openssl/crypto/dsa/dsa_err.c	1
openssl/crypto/x509/x509_err.c	1
openssl/crypto/asn1/asn1_err.c	1
openssl/crypto/conf/conf_err.c	1
openssl/crypto/cpt_err.c	1
openssl/crypto/comp/comp_err.c	1
openssl/crypto/ec/ec_err.c	1
openssl/crypto/bio/bio_err.c	1
openssl/crypto/pkcs7/pkcs7err.c	1
openssl/crypto/x509/v3err.c	1
openssl/crypto/pkcs12/pk12err.c	1
openssl/crypto/rand/rand_err.c	1
openssl/crypto/dso/dso_err.c	1
openssl/crypto/ts/ts_err.c	1
openssl/crypto/engine/eng_err.c	1
openssl/crypto/http/http_err.c	1
openssl/crypto/ocsp/ocsp_err.c	1
openssl/crypto/ui/ui_err.c	1
openssl/crypto/cms/cms_err.c	1
openssl/crypto/crmf/crmf_err.c	1
openssl/crypto/cmp/cmp_err.c	1
openssl/crypto/ct/ct_err.c	1
openssl/crypto/ess/ess_err.c	1
openssl/crypto/async/async_err.c	1
openssl/crypto/store/store_err.c	1
openssl/crypto/property/property_err.c	1
openssl/providers/common/provider_err.c	1
openssl/crypto/bn/bn_ctx.c	11
openssl/crypto/bn/bn_exp.c	9
openssl/crypto/bn/bn_mont.c	10
openssl/crypto/bn/bn_gcd.c	3
openssl/crypto/bn/bn_mod.c	2
openssl/crypto/bn/bn_div.c	3
openssl/crypto/bn/bn_mul.c	6
openssl/crypto/bn/bn_add.c	4
openssl/crypto/bn/bn_sqr.c	4
openssl/crypto/bn/rsaz_exp.c	2
openssl/crypto/bn/rsaz_exp.h	2
openssl/crypto/bn/bn_recp.c	6
openssl/crypto/bn/bn_print.c	2

Fuzzer: openssl/fuzz/driver.c

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	5170	99.9%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	1	0.01%
All colors	5171	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1442	1442	1 : View List ['curl_multi_cleanup']	1442	12361	Curl_close	call site: 00000	/src/curl/lib/url.c:248
1135	2615	11 : View List ['Curl_dyn_len', 'Curl_strndup', 'dedotdotify', 'Curl_dyn_init', 'strchr', 'curl_dbg_strdup', 'Curl_dyn_add', 'urlencode_str', 'memchr', 'curl_dbg_free', 'Curl_dyn_ptr']	1135	3059	parseurl	call site: 00000	/src/curl/lib/urlapi.c:1206
1016	1016	1 : View List ['curl_multi_remove_handle']	2458	13377	Curl_close	call site: 00000	/src/curl/lib/url.c:243
679	2288	8 : View List ['Curl_cookie_cleanup', 'Curl_get_line', 'curl_dbg_malloc', 'remove_expired', 'curl_strnequal', 'curl_dbg_free', 'Curl_cookie_add', 'curl_dbg_fclose']	679	2288	Curl_cookie_init	call site: 00000	/src/curl/lib/cookie.c:1243
332	332	2 : View List ['Curl_infof', 'curl_easy_strerror']	332	566	Curl_flush_cookies	call site: 00000	/src/curl/lib/cookie.c:1768
296	531	3 : View List ['qsort', 'curl_dbg_calloc', 'get_netscape_format']	303	2078	cookie_output	call site: 00000	/src/curl/lib/cookie.c:1656
265	265	1 : View List ['Curl_trc_opt']	265	265	Curl_trc_init	call site: 00000	/src/curl/lib/curl_trc.c:230
229	458	2 : View List ['Curl_cookie_clearall', 'Curl_cookie_cleanup']	229	682	Curl_vsetopt	call site: 00000	/src/curl/lib/setopt.c:750
228	448	3 : View List ['curl_dbg_fopen', 'Curl_infof', 'strcmp']	907	2736	Curl_cookie_init	call site: 00000	/src/curl/lib/cookie.c:1230
6	6	3 : View List ['strlen', 'fgets', 'feof']	6	6	Curl_get_line	call site: 00000	/src/curl/lib/curl_get_line.c:45
4	219	3 : View List ['__errno_location', 'fflush', 'curl_dbg_log']	4	219	countcheck	call site: 00000	/src/curl/lib/memdebug.c:111
4	4	2 : View List ['strlen', 'ntohl']	4	4	randit	call site: 00000	/src/curl/lib/rand.c:110

Runtime coverage analysis

Covered functions

139

Functions that are reachable but not covered

1332

Reachable functions

1333

Percentage of reachable functions covered

0.08%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
openssl/fuzz/driver.c	1
openssl/fuzz/bndiv.c	1
openssl/crypto/bn/bn_lib.c	30
openssl/crypto/mem.c	7
openssl/crypto/err/err_blocks.c	2
openssl/crypto/err/err.c	30
openssl/crypto/init.c	39
openssl/crypto/err/err_local.h	5
openssl/crypto/threads_pthread.c	13
openssl/crypto/cpuid.c	4
openssl/crypto/ctype.c	3
openssl/crypto/initthread.c	21
openssl/crypto/stack/stack.c	16
openssl/crypto/comp/c_zlib.c	1
openssl/crypto/async/async.c	6
openssl/crypto/rand/rand_lib.c	9
openssl/providers/implementations/rands/seeding/rand_unix.c	4
openssl/crypto/engine/eng_init.c	4
openssl/crypto/cryptlib.c	2
openssl/crypto/engine/eng_lib.c	22
openssl/include/internal/refcount.h	2
openssl/crypto/engine/tb_pkmeth.c	7
openssl/crypto/evp/pmeth_lib.c	31
openssl/crypto/engine/tb_asnmth.c	9
openssl/crypto/asn1/ameth_lib.c	9
openssl/crypto/engine/eng_list.c	10
openssl/crypto/ex_data.c	14
openssl/crypto/context.c	15
openssl/include/internal/cryptlib.h	7
openssl/include/openssl/crypto.h	2
openssl/crypto/property/property_parse.c	25
openssl/crypto/property/property_string.c	12
openssl/crypto/lhash/lhash.c	15
openssl/crypto/conf/conf_mod.c	34
openssl/crypto/dso/dso_lib.c	9
openssl/crypto/engine/eng_local.h	14
openssl/crypto/store/store_init.c	1
openssl/crypto/store/store_register.c	1
openssl/crypto/store/store_local.h	1
openssl/crypto/bio/bio_lib.c	16
openssl/crypto/bio/bio_sock.c	1
openssl/crypto/evp/names.c	9
openssl/crypto/objects/o_names.c	12
openssl/crypto/objects/obj_local.h	18
openssl/crypto/evp/evp_pbe.c	6
openssl/crypto/evp/evp_local.h	3
openssl/crypto/objects/obj_xref.c	2
openssl/crypto/objects/obj_xref.h	2
openssl/include/crypto/evp.h	8
openssl/crypto/objects/obj_dat.c	23
openssl/crypto/asn1/a_object.c	6
openssl/include/openssl/err.h	4
openssl/crypto/mem_sec.c	18
openssl/crypto/cmp/cmp_util.c	1
openssl/crypto/trace.c	2
openssl/crypto/err/err_all.c	1
openssl/crypto/evp/c_allc.c	1
openssl/crypto/evp/e_des.c	6
openssl/crypto/evp/c_alld.c	1
openssl/crypto/evp/legacy_md4.c	1
openssl/crypto/conf/conf_sap.c	2
openssl/crypto/getenv.c	1
openssl/crypto/o_str.c	12
openssl/crypto/x509/x509_def.c	1
openssl/crypto/bio/bio_print.c	9
openssl/crypto/engine/eng_openssl.c	20
openssl/crypto/evp/evp_lib.c	37
openssl/crypto/provider_core.c	44
openssl/crypto/provider_local.h	4
openssl/crypto/provider_child.c	2
openssl/crypto/evp/cmeth_lib.c	8
openssl/crypto/evp/evp_enc.c	24
openssl/crypto/rsa/rsa_ossl.c	1
openssl/crypto/engine/tb_rsa.c	4
openssl/crypto/dsa/dsa_ossl.c	1
openssl/crypto/engine/tb_dsa.c	4
openssl/crypto/ec/ec_kmeth.c	1
openssl/crypto/engine/tb_eckey.c	4
openssl/crypto/dh/dh_key.c	1
openssl/crypto/engine/tb_dh.c	4
openssl/crypto/rand/rand_meth.c	1
openssl/crypto/engine/tb_rand.c	4
openssl/crypto/engine/tb_cipher.c	7
openssl/crypto/params.c	45
openssl/crypto/evp/evp_utils.c	5
openssl/crypto/engine/tb_digest.c	7
openssl/crypto/evp/digest.c	17
openssl/crypto/sha/sha_local.h	1
openssl/include/crypto/md32_common.h	2
openssl/crypto/engine/eng_pkey.c	1
openssl/crypto/bio/bss_file.c	2
openssl/crypto/o_fopen.c	1
openssl/crypto/pem/pem_pkey.c	5
openssl/crypto/bio/bf_readbuff.c	1
openssl/crypto/pem/pem_lib.c	15
openssl/crypto/evp/evp_key.c	3
openssl/crypto/ui/ui_lib.c	27
openssl/crypto/ui/ui_openssl.c	1
openssl/crypto/ui/ui_null.c	1
openssl/include/openssl/ui.h	2
openssl/crypto/err/err_prn.c	1
openssl/crypto/passphrase.c	9
openssl/crypto/encode_decode/decoder_pkey.c	13
openssl/crypto/encode_decode/decoder_meth.c	17
openssl/crypto/encode_decode/decoder_lib.c	23
openssl/crypto/evp/keymgmt_meth.c	21
openssl/crypto/evp/evp_fetch.c	16
openssl/crypto/core_namemap.c	20
openssl/crypto/engine/eng_rdrand.c	4
openssl/crypto/engine/eng_dyn.c	12
openssl/include/openssl/safestack.h	4
openssl/crypto/dso/dso_dlfcn.c	1
openssl/engines/e_padlock.c	22
openssl/crypto/asn1/evp_asn1.c	1
openssl/crypto/asn1/tasn_typ.c	9
openssl/crypto/asn1/asn1_lib.c	11
openssl/crypto/asn1/a_octet.c	1
openssl/crypto/asn1/a_type.c	1
openssl/crypto/asn1/tasn_fre.c	5
openssl/engines/e_afalg.c	27
openssl/engines/e_afalg_err.c	3
openssl/crypto/engine/eng_fat.c	5
openssl/crypto/engine/eng_table.c	8
openssl/crypto/async/async_wait.c	3
openssl/crypto/async/arch/async_posix.h	1
openssl/crypto/bsearch.c	1
openssl/crypto/bn/bn_word.c	4
openssl/crypto/bn/bn_local.h	1
openssl/crypto/bn/bn_shift.c	3
openssl/crypto/bn/bn_conv.c	4
openssl/include/internal/constant_time.h	4
openssl/crypto/bn/asm/x86_64-gcc.c	7
openssl/include/crypto/asn1.h	3
openssl/crypto/property/property.c	25
openssl/crypto/sparse_array.c	1
openssl/crypto/core_fetch.c	3
openssl/crypto/core_algorithm.c	4
openssl/include/openssl/core_dispatch.h	81
openssl/crypto/provider.c	2
openssl/crypto/property/property_query.c	3
openssl/crypto/encode_decode/encoder_local.h	5
openssl/crypto/evp/keymgmt_lib.c	14
openssl/crypto/evp/p_lib.c	19
openssl/include/openssl/x509.h	1
openssl/crypto/x509/x_attrib.c	2
openssl/include/openssl/asn1t.h	2
openssl/crypto/asn1/tasn_utl.c	9
openssl/crypto/asn1/a_int.c	8
openssl/crypto/bio/bss_mem.c	3
openssl/crypto/bio/ossl_core_bio.c	3
openssl/crypto/ui/ui_util.c	8
openssl/crypto/evp/encode.c	7
openssl/crypto/evp/legacy_md5.c	1
openssl/crypto/evp/m_sigver.c	7
openssl/crypto/evp/signature.c	9
openssl/crypto/evp/exchange.c	2
openssl/crypto/evp/kem.c	2
openssl/crypto/evp/asymcipher.c	2
openssl/crypto/evp/ctrl_params_translate.c	10
openssl/crypto/params_from_text.c	3
openssl/crypto/asn1/p8_pkey.c	4
openssl/crypto/asn1/tasn_dec.c	14
openssl/crypto/buffer/buffer.c	2
openssl/crypto/asn1/tasn_new.c	9
openssl/crypto/asn1/a_bitstr.c	1
openssl/crypto/evp/evp_pkey.c	1
openssl/crypto/asn1/x_sig.c	3
openssl/crypto/pkcs12/p12_p8d.c	2
openssl/crypto/pkcs12/p12_decr.c	2
openssl/crypto/asn1/d2i_pr.c	1
openssl/crypto/x509/x_pubkey.c	7
openssl/crypto/conf/conf_lib.c	10
openssl/crypto/conf/conf_def.c	1
openssl/crypto/conf/conf_api.c	3
openssl/include/openssl/conf.h	3
openssl/crypto/conf/conf_mall.c	1
openssl/crypto/asn1/asn_moid.c	3
openssl/crypto/objects/obj_lib.c	1
openssl/crypto/asn1/asn_mstbl.c	3
openssl/crypto/x509/v3_utl.c	6
openssl/crypto/asn1/asn1_gen.c	3
openssl/crypto/asn1/a_strnid.c	6
openssl/include/openssl/asn1.h	3
openssl/crypto/engine/eng_cnf.c	5
openssl/crypto/engine/eng_all.c	1
openssl/crypto/engine/eng_ctrl.c	7
openssl/crypto/evp/evp_cnf.c	2
openssl/crypto/conf/conf_ssl.c	3
openssl/crypto/provider_conf.c	10
openssl/crypto/encode_decode/encoder_meth.c	3
openssl/crypto/store/store_meth.c	3
openssl/crypto/evp/legacy_md5_sha1.c	1
openssl/crypto/evp/legacy_sha.c	13
openssl/crypto/evp/legacy_mdc2.c	1
openssl/crypto/evp/legacy_ripemd.c	1
openssl/crypto/evp/legacy_wp.c	1
openssl/crypto/sm3/legacy_sm3.c	1
openssl/crypto/evp/legacy_blake2.c	2
openssl/crypto/evp/e_des3.c	11
openssl/crypto/evp/e_xcbc_d.c	1
openssl/crypto/evp/e_rc4.c	2
openssl/crypto/evp/e_rc4_hmac_md5.c	1
openssl/crypto/evp/e_idea.c	4
openssl/crypto/evp/e_seed.c	4
openssl/crypto/evp/e_sm4.c	5
openssl/crypto/evp/e_rc2.c	6
openssl/crypto/evp/e_bf.c	4
openssl/crypto/evp/e_cast.c	4
openssl/crypto/evp/e_rc5.c	4
openssl/crypto/evp/e_aes.c	38
openssl/crypto/evp/e_aes_cbc_hmac_sha1.c	2
openssl/crypto/evp/e_aes_cbc_hmac_sha256.c	2
openssl/crypto/evp/e_aria.c	27
openssl/crypto/evp/e_camellia.c	21
openssl/crypto/evp/e_chacha20_poly1305.c	2
openssl/crypto/bn/bn_err.c	1
openssl/crypto/rsa/rsa_err.c	1
openssl/crypto/dh/dh_err.c	1
openssl/crypto/evp/evp_err.c	1
openssl/crypto/buffer/buf_err.c	1
openssl/crypto/objects/obj_err.c	1
openssl/crypto/pem/pem_err.c	1
openssl/crypto/dsa/dsa_err.c	1
openssl/crypto/x509/x509_err.c	1
openssl/crypto/asn1/asn1_err.c	1
openssl/crypto/conf/conf_err.c	1
openssl/crypto/cpt_err.c	1
openssl/crypto/comp/comp_err.c	1
openssl/crypto/ec/ec_err.c	1
openssl/crypto/bio/bio_err.c	1
openssl/crypto/pkcs7/pkcs7err.c	1
openssl/crypto/x509/v3err.c	1
openssl/crypto/pkcs12/pk12err.c	1
openssl/crypto/rand/rand_err.c	1
openssl/crypto/dso/dso_err.c	1
openssl/crypto/ts/ts_err.c	1
openssl/crypto/engine/eng_err.c	1
openssl/crypto/http/http_err.c	1
openssl/crypto/ocsp/ocsp_err.c	1
openssl/crypto/ui/ui_err.c	1
openssl/crypto/cms/cms_err.c	1
openssl/crypto/crmf/crmf_err.c	1
openssl/crypto/cmp/cmp_err.c	1
openssl/crypto/ct/ct_err.c	1
openssl/crypto/ess/ess_err.c	1
openssl/crypto/async/async_err.c	1
openssl/crypto/store/store_err.c	1
openssl/crypto/property/property_err.c	1
openssl/providers/common/provider_err.c	1
openssl/crypto/bn/bn_div.c	3
openssl/crypto/bn/bn_ctx.c	7
openssl/crypto/bn/bn_mul.c	6
openssl/crypto/bn/bn_add.c	3
openssl/crypto/bn/bn_print.c	2

Fuzzer: openssl/fuzz/driver.c

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	5366	99.9%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	1	0.01%
All colors	5367	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1442	1442	1 : View List ['curl_multi_cleanup']	1442	12361	Curl_close	call site: 00000	/src/curl/lib/url.c:248
1135	2615	11 : View List ['Curl_dyn_len', 'Curl_strndup', 'dedotdotify', 'Curl_dyn_init', 'strchr', 'curl_dbg_strdup', 'Curl_dyn_add', 'urlencode_str', 'memchr', 'curl_dbg_free', 'Curl_dyn_ptr']	1135	3059	parseurl	call site: 00000	/src/curl/lib/urlapi.c:1206
1016	1016	1 : View List ['curl_multi_remove_handle']	2458	13377	Curl_close	call site: 00000	/src/curl/lib/url.c:243
679	2288	8 : View List ['Curl_cookie_cleanup', 'Curl_get_line', 'curl_dbg_malloc', 'remove_expired', 'curl_strnequal', 'curl_dbg_free', 'Curl_cookie_add', 'curl_dbg_fclose']	679	2288	Curl_cookie_init	call site: 00000	/src/curl/lib/cookie.c:1243
332	332	2 : View List ['Curl_infof', 'curl_easy_strerror']	332	566	Curl_flush_cookies	call site: 00000	/src/curl/lib/cookie.c:1768
296	531	3 : View List ['qsort', 'curl_dbg_calloc', 'get_netscape_format']	303	2078	cookie_output	call site: 00000	/src/curl/lib/cookie.c:1656
265	265	1 : View List ['Curl_trc_opt']	265	265	Curl_trc_init	call site: 00000	/src/curl/lib/curl_trc.c:230
229	458	2 : View List ['Curl_cookie_clearall', 'Curl_cookie_cleanup']	229	682	Curl_vsetopt	call site: 00000	/src/curl/lib/setopt.c:750
228	448	3 : View List ['curl_dbg_fopen', 'Curl_infof', 'strcmp']	907	2736	Curl_cookie_init	call site: 00000	/src/curl/lib/cookie.c:1230
6	6	3 : View List ['strlen', 'fgets', 'feof']	6	6	Curl_get_line	call site: 00000	/src/curl/lib/curl_get_line.c:45
4	219	3 : View List ['__errno_location', 'fflush', 'curl_dbg_log']	4	219	countcheck	call site: 00000	/src/curl/lib/memdebug.c:111
4	4	2 : View List ['strlen', 'ntohl']	4	4	randit	call site: 00000	/src/curl/lib/rand.c:110

Runtime coverage analysis

Covered functions

139

Functions that are reachable but not covered

1485

Reachable functions

1486

Percentage of reachable functions covered

0.07%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
openssl/fuzz/driver.c	1
openssl/fuzz/crl.c	1
openssl/crypto/x509/x_crl.c	4
openssl/crypto/asn1/tasn_dec.c	14
openssl/crypto/err/err_blocks.c	2
openssl/crypto/err/err.c	30
openssl/crypto/init.c	39
openssl/crypto/err/err_local.h	5
openssl/crypto/mem.c	7
openssl/crypto/threads_pthread.c	13
openssl/crypto/cpuid.c	4
openssl/crypto/ctype.c	5
openssl/crypto/initthread.c	21
openssl/crypto/stack/stack.c	16
openssl/crypto/comp/c_zlib.c	1
openssl/crypto/async/async.c	6
openssl/crypto/rand/rand_lib.c	9
openssl/providers/implementations/rands/seeding/rand_unix.c	4
openssl/crypto/engine/eng_init.c	4
openssl/crypto/cryptlib.c	2
openssl/crypto/engine/eng_lib.c	22
openssl/include/internal/refcount.h	2
openssl/crypto/engine/tb_pkmeth.c	7
openssl/crypto/evp/pmeth_lib.c	31
openssl/crypto/engine/tb_asnmth.c	9
openssl/crypto/asn1/ameth_lib.c	9
openssl/crypto/engine/eng_list.c	10
openssl/crypto/ex_data.c	14
openssl/crypto/context.c	15
openssl/include/internal/cryptlib.h	7
openssl/include/openssl/crypto.h	2
openssl/crypto/property/property_parse.c	25
openssl/crypto/property/property_string.c	12
openssl/crypto/lhash/lhash.c	15
openssl/crypto/conf/conf_mod.c	34
openssl/crypto/dso/dso_lib.c	9
openssl/crypto/engine/eng_local.h	14
openssl/crypto/store/store_init.c	1
openssl/crypto/store/store_register.c	1
openssl/crypto/store/store_local.h	1
openssl/crypto/bio/bio_lib.c	17
openssl/crypto/bio/bio_sock.c	1
openssl/crypto/evp/names.c	9
openssl/crypto/objects/o_names.c	12
openssl/crypto/objects/obj_local.h	18
openssl/crypto/evp/evp_pbe.c	6
openssl/crypto/evp/evp_local.h	3
openssl/crypto/objects/obj_xref.c	5
openssl/crypto/objects/obj_xref.h	4
openssl/include/crypto/evp.h	8
openssl/crypto/objects/obj_dat.c	23
openssl/crypto/asn1/a_object.c	7
openssl/include/openssl/err.h	4
openssl/crypto/mem_sec.c	18
openssl/crypto/cmp/cmp_util.c	1
openssl/crypto/trace.c	2
openssl/crypto/err/err_all.c	1
openssl/crypto/evp/c_allc.c	1
openssl/crypto/evp/e_des.c	6
openssl/crypto/evp/c_alld.c	1
openssl/crypto/evp/legacy_md4.c	1
openssl/crypto/conf/conf_sap.c	2
openssl/crypto/getenv.c	1
openssl/crypto/o_str.c	12
openssl/crypto/x509/x509_def.c	1
openssl/crypto/bio/bio_print.c	11
openssl/crypto/engine/eng_openssl.c	20
openssl/crypto/evp/evp_lib.c	37
openssl/crypto/provider_core.c	44
openssl/crypto/provider_local.h	4
openssl/crypto/provider_child.c	2
openssl/crypto/evp/cmeth_lib.c	8
openssl/crypto/evp/evp_enc.c	24
openssl/crypto/rsa/rsa_ossl.c	1
openssl/crypto/engine/tb_rsa.c	4
openssl/crypto/dsa/dsa_ossl.c	1
openssl/crypto/engine/tb_dsa.c	4
openssl/crypto/ec/ec_kmeth.c	1
openssl/crypto/engine/tb_eckey.c	4
openssl/crypto/dh/dh_key.c	1
openssl/crypto/engine/tb_dh.c	4
openssl/crypto/rand/rand_meth.c	1
openssl/crypto/engine/tb_rand.c	4
openssl/crypto/engine/tb_cipher.c	7
openssl/crypto/params.c	45
openssl/crypto/evp/evp_utils.c	5
openssl/crypto/engine/tb_digest.c	7
openssl/crypto/evp/digest.c	17
openssl/crypto/sha/sha_local.h	1
openssl/include/crypto/md32_common.h	2
openssl/crypto/engine/eng_pkey.c	1
openssl/crypto/bio/bss_file.c	2
openssl/crypto/o_fopen.c	1
openssl/crypto/pem/pem_pkey.c	5
openssl/crypto/bio/bf_readbuff.c	1
openssl/crypto/pem/pem_lib.c	15
openssl/crypto/evp/evp_key.c	3
openssl/crypto/ui/ui_lib.c	27
openssl/crypto/ui/ui_openssl.c	1
openssl/crypto/ui/ui_null.c	1
openssl/include/openssl/ui.h	2
openssl/crypto/err/err_prn.c	1
openssl/crypto/passphrase.c	9
openssl/crypto/encode_decode/decoder_pkey.c	13
openssl/crypto/encode_decode/decoder_meth.c	17
openssl/crypto/encode_decode/decoder_lib.c	23
openssl/crypto/evp/keymgmt_meth.c	21
openssl/crypto/evp/evp_fetch.c	16
openssl/crypto/core_namemap.c	20
openssl/crypto/engine/eng_rdrand.c	4
openssl/crypto/engine/eng_dyn.c	12
openssl/include/openssl/safestack.h	4
openssl/crypto/dso/dso_dlfcn.c	1
openssl/engines/e_padlock.c	22
openssl/crypto/asn1/evp_asn1.c	1
openssl/crypto/asn1/tasn_typ.c	17
openssl/crypto/asn1/asn1_lib.c	12
openssl/crypto/asn1/a_octet.c	1
openssl/crypto/asn1/a_type.c	1
openssl/crypto/asn1/tasn_fre.c	5
openssl/engines/e_afalg.c	27
openssl/engines/e_afalg_err.c	3
openssl/crypto/engine/eng_fat.c	5
openssl/crypto/engine/eng_table.c	8
openssl/crypto/async/async_wait.c	3
openssl/crypto/async/arch/async_posix.h	1
openssl/crypto/bsearch.c	1
openssl/crypto/bn/bn_word.c	4
openssl/crypto/bn/bn_lib.c	23
openssl/crypto/bn/bn_local.h	1
openssl/crypto/bn/bn_shift.c	2
openssl/crypto/bn/bn_conv.c	4
openssl/include/internal/constant_time.h	4
openssl/crypto/bn/asm/x86_64-gcc.c	2
openssl/include/crypto/asn1.h	3
openssl/crypto/property/property.c	25
openssl/crypto/sparse_array.c	1
openssl/crypto/core_fetch.c	3
openssl/crypto/core_algorithm.c	4
openssl/include/openssl/core_dispatch.h	81
openssl/crypto/provider.c	2
openssl/crypto/property/property_query.c	3
openssl/crypto/encode_decode/encoder_local.h	5
openssl/crypto/evp/keymgmt_lib.c	14
openssl/crypto/evp/p_lib.c	19
openssl/include/openssl/x509.h	4
openssl/crypto/x509/x_attrib.c	2
openssl/include/openssl/asn1t.h	2
openssl/crypto/asn1/tasn_utl.c	13
openssl/crypto/asn1/a_int.c	10
openssl/crypto/bio/bss_mem.c	3
openssl/crypto/bio/ossl_core_bio.c	3
openssl/crypto/ui/ui_util.c	8
openssl/crypto/evp/encode.c	7
openssl/crypto/evp/legacy_md5.c	1
openssl/crypto/evp/m_sigver.c	7
openssl/crypto/evp/signature.c	9
openssl/crypto/evp/exchange.c	2
openssl/crypto/evp/kem.c	2
openssl/crypto/evp/asymcipher.c	2
openssl/crypto/evp/ctrl_params_translate.c	10
openssl/crypto/params_from_text.c	3
openssl/crypto/asn1/p8_pkey.c	4
openssl/crypto/evp/evp_pkey.c	1
openssl/crypto/asn1/x_sig.c	3
openssl/crypto/pkcs12/p12_p8d.c	2
openssl/crypto/pkcs12/p12_decr.c	2
openssl/crypto/asn1/d2i_pr.c	1
openssl/crypto/x509/x_pubkey.c	7
openssl/crypto/conf/conf_lib.c	10
openssl/crypto/conf/conf_def.c	1
openssl/crypto/conf/conf_api.c	3
openssl/include/openssl/conf.h	3
openssl/crypto/conf/conf_mall.c	1
openssl/crypto/asn1/asn_moid.c	3
openssl/crypto/objects/obj_lib.c	1
openssl/crypto/asn1/asn_mstbl.c	3
openssl/crypto/x509/v3_utl.c	6
openssl/crypto/asn1/asn1_gen.c	3
openssl/crypto/asn1/a_strnid.c	6
openssl/include/openssl/asn1.h	3
openssl/crypto/engine/eng_cnf.c	5
openssl/crypto/engine/eng_all.c	1
openssl/crypto/engine/eng_ctrl.c	7
openssl/crypto/evp/evp_cnf.c	2
openssl/crypto/conf/conf_ssl.c	3
openssl/crypto/provider_conf.c	10
openssl/crypto/encode_decode/encoder_meth.c	3
openssl/crypto/store/store_meth.c	3
openssl/crypto/evp/legacy_md5_sha1.c	1
openssl/crypto/evp/legacy_sha.c	13
openssl/crypto/evp/legacy_mdc2.c	1
openssl/crypto/evp/legacy_ripemd.c	1
openssl/crypto/evp/legacy_wp.c	1
openssl/crypto/sm3/legacy_sm3.c	1
openssl/crypto/evp/legacy_blake2.c	2
openssl/crypto/evp/e_des3.c	11
openssl/crypto/evp/e_xcbc_d.c	1
openssl/crypto/evp/e_rc4.c	2
openssl/crypto/evp/e_rc4_hmac_md5.c	1
openssl/crypto/evp/e_idea.c	4
openssl/crypto/evp/e_seed.c	4
openssl/crypto/evp/e_sm4.c	5
openssl/crypto/evp/e_rc2.c	6
openssl/crypto/evp/e_bf.c	4
openssl/crypto/evp/e_cast.c	4
openssl/crypto/evp/e_rc5.c	4
openssl/crypto/evp/e_aes.c	38
openssl/crypto/evp/e_aes_cbc_hmac_sha1.c	2
openssl/crypto/evp/e_aes_cbc_hmac_sha256.c	2
openssl/crypto/evp/e_aria.c	27
openssl/crypto/evp/e_camellia.c	21
openssl/crypto/evp/e_chacha20_poly1305.c	2
openssl/crypto/bn/bn_err.c	1
openssl/crypto/rsa/rsa_err.c	1
openssl/crypto/dh/dh_err.c	1
openssl/crypto/evp/evp_err.c	1
openssl/crypto/buffer/buf_err.c	1
openssl/crypto/objects/obj_err.c	1
openssl/crypto/pem/pem_err.c	1
openssl/crypto/dsa/dsa_err.c	1
openssl/crypto/x509/x509_err.c	1
openssl/crypto/asn1/asn1_err.c	1
openssl/crypto/conf/conf_err.c	1
openssl/crypto/cpt_err.c	1
openssl/crypto/comp/comp_err.c	1
openssl/crypto/ec/ec_err.c	1
openssl/crypto/bio/bio_err.c	1
openssl/crypto/pkcs7/pkcs7err.c	1
openssl/crypto/x509/v3err.c	1
openssl/crypto/pkcs12/pk12err.c	1
openssl/crypto/rand/rand_err.c	1
openssl/crypto/dso/dso_err.c	1
openssl/crypto/ts/ts_err.c	1
openssl/crypto/engine/eng_err.c	1
openssl/crypto/http/http_err.c	1
openssl/crypto/ocsp/ocsp_err.c	1
openssl/crypto/ui/ui_err.c	1
openssl/crypto/cms/cms_err.c	1
openssl/crypto/crmf/crmf_err.c	1
openssl/crypto/cmp/cmp_err.c	1
openssl/crypto/ct/ct_err.c	1
openssl/crypto/ess/ess_err.c	1
openssl/crypto/async/async_err.c	1
openssl/crypto/store/store_err.c	1
openssl/crypto/property/property_err.c	1
openssl/providers/common/provider_err.c	1
openssl/crypto/buffer/buffer.c	5
openssl/crypto/asn1/tasn_new.c	9
openssl/crypto/asn1/a_bitstr.c	2
openssl/crypto/bio/bss_null.c	1
openssl/crypto/x509/t_crl.c	2
openssl/crypto/x509/x509cset.c	10
openssl/crypto/x509/t_x509.c	2
openssl/crypto/bio/bio_dump.c	4
openssl/crypto/asn1/a_strex.c	8
openssl/crypto/x509/x_name.c	1
openssl/crypto/x509/x509_obj.c	1
openssl/crypto/x509/x509name.c	5
openssl/crypto/asn1/asn1_parse.c	4
openssl/crypto/asn1/tasn_enc.c	8
openssl/crypto/asn1/asn1_local.h	3
openssl/crypto/asn1/a_utf8.c	2
openssl/include/internal/unicode.h	1
openssl/crypto/asn1/a_time.c	6
openssl/crypto/o_time.c	4
openssl/crypto/x509/v3_prn.c	4
openssl/crypto/x509/x509_v3.c	3
openssl/crypto/x509/v3_lib.c	4
openssl/include/openssl/x509v3.h	2
openssl/crypto/bio/bf_prefix.c	1
openssl/crypto/asn1/a_print.c	1
openssl/crypto/asn1/f_int.c	1

Fuzzer: openssl/fuzz/driver.c

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	7459	99.9%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	1	0.01%
All colors	7460	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1442	1442	1 : View List ['curl_multi_cleanup']	1442	12361	Curl_close	call site: 00000	/src/curl/lib/url.c:248
1135	2615	11 : View List ['Curl_dyn_len', 'Curl_strndup', 'dedotdotify', 'Curl_dyn_init', 'strchr', 'curl_dbg_strdup', 'Curl_dyn_add', 'urlencode_str', 'memchr', 'curl_dbg_free', 'Curl_dyn_ptr']	1135	3059	parseurl	call site: 00000	/src/curl/lib/urlapi.c:1206
1016	1016	1 : View List ['curl_multi_remove_handle']	2458	13377	Curl_close	call site: 00000	/src/curl/lib/url.c:243
679	2288	8 : View List ['Curl_cookie_cleanup', 'Curl_get_line', 'curl_dbg_malloc', 'remove_expired', 'curl_strnequal', 'curl_dbg_free', 'Curl_cookie_add', 'curl_dbg_fclose']	679	2288	Curl_cookie_init	call site: 00000	/src/curl/lib/cookie.c:1243
332	332	2 : View List ['Curl_infof', 'curl_easy_strerror']	332	566	Curl_flush_cookies	call site: 00000	/src/curl/lib/cookie.c:1768
296	531	3 : View List ['qsort', 'curl_dbg_calloc', 'get_netscape_format']	303	2078	cookie_output	call site: 00000	/src/curl/lib/cookie.c:1656
265	265	1 : View List ['Curl_trc_opt']	265	265	Curl_trc_init	call site: 00000	/src/curl/lib/curl_trc.c:230
229	458	2 : View List ['Curl_cookie_clearall', 'Curl_cookie_cleanup']	229	682	Curl_vsetopt	call site: 00000	/src/curl/lib/setopt.c:750
228	448	3 : View List ['curl_dbg_fopen', 'Curl_infof', 'strcmp']	907	2736	Curl_cookie_init	call site: 00000	/src/curl/lib/cookie.c:1230
6	6	3 : View List ['strlen', 'fgets', 'feof']	6	6	Curl_get_line	call site: 00000	/src/curl/lib/curl_get_line.c:45
4	219	3 : View List ['__errno_location', 'fflush', 'curl_dbg_log']	4	219	countcheck	call site: 00000	/src/curl/lib/memdebug.c:111
4	4	2 : View List ['strlen', 'ntohl']	4	4	randit	call site: 00000	/src/curl/lib/rand.c:110

Runtime coverage analysis

Covered functions

139

Functions that are reachable but not covered

2297

Reachable functions

2298

Percentage of reachable functions covered

0.04%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
openssl/fuzz/driver.c	1
openssl/fuzz/asn1.c	1
openssl/crypto/asn1/tasn_dec.c	14
openssl/crypto/err/err_blocks.c	2
openssl/crypto/err/err.c	30
openssl/crypto/init.c	40
openssl/crypto/err/err_local.h	5
openssl/crypto/mem.c	7
openssl/crypto/threads_pthread.c	13
openssl/crypto/cpuid.c	4
openssl/crypto/ctype.c	4
openssl/crypto/initthread.c	21
openssl/crypto/stack/stack.c	17
openssl/crypto/comp/c_zlib.c	2
openssl/crypto/async/async.c	6
openssl/crypto/rand/rand_lib.c	18
openssl/providers/implementations/rands/seeding/rand_unix.c	4
openssl/crypto/engine/eng_init.c	4
openssl/crypto/cryptlib.c	2
openssl/crypto/engine/eng_lib.c	22
openssl/include/internal/refcount.h	2
openssl/crypto/engine/tb_pkmeth.c	7
openssl/crypto/evp/pmeth_lib.c	31
openssl/crypto/engine/tb_asnmth.c	9
openssl/crypto/asn1/ameth_lib.c	9
openssl/crypto/engine/eng_list.c	10
openssl/crypto/ex_data.c	14
openssl/crypto/context.c	15
openssl/include/internal/cryptlib.h	7
openssl/include/openssl/crypto.h	2
openssl/crypto/property/property_parse.c	25
openssl/crypto/property/property_string.c	12
openssl/crypto/lhash/lhash.c	15
openssl/crypto/conf/conf_mod.c	34
openssl/crypto/dso/dso_lib.c	9
openssl/crypto/engine/eng_local.h	14
openssl/crypto/store/store_init.c	1
openssl/crypto/store/store_register.c	1
openssl/crypto/store/store_local.h	1
openssl/crypto/bio/bio_lib.c	17
openssl/crypto/bio/bio_sock.c	1
openssl/crypto/evp/names.c	9
openssl/crypto/objects/o_names.c	12
openssl/crypto/objects/obj_local.h	18
openssl/crypto/evp/evp_pbe.c	6
openssl/crypto/evp/evp_local.h	3
openssl/crypto/objects/obj_xref.c	2
openssl/crypto/objects/obj_xref.h	2
openssl/include/crypto/evp.h	8
openssl/crypto/objects/obj_dat.c	24
openssl/crypto/asn1/a_object.c	7
openssl/include/openssl/err.h	4
openssl/crypto/mem_sec.c	18
openssl/crypto/cmp/cmp_util.c	1
openssl/crypto/trace.c	2
openssl/crypto/err/err_all.c	1
openssl/crypto/evp/c_allc.c	1
openssl/crypto/evp/e_des.c	6
openssl/crypto/evp/c_alld.c	1
openssl/crypto/evp/legacy_md4.c	1
openssl/crypto/conf/conf_sap.c	2
openssl/crypto/getenv.c	1
openssl/crypto/o_str.c	12
openssl/crypto/x509/x509_def.c	1
openssl/crypto/bio/bio_print.c	11
openssl/crypto/engine/eng_openssl.c	20
openssl/crypto/evp/evp_lib.c	38
openssl/crypto/provider_core.c	44
openssl/crypto/provider_local.h	4
openssl/crypto/provider_child.c	2
openssl/crypto/evp/cmeth_lib.c	8
openssl/crypto/evp/evp_enc.c	24
openssl/crypto/rsa/rsa_ossl.c	1
openssl/crypto/engine/tb_rsa.c	4
openssl/crypto/dsa/dsa_ossl.c	1
openssl/crypto/engine/tb_dsa.c	4
openssl/crypto/ec/ec_kmeth.c	3
openssl/crypto/engine/tb_eckey.c	6
openssl/crypto/dh/dh_key.c	1
openssl/crypto/engine/tb_dh.c	5
openssl/crypto/rand/rand_meth.c	1
openssl/crypto/engine/tb_rand.c	6
openssl/crypto/engine/tb_cipher.c	7
openssl/crypto/params.c	46
openssl/crypto/evp/evp_utils.c	5
openssl/crypto/engine/tb_digest.c	7
openssl/crypto/evp/digest.c	17
openssl/crypto/sha/sha_local.h	1
openssl/include/crypto/md32_common.h	2
openssl/crypto/engine/eng_pkey.c	1
openssl/crypto/bio/bss_file.c	2
openssl/crypto/o_fopen.c	1
openssl/crypto/pem/pem_pkey.c	5
openssl/crypto/bio/bf_readbuff.c	1
openssl/crypto/pem/pem_lib.c	15
openssl/crypto/evp/evp_key.c	3
openssl/crypto/ui/ui_lib.c	27
openssl/crypto/ui/ui_openssl.c	1
openssl/crypto/ui/ui_null.c	1
openssl/include/openssl/ui.h	2
openssl/crypto/err/err_prn.c	1
openssl/crypto/passphrase.c	10
openssl/crypto/encode_decode/decoder_pkey.c	13
openssl/crypto/encode_decode/decoder_meth.c	17
openssl/crypto/encode_decode/decoder_lib.c	24
openssl/crypto/evp/keymgmt_meth.c	21
openssl/crypto/evp/evp_fetch.c	16
openssl/crypto/core_namemap.c	20
openssl/crypto/engine/eng_rdrand.c	4
openssl/crypto/engine/eng_dyn.c	12
openssl/include/openssl/safestack.h	4
openssl/crypto/dso/dso_dlfcn.c	1
openssl/engines/e_padlock.c	22
openssl/crypto/asn1/evp_asn1.c	1
openssl/crypto/asn1/tasn_typ.c	19
openssl/crypto/asn1/asn1_lib.c	12
openssl/crypto/asn1/a_octet.c	1
openssl/crypto/asn1/a_type.c	1
openssl/crypto/asn1/tasn_fre.c	5
openssl/engines/e_afalg.c	27
openssl/engines/e_afalg_err.c	3
openssl/crypto/engine/eng_fat.c	5
openssl/crypto/engine/eng_table.c	8
openssl/crypto/async/async_wait.c	3
openssl/crypto/async/arch/async_posix.h	1
openssl/crypto/bsearch.c	1
openssl/crypto/bn/bn_word.c	4
openssl/crypto/bn/bn_lib.c	42
openssl/crypto/bn/bn_local.h	1
openssl/crypto/bn/bn_shift.c	6
openssl/crypto/bn/bn_conv.c	5
openssl/include/internal/constant_time.h	6
openssl/crypto/bn/asm/x86_64-gcc.c	10
openssl/include/crypto/asn1.h	3
openssl/crypto/property/property.c	25
openssl/crypto/sparse_array.c	1
openssl/crypto/core_fetch.c	3
openssl/crypto/core_algorithm.c	4
openssl/include/openssl/core_dispatch.h	96
openssl/crypto/provider.c	2
openssl/crypto/property/property_query.c	3
openssl/crypto/encode_decode/encoder_local.h	10
openssl/crypto/evp/keymgmt_lib.c	14
openssl/crypto/evp/p_lib.c	24
openssl/include/openssl/x509.h	4
openssl/crypto/x509/x_attrib.c	2
openssl/include/openssl/asn1t.h	2
openssl/crypto/asn1/tasn_utl.c	13
openssl/crypto/asn1/a_int.c	12
openssl/crypto/bio/bss_mem.c	3
openssl/crypto/bio/ossl_core_bio.c	3
openssl/crypto/ui/ui_util.c	8
openssl/crypto/evp/encode.c	7
openssl/crypto/evp/legacy_md5.c	1
openssl/crypto/evp/m_sigver.c	7
openssl/crypto/evp/signature.c	9
openssl/crypto/evp/exchange.c	2
openssl/crypto/evp/kem.c	2
openssl/crypto/evp/asymcipher.c	2
openssl/crypto/evp/ctrl_params_translate.c	10
openssl/crypto/params_from_text.c	3
openssl/crypto/asn1/p8_pkey.c	6
openssl/crypto/evp/evp_pkey.c	2
openssl/crypto/asn1/x_sig.c	3
openssl/crypto/pkcs12/p12_p8d.c	2
openssl/crypto/pkcs12/p12_decr.c	2
openssl/crypto/asn1/d2i_pr.c	5
openssl/crypto/x509/x_pubkey.c	7
openssl/crypto/conf/conf_lib.c	10
openssl/crypto/conf/conf_def.c	1
openssl/crypto/conf/conf_api.c	3
openssl/include/openssl/conf.h	3
openssl/crypto/conf/conf_mall.c	1
openssl/crypto/asn1/asn_moid.c	3
openssl/crypto/objects/obj_lib.c	1
openssl/crypto/asn1/asn_mstbl.c	3
openssl/crypto/x509/v3_utl.c	10
openssl/crypto/asn1/asn1_gen.c	3
openssl/crypto/asn1/a_strnid.c	6
openssl/include/openssl/asn1.h	6
openssl/crypto/engine/eng_cnf.c	5
openssl/crypto/engine/eng_all.c	1
openssl/crypto/engine/eng_ctrl.c	7
openssl/crypto/evp/evp_cnf.c	2
openssl/crypto/conf/conf_ssl.c	3
openssl/crypto/provider_conf.c	10
openssl/crypto/encode_decode/encoder_meth.c	18
openssl/crypto/store/store_meth.c	3
openssl/crypto/evp/legacy_md5_sha1.c	1
openssl/crypto/evp/legacy_sha.c	13
openssl/crypto/evp/legacy_mdc2.c	1
openssl/crypto/evp/legacy_ripemd.c	1
openssl/crypto/evp/legacy_wp.c	1
openssl/crypto/sm3/legacy_sm3.c	1
openssl/crypto/evp/legacy_blake2.c	2
openssl/crypto/evp/e_des3.c	11
openssl/crypto/evp/e_xcbc_d.c	1
openssl/crypto/evp/e_rc4.c	2
openssl/crypto/evp/e_rc4_hmac_md5.c	1
openssl/crypto/evp/e_idea.c	4
openssl/crypto/evp/e_seed.c	4
openssl/crypto/evp/e_sm4.c	5
openssl/crypto/evp/e_rc2.c	6
openssl/crypto/evp/e_bf.c	4
openssl/crypto/evp/e_cast.c	4
openssl/crypto/evp/e_rc5.c	4
openssl/crypto/evp/e_aes.c	38
openssl/crypto/evp/e_aes_cbc_hmac_sha1.c	2
openssl/crypto/evp/e_aes_cbc_hmac_sha256.c	2
openssl/crypto/evp/e_aria.c	27
openssl/crypto/evp/e_camellia.c	21
openssl/crypto/evp/e_chacha20_poly1305.c	2
openssl/crypto/bn/bn_err.c	1
openssl/crypto/rsa/rsa_err.c	1
openssl/crypto/dh/dh_err.c	1
openssl/crypto/evp/evp_err.c	1
openssl/crypto/buffer/buf_err.c	1
openssl/crypto/objects/obj_err.c	1
openssl/crypto/pem/pem_err.c	1
openssl/crypto/dsa/dsa_err.c	1
openssl/crypto/x509/x509_err.c	1
openssl/crypto/asn1/asn1_err.c	1
openssl/crypto/conf/conf_err.c	1
openssl/crypto/cpt_err.c	1
openssl/crypto/comp/comp_err.c	1
openssl/crypto/ec/ec_err.c	1
openssl/crypto/bio/bio_err.c	1
openssl/crypto/pkcs7/pkcs7err.c	1
openssl/crypto/x509/v3err.c	1
openssl/crypto/pkcs12/pk12err.c	1
openssl/crypto/rand/rand_err.c	1
openssl/crypto/dso/dso_err.c	1
openssl/crypto/ts/ts_err.c	1
openssl/crypto/engine/eng_err.c	1
openssl/crypto/http/http_err.c	1
openssl/crypto/ocsp/ocsp_err.c	1
openssl/crypto/ui/ui_err.c	1
openssl/crypto/cms/cms_err.c	1
openssl/crypto/crmf/crmf_err.c	1
openssl/crypto/cmp/cmp_err.c	1
openssl/crypto/ct/ct_err.c	1
openssl/crypto/ess/ess_err.c	1
openssl/crypto/async/async_err.c	1
openssl/crypto/store/store_err.c	1
openssl/crypto/property/property_err.c	1
openssl/providers/common/provider_err.c	1
openssl/crypto/buffer/buffer.c	5
openssl/crypto/asn1/tasn_new.c	9
openssl/crypto/asn1/a_bitstr.c	3
openssl/crypto/bio/bss_null.c	1
openssl/crypto/asn1/tasn_prn.c	9
openssl/crypto/asn1/asn1_local.h	3
openssl/crypto/asn1/asn1_parse.c	4
openssl/crypto/asn1/a_utctm.c	1
openssl/crypto/asn1/a_time.c	6
openssl/crypto/o_time.c	4
openssl/crypto/asn1/a_gentm.c	1
openssl/crypto/bio/bio_dump.c	4
openssl/crypto/bio/bf_prefix.c	1
openssl/crypto/asn1/a_strex.c	6
openssl/crypto/asn1/tasn_enc.c	8
openssl/crypto/asn1/a_utf8.c	2
openssl/include/internal/unicode.h	1
openssl/crypto/ts/ts_asn1.c	12
openssl/crypto/ts/ts_req_print.c	1
openssl/crypto/ts/ts_req_utils.c	2
openssl/crypto/ts/ts_lib.c	5
openssl/crypto/x509/x509_v3.c	5
openssl/crypto/x509/v3_prn.c	3
openssl/crypto/x509/v3_lib.c	4
openssl/include/openssl/x509v3.h	2
openssl/crypto/asn1/a_print.c	1
openssl/crypto/ts/ts_rsp_print.c	5
openssl/crypto/x509/v3_san.c	1
openssl/crypto/x509/x509_obj.c	1
openssl/crypto/ess/ess_asn1.c	10
openssl/crypto/dh/dh_asn1.c	5
openssl/crypto/dh/dh_lib.c	6
openssl/crypto/ffc/ffc_params.c	6
openssl/crypto/dh/dh_group_params.c	1
openssl/crypto/ffc/ffc_dh.c	4
openssl/crypto/dsa/dsa_sign.c	3
openssl/crypto/asn1_dsa.c	3
openssl/include/internal/packet.h	14
openssl/crypto/dsa/dsa_asn1.c	6
openssl/crypto/dsa/dsa_lib.c	1
openssl/crypto/rsa/rsa_asn1.c	4
openssl/crypto/rsa/rsa_lib.c	1
openssl/crypto/rsa/rsa_local.h	1
openssl/crypto/rsa/rsa_mp.c	2
openssl/crypto/bn/bn_blind.c	1
openssl/crypto/ec/ec_asn1.c	14
openssl/crypto/ec/ec_curve.c	6
openssl/crypto/ec/ec_lib.c	36
openssl/crypto/bn/bn_ctx.c	15
openssl/crypto/ec/ec_cvt.c	2
openssl/crypto/ec/ecp_mont.c	1
openssl/crypto/ec/ecp_nistz256.c	2
openssl/crypto/ec/ecp_nistp224.c	2
openssl/crypto/ec/ecp_nistp256.c	2
openssl/crypto/ec/ecp_nistp521.c	2
openssl/crypto/ec/ec_mult.c	2
openssl/crypto/bn/bn_mont.c	11
openssl/crypto/ec/ec2_smpl.c	1
openssl/crypto/ec/ec_local.h	1
openssl/crypto/bn/bn_add.c	4
openssl/crypto/bn/bn_div.c	3
openssl/crypto/bn/bn_gcd.c	3
openssl/crypto/bn/bn_mod.c	7
openssl/crypto/bn/bn_mul.c	6
openssl/crypto/ec/ec_oct.c	4
openssl/crypto/ec/ecp_oct.c	3
openssl/crypto/bn/bn_sqr.c	4
openssl/crypto/bn/bn_sqrt.c	1
openssl/crypto/bn/bn_exp.c	8
openssl/crypto/bn/rsaz_exp.c	2
openssl/crypto/bn/rsaz_exp.h	2
openssl/crypto/bn/bn_recp.c	6
openssl/crypto/bn/bn_rand.c	2
openssl/crypto/evp/evp_rand.c	18
openssl/crypto/bn/bn_kron.c	1
openssl/crypto/ec/ec2_oct.c	3
openssl/crypto/bn/bn_gf2m.c	7
openssl/crypto/ec/eck_prn.c	2
openssl/crypto/evp/ec_support.c	1
openssl/crypto/asn1/t_pkey.c	2
openssl/crypto/bn/bn_intern.c	1
openssl/crypto/ec/ec_key.c	11
openssl/crypto/ec/ec_ameth.c	3
openssl/crypto/encode_decode/encoder_pkey.c	7
openssl/crypto/encode_decode/encoder_lib.c	18
openssl/crypto/asn1/i2d_evp.c	2
openssl/ssl/ssl_asn1.c	5
openssl/ssl/ssl_sess.c	3
openssl/ssl/ssl_init.c	8
openssl/ssl/ssl_ciph.c	10
openssl/include/openssl/ssl.h	3
openssl/crypto/comp/comp_lib.c	2
openssl/ssl/s3_lib.c	3
openssl/ssl/ssl_err.c	1
openssl/ssl/ssl_lib.c	8
openssl/crypto/x509/x_x509.c	2
openssl/ssl/ssl_txt.c	1
openssl/ssl/tls_depr.c	1
openssl/crypto/x509/x509_txt.c	1

Fuzzer: openssl/fuzz/driver.c

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	9008	99.9%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	1	0.01%
All colors	9009	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1442	1442	1 : View List ['curl_multi_cleanup']	1442	12361	Curl_close	call site: 00000	/src/curl/lib/url.c:248
1135	2615	11 : View List ['Curl_dyn_len', 'Curl_strndup', 'dedotdotify', 'Curl_dyn_init', 'strchr', 'curl_dbg_strdup', 'Curl_dyn_add', 'urlencode_str', 'memchr', 'curl_dbg_free', 'Curl_dyn_ptr']	1135	3059	parseurl	call site: 00000	/src/curl/lib/urlapi.c:1206
1016	1016	1 : View List ['curl_multi_remove_handle']	2458	13377	Curl_close	call site: 00000	/src/curl/lib/url.c:243
679	2288	8 : View List ['Curl_cookie_cleanup', 'Curl_get_line', 'curl_dbg_malloc', 'remove_expired', 'curl_strnequal', 'curl_dbg_free', 'Curl_cookie_add', 'curl_dbg_fclose']	679	2288	Curl_cookie_init	call site: 00000	/src/curl/lib/cookie.c:1243
332	332	2 : View List ['Curl_infof', 'curl_easy_strerror']	332	566	Curl_flush_cookies	call site: 00000	/src/curl/lib/cookie.c:1768
296	531	3 : View List ['qsort', 'curl_dbg_calloc', 'get_netscape_format']	303	2078	cookie_output	call site: 00000	/src/curl/lib/cookie.c:1656
265	265	1 : View List ['Curl_trc_opt']	265	265	Curl_trc_init	call site: 00000	/src/curl/lib/curl_trc.c:230
229	458	2 : View List ['Curl_cookie_clearall', 'Curl_cookie_cleanup']	229	682	Curl_vsetopt	call site: 00000	/src/curl/lib/setopt.c:750
228	448	3 : View List ['curl_dbg_fopen', 'Curl_infof', 'strcmp']	907	2736	Curl_cookie_init	call site: 00000	/src/curl/lib/cookie.c:1230
6	6	3 : View List ['strlen', 'fgets', 'feof']	6	6	Curl_get_line	call site: 00000	/src/curl/lib/curl_get_line.c:45
4	219	3 : View List ['__errno_location', 'fflush', 'curl_dbg_log']	4	219	countcheck	call site: 00000	/src/curl/lib/memdebug.c:111
4	4	2 : View List ['strlen', 'ntohl']	4	4	randit	call site: 00000	/src/curl/lib/rand.c:110

Runtime coverage analysis

Covered functions

139

Functions that are reachable but not covered

2844

Reachable functions

2845

Percentage of reachable functions covered

0.04%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
openssl/fuzz/driver.c	1
openssl/fuzz/cmp.c	6
openssl/crypto/bio/bss_mem.c	3
openssl/crypto/bio/bio_lib.c	19
openssl/crypto/mem.c	7
openssl/crypto/err/err_blocks.c	2
openssl/crypto/err/err.c	32
openssl/crypto/init.c	39
openssl/crypto/err/err_local.h	5
openssl/crypto/threads_pthread.c	13
openssl/crypto/cpuid.c	4
openssl/crypto/ctype.c	5
openssl/crypto/initthread.c	21
openssl/crypto/stack/stack.c	20
openssl/crypto/comp/c_zlib.c	1
openssl/crypto/async/async.c	6
openssl/crypto/rand/rand_lib.c	16
openssl/providers/implementations/rands/seeding/rand_unix.c	4
openssl/crypto/engine/eng_init.c	4
openssl/crypto/cryptlib.c	2
openssl/crypto/engine/eng_lib.c	22
openssl/include/internal/refcount.h	2
openssl/crypto/engine/tb_pkmeth.c	7
openssl/crypto/evp/pmeth_lib.c	35
openssl/crypto/engine/tb_asnmth.c	9
openssl/crypto/asn1/ameth_lib.c	9
openssl/crypto/engine/eng_list.c	10
openssl/crypto/ex_data.c	14
openssl/crypto/context.c	15
openssl/include/internal/cryptlib.h	7
openssl/include/openssl/crypto.h	2
openssl/crypto/property/property_parse.c	25
openssl/crypto/property/property_string.c	12
openssl/crypto/lhash/lhash.c	15
openssl/crypto/conf/conf_mod.c	34
openssl/crypto/dso/dso_lib.c	9
openssl/crypto/engine/eng_local.h	14
openssl/crypto/store/store_init.c	1
openssl/crypto/store/store_register.c	1
openssl/crypto/store/store_local.h	1
openssl/crypto/bio/bio_sock.c	1
openssl/crypto/evp/names.c	9
openssl/crypto/objects/o_names.c	12
openssl/crypto/objects/obj_local.h	18
openssl/crypto/evp/evp_pbe.c	7
openssl/crypto/evp/evp_local.h	3
openssl/crypto/objects/obj_xref.c	8
openssl/crypto/objects/obj_xref.h	4
openssl/include/crypto/evp.h	8
openssl/crypto/objects/obj_dat.c	24
openssl/crypto/asn1/a_object.c	7
openssl/include/openssl/err.h	4
openssl/crypto/mem_sec.c	18
openssl/crypto/cmp/cmp_util.c	8
openssl/crypto/trace.c	2
openssl/crypto/err/err_all.c	1
openssl/crypto/evp/c_allc.c	1
openssl/crypto/evp/e_des.c	6
openssl/crypto/evp/c_alld.c	1
openssl/crypto/evp/legacy_md4.c	1
openssl/crypto/conf/conf_sap.c	2
openssl/crypto/getenv.c	1
openssl/crypto/o_str.c	13
openssl/crypto/x509/x509_def.c	1
openssl/crypto/bio/bio_print.c	11
openssl/crypto/engine/eng_openssl.c	20
openssl/crypto/evp/evp_lib.c	42
openssl/crypto/provider_core.c	44
openssl/crypto/provider_local.h	4
openssl/crypto/provider_child.c	2
openssl/crypto/evp/cmeth_lib.c	8
openssl/crypto/evp/evp_enc.c	27
openssl/crypto/rsa/rsa_ossl.c	1
openssl/crypto/engine/tb_rsa.c	4
openssl/crypto/dsa/dsa_ossl.c	1
openssl/crypto/engine/tb_dsa.c	4
openssl/crypto/ec/ec_kmeth.c	1
openssl/crypto/engine/tb_eckey.c	4
openssl/crypto/dh/dh_key.c	1
openssl/crypto/engine/tb_dh.c	4
openssl/crypto/rand/rand_meth.c	1
openssl/crypto/engine/tb_rand.c	6
openssl/crypto/engine/tb_cipher.c	7
openssl/crypto/params.c	46
openssl/crypto/evp/evp_utils.c	5
openssl/crypto/engine/tb_digest.c	7
openssl/crypto/evp/digest.c	20
openssl/crypto/sha/sha_local.h	1
openssl/include/crypto/md32_common.h	2
openssl/crypto/engine/eng_pkey.c	1
openssl/crypto/bio/bss_file.c	3
openssl/crypto/o_fopen.c	1
openssl/crypto/pem/pem_pkey.c	5
openssl/crypto/bio/bf_readbuff.c	1
openssl/crypto/pem/pem_lib.c	15
openssl/crypto/evp/evp_key.c	3
openssl/crypto/ui/ui_lib.c	27
openssl/crypto/ui/ui_openssl.c	1
openssl/crypto/ui/ui_null.c	1
openssl/include/openssl/ui.h	2
openssl/crypto/err/err_prn.c	5
openssl/crypto/passphrase.c	10
openssl/crypto/encode_decode/decoder_pkey.c	13
openssl/crypto/encode_decode/decoder_meth.c	17
openssl/crypto/encode_decode/decoder_lib.c	23
openssl/crypto/evp/keymgmt_meth.c	23
openssl/crypto/evp/evp_fetch.c	16
openssl/crypto/core_namemap.c	20
openssl/crypto/engine/eng_rdrand.c	4
openssl/crypto/engine/eng_dyn.c	12
openssl/include/openssl/safestack.h	4
openssl/crypto/dso/dso_dlfcn.c	1
openssl/engines/e_padlock.c	22
openssl/crypto/asn1/evp_asn1.c	2
openssl/crypto/asn1/tasn_typ.c	23
openssl/crypto/asn1/asn1_lib.c	17
openssl/crypto/asn1/a_octet.c	3
openssl/crypto/asn1/a_type.c	3
openssl/crypto/asn1/tasn_fre.c	5
openssl/engines/e_afalg.c	27
openssl/engines/e_afalg_err.c	3
openssl/crypto/engine/eng_fat.c	5
openssl/crypto/engine/eng_table.c	8
openssl/crypto/async/async_wait.c	3
openssl/crypto/async/arch/async_posix.h	1
openssl/crypto/bsearch.c	1
openssl/crypto/bn/bn_word.c	4
openssl/crypto/bn/bn_lib.c	24
openssl/crypto/bn/bn_local.h	1
openssl/crypto/bn/bn_shift.c	2
openssl/crypto/bn/bn_conv.c	4
openssl/include/internal/constant_time.h	7
openssl/crypto/bn/asm/x86_64-gcc.c	2
openssl/include/crypto/asn1.h	3
openssl/crypto/property/property.c	25
openssl/crypto/sparse_array.c	1
openssl/crypto/core_fetch.c	3
openssl/crypto/core_algorithm.c	4
openssl/include/openssl/core_dispatch.h	115
openssl/crypto/provider.c	2
openssl/crypto/property/property_query.c	3
openssl/crypto/encode_decode/encoder_local.h	10
openssl/crypto/evp/keymgmt_lib.c	16
openssl/crypto/evp/p_lib.c	38
openssl/include/openssl/x509.h	10
openssl/crypto/x509/x_attrib.c	2
openssl/include/openssl/asn1t.h	2
openssl/crypto/asn1/tasn_utl.c	13
openssl/crypto/asn1/a_int.c	20
openssl/crypto/bio/ossl_core_bio.c	3
openssl/crypto/ui/ui_util.c	8
openssl/crypto/evp/encode.c	7
openssl/crypto/evp/legacy_md5.c	1
openssl/crypto/evp/m_sigver.c	11
openssl/crypto/evp/signature.c	12
openssl/crypto/evp/exchange.c	3
openssl/crypto/evp/kem.c	3
openssl/crypto/evp/asymcipher.c	10
openssl/crypto/evp/ctrl_params_translate.c	13
openssl/crypto/params_from_text.c	3
openssl/crypto/asn1/p8_pkey.c	4
openssl/crypto/asn1/tasn_dec.c	14
openssl/crypto/buffer/buffer.c	5
openssl/crypto/asn1/tasn_new.c	10
openssl/crypto/asn1/a_bitstr.c	5
openssl/crypto/evp/evp_pkey.c	1
openssl/crypto/asn1/x_sig.c	3
openssl/crypto/pkcs12/p12_p8d.c	2
openssl/crypto/pkcs12/p12_decr.c	2
openssl/crypto/asn1/d2i_pr.c	1
openssl/crypto/x509/x_pubkey.c	13
openssl/crypto/conf/conf_lib.c	10
openssl/crypto/conf/conf_def.c	1
openssl/crypto/conf/conf_api.c	3
openssl/include/openssl/conf.h	3
openssl/crypto/conf/conf_mall.c	1
openssl/crypto/asn1/asn_moid.c	3
openssl/crypto/objects/obj_lib.c	2
openssl/crypto/asn1/asn_mstbl.c	3
openssl/crypto/x509/v3_utl.c	18
openssl/crypto/asn1/asn1_gen.c	3
openssl/crypto/asn1/a_strnid.c	6
openssl/include/openssl/asn1.h	8
openssl/crypto/engine/eng_cnf.c	5
openssl/crypto/engine/eng_all.c	1
openssl/crypto/engine/eng_ctrl.c	7
openssl/crypto/evp/evp_cnf.c	2
openssl/crypto/conf/conf_ssl.c	3
openssl/crypto/provider_conf.c	10
openssl/crypto/encode_decode/encoder_meth.c	18
openssl/crypto/store/store_meth.c	3
openssl/crypto/evp/legacy_md5_sha1.c	1
openssl/crypto/evp/legacy_sha.c	13
openssl/crypto/evp/legacy_mdc2.c	1
openssl/crypto/evp/legacy_ripemd.c	1
openssl/crypto/evp/legacy_wp.c	1
openssl/crypto/sm3/legacy_sm3.c	1
openssl/crypto/evp/legacy_blake2.c	2
openssl/crypto/evp/e_des3.c	11
openssl/crypto/evp/e_xcbc_d.c	1
openssl/crypto/evp/e_rc4.c	2
openssl/crypto/evp/e_rc4_hmac_md5.c	1
openssl/crypto/evp/e_idea.c	4
openssl/crypto/evp/e_seed.c	4
openssl/crypto/evp/e_sm4.c	5
openssl/crypto/evp/e_rc2.c	6
openssl/crypto/evp/e_bf.c	4
openssl/crypto/evp/e_cast.c	4
openssl/crypto/evp/e_rc5.c	4
openssl/crypto/evp/e_aes.c	38
openssl/crypto/evp/e_aes_cbc_hmac_sha1.c	2
openssl/crypto/evp/e_aes_cbc_hmac_sha256.c	2
openssl/crypto/evp/e_aria.c	27
openssl/crypto/evp/e_camellia.c	21
openssl/crypto/evp/e_chacha20_poly1305.c	2
openssl/crypto/bn/bn_err.c	1
openssl/crypto/rsa/rsa_err.c	1
openssl/crypto/dh/dh_err.c	1
openssl/crypto/evp/evp_err.c	1
openssl/crypto/buffer/buf_err.c	1
openssl/crypto/objects/obj_err.c	1
openssl/crypto/pem/pem_err.c	1
openssl/crypto/dsa/dsa_err.c	1
openssl/crypto/x509/x509_err.c	1
openssl/crypto/asn1/asn1_err.c	1
openssl/crypto/conf/conf_err.c	1
openssl/crypto/cpt_err.c	1
openssl/crypto/comp/comp_err.c	1
openssl/crypto/ec/ec_err.c	1
openssl/crypto/bio/bio_err.c	1
openssl/crypto/pkcs7/pkcs7err.c	1
openssl/crypto/x509/v3err.c	1
openssl/crypto/pkcs12/pk12err.c	1
openssl/crypto/rand/rand_err.c	1
openssl/crypto/dso/dso_err.c	1
openssl/crypto/ts/ts_err.c	1
openssl/crypto/engine/eng_err.c	1
openssl/crypto/http/http_err.c	1
openssl/crypto/ocsp/ocsp_err.c	1
openssl/crypto/ui/ui_err.c	1
openssl/crypto/cms/cms_err.c	1
openssl/crypto/crmf/crmf_err.c	1
openssl/crypto/cmp/cmp_err.c	1
openssl/crypto/ct/ct_err.c	1
openssl/crypto/ess/ess_err.c	1
openssl/crypto/async/async_err.c	1
openssl/crypto/store/store_err.c	1
openssl/crypto/property/property_err.c	1
openssl/providers/common/provider_err.c	1
openssl/crypto/cmp/cmp_msg.c	35
openssl/crypto/cmp/cmp_asn.c	36
openssl/crypto/asn1/a_d2i_fp.c	2
openssl/crypto/bio/bss_null.c	1
openssl/crypto/cmp/cmp_server.c	12
openssl/crypto/cmp/cmp_ctx.c	26
openssl/crypto/http/http_client.c	2
openssl/crypto/x509/x_x509.c	11
openssl/crypto/x509/x_name.c	10
openssl/crypto/x509/x509_lu.c	18
openssl/include/openssl/x509_vfy.h	9
openssl/crypto/x509/x_crl.c	4
openssl/crypto/x509/x509_vpm.c	14
openssl/include/openssl/cmp.h	8
openssl/include/openssl/x509v3.h	19
openssl/crypto/x509/v3_genn.c	8
openssl/crypto/x509/x_exten.c	5
openssl/crypto/x509/v3_cpols.c	4
openssl/crypto/x509/x_req.c	4
openssl/crypto/asn1/a_i2d_fp.c	1
openssl/crypto/asn1/tasn_enc.c	8
openssl/crypto/asn1/asn1_local.h	3
openssl/crypto/asn1/tasn_prn.c	4
openssl/crypto/x509/x509_set.c	14
openssl/crypto/asn1/a_dup.c	1
openssl/crypto/cmp/cmp_client.c	13
openssl/crypto/cmp/cmp_hdr.c	17
openssl/crypto/x509/x509_cmp.c	18
openssl/crypto/asn1/a_gentm.c	2
openssl/crypto/o_time.c	6
openssl/crypto/asn1/a_time.c	12
openssl/crypto/evp/evp_rand.c	15
openssl/crypto/crmf/crmf_asn.c	28
openssl/crypto/cmp/cmp_local.h	12
openssl/crypto/x509/x509_req.c	5
openssl/crypto/x509/x509name.c	9
openssl/crypto/x509/x509_v3.c	12
openssl/crypto/crmf/crmf_lib.c	18
openssl/crypto/x509/x509_att.c	4
openssl/crypto/x509/v3_lib.c	6
openssl/crypto/x509/v3_conf.c	2
openssl/crypto/crmf/crmf_local.h	3
openssl/crypto/asn1/a_sign.c	2
openssl/crypto/asn1/x_algor.c	9
openssl/include/openssl/crmf.h	4
openssl/crypto/cmp/cmp_protect.c	6
openssl/crypto/crmf/crmf_pbm.c	2
openssl/crypto/x509/v3_purp.c	20
openssl/crypto/x509/x_all.c	4
openssl/crypto/asn1/a_digest.c	1
openssl/crypto/x509/x509_ext.c	6
openssl/crypto/x509/v3_bcons.c	2
openssl/crypto/x509/v3_pcia.c	2
openssl/crypto/x509/v3_crld.c	1
openssl/crypto/evp/mac_lib.c	10
openssl/crypto/evp/mac_meth.c	9
openssl/crypto/x509/x509_vfy.c	67
openssl/crypto/x509/pcy_tree.c	14
openssl/crypto/x509/pcy_node.c	7
openssl/crypto/x509/pcy_local.h	7
openssl/crypto/x509/pcy_data.c	2
openssl/crypto/asn1/a_verify.c	2
openssl/crypto/rsa/rsa_ameth.c	3
openssl/crypto/rsa/rsa_backend.c	2
openssl/crypto/rsa/rsa_asn1.c	2
openssl/crypto/asn1/asn_pack.c	1
openssl/crypto/rsa/rsa_pss.c	3
openssl/crypto/rsa/rsa_lib.c	4
openssl/crypto/asn1/a_utctm.c	1
openssl/crypto/x509/x509cset.c	4
openssl/crypto/x509/pcy_cache.c	6
openssl/crypto/x509/pcy_map.c	1
openssl/crypto/x509/v3_pmaps.c	2
openssl/crypto/x509/v3_pcons.c	2
openssl/crypto/x509/pcy_lib.c	1
openssl/include/internal/dane.h	2
openssl/crypto/asn1/a_strex.c	9
openssl/crypto/asn1/a_mbstr.c	7
openssl/crypto/asn1/a_utf8.c	2
openssl/include/internal/unicode.h	1
openssl/crypto/x509/x509_trust.c	5
openssl/crypto/x509/v3_ncons.c	15
openssl/crypto/punycode.c	6
openssl/crypto/x509/v3_asid.c	6
openssl/crypto/x509/v3_addr.c	9
openssl/crypto/cmp/cmp_vfy.c	17
openssl/crypto/x509/x509_obj.c	1
openssl/crypto/x509/t_x509.c	5
openssl/crypto/bio/bio_dump.c	4
openssl/crypto/asn1/asn1_parse.c	4
openssl/crypto/bio/bf_prefix.c	1
openssl/crypto/encode_decode/encoder_pkey.c	7
openssl/crypto/encode_decode/encoder_lib.c	18
openssl/crypto/x509/v3_prn.c	4
openssl/crypto/asn1/a_print.c	1
openssl/crypto/x509/x_x509a.c	5
openssl/crypto/cmp/cmp_status.c	6
openssl/./e_os.h	1

Fuzzer: openssl/fuzz/driver.c

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	5148	99.9%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	1	0.01%
All colors	5149	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1442	1442	1 : View List ['curl_multi_cleanup']	1442	12361	Curl_close	call site: 00000	/src/curl/lib/url.c:248
1135	2615	11 : View List ['Curl_dyn_len', 'Curl_strndup', 'dedotdotify', 'Curl_dyn_init', 'strchr', 'curl_dbg_strdup', 'Curl_dyn_add', 'urlencode_str', 'memchr', 'curl_dbg_free', 'Curl_dyn_ptr']	1135	3059	parseurl	call site: 00000	/src/curl/lib/urlapi.c:1206
1016	1016	1 : View List ['curl_multi_remove_handle']	2458	13377	Curl_close	call site: 00000	/src/curl/lib/url.c:243
679	2288	8 : View List ['Curl_cookie_cleanup', 'Curl_get_line', 'curl_dbg_malloc', 'remove_expired', 'curl_strnequal', 'curl_dbg_free', 'Curl_cookie_add', 'curl_dbg_fclose']	679	2288	Curl_cookie_init	call site: 00000	/src/curl/lib/cookie.c:1243
332	332	2 : View List ['Curl_infof', 'curl_easy_strerror']	332	566	Curl_flush_cookies	call site: 00000	/src/curl/lib/cookie.c:1768
296	531	3 : View List ['qsort', 'curl_dbg_calloc', 'get_netscape_format']	303	2078	cookie_output	call site: 00000	/src/curl/lib/cookie.c:1656
265	265	1 : View List ['Curl_trc_opt']	265	265	Curl_trc_init	call site: 00000	/src/curl/lib/curl_trc.c:230
229	458	2 : View List ['Curl_cookie_clearall', 'Curl_cookie_cleanup']	229	682	Curl_vsetopt	call site: 00000	/src/curl/lib/setopt.c:750
228	448	3 : View List ['curl_dbg_fopen', 'Curl_infof', 'strcmp']	907	2736	Curl_cookie_init	call site: 00000	/src/curl/lib/cookie.c:1230
6	6	3 : View List ['strlen', 'fgets', 'feof']	6	6	Curl_get_line	call site: 00000	/src/curl/lib/curl_get_line.c:45
4	219	3 : View List ['__errno_location', 'fflush', 'curl_dbg_log']	4	219	countcheck	call site: 00000	/src/curl/lib/memdebug.c:111
4	4	2 : View List ['strlen', 'ntohl']	4	4	randit	call site: 00000	/src/curl/lib/rand.c:110

Runtime coverage analysis

Covered functions

139

Functions that are reachable but not covered

1397

Reachable functions

1398

Percentage of reachable functions covered

0.07%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
openssl/fuzz/driver.c	1
openssl/fuzz/cms.c	1
openssl/crypto/bio/bss_mem.c	3
openssl/crypto/bio/bio_lib.c	16
openssl/crypto/mem.c	7
openssl/crypto/err/err_blocks.c	2
openssl/crypto/err/err.c	30
openssl/crypto/init.c	39
openssl/crypto/err/err_local.h	5
openssl/crypto/threads_pthread.c	13
openssl/crypto/cpuid.c	4
openssl/crypto/ctype.c	3
openssl/crypto/initthread.c	21
openssl/crypto/stack/stack.c	16
openssl/crypto/comp/c_zlib.c	1
openssl/crypto/async/async.c	6
openssl/crypto/rand/rand_lib.c	9
openssl/providers/implementations/rands/seeding/rand_unix.c	4
openssl/crypto/engine/eng_init.c	4
openssl/crypto/cryptlib.c	2
openssl/crypto/engine/eng_lib.c	22
openssl/include/internal/refcount.h	2
openssl/crypto/engine/tb_pkmeth.c	7
openssl/crypto/evp/pmeth_lib.c	31
openssl/crypto/engine/tb_asnmth.c	9
openssl/crypto/asn1/ameth_lib.c	9
openssl/crypto/engine/eng_list.c	10
openssl/crypto/ex_data.c	14
openssl/crypto/context.c	15
openssl/include/internal/cryptlib.h	7
openssl/include/openssl/crypto.h	2
openssl/crypto/property/property_parse.c	25
openssl/crypto/property/property_string.c	12
openssl/crypto/lhash/lhash.c	15
openssl/crypto/conf/conf_mod.c	34
openssl/crypto/dso/dso_lib.c	9
openssl/crypto/engine/eng_local.h	14
openssl/crypto/store/store_init.c	1
openssl/crypto/store/store_register.c	1
openssl/crypto/store/store_local.h	1
openssl/crypto/bio/bio_sock.c	1
openssl/crypto/evp/names.c	9
openssl/crypto/objects/o_names.c	12
openssl/crypto/objects/obj_local.h	18
openssl/crypto/evp/evp_pbe.c	6
openssl/crypto/evp/evp_local.h	3
openssl/crypto/objects/obj_xref.c	2
openssl/crypto/objects/obj_xref.h	2
openssl/include/crypto/evp.h	8
openssl/crypto/objects/obj_dat.c	23
openssl/crypto/asn1/a_object.c	6
openssl/include/openssl/err.h	4
openssl/crypto/mem_sec.c	18
openssl/crypto/cmp/cmp_util.c	1
openssl/crypto/trace.c	2
openssl/crypto/err/err_all.c	1
openssl/crypto/evp/c_allc.c	1
openssl/crypto/evp/e_des.c	6
openssl/crypto/evp/c_alld.c	1
openssl/crypto/evp/legacy_md4.c	1
openssl/crypto/conf/conf_sap.c	2
openssl/crypto/getenv.c	1
openssl/crypto/o_str.c	12
openssl/crypto/x509/x509_def.c	1
openssl/crypto/bio/bio_print.c	9
openssl/crypto/engine/eng_openssl.c	20
openssl/crypto/evp/evp_lib.c	37
openssl/crypto/provider_core.c	44
openssl/crypto/provider_local.h	4
openssl/crypto/provider_child.c	2
openssl/crypto/evp/cmeth_lib.c	8
openssl/crypto/evp/evp_enc.c	24
openssl/crypto/rsa/rsa_ossl.c	1
openssl/crypto/engine/tb_rsa.c	4
openssl/crypto/dsa/dsa_ossl.c	1
openssl/crypto/engine/tb_dsa.c	4
openssl/crypto/ec/ec_kmeth.c	1
openssl/crypto/engine/tb_eckey.c	4
openssl/crypto/dh/dh_key.c	1
openssl/crypto/engine/tb_dh.c	4
openssl/crypto/rand/rand_meth.c	1
openssl/crypto/engine/tb_rand.c	4
openssl/crypto/engine/tb_cipher.c	7
openssl/crypto/params.c	45
openssl/crypto/evp/evp_utils.c	5
openssl/crypto/engine/tb_digest.c	7
openssl/crypto/evp/digest.c	17
openssl/crypto/sha/sha_local.h	1
openssl/include/crypto/md32_common.h	2
openssl/crypto/engine/eng_pkey.c	1
openssl/crypto/bio/bss_file.c	2
openssl/crypto/o_fopen.c	1
openssl/crypto/pem/pem_pkey.c	5
openssl/crypto/bio/bf_readbuff.c	1
openssl/crypto/pem/pem_lib.c	15
openssl/crypto/evp/evp_key.c	3
openssl/crypto/ui/ui_lib.c	27
openssl/crypto/ui/ui_openssl.c	1
openssl/crypto/ui/ui_null.c	1
openssl/include/openssl/ui.h	2
openssl/crypto/err/err_prn.c	1
openssl/crypto/passphrase.c	9
openssl/crypto/encode_decode/decoder_pkey.c	13
openssl/crypto/encode_decode/decoder_meth.c	17
openssl/crypto/encode_decode/decoder_lib.c	23
openssl/crypto/evp/keymgmt_meth.c	21
openssl/crypto/evp/evp_fetch.c	16
openssl/crypto/core_namemap.c	20
openssl/crypto/engine/eng_rdrand.c	4
openssl/crypto/engine/eng_dyn.c	12
openssl/include/openssl/safestack.h	4
openssl/crypto/dso/dso_dlfcn.c	1
openssl/engines/e_padlock.c	22
openssl/crypto/asn1/evp_asn1.c	1
openssl/crypto/asn1/tasn_typ.c	9
openssl/crypto/asn1/asn1_lib.c	12
openssl/crypto/asn1/a_octet.c	1
openssl/crypto/asn1/a_type.c	1
openssl/crypto/asn1/tasn_fre.c	5
openssl/engines/e_afalg.c	27
openssl/engines/e_afalg_err.c	3
openssl/crypto/engine/eng_fat.c	5
openssl/crypto/engine/eng_table.c	8
openssl/crypto/async/async_wait.c	3
openssl/crypto/async/arch/async_posix.h	1
openssl/crypto/bsearch.c	1
openssl/crypto/bn/bn_word.c	4
openssl/crypto/bn/bn_lib.c	23
openssl/crypto/bn/bn_local.h	1
openssl/crypto/bn/bn_shift.c	2
openssl/crypto/bn/bn_conv.c	4
openssl/include/internal/constant_time.h	4
openssl/crypto/bn/asm/x86_64-gcc.c	2
openssl/include/crypto/asn1.h	3
openssl/crypto/property/property.c	25
openssl/crypto/sparse_array.c	1
openssl/crypto/core_fetch.c	3
openssl/crypto/core_algorithm.c	4
openssl/include/openssl/core_dispatch.h	81
openssl/crypto/provider.c	2
openssl/crypto/property/property_query.c	3
openssl/crypto/encode_decode/encoder_local.h	5
openssl/crypto/evp/keymgmt_lib.c	14
openssl/crypto/evp/p_lib.c	19
openssl/include/openssl/x509.h	1
openssl/crypto/x509/x_attrib.c	2
openssl/include/openssl/asn1t.h	2
openssl/crypto/asn1/tasn_utl.c	13
openssl/crypto/asn1/a_int.c	10
openssl/crypto/bio/ossl_core_bio.c	3
openssl/crypto/ui/ui_util.c	8
openssl/crypto/evp/encode.c	7
openssl/crypto/evp/legacy_md5.c	1
openssl/crypto/evp/m_sigver.c	7
openssl/crypto/evp/signature.c	9
openssl/crypto/evp/exchange.c	2
openssl/crypto/evp/kem.c	2
openssl/crypto/evp/asymcipher.c	2
openssl/crypto/evp/ctrl_params_translate.c	10
openssl/crypto/params_from_text.c	3
openssl/crypto/asn1/p8_pkey.c	4
openssl/crypto/asn1/tasn_dec.c	14
openssl/crypto/buffer/buffer.c	4
openssl/crypto/asn1/tasn_new.c	9
openssl/crypto/asn1/a_bitstr.c	2
openssl/crypto/evp/evp_pkey.c	1
openssl/crypto/asn1/x_sig.c	3
openssl/crypto/pkcs12/p12_p8d.c	2
openssl/crypto/pkcs12/p12_decr.c	2
openssl/crypto/asn1/d2i_pr.c	1
openssl/crypto/x509/x_pubkey.c	7
openssl/crypto/conf/conf_lib.c	10
openssl/crypto/conf/conf_def.c	1
openssl/crypto/conf/conf_api.c	3
openssl/include/openssl/conf.h	3
openssl/crypto/conf/conf_mall.c	1
openssl/crypto/asn1/asn_moid.c	3
openssl/crypto/objects/obj_lib.c	1
openssl/crypto/asn1/asn_mstbl.c	3
openssl/crypto/x509/v3_utl.c	6
openssl/crypto/asn1/asn1_gen.c	3
openssl/crypto/asn1/a_strnid.c	6
openssl/include/openssl/asn1.h	3
openssl/crypto/engine/eng_cnf.c	5
openssl/crypto/engine/eng_all.c	1
openssl/crypto/engine/eng_ctrl.c	7
openssl/crypto/evp/evp_cnf.c	2
openssl/crypto/conf/conf_ssl.c	3
openssl/crypto/provider_conf.c	10
openssl/crypto/encode_decode/encoder_meth.c	3
openssl/crypto/store/store_meth.c	3
openssl/crypto/evp/legacy_md5_sha1.c	1
openssl/crypto/evp/legacy_sha.c	13
openssl/crypto/evp/legacy_mdc2.c	1
openssl/crypto/evp/legacy_ripemd.c	1
openssl/crypto/evp/legacy_wp.c	1
openssl/crypto/sm3/legacy_sm3.c	1
openssl/crypto/evp/legacy_blake2.c	2
openssl/crypto/evp/e_des3.c	11
openssl/crypto/evp/e_xcbc_d.c	1
openssl/crypto/evp/e_rc4.c	2
openssl/crypto/evp/e_rc4_hmac_md5.c	1
openssl/crypto/evp/e_idea.c	4
openssl/crypto/evp/e_seed.c	4
openssl/crypto/evp/e_sm4.c	5
openssl/crypto/evp/e_rc2.c	6
openssl/crypto/evp/e_bf.c	4
openssl/crypto/evp/e_cast.c	4
openssl/crypto/evp/e_rc5.c	4
openssl/crypto/evp/e_aes.c	38
openssl/crypto/evp/e_aes_cbc_hmac_sha1.c	2
openssl/crypto/evp/e_aes_cbc_hmac_sha256.c	2
openssl/crypto/evp/e_aria.c	27
openssl/crypto/evp/e_camellia.c	21
openssl/crypto/evp/e_chacha20_poly1305.c	2
openssl/crypto/bn/bn_err.c	1
openssl/crypto/rsa/rsa_err.c	1
openssl/crypto/dh/dh_err.c	1
openssl/crypto/evp/evp_err.c	1
openssl/crypto/buffer/buf_err.c	1
openssl/crypto/objects/obj_err.c	1
openssl/crypto/pem/pem_err.c	1
openssl/crypto/dsa/dsa_err.c	1
openssl/crypto/x509/x509_err.c	1
openssl/crypto/asn1/asn1_err.c	1
openssl/crypto/conf/conf_err.c	1
openssl/crypto/cpt_err.c	1
openssl/crypto/comp/comp_err.c	1
openssl/crypto/ec/ec_err.c	1
openssl/crypto/bio/bio_err.c	1
openssl/crypto/pkcs7/pkcs7err.c	1
openssl/crypto/x509/v3err.c	1
openssl/crypto/pkcs12/pk12err.c	1
openssl/crypto/rand/rand_err.c	1
openssl/crypto/dso/dso_err.c	1
openssl/crypto/ts/ts_err.c	1
openssl/crypto/engine/eng_err.c	1
openssl/crypto/http/http_err.c	1
openssl/crypto/ocsp/ocsp_err.c	1
openssl/crypto/ui/ui_err.c	1
openssl/crypto/cms/cms_err.c	1
openssl/crypto/crmf/crmf_err.c	1
openssl/crypto/cmp/cmp_err.c	1
openssl/crypto/ct/ct_err.c	1
openssl/crypto/ess/ess_err.c	1
openssl/crypto/async/async_err.c	1
openssl/crypto/store/store_err.c	1
openssl/crypto/property/property_err.c	1
openssl/providers/common/provider_err.c	1
openssl/crypto/cms/cms_io.c	2
openssl/crypto/cms/cms_lib.c	6
openssl/crypto/cms/cms_asn1.c	1
openssl/crypto/asn1/a_d2i_fp.c	2
openssl/crypto/cms/cms_sd.c	3
openssl/include/openssl/cms.h	2
openssl/crypto/cms/cms_env.c	3
openssl/crypto/x509/x_x509.c	1
openssl/crypto/cms/cms_local.h	2
openssl/crypto/bio/bss_null.c	1
openssl/crypto/asn1/a_i2d_fp.c	1
openssl/crypto/asn1/tasn_enc.c	8
openssl/crypto/asn1/asn1_local.h	3

Fuzzer: openssl/fuzz/driver.c

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	6632	99.9%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	1	0.01%
All colors	6633	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1442	1442	1 : View List ['curl_multi_cleanup']	1442	12361	Curl_close	call site: 00000	/src/curl/lib/url.c:248
1135	2615	11 : View List ['Curl_dyn_len', 'Curl_strndup', 'dedotdotify', 'Curl_dyn_init', 'strchr', 'curl_dbg_strdup', 'Curl_dyn_add', 'urlencode_str', 'memchr', 'curl_dbg_free', 'Curl_dyn_ptr']	1135	3059	parseurl	call site: 00000	/src/curl/lib/urlapi.c:1206
1016	1016	1 : View List ['curl_multi_remove_handle']	2458	13377	Curl_close	call site: 00000	/src/curl/lib/url.c:243
679	2288	8 : View List ['Curl_cookie_cleanup', 'Curl_get_line', 'curl_dbg_malloc', 'remove_expired', 'curl_strnequal', 'curl_dbg_free', 'Curl_cookie_add', 'curl_dbg_fclose']	679	2288	Curl_cookie_init	call site: 00000	/src/curl/lib/cookie.c:1243
332	332	2 : View List ['Curl_infof', 'curl_easy_strerror']	332	566	Curl_flush_cookies	call site: 00000	/src/curl/lib/cookie.c:1768
296	531	3 : View List ['qsort', 'curl_dbg_calloc', 'get_netscape_format']	303	2078	cookie_output	call site: 00000	/src/curl/lib/cookie.c:1656
265	265	1 : View List ['Curl_trc_opt']	265	265	Curl_trc_init	call site: 00000	/src/curl/lib/curl_trc.c:230
229	458	2 : View List ['Curl_cookie_clearall', 'Curl_cookie_cleanup']	229	682	Curl_vsetopt	call site: 00000	/src/curl/lib/setopt.c:750
228	448	3 : View List ['curl_dbg_fopen', 'Curl_infof', 'strcmp']	907	2736	Curl_cookie_init	call site: 00000	/src/curl/lib/cookie.c:1230
6	6	3 : View List ['strlen', 'fgets', 'feof']	6	6	Curl_get_line	call site: 00000	/src/curl/lib/curl_get_line.c:45
4	219	3 : View List ['__errno_location', 'fflush', 'curl_dbg_log']	4	219	countcheck	call site: 00000	/src/curl/lib/memdebug.c:111
4	4	2 : View List ['strlen', 'ntohl']	4	4	randit	call site: 00000	/src/curl/lib/rand.c:110

Runtime coverage analysis

Covered functions

139

Functions that are reachable but not covered

2404

Reachable functions

2405

Percentage of reachable functions covered

0.04%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
openssl/fuzz/driver.c	1
openssl/fuzz/server.c	1
openssl/ssl/methods.c	1
openssl/ssl/ssl_lib.c	43
openssl/crypto/err/err_blocks.c	2
openssl/crypto/err/err.c	30
openssl/crypto/init.c	40
openssl/crypto/err/err_local.h	5
openssl/crypto/mem.c	7
openssl/crypto/threads_pthread.c	13
openssl/crypto/cpuid.c	4
openssl/crypto/ctype.c	3
openssl/crypto/initthread.c	21
openssl/crypto/stack/stack.c	20
openssl/crypto/comp/c_zlib.c	2
openssl/crypto/async/async.c	17
openssl/crypto/rand/rand_lib.c	18
openssl/providers/implementations/rands/seeding/rand_unix.c	4
openssl/crypto/engine/eng_init.c	4
openssl/crypto/cryptlib.c	2
openssl/crypto/engine/eng_lib.c	22
openssl/include/internal/refcount.h	2
openssl/crypto/engine/tb_pkmeth.c	7
openssl/crypto/evp/pmeth_lib.c	31
openssl/crypto/engine/tb_asnmth.c	9
openssl/crypto/asn1/ameth_lib.c	9
openssl/crypto/engine/eng_list.c	10
openssl/crypto/ex_data.c	14
openssl/crypto/context.c	17
openssl/include/internal/cryptlib.h	7
openssl/include/openssl/crypto.h	2
openssl/crypto/property/property_parse.c	25
openssl/crypto/property/property_string.c	12
openssl/crypto/lhash/lhash.c	15
openssl/crypto/conf/conf_mod.c	34
openssl/crypto/dso/dso_lib.c	9
openssl/crypto/engine/eng_local.h	14
openssl/crypto/store/store_init.c	1
openssl/crypto/store/store_register.c	1
openssl/crypto/store/store_local.h	1
openssl/crypto/bio/bio_lib.c	19
openssl/crypto/bio/bio_sock.c	1
openssl/crypto/evp/names.c	9
openssl/crypto/objects/o_names.c	12
openssl/crypto/objects/obj_local.h	18
openssl/crypto/evp/evp_pbe.c	6
openssl/crypto/evp/evp_local.h	3
openssl/crypto/objects/obj_xref.c	5
openssl/crypto/objects/obj_xref.h	4
openssl/include/crypto/evp.h	8
openssl/crypto/objects/obj_dat.c	23
openssl/crypto/asn1/a_object.c	6
openssl/include/openssl/err.h	4
openssl/crypto/mem_sec.c	18
openssl/crypto/cmp/cmp_util.c	1
openssl/crypto/trace.c	2
openssl/crypto/err/err_all.c	1
openssl/crypto/evp/c_allc.c	1
openssl/crypto/evp/e_des.c	6
openssl/crypto/evp/c_alld.c	1
openssl/crypto/evp/legacy_md4.c	1
openssl/crypto/conf/conf_sap.c	2
openssl/crypto/getenv.c	1
openssl/crypto/o_str.c	12
openssl/crypto/x509/x509_def.c	1
openssl/crypto/bio/bio_print.c	11
openssl/crypto/engine/eng_openssl.c	20
openssl/crypto/evp/evp_lib.c	39
openssl/crypto/provider_core.c	45
openssl/crypto/provider_local.h	4
openssl/crypto/provider_child.c	2
openssl/crypto/evp/cmeth_lib.c	8
openssl/crypto/evp/evp_enc.c	24
openssl/crypto/rsa/rsa_ossl.c	2
openssl/crypto/engine/tb_rsa.c	4
openssl/crypto/dsa/dsa_ossl.c	2
openssl/crypto/engine/tb_dsa.c	4
openssl/crypto/ec/ec_kmeth.c	2
openssl/crypto/engine/tb_eckey.c	4
openssl/crypto/dh/dh_key.c	2
openssl/crypto/engine/tb_dh.c	4
openssl/crypto/rand/rand_meth.c	1
openssl/crypto/engine/tb_rand.c	6
openssl/crypto/engine/tb_cipher.c	7
openssl/crypto/params.c	46
openssl/crypto/evp/evp_utils.c	5
openssl/crypto/engine/tb_digest.c	7
openssl/crypto/evp/digest.c	18
openssl/crypto/sha/sha_local.h	1
openssl/include/crypto/md32_common.h	2
openssl/crypto/engine/eng_pkey.c	1
openssl/crypto/bio/bss_file.c	3
openssl/crypto/o_fopen.c	1
openssl/crypto/pem/pem_pkey.c	5
openssl/crypto/bio/bf_readbuff.c	1
openssl/crypto/pem/pem_lib.c	15
openssl/crypto/evp/evp_key.c	3
openssl/crypto/ui/ui_lib.c	27
openssl/crypto/ui/ui_openssl.c	1
openssl/crypto/ui/ui_null.c	1
openssl/include/openssl/ui.h	2
openssl/crypto/err/err_prn.c	2
openssl/crypto/passphrase.c	9
openssl/crypto/encode_decode/decoder_pkey.c	13
openssl/crypto/encode_decode/decoder_meth.c	17
openssl/crypto/encode_decode/decoder_lib.c	24
openssl/crypto/evp/keymgmt_meth.c	23
openssl/crypto/evp/evp_fetch.c	16
openssl/crypto/core_namemap.c	20
openssl/crypto/engine/eng_rdrand.c	4
openssl/crypto/engine/eng_dyn.c	12
openssl/include/openssl/safestack.h	4
openssl/crypto/dso/dso_dlfcn.c	1
openssl/engines/e_padlock.c	22
openssl/crypto/asn1/evp_asn1.c	1
openssl/crypto/asn1/tasn_typ.c	11
openssl/crypto/asn1/asn1_lib.c	13
openssl/crypto/asn1/a_octet.c	2
openssl/crypto/asn1/a_type.c	1
openssl/crypto/asn1/tasn_fre.c	5
openssl/engines/e_afalg.c	27
openssl/engines/e_afalg_err.c	3
openssl/crypto/engine/eng_fat.c	5
openssl/crypto/engine/eng_table.c	8
openssl/crypto/async/async_wait.c	6
openssl/crypto/async/arch/async_posix.h	1
openssl/crypto/bsearch.c	1
openssl/crypto/bn/bn_word.c	4
openssl/crypto/bn/bn_lib.c	24
openssl/crypto/bn/bn_local.h	1
openssl/crypto/bn/bn_shift.c	2
openssl/crypto/bn/bn_conv.c	4
openssl/include/internal/constant_time.h	4
openssl/crypto/bn/asm/x86_64-gcc.c	2
openssl/include/crypto/asn1.h	3
openssl/crypto/property/property.c	25
openssl/crypto/sparse_array.c	1
openssl/crypto/core_fetch.c	3
openssl/crypto/core_algorithm.c	4
openssl/include/openssl/core_dispatch.h	104
openssl/crypto/provider.c	4
openssl/crypto/property/property_query.c	3
openssl/crypto/encode_decode/encoder_local.h	5
openssl/crypto/evp/keymgmt_lib.c	16
openssl/crypto/evp/p_lib.c	34
openssl/include/openssl/x509.h	8
openssl/crypto/x509/x_attrib.c	2
openssl/include/openssl/asn1t.h	2
openssl/crypto/asn1/tasn_utl.c	13
openssl/crypto/asn1/a_int.c	11
openssl/crypto/bio/bss_mem.c	3
openssl/crypto/bio/ossl_core_bio.c	3
openssl/crypto/ui/ui_util.c	8
openssl/crypto/evp/encode.c	7
openssl/crypto/evp/legacy_md5.c	1
openssl/crypto/evp/m_sigver.c	7
openssl/crypto/evp/signature.c	9
openssl/crypto/evp/exchange.c	5
openssl/crypto/evp/kem.c	2
openssl/crypto/evp/asymcipher.c	2
openssl/crypto/evp/ctrl_params_translate.c	10
openssl/crypto/params_from_text.c	3
openssl/crypto/asn1/p8_pkey.c	4
openssl/crypto/asn1/tasn_dec.c	14
openssl/crypto/buffer/buffer.c	4
openssl/crypto/asn1/tasn_new.c	9
openssl/crypto/asn1/a_bitstr.c	2
openssl/crypto/evp/evp_pkey.c	1
openssl/crypto/asn1/x_sig.c	3
openssl/crypto/pkcs12/p12_p8d.c	2
openssl/crypto/pkcs12/p12_decr.c	2
openssl/crypto/asn1/d2i_pr.c	4
openssl/crypto/x509/x_pubkey.c	7
openssl/crypto/conf/conf_lib.c	10
openssl/crypto/conf/conf_def.c	1
openssl/crypto/conf/conf_api.c	3
openssl/include/openssl/conf.h	3
openssl/crypto/conf/conf_mall.c	1
openssl/crypto/asn1/asn_moid.c	3
openssl/crypto/objects/obj_lib.c	1
openssl/crypto/asn1/asn_mstbl.c	3
openssl/crypto/x509/v3_utl.c	6
openssl/crypto/asn1/asn1_gen.c	3
openssl/crypto/asn1/a_strnid.c	6
openssl/include/openssl/asn1.h	7
openssl/crypto/engine/eng_cnf.c	5
openssl/crypto/engine/eng_all.c	1
openssl/crypto/engine/eng_ctrl.c	7
openssl/crypto/evp/evp_cnf.c	2
openssl/crypto/conf/conf_ssl.c	6
openssl/crypto/provider_conf.c	10
openssl/crypto/encode_decode/encoder_meth.c	3
openssl/crypto/store/store_meth.c	3
openssl/crypto/evp/legacy_md5_sha1.c	1
openssl/crypto/evp/legacy_sha.c	13
openssl/crypto/evp/legacy_mdc2.c	1
openssl/crypto/evp/legacy_ripemd.c	1
openssl/crypto/evp/legacy_wp.c	1
openssl/crypto/sm3/legacy_sm3.c	1
openssl/crypto/evp/legacy_blake2.c	2
openssl/crypto/evp/e_des3.c	11
openssl/crypto/evp/e_xcbc_d.c	1
openssl/crypto/evp/e_rc4.c	2
openssl/crypto/evp/e_rc4_hmac_md5.c	1
openssl/crypto/evp/e_idea.c	4
openssl/crypto/evp/e_seed.c	4
openssl/crypto/evp/e_sm4.c	5
openssl/crypto/evp/e_rc2.c	6
openssl/crypto/evp/e_bf.c	4
openssl/crypto/evp/e_cast.c	4
openssl/crypto/evp/e_rc5.c	4
openssl/crypto/evp/e_aes.c	38
openssl/crypto/evp/e_aes_cbc_hmac_sha1.c	2
openssl/crypto/evp/e_aes_cbc_hmac_sha256.c	2
openssl/crypto/evp/e_aria.c	27
openssl/crypto/evp/e_camellia.c	21
openssl/crypto/evp/e_chacha20_poly1305.c	2
openssl/crypto/bn/bn_err.c	1
openssl/crypto/rsa/rsa_err.c	1
openssl/crypto/dh/dh_err.c	1
openssl/crypto/evp/evp_err.c	1
openssl/crypto/buffer/buf_err.c	1
openssl/crypto/objects/obj_err.c	1
openssl/crypto/pem/pem_err.c	1
openssl/crypto/dsa/dsa_err.c	1
openssl/crypto/x509/x509_err.c	1
openssl/crypto/asn1/asn1_err.c	1
openssl/crypto/conf/conf_err.c	1
openssl/crypto/cpt_err.c	1
openssl/crypto/comp/comp_err.c	1
openssl/crypto/ec/ec_err.c	1
openssl/crypto/bio/bio_err.c	1
openssl/crypto/pkcs7/pkcs7err.c	1
openssl/crypto/x509/v3err.c	1
openssl/crypto/pkcs12/pk12err.c	1
openssl/crypto/rand/rand_err.c	1
openssl/crypto/dso/dso_err.c	1
openssl/crypto/ts/ts_err.c	1
openssl/crypto/engine/eng_err.c	1
openssl/crypto/http/http_err.c	1
openssl/crypto/ocsp/ocsp_err.c	1
openssl/crypto/ui/ui_err.c	1
openssl/crypto/cms/cms_err.c	1
openssl/crypto/crmf/crmf_err.c	1
openssl/crypto/cmp/cmp_err.c	1
openssl/crypto/ct/ct_err.c	1
openssl/crypto/ess/ess_err.c	1
openssl/crypto/async/async_err.c	1
openssl/crypto/store/store_err.c	1
openssl/crypto/property/property_err.c	1
openssl/providers/common/provider_err.c	1
openssl/ssl/ssl_init.c	8
openssl/ssl/ssl_ciph.c	21
openssl/include/openssl/ssl.h	5
openssl/crypto/comp/comp_lib.c	3
openssl/ssl/s3_lib.c	2
openssl/ssl/ssl_err.c	1
openssl/ssl/ssl_cert.c	15
openssl/ssl/ssl_local.h	9
openssl/crypto/x509/x509_lu.c	8
openssl/include/openssl/x509_vfy.h	4
openssl/crypto/x509/x509_cmp.c	9
openssl/crypto/x509/x_name.c	7
openssl/crypto/asn1/tasn_enc.c	8
openssl/crypto/asn1/asn1_local.h	3
openssl/crypto/x509/x509_vpm.c	10
openssl/crypto/ct/ct_log.c	3
openssl/include/openssl/ct.h	2
openssl/ssl/tls_depr.c	3
openssl/ssl/t1_lib.c	14
openssl/crypto/evp/evp_rand.c	18
openssl/ssl/tls_srp.c	2
openssl/ssl/ssl_mcnf.c	2
openssl/ssl/ssl_conf.c	13
openssl/ssl/ssl_rsa.c	7
openssl/crypto/x509/x_all.c	2
openssl/crypto/asn1/a_d2i_fp.c	1
openssl/ssl/ssl_sess.c	10
openssl/crypto/x509/x_x509.c	3
openssl/crypto/x509/x_crl.c	2
openssl/ssl/statem/extensions_cust.c	4
openssl/ssl/statem/statem_lib.c	1
openssl/crypto/rsa/rsa_asn1.c	2
openssl/crypto/ec/ec_key.c	4
openssl/crypto/ec/ec_lib.c	4
openssl/crypto/rsa/rsa_backend.c	1
openssl/crypto/rsa/rsa_lib.c	1
openssl/crypto/ec/ec_backend.c	1
openssl/crypto/dsa/dsa_backend.c	1
openssl/crypto/dsa/dsa_lib.c	3
openssl/crypto/dh/dh_backend.c	1
openssl/crypto/dh/dh_lib.c	1
openssl/crypto/x509/v3_purp.c	12
openssl/crypto/asn1/a_digest.c	1
openssl/crypto/x509/x509_set.c	6
openssl/crypto/x509/x509_ext.c	4
openssl/crypto/x509/v3_lib.c	6
openssl/crypto/x509/x509_v3.c	5
openssl/include/openssl/x509v3.h	6
openssl/crypto/x509/v3_bcons.c	2
openssl/crypto/x509/v3_pcia.c	2
openssl/crypto/x509/v3_crld.c	1
openssl/crypto/asn1/a_dup.c	1
openssl/crypto/x509/x509name.c	1
openssl/crypto/pem/pem_all.c	4
openssl/crypto/evp/p_legacy.c	2
openssl/crypto/ec/ecp_nistz256.c	1
openssl/crypto/ec/ecp_nistp224.c	1
openssl/crypto/ec/ecp_nistp256.c	1
openssl/crypto/ec/ecp_nistp521.c	1
openssl/crypto/ec/ec_mult.c	1
openssl/crypto/bn/bn_mont.c	1
openssl/crypto/pem/pem_x509.c	1
openssl/crypto/pem/pem_oth.c	1
openssl/crypto/ffc/ffc_params.c	2
openssl/ssl/record/rec_layer_s3.c	6
openssl/ssl/record/ssl3_record.c	2
openssl/ssl/statem/statem.c	5
openssl/ssl/record/ssl3_buffer.c	3
openssl/ssl/record/rec_layer_d1.c	1
openssl/ssl/pqueue.c	2
openssl/include/internal/dane.h	1
openssl/crypto/x509/x_exten.c	2
openssl/include/openssl/ocsp.h	1
openssl/crypto/ocsp/ocsp_asn.c	2
openssl/crypto/ct/ct_sct.c	2
openssl/crypto/async/async_local.h	4
openssl/crypto/async/arch/async_posix.c	3