High level conclusions

Fuzzers reach 91.73% of cyclomatic complexity.

Fuzzers reach 81.02% of all functions.

Fuzzers reach 82.23% code coverage.

Reachability and coverage overview

Functions statically reachable by fuzzers

1136 / 1402

Cyclomatic complexity statically reachable by fuzzers

9097 / 9917

Runtime code coverage of functions

1153 / 1402

Warning: The number of runtime covered functions are larger than the number of reachable functions. This means that Fuzz Introspector found there are more functions covered at runtime than what is considered reachable based on the static analysis. This is a limitation in the analysis as anything covered at runtime is by definition reachable by the fuzzers.
This is likely due to a limitation in the static analysis. In this case, the count of functions covered at runtime is the true value, which means this is what should be considered "achieved" by the fuzzer.

Use the project functions table below to query all functions that were not covered at runtime.

The following table shows data about each function in the project. The functions included in this table correspond to all functions that exist in the executables of the fuzzers. As such, there may be functions that are from third-party libraries.

For further technical details on the meaning of columns in the below table, please see the Glossary .

Func name	Functions filename	Args	Function call depth	Reached by Fuzzers	Fuzzers runtime hit	Func lines hit %	I Count	BB Count	Cyclomatic complexity	Functions reached	Reached by functions	Accumulated cyclomatic complexity	Undiscovered complexity

Fuzzer: /src/flac/oss-fuzz/seek.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	117	20.9%
gold	[1:9]	3	0.53%
yellow	[10:29]	6	1.07%
greenyellow	[30:49]	2	0.35%
lawngreen	50+	430	77.0%
All colors	558	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
156	263	2 : View List ['flac__utils_set_channel_mask_tag', 'FLAC__metadata_object_clone']	160	1800	EncoderSession_init_encoder	call site: 00000	/src/flac/oss-fuzz/../src/flac/encode.c:1909
74	74	4 : View List ['strncmp', 'strlen', 'strtod', 'strchr']	74	74	FLAC__stream_encoder_set_apodization	call site: 00000	/src/flac/src/libFLAC/stream_encoder.c:1824
48	122	11 : View List ['FLAC__metadata_simple_iterator_next', 'fseeko', 'fread', 'abort', 'FLAC__metadata_simple_iterator_get_block_offset', 'unpack32be_', 'FLAC__metadata_simple_iterator_get_block_length', 'FLAC__metadata_simple_iterator_get_application_id', 'append_block_', 'FLAC__metadata_simple_iterator_get_block_type', 'memcmp']	48	122	read_from_flac_	call site: 00000	/src/flac/oss-fuzz/../src/flac/foreign_metadata.c:603
42	42	1 : View List ['write_to_iff_']	46	46	flac__foreign_metadata_write_to_iff	call site: 00000	/src/flac/oss-fuzz/../src/flac/foreign_metadata.c:924
41	41	1 : View List ['FLAC__bitwriter_write_utf8_uint64']	41	255	FLAC__frame_add_header	call site: 00000	/src/flac/src/libFLAC/stream_encoder_framing.c:356
28	28	1 : View List ['FLAC__replaygain_synthesis__apply_gain']	32	32	write_callback	call site: 00000	/src/flac/oss-fuzz/../src/flac/decode.c:1256
26	65	8 : View List ['fread', 'fseeko', 'ftello', 'feof', 'append_block_', 'memcmp', 'unpack32le_', 'unpack64le_']	26	65	read_from_wave_	call site: 00000	/src/flac/oss-fuzz/../src/flac/foreign_metadata.c:292
18	18	1 : View List ['flac__utils_canonicalize_cue_specification']	34	34	metadata_callback	call site: 00000	/src/flac/oss-fuzz/../src/flac/decode.c:1513
18	18	4 : View List ['iconv', 'realloc', '__errno_location', 'safe_malloc_add_2op_.552']	26	26	iconvert	call site: 00000	/src/flac/src/share/utf8/iconvert.c:144
17	17	1 : View List ['print_verify_error']	19	2082	EncoderSession_finish_ok	call site: 00000	/src/flac/oss-fuzz/../src/flac/encode.c:1514
17	17	1 : View List ['print_verify_error']	17	1941	EncoderSession_finish_error	call site: 00000	/src/flac/oss-fuzz/../src/flac/encode.c:1556
12	12	2 : View List ['strncmp', 'strlen']	12	12	share___getopt_internal	call site: 00000	/src/flac/src/share/getopt/getopt.c:801

Runtime coverage analysis

Covered functions

1178

Functions that are reachable but not covered

14

Reachable functions

174

Percentage of reachable functions covered

91.95%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/flac/oss-fuzz/seek.cc	2
/src/flac/src/libFLAC/stream_decoder.c	53
/src/flac/src/libFLAC/bitreader.c	32
/src/flac/src/libFLAC/format.c	3
/src/flac/src/libFLAC/ogg_decoder_aspect.c	6
/src/flac/src/libFLAC/md5.c	6
/src/ogg/src/framing.c	26
/src/flac/src/libFLAC/cpu.c	5
/src/flac/src/libFLAC/./include/private/bitmath.h	3
/src/flac/src/libFLAC/crc.c	1
/src/flac/src/libFLAC/../../include/share/alloc.h	8
/src/flac/src/libFLAC/memory.c	3
/src/flac/src/libFLAC/fixed.c	3
/src/flac/src/libFLAC/lpc.c	5
/src/flac/src/libFLAC/bitmath.c	1

Fuzzer: fuzzer_seek

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	43	7.70%
gold	[1:9]	3	0.53%
yellow	[10:29]	5	0.89%
greenyellow	[30:49]	2	0.35%
lawngreen	50+	505	90.5%
All colors	558	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
4	22	2 : View List ['realloc', 'ogg_stream_clear']	4	22	_os_lacing_expand	call site: 00132	/src/ogg/src/framing.c:206
2	2	1 : View List ['get_binary_stdin_']	2	371	init_FILE_internal_	call site: 00058	/src/flac/src/libFLAC/stream_decoder.c:497
0	37	1 : View List ['FLAC__bitreader_read_raw_uint32']	0	37	FLAC__bitreader_skip_bits_no_crc	call site: 00283	/src/flac/src/libFLAC/bitreader.c:606
0	7	2 : View List ['FLAC__bitreader_delete', 'free']	0	7	FLAC__stream_decoder_new	call site: 00005	/src/flac/src/libFLAC/stream_decoder.c:276
0	0	None	14	813	read_metadata_	call site: 00200	/src/flac/src/libFLAC/stream_decoder.c:1398
0	0	None	6	368	read_frame_header_	call site: 00360	/src/flac/src/libFLAC/stream_decoder.c:2294
0	0	None	4	784	seek_to_absolute_sample_ogg_	call site: 00535	/src/flac/src/libFLAC/stream_decoder.c:3586
0	0	None	4	553	read_metadata_	call site: 00241	/src/flac/src/libFLAC/stream_decoder.c:1448
0	0	None	2	810	seek_to_absolute_sample_	call site: 00550	/src/flac/src/libFLAC/stream_decoder.c:3444
0	0	None	2	810	seek_to_absolute_sample_	call site: 00553	/src/flac/src/libFLAC/stream_decoder.c:3503
0	0	None	2	810	seek_to_absolute_sample_	call site: 00554	/src/flac/src/libFLAC/stream_decoder.c:3511
0	0	None	2	615	read_metadata_cuesheet_	call site: 00277	/src/flac/src/libFLAC/stream_decoder.c:1809

Runtime coverage analysis

Covered functions

160

Functions that are reachable but not covered

16

Reachable functions

174

Percentage of reachable functions covered

90.8%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/flac/oss-fuzz/seek.cc	2
/src/flac/src/libFLAC/stream_decoder.c	53
/src/flac/src/libFLAC/bitreader.c	32
/src/flac/src/libFLAC/format.c	3
/src/flac/src/libFLAC/ogg_decoder_aspect.c	6
/src/flac/src/libFLAC/md5.c	6
/src/ogg/src/framing.c	26
/src/flac/src/libFLAC/cpu.c	5
/src/flac/src/libFLAC/./include/private/bitmath.h	3
/src/flac/src/libFLAC/crc.c	1
/src/flac/src/libFLAC/../../include/share/alloc.h	8
/src/flac/src/libFLAC/memory.c	3
/src/flac/src/libFLAC/fixed.c	3
/src/flac/src/libFLAC/lpc.c	5
/src/flac/src/libFLAC/bitmath.c	1

Fuzzer: fuzzer_exo

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	132	25.7%
gold	[1:9]	2	0.38%
yellow	[10:29]	4	0.77%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	375	73.0%
All colors	513	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
169	169	1 : View List ['read_callback_ogg_aspect_']	169	169	read_callback_	call site: 00081	/src/flac/src/libFLAC/stream_decoder.c:3059
53	53	1 : View List ['FLAC__MD5Accumulate']	53	53	write_audio_frame_to_client_	call site: 00491	/src/flac/src/libFLAC/stream_decoder.c:3261
16	16	1 : View List ['FLAC__ogg_decoder_aspect_reset']	16	24	FLAC__stream_decoder_reset	call site: 00133	/src/flac/src/libFLAC/stream_decoder.c:938
13	13	1 : View List ['FLAC__ogg_decoder_aspect_flush']	13	15	FLAC__stream_decoder_flush	call site: 00136	/src/flac/src/libFLAC/stream_decoder.c:912
12	12	1 : View List ['FLAC__ogg_decoder_aspect_finish']	16	20	FLAC__stream_decoder_finish	call site: 00162	/src/flac/src/libFLAC/stream_decoder.c:644
2	2	1 : View List ['fclose']	4	8	FLAC__stream_decoder_finish	call site: 00163	/src/flac/src/libFLAC/stream_decoder.c:648
2	2	1 : View List ['memcmp']	2	6	FLAC__stream_decoder_finish	call site: 00166	/src/flac/src/libFLAC/stream_decoder.c:654
2	2	1 : View List ['abort']	2	2	write_audio_frame_to_client_	call site: 00490	/src/flac/src/libFLAC/stream_decoder.c:3216
0	7	2 : View List ['FLAC__bitreader_delete', 'free']	0	7	FLAC__stream_decoder_new	call site: 00010	/src/flac/src/libFLAC/stream_decoder.c:276
0	0	None	134	813	read_metadata_	call site: 00200	/src/flac/src/libFLAC/stream_decoder.c:1398
0	0	None	124	553	read_metadata_	call site: 00241	/src/flac/src/libFLAC/stream_decoder.c:1448
0	0	None	53	53	write_audio_frame_to_client_	call site: 00491	/src/flac/src/libFLAC/stream_decoder.c:3259

Runtime coverage analysis

Covered functions

133

Functions that are reachable but not covered

55

Reachable functions

190

Percentage of reachable functions covered

71.05%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/fuzzer_exo.cpp	9
/src/ExoPlayer/extensions/flac/src/main/jni/include/data_source.h	1
/src/flac/src/libFLAC/stream_decoder.c	41
/src/flac/src/libFLAC/bitreader.c	32
/src/flac/src/libFLAC/format.c	3
/src/flac/src/libFLAC/ogg_decoder_aspect.c	6
/src/ogg/src/framing.c	26
/src/flac/src/libFLAC/cpu.c	5
/src/flac/src/libFLAC/./include/private/bitmath.h	3
/src/flac/src/libFLAC/crc.c	1
/src/flac/src/libFLAC/md5.c	6
/src/ExoPlayer/extensions/flac/src/main/jni/include/flac_parser.h	5
/src/flac/src/libFLAC/../../include/share/alloc.h	8
/src/flac/src/libFLAC/memory.c	3
/src/flac/src/libFLAC/fixed.c	3
/src/flac/src/libFLAC/lpc.c	5
/src/flac/src/libFLAC/bitmath.c	1

Fuzzer: fuzzer_decoder

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	78	11.5%
gold	[1:9]	0	0.0%
yellow	[10:29]	8	1.17%
greenyellow	[30:49]	2	0.29%
lawngreen	50+	590	87.0%
All colors	678	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1638	1965	4 : View List ['FLAC__stream_decoder_process_until_end_of_metadata', 'seek_to_absolute_sample_', 'seek_to_absolute_sample_ogg_', 'FLAC__stream_decoder_get_total_samples']	1638	1965	FLAC__stream_decoder_seek_absolute	call site: 00620	/src/flac/src/libFLAC/stream_decoder.c:1149
18	20	3 : View List ['FLAC__bitreader_is_consumed_byte_aligned', 'abort', 'FLAC__stream_decoder_get_input_bytes_unconsumed']	18	20	FLAC__stream_decoder_get_decode_position	call site: 00418	/src/flac/src/libFLAC/stream_decoder.c:882
8	262	11 : View List ['read_zero_padding_', 'FLAC__bitreader_clear', 'abort', 'send_error_to_client_', 'free', 'FLAC__bitreader_read_raw_uint32', 'write_audio_frame_to_client_', 'FLAC__bitreader_get_read_crc16', 'safe_calloc_', 'undo_channel_coding', 'FLAC__bitreader_rewind_to_after_last_seen_framesync']	8	262	read_frame_	call site: 00481	/src/flac/src/libFLAC/stream_decoder.c:2095
4	22	2 : View List ['realloc', 'ogg_stream_clear']	4	22	_os_lacing_expand	call site: 00204	/src/ogg/src/framing.c:206
2	9	2 : View List ['safe_malloc_', 'abort']	2	9	copy_vcentry_	call site: 00000	/src/flac/src/libFLAC/metadata_object.c:133
2	2	1 : View List ['fclose']	4	8	FLAC__stream_decoder_finish	call site: 00099	/src/flac/src/libFLAC/stream_decoder.c:648
2	2	1 : View List ['abort']	2	2	write_audio_frame_to_client_	call site: 00572	/src/flac/src/libFLAC/stream_decoder.c:3216
0	37	1 : View List ['FLAC__bitreader_read_raw_uint32']	0	37	FLAC__bitreader_skip_bits_no_crc	call site: 00366	/src/flac/src/libFLAC/bitreader.c:606
0	16	1 : View List ['safe_realloc_mul_2op_']	0	16	FLAC__stream_decoder_set_metadata_respond_application	call site: 00055	/src/flac/src/libFLAC/stream_decoder.c:725
0	16	1 : View List ['safe_realloc_mul_2op_']	0	16	FLAC__stream_decoder_set_metadata_ignore_application	call site: 00086	/src/flac/src/libFLAC/stream_decoder.c:784
0	7	2 : View List ['FLAC__bitreader_delete', 'free']	0	7	FLAC__stream_decoder_new	call site: 00009	/src/flac/src/libFLAC/stream_decoder.c:276
0	0	None	16	527	read_frame_	call site: 00465	/src/flac/src/libFLAC/stream_decoder.c:2061

Runtime coverage analysis

Covered functions

270

Functions that are reachable but not covered

18

Reachable functions

256

Percentage of reachable functions covered

92.97%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/flac/oss-fuzz/decoder.cc	4
/src/flac/oss-fuzz/./fuzzing/datasource/datasource.hpp	9
/src/flac/src/libFLAC++/stream_decoder.cpp	27
/src/flac/src/libFLAC/stream_decoder.c	58
/src/flac/src/libFLAC/bitreader.c	32
/src/flac/src/libFLAC/format.c	3
/src/flac/src/libFLAC/ogg_decoder_aspect.c	7
/src/flac/src/libFLAC/../../include/share/alloc.h	8
/src/flac/src/libFLAC/md5.c	6
/src/ogg/src/framing.c	26
/src/flac/oss-fuzz/./fuzzing/memory.hpp	1
/src/flac/src/libFLAC/cpu.c	5
/src/flac/src/libFLAC/./include/private/bitmath.h	3
/src/flac/src/libFLAC/crc.c	1
/src/flac/src/libFLAC/memory.c	3
/src/flac/src/libFLAC/fixed.c	3
/src/flac/src/libFLAC/lpc.c	5
/src/flac/src/libFLAC/bitmath.c	1

Fuzzer: /src/flac/oss-fuzz/decoder.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	133	19.6%
gold	[1:9]	2	0.29%
yellow	[10:29]	12	1.76%
greenyellow	[30:49]	4	0.58%
lawngreen	50+	527	77.7%
All colors	678	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
156	263	2 : View List ['flac__utils_set_channel_mask_tag', 'FLAC__metadata_object_clone']	160	1800	EncoderSession_init_encoder	call site: 00000	/src/flac/oss-fuzz/../src/flac/encode.c:1909
74	74	4 : View List ['strncmp', 'strlen', 'strtod', 'strchr']	74	74	FLAC__stream_encoder_set_apodization	call site: 00000	/src/flac/src/libFLAC/stream_encoder.c:1824
48	122	11 : View List ['FLAC__metadata_simple_iterator_next', 'fseeko', 'fread', 'abort', 'FLAC__metadata_simple_iterator_get_block_offset', 'unpack32be_', 'FLAC__metadata_simple_iterator_get_block_length', 'FLAC__metadata_simple_iterator_get_application_id', 'append_block_', 'FLAC__metadata_simple_iterator_get_block_type', 'memcmp']	48	122	read_from_flac_	call site: 00000	/src/flac/oss-fuzz/../src/flac/foreign_metadata.c:603
42	42	1 : View List ['write_to_iff_']	46	46	flac__foreign_metadata_write_to_iff	call site: 00000	/src/flac/oss-fuzz/../src/flac/foreign_metadata.c:924
41	41	1 : View List ['FLAC__bitwriter_write_utf8_uint64']	41	255	FLAC__frame_add_header	call site: 00000	/src/flac/src/libFLAC/stream_encoder_framing.c:356
28	28	1 : View List ['FLAC__replaygain_synthesis__apply_gain']	32	32	write_callback	call site: 00000	/src/flac/oss-fuzz/../src/flac/decode.c:1256
26	65	8 : View List ['fread', 'fseeko', 'ftello', 'feof', 'append_block_', 'memcmp', 'unpack32le_', 'unpack64le_']	26	65	read_from_wave_	call site: 00000	/src/flac/oss-fuzz/../src/flac/foreign_metadata.c:292
18	18	1 : View List ['flac__utils_canonicalize_cue_specification']	34	34	metadata_callback	call site: 00000	/src/flac/oss-fuzz/../src/flac/decode.c:1513
18	18	4 : View List ['iconv', 'realloc', '__errno_location', 'safe_malloc_add_2op_.552']	26	26	iconvert	call site: 00000	/src/flac/src/share/utf8/iconvert.c:144
17	17	1 : View List ['print_verify_error']	19	2082	EncoderSession_finish_ok	call site: 00000	/src/flac/oss-fuzz/../src/flac/encode.c:1514
17	17	1 : View List ['print_verify_error']	17	1941	EncoderSession_finish_error	call site: 00000	/src/flac/oss-fuzz/../src/flac/encode.c:1556
12	12	2 : View List ['strncmp', 'strlen']	12	12	share___getopt_internal	call site: 00000	/src/flac/src/share/getopt/getopt.c:801

Runtime coverage analysis

Covered functions

1178

Functions that are reachable but not covered

14

Reachable functions

256

Percentage of reachable functions covered

94.53%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/flac/oss-fuzz/decoder.cc	4
/src/flac/oss-fuzz/./fuzzing/datasource/datasource.hpp	9
/src/flac/src/libFLAC++/stream_decoder.cpp	27
/src/flac/src/libFLAC/stream_decoder.c	58
/src/flac/src/libFLAC/bitreader.c	32
/src/flac/src/libFLAC/format.c	3
/src/flac/src/libFLAC/ogg_decoder_aspect.c	7
/src/flac/src/libFLAC/../../include/share/alloc.h	8
/src/flac/src/libFLAC/md5.c	6
/src/ogg/src/framing.c	26
/src/flac/oss-fuzz/./fuzzing/memory.hpp	1
/src/flac/src/libFLAC/cpu.c	5
/src/flac/src/libFLAC/./include/private/bitmath.h	3
/src/flac/src/libFLAC/crc.c	1
/src/flac/src/libFLAC/memory.c	3
/src/flac/src/libFLAC/fixed.c	3
/src/flac/src/libFLAC/lpc.c	5
/src/flac/src/libFLAC/bitmath.c	1

Fuzzer: /src/flac/oss-fuzz/encoder.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	245	16.3%
gold	[1:9]	8	0.53%
yellow	[10:29]	7	0.46%
greenyellow	[30:49]	6	0.40%
lawngreen	50+	1228	82.1%
All colors	1494	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
156	263	2 : View List ['flac__utils_set_channel_mask_tag', 'FLAC__metadata_object_clone']	160	1800	EncoderSession_init_encoder	call site: 00000	/src/flac/oss-fuzz/../src/flac/encode.c:1909
74	74	4 : View List ['strncmp', 'strlen', 'strtod', 'strchr']	74	74	FLAC__stream_encoder_set_apodization	call site: 00065	/src/flac/src/libFLAC/stream_encoder.c:1824
48	122	11 : View List ['FLAC__metadata_simple_iterator_next', 'fseeko', 'fread', 'abort', 'FLAC__metadata_simple_iterator_get_block_offset', 'unpack32be_', 'FLAC__metadata_simple_iterator_get_block_length', 'FLAC__metadata_simple_iterator_get_application_id', 'append_block_', 'FLAC__metadata_simple_iterator_get_block_type', 'memcmp']	48	122	read_from_flac_	call site: 00000	/src/flac/oss-fuzz/../src/flac/foreign_metadata.c:603
42	42	1 : View List ['write_to_iff_']	46	46	flac__foreign_metadata_write_to_iff	call site: 00000	/src/flac/oss-fuzz/../src/flac/foreign_metadata.c:924
41	41	1 : View List ['FLAC__bitwriter_write_utf8_uint64']	41	255	FLAC__frame_add_header	call site: 01269	/src/flac/src/libFLAC/stream_encoder_framing.c:356
28	28	1 : View List ['FLAC__replaygain_synthesis__apply_gain']	32	32	write_callback	call site: 00000	/src/flac/oss-fuzz/../src/flac/decode.c:1256
26	65	8 : View List ['fread', 'fseeko', 'ftello', 'feof', 'append_block_', 'memcmp', 'unpack32le_', 'unpack64le_']	26	65	read_from_wave_	call site: 00000	/src/flac/oss-fuzz/../src/flac/foreign_metadata.c:292
18	18	1 : View List ['flac__utils_canonicalize_cue_specification']	34	34	metadata_callback	call site: 00000	/src/flac/oss-fuzz/../src/flac/decode.c:1513
18	18	4 : View List ['iconv', 'realloc', '__errno_location', 'safe_malloc_add_2op_.552']	26	26	iconvert	call site: 00000	/src/flac/src/share/utf8/iconvert.c:144
17	17	1 : View List ['print_verify_error']	19	2082	EncoderSession_finish_ok	call site: 00000	/src/flac/oss-fuzz/../src/flac/encode.c:1514
17	17	1 : View List ['print_verify_error']	17	1941	EncoderSession_finish_error	call site: 00000	/src/flac/oss-fuzz/../src/flac/encode.c:1556
12	12	2 : View List ['strncmp', 'strlen']	12	12	share___getopt_internal	call site: 00000	/src/flac/src/share/getopt/getopt.c:801

Runtime coverage analysis

Covered functions

1178

Functions that are reachable but not covered

27

Reachable functions

442

Percentage of reachable functions covered

93.89%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/flac/oss-fuzz/encoder.cc	3
/src/flac/oss-fuzz/./fuzzing/datasource/datasource.hpp	12
/src/flac/src/libFLAC++/stream_encoder.cpp	47
/src/flac/src/libFLAC/stream_encoder.c	73
/src/flac/src/libFLAC/bitwriter.c	25
/src/flac/src/libFLAC/ogg_encoder_aspect.c	5
/src/flac/src/libFLAC/format.c	14
/src/flac/oss-fuzz/./fuzzing/memory.hpp	1
/src/flac/src/libFLAC/cpu.c	5
/src/flac/src/libFLAC/lpc.c	19
/src/flac/src/libFLAC/./include/private/bitmath.h	5
/src/flac/src/libFLAC/fixed.c	10
/src/flac/src/libFLAC/lpc_intrin_sse2.c	4
/src/flac/src/libFLAC/lpc_intrin_sse41.c	1
/src/flac/src/libFLAC/lpc_intrin_avx2.c	3
/src/flac/src/libFLAC/lpc_intrin_fma.c	3
/src/flac/src/libFLAC/fixed_intrin_sse2.c	1
/src/flac/src/libFLAC/fixed_intrin_ssse3.c	1
/src/flac/src/libFLAC/fixed_intrin_sse42.c	1
/src/flac/src/libFLAC/fixed_intrin_avx2.c	2
/src/flac/src/libFLAC/stream_encoder_intrin_sse2.c	2
/src/flac/src/libFLAC/stream_encoder_intrin_ssse3.c	1
/src/flac/src/libFLAC/stream_encoder_intrin_avx2.c	1
/src/ogg/src/framing.c	31
/src/flac/src/libFLAC/memory.c	7
/src/flac/src/libFLAC/../../include/share/alloc.h	10
/src/flac/src/libFLAC/window.c	17
/src/flac/src/libFLAC/stream_decoder.c	37
/src/flac/src/libFLAC/bitreader.c	32
/src/flac/src/libFLAC/ogg_decoder_aspect.c	6
/src/flac/src/libFLAC/crc.c	3
/src/flac/src/libFLAC/md5.c	6
/src/flac/src/libFLAC/bitmath.c	1
/src/flac/src/libFLAC/stream_encoder_framing.c	8
/src/flac/src/libFLAC/ogg_helper.c	5

Fuzzer: fuzzer_encoder

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	451	30.1%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	1	0.06%
lawngreen	50+	1042	69.7%
All colors	1494	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
323	431	11 : View List ['abort', 'read_metadata_picture_', 'FLAC__bitreader_limit_remaining', 'send_error_to_client_', 'malloc', 'FLAC__bitreader_remove_limit', 'free', 'read_metadata_vorbiscomment_', 'read_metadata_cuesheet_', 'FLAC__bitreader_read_byte_block_aligned_no_crc', 'FLAC__bitreader_set_limit']	323	499	read_metadata_	call site: 00665	/src/flac/src/libFLAC/stream_decoder.c:1452
169	169	1 : View List ['read_callback_ogg_aspect_']	169	169	read_callback_	call site: 00516	/src/flac/src/libFLAC/stream_decoder.c:3059
89	89	4 : View List ['simple_ogg_page__set_at', 'simple_ogg_page__init', 'simple_ogg_page__get_at', 'simple_ogg_page__clear']	89	89	update_ogg_metadata_	call site: 01409	/src/flac/src/libFLAC/stream_encoder.c:2986
71	71	1 : View List ['read_metadata_seektable_']	71	85	read_metadata_	call site: 00652	/src/flac/src/libFLAC/stream_decoder.c:1414
59	59	1 : View List ['FLAC__bitreader_read_utf8_uint64']	71	256	read_frame_header_	call site: 00787	/src/flac/src/libFLAC/stream_decoder.c:2482
41	41	1 : View List ['FLAC__bitwriter_write_utf8_uint64']	41	255	FLAC__frame_add_header	call site: 01269	/src/flac/src/libFLAC/stream_encoder_framing.c:356
26	26	3 : View List ['FLAC__format_seektable_sort', 'abort', 'FLAC__format_seektable_is_legal']	26	26	update_metadata_	call site: 01429	/src/flac/src/libFLAC/stream_encoder.c:2838
18	20	3 : View List ['FLAC__bitreader_is_consumed_byte_aligned', 'abort', 'FLAC__stream_decoder_get_input_bytes_unconsumed']	18	20	FLAC__stream_decoder_get_decode_position	call site: 00756	/src/flac/src/libFLAC/stream_decoder.c:880
16	16	1 : View List ['FLAC__ogg_decoder_aspect_reset']	16	24	FLAC__stream_decoder_reset	call site: 00567	/src/flac/src/libFLAC/stream_decoder.c:938
13	13	1 : View List ['FLAC__ogg_decoder_aspect_flush']	13	15	FLAC__stream_decoder_flush	call site: 00570	/src/flac/src/libFLAC/stream_decoder.c:912
12	12	1 : View List ['FLAC__ogg_decoder_aspect_finish']	16	20	FLAC__stream_decoder_finish	call site: 01440	/src/flac/src/libFLAC/stream_decoder.c:644
10	10	2 : View List ['safe_calloc_', 'free']	16	148	read_frame_	call site: 00897	/src/flac/src/libFLAC/stream_decoder.c:2153

Runtime coverage analysis

Covered functions

343

Functions that are reachable but not covered

80

Reachable functions

442

Percentage of reachable functions covered

81.9%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/flac/oss-fuzz/encoder.cc	3
/src/flac/oss-fuzz/./fuzzing/datasource/datasource.hpp	12
/src/flac/src/libFLAC++/stream_encoder.cpp	47
/src/flac/src/libFLAC/stream_encoder.c	73
/src/flac/src/libFLAC/bitwriter.c	25
/src/flac/src/libFLAC/ogg_encoder_aspect.c	5
/src/flac/src/libFLAC/format.c	14
/src/flac/oss-fuzz/./fuzzing/memory.hpp	1
/src/flac/src/libFLAC/cpu.c	5
/src/flac/src/libFLAC/lpc.c	19
/src/flac/src/libFLAC/./include/private/bitmath.h	5
/src/flac/src/libFLAC/fixed.c	10
/src/flac/src/libFLAC/lpc_intrin_sse2.c	4
/src/flac/src/libFLAC/lpc_intrin_sse41.c	1
/src/flac/src/libFLAC/lpc_intrin_avx2.c	3
/src/flac/src/libFLAC/lpc_intrin_fma.c	3
/src/flac/src/libFLAC/fixed_intrin_sse2.c	1
/src/flac/src/libFLAC/fixed_intrin_ssse3.c	1
/src/flac/src/libFLAC/fixed_intrin_sse42.c	1
/src/flac/src/libFLAC/fixed_intrin_avx2.c	2
/src/flac/src/libFLAC/stream_encoder_intrin_sse2.c	2
/src/flac/src/libFLAC/stream_encoder_intrin_ssse3.c	1
/src/flac/src/libFLAC/stream_encoder_intrin_avx2.c	1
/src/ogg/src/framing.c	31
/src/flac/src/libFLAC/memory.c	7
/src/flac/src/libFLAC/../../include/share/alloc.h	10
/src/flac/src/libFLAC/window.c	17
/src/flac/src/libFLAC/stream_decoder.c	37
/src/flac/src/libFLAC/bitreader.c	32
/src/flac/src/libFLAC/ogg_decoder_aspect.c	6
/src/flac/src/libFLAC/crc.c	3
/src/flac/src/libFLAC/md5.c	6
/src/flac/src/libFLAC/bitmath.c	1
/src/flac/src/libFLAC/stream_encoder_framing.c	8
/src/flac/src/libFLAC/ogg_helper.c	5

Fuzzer: fuzzer_encoder_v2

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	368	25.0%
gold	[1:9]	3	0.20%
yellow	[10:29]	4	0.27%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	1092	74.4%
All colors	1467	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
323	431	11 : View List ['abort', 'read_metadata_picture_', 'FLAC__bitreader_limit_remaining', 'send_error_to_client_', 'malloc', 'FLAC__bitreader_remove_limit', 'free', 'read_metadata_vorbiscomment_', 'read_metadata_cuesheet_', 'FLAC__bitreader_read_byte_block_aligned_no_crc', 'FLAC__bitreader_set_limit']	323	499	read_metadata_	call site: 00563	/src/flac/src/libFLAC/stream_decoder.c:1452
169	169	1 : View List ['read_callback_ogg_aspect_']	169	169	read_callback_	call site: 01280	/src/flac/src/libFLAC/stream_decoder.c:3059
74	74	4 : View List ['strncmp', 'strlen', 'strtod', 'strchr']	74	74	FLAC__stream_encoder_set_apodization	call site: 00061	/src/flac/src/libFLAC/stream_encoder.c:1824
59	59	1 : View List ['FLAC__bitreader_read_utf8_uint64']	71	256	read_frame_header_	call site: 00686	/src/flac/src/libFLAC/stream_decoder.c:2482
41	41	1 : View List ['FLAC__bitwriter_write_utf8_uint64']	41	255	FLAC__frame_add_header	call site: 00339	/src/flac/src/libFLAC/stream_encoder_framing.c:356
18	20	3 : View List ['FLAC__bitreader_is_consumed_byte_aligned', 'abort', 'FLAC__stream_decoder_get_input_bytes_unconsumed']	18	20	FLAC__stream_decoder_get_decode_position	call site: 00654	/src/flac/src/libFLAC/stream_decoder.c:880
17	17	1 : View List ['copy_vcentry_']	17	22	vorbiscomment_set_entry_	call site: 01061	/src/flac/src/libFLAC/metadata_object.c:265
16	16	1 : View List ['FLAC__ogg_decoder_aspect_reset']	16	24	FLAC__stream_decoder_reset	call site: 01318	/src/flac/src/libFLAC/stream_decoder.c:938
14	262	11 : View List ['read_zero_padding_', 'FLAC__bitreader_clear', 'abort', 'send_error_to_client_', 'free', 'FLAC__bitreader_read_raw_uint32', 'write_audio_frame_to_client_', 'FLAC__bitreader_get_read_crc16', 'safe_calloc_', 'undo_channel_coding', 'FLAC__bitreader_rewind_to_after_last_seen_framesync']	14	262	read_frame_	call site: 00712	/src/flac/src/libFLAC/stream_decoder.c:2095
13	13	1 : View List ['FLAC__ogg_decoder_aspect_flush']	13	15	FLAC__stream_decoder_flush	call site: 01321	/src/flac/src/libFLAC/stream_decoder.c:912
12	12	1 : View List ['FLAC__ogg_decoder_aspect_finish']	16	20	FLAC__stream_decoder_finish	call site: 00888	/src/flac/src/libFLAC/stream_decoder.c:644
11	11	1 : View List ['copy_track_']	11	16	cuesheet_set_track_	call site: 01101	/src/flac/src/libFLAC/metadata_object.c:412

Runtime coverage analysis

Covered functions

320

Functions that are reachable but not covered

62

Reachable functions

373

Percentage of reachable functions covered

83.38%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/flac/oss-fuzz/encoder_v2.cc	2
/src/flac/src/libFLAC/stream_encoder.c	72
/src/flac/src/libFLAC/bitwriter.c	25
/src/flac/src/libFLAC/ogg_encoder_aspect.c	5
/src/flac/src/libFLAC/format.c	17
/src/flac/src/libFLAC/memory.c	7
/src/flac/src/libFLAC/../../include/share/alloc.h	12
/src/flac/src/libFLAC/window.c	17
/src/flac/src/libFLAC/lpc.c	19
/src/flac/src/libFLAC/md5.c	6
/src/flac/src/libFLAC/./include/private/bitmath.h	5
/src/flac/src/libFLAC/fixed.c	10
/src/flac/src/libFLAC/bitmath.c	1
/src/flac/src/libFLAC/stream_encoder_framing.c	8
/src/flac/src/libFLAC/crc.c	3
/src/flac/src/libFLAC/stream_decoder.c	38
/src/flac/src/libFLAC/bitreader.c	32
/src/ogg/src/framing.c	29
/src/flac/src/libFLAC/ogg_helper.c	5
/src/flac/src/libFLAC/ogg_decoder_aspect.c	6
/src/flac/src/libFLAC/metadata_object.c	34
/src/flac/src/libFLAC/cpu.c	5
/src/flac/src/libFLAC/lpc_intrin_sse2.c	4
/src/flac/src/libFLAC/lpc_intrin_sse41.c	1
/src/flac/src/libFLAC/lpc_intrin_avx2.c	3
/src/flac/src/libFLAC/lpc_intrin_fma.c	3
/src/flac/src/libFLAC/fixed_intrin_sse2.c	1
/src/flac/src/libFLAC/fixed_intrin_ssse3.c	1
/src/flac/src/libFLAC/fixed_intrin_sse42.c	1
/src/flac/src/libFLAC/fixed_intrin_avx2.c	2
/src/flac/src/libFLAC/stream_encoder_intrin_sse2.c	2
/src/flac/src/libFLAC/stream_encoder_intrin_ssse3.c	1
/src/flac/src/libFLAC/stream_encoder_intrin_avx2.c	1

Fuzzer: fuzzer_metadata

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	121	7.18%
gold	[1:9]	10	0.59%
yellow	[10:29]	35	2.07%
greenyellow	[30:49]	15	0.89%
lawngreen	50+	1502	89.2%
All colors	1683	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
14	14	1 : View List ['ensure_null_terminated_']	14	19	vorbiscomment_set_entry_	call site: 01356	/src/flac/src/libFLAC/metadata_object.c:265
4	22	2 : View List ['realloc', 'ogg_stream_clear']	4	22	_os_lacing_expand	call site: 00201	/src/ogg/src/framing.c:206
2	9	2 : View List ['safe_malloc_', 'abort']	2	9	copy_vcentry_	call site: 00040	/src/flac/src/libFLAC/metadata_object.c:133
2	2	1 : View List ['strrchr']	10	10	open_tempfile_	call site: 00796	/src/flac/src/libFLAC/metadata_iterators.c:3403
2	2	1 : View List ['get_binary_stdin_']	2	371	init_FILE_internal_	call site: 00127	/src/flac/src/libFLAC/stream_decoder.c:497
2	2	1 : View List ['memcmp']	2	6	FLAC__stream_decoder_finish	call site: 00250	/src/flac/src/libFLAC/stream_decoder.c:654
2	2	1 : View List ['abort']	2	2	FLAC::Metadata::clone(FLAC::Metadata::Prototypeconst*)	call site: 00000	/src/flac/src/libFLAC++/metadata.cpp:120
0	121	1 : View List ['FLAC__metadata_object_vorbiscomment_append_comment']	0	121	FLAC__metadata_object_vorbiscomment_replace_comment	call site: 01348	/src/flac/src/libFLAC/metadata_object.c:1306
0	37	1 : View List ['FLAC__bitreader_read_raw_uint32']	0	37	FLAC__bitreader_skip_bits_no_crc	call site: 00366	/src/flac/src/libFLAC/bitreader.c:606
0	22	1 : View List ['FLAC__metadata_object_delete']	0	22	FLAC__metadata_simple_iterator_get_block	call site: 00591	/src/flac/src/libFLAC/metadata_iterators.c:664
0	22	1 : View List ['FLAC__metadata_object_delete']	0	22	chain_prepare_for_write_	call site: 01648	/src/flac/src/libFLAC/metadata_iterators.c:1169
0	18	1 : View List ['set_file_stats_']	0	18	FLAC__metadata_chain_write	call site: 01666	/src/flac/src/libFLAC/metadata_iterators.c:1813

Runtime coverage analysis

Covered functions

466

Functions that are reachable but not covered

54

Reachable functions

671

Percentage of reachable functions covered

91.95%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/flac/oss-fuzz/metadata.cc	4
/src/flac/src/libFLAC++/metadata.cpp	119
/src/flac/src/libFLAC/metadata_object.c	71
/src/flac/src/libFLAC/../../include/share/alloc.h	8
/src/flac/src/libFLAC/memory.c	1
/src/flac/src/libFLAC/metadata_iterators.c	112
/src/flac/src/libFLAC/stream_decoder.c	31
/src/flac/src/libFLAC/bitreader.c	23
/src/flac/src/libFLAC/format.c	9
/src/flac/src/libFLAC/ogg_decoder_aspect.c	6
/src/ogg/src/framing.c	26
/src/flac/src/libFLAC/cpu.c	5
/src/flac/src/libFLAC/./include/private/bitmath.h	2
/src/flac/src/libFLAC/crc.c	1
/src/flac/src/libFLAC/md5.c	3
/src/flac/src/libFLAC++/../../include/FLAC++/metadata.h	24
/src/flac/oss-fuzz/../include/FLAC++/metadata.h	8
/src/flac/src/libFLAC++/../../include/share/alloc.h	3

Fuzzer: /src/flac/oss-fuzz/encoder_v2.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	229	15.6%
gold	[1:9]	5	0.34%
yellow	[10:29]	8	0.54%
greenyellow	[30:49]	2	0.13%
lawngreen	50+	1223	83.3%
All colors	1467	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
156	263	2 : View List ['flac__utils_set_channel_mask_tag', 'FLAC__metadata_object_clone']	160	1800	EncoderSession_init_encoder	call site: 00000	/src/flac/oss-fuzz/../src/flac/encode.c:1909
74	74	4 : View List ['strncmp', 'strlen', 'strtod', 'strchr']	74	74	FLAC__stream_encoder_set_apodization	call site: 00061	/src/flac/src/libFLAC/stream_encoder.c:1824
48	122	11 : View List ['FLAC__metadata_simple_iterator_next', 'fseeko', 'fread', 'abort', 'FLAC__metadata_simple_iterator_get_block_offset', 'unpack32be_', 'FLAC__metadata_simple_iterator_get_block_length', 'FLAC__metadata_simple_iterator_get_application_id', 'append_block_', 'FLAC__metadata_simple_iterator_get_block_type', 'memcmp']	48	122	read_from_flac_	call site: 00000	/src/flac/oss-fuzz/../src/flac/foreign_metadata.c:603
42	42	1 : View List ['write_to_iff_']	46	46	flac__foreign_metadata_write_to_iff	call site: 00000	/src/flac/oss-fuzz/../src/flac/foreign_metadata.c:924
41	41	1 : View List ['FLAC__bitwriter_write_utf8_uint64']	41	255	FLAC__frame_add_header	call site: 00339	/src/flac/src/libFLAC/stream_encoder_framing.c:356
28	28	1 : View List ['FLAC__replaygain_synthesis__apply_gain']	32	32	write_callback	call site: 00000	/src/flac/oss-fuzz/../src/flac/decode.c:1256
26	65	8 : View List ['fread', 'fseeko', 'ftello', 'feof', 'append_block_', 'memcmp', 'unpack32le_', 'unpack64le_']	26	65	read_from_wave_	call site: 00000	/src/flac/oss-fuzz/../src/flac/foreign_metadata.c:292
18	18	1 : View List ['flac__utils_canonicalize_cue_specification']	34	34	metadata_callback	call site: 00000	/src/flac/oss-fuzz/../src/flac/decode.c:1513
18	18	4 : View List ['iconv', 'realloc', '__errno_location', 'safe_malloc_add_2op_.552']	26	26	iconvert	call site: 00000	/src/flac/src/share/utf8/iconvert.c:144
17	17	1 : View List ['print_verify_error']	19	2082	EncoderSession_finish_ok	call site: 00000	/src/flac/oss-fuzz/../src/flac/encode.c:1514
17	17	1 : View List ['print_verify_error']	17	1941	EncoderSession_finish_error	call site: 00000	/src/flac/oss-fuzz/../src/flac/encode.c:1556
12	12	2 : View List ['strncmp', 'strlen']	12	12	share___getopt_internal	call site: 00000	/src/flac/src/share/getopt/getopt.c:801

Runtime coverage analysis

Covered functions

1178

Functions that are reachable but not covered

24

Reachable functions

373

Percentage of reachable functions covered

93.57%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/flac/oss-fuzz/encoder_v2.cc	2
/src/flac/src/libFLAC/stream_encoder.c	72
/src/flac/src/libFLAC/bitwriter.c	25
/src/flac/src/libFLAC/ogg_encoder_aspect.c	5
/src/flac/src/libFLAC/format.c	17
/src/flac/src/libFLAC/memory.c	7
/src/flac/src/libFLAC/../../include/share/alloc.h	12
/src/flac/src/libFLAC/window.c	17
/src/flac/src/libFLAC/lpc.c	19
/src/flac/src/libFLAC/md5.c	6
/src/flac/src/libFLAC/./include/private/bitmath.h	5
/src/flac/src/libFLAC/fixed.c	10
/src/flac/src/libFLAC/bitmath.c	1
/src/flac/src/libFLAC/stream_encoder_framing.c	8
/src/flac/src/libFLAC/crc.c	3
/src/flac/src/libFLAC/stream_decoder.c	38
/src/flac/src/libFLAC/bitreader.c	32
/src/ogg/src/framing.c	29
/src/flac/src/libFLAC/ogg_helper.c	5
/src/flac/src/libFLAC/ogg_decoder_aspect.c	6
/src/flac/src/libFLAC/metadata_object.c	34
/src/flac/src/libFLAC/cpu.c	5
/src/flac/src/libFLAC/lpc_intrin_sse2.c	4
/src/flac/src/libFLAC/lpc_intrin_sse41.c	1
/src/flac/src/libFLAC/lpc_intrin_avx2.c	3
/src/flac/src/libFLAC/lpc_intrin_fma.c	3
/src/flac/src/libFLAC/fixed_intrin_sse2.c	1
/src/flac/src/libFLAC/fixed_intrin_ssse3.c	1
/src/flac/src/libFLAC/fixed_intrin_sse42.c	1
/src/flac/src/libFLAC/fixed_intrin_avx2.c	2
/src/flac/src/libFLAC/stream_encoder_intrin_sse2.c	2
/src/flac/src/libFLAC/stream_encoder_intrin_ssse3.c	1
/src/flac/src/libFLAC/stream_encoder_intrin_avx2.c	1

Fuzzer: /src/flac/oss-fuzz/reencoder.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	241	16.0%
gold	[1:9]	3	0.19%
yellow	[10:29]	10	0.66%
greenyellow	[30:49]	3	0.19%
lawngreen	50+	1246	82.9%
All colors	1503	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
156	263	2 : View List ['flac__utils_set_channel_mask_tag', 'FLAC__metadata_object_clone']	160	1800	EncoderSession_init_encoder	call site: 00000	/src/flac/oss-fuzz/../src/flac/encode.c:1909
74	74	4 : View List ['strncmp', 'strlen', 'strtod', 'strchr']	74	74	FLAC__stream_encoder_set_apodization	call site: 00065	/src/flac/src/libFLAC/stream_encoder.c:1824
48	122	11 : View List ['FLAC__metadata_simple_iterator_next', 'fseeko', 'fread', 'abort', 'FLAC__metadata_simple_iterator_get_block_offset', 'unpack32be_', 'FLAC__metadata_simple_iterator_get_block_length', 'FLAC__metadata_simple_iterator_get_application_id', 'append_block_', 'FLAC__metadata_simple_iterator_get_block_type', 'memcmp']	48	122	read_from_flac_	call site: 00000	/src/flac/oss-fuzz/../src/flac/foreign_metadata.c:603
42	42	1 : View List ['write_to_iff_']	46	46	flac__foreign_metadata_write_to_iff	call site: 00000	/src/flac/oss-fuzz/../src/flac/foreign_metadata.c:924
41	41	1 : View List ['FLAC__bitwriter_write_utf8_uint64']	41	255	FLAC__frame_add_header	call site: 00585	/src/flac/src/libFLAC/stream_encoder_framing.c:356
28	28	1 : View List ['FLAC__replaygain_synthesis__apply_gain']	32	32	write_callback	call site: 00000	/src/flac/oss-fuzz/../src/flac/decode.c:1256
26	65	8 : View List ['fread', 'fseeko', 'ftello', 'feof', 'append_block_', 'memcmp', 'unpack32le_', 'unpack64le_']	26	65	read_from_wave_	call site: 00000	/src/flac/oss-fuzz/../src/flac/foreign_metadata.c:292
18	18	1 : View List ['flac__utils_canonicalize_cue_specification']	34	34	metadata_callback	call site: 00000	/src/flac/oss-fuzz/../src/flac/decode.c:1513
18	18	4 : View List ['iconv', 'realloc', '__errno_location', 'safe_malloc_add_2op_.552']	26	26	iconvert	call site: 00000	/src/flac/src/share/utf8/iconvert.c:144
17	17	1 : View List ['print_verify_error']	19	2082	EncoderSession_finish_ok	call site: 00000	/src/flac/oss-fuzz/../src/flac/encode.c:1514
17	17	1 : View List ['print_verify_error']	17	1941	EncoderSession_finish_error	call site: 00000	/src/flac/oss-fuzz/../src/flac/encode.c:1556
12	12	2 : View List ['strncmp', 'strlen']	12	12	share___getopt_internal	call site: 00000	/src/flac/src/share/getopt/getopt.c:801

Runtime coverage analysis

Covered functions

1178

Functions that are reachable but not covered

28

Reachable functions

482

Percentage of reachable functions covered

94.19%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/flac/oss-fuzz/reencoder.cc	4
/src/flac/oss-fuzz/./fuzzing/datasource/datasource.hpp	10
/src/flac/src/libFLAC++/stream_encoder.cpp	46
/src/flac/src/libFLAC/stream_encoder.c	71
/src/flac/src/libFLAC/bitwriter.c	24
/src/flac/src/libFLAC/ogg_encoder_aspect.c	6
/src/flac/src/libFLAC/format.c	14
/src/flac/src/libFLAC++/stream_decoder.cpp	9
/src/flac/src/libFLAC/stream_decoder.c	41
/src/flac/src/libFLAC/bitreader.c	32
/src/flac/src/libFLAC/ogg_decoder_aspect.c	6
/src/flac/oss-fuzz/./fuzzing/memory.hpp	1
/src/ogg/src/framing.c	31
/src/flac/src/libFLAC/cpu.c	5
/src/flac/src/libFLAC/./include/private/bitmath.h	5
/src/flac/src/libFLAC/crc.c	3
/src/flac/src/libFLAC/md5.c	6
/src/flac/src/libFLAC/memory.c	7
/src/flac/src/libFLAC/../../include/share/alloc.h	10
/src/flac/src/libFLAC/window.c	17
/src/flac/src/libFLAC/lpc.c	19
/src/flac/src/libFLAC/fixed.c	10
/src/flac/src/libFLAC/bitmath.c	1
/src/flac/src/libFLAC/stream_encoder_framing.c	8
/src/flac/src/libFLAC/ogg_helper.c	5
/src/flac/src/libFLAC/metadata_object.c	4
/src/flac/src/libFLAC/lpc_intrin_sse2.c	4
/src/flac/src/libFLAC/lpc_intrin_sse41.c	1
/src/flac/src/libFLAC/lpc_intrin_avx2.c	3
/src/flac/src/libFLAC/lpc_intrin_fma.c	3
/src/flac/src/libFLAC/fixed_intrin_sse2.c	1
/src/flac/src/libFLAC/fixed_intrin_ssse3.c	1
/src/flac/src/libFLAC/fixed_intrin_sse42.c	1
/src/flac/src/libFLAC/fixed_intrin_avx2.c	2
/src/flac/src/libFLAC/stream_encoder_intrin_sse2.c	2
/src/flac/src/libFLAC/stream_encoder_intrin_ssse3.c	1
/src/flac/src/libFLAC/stream_encoder_intrin_avx2.c	1

Fuzzer: /src/flac/oss-fuzz/metadata.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	161	9.56%
gold	[1:9]	16	0.95%
yellow	[10:29]	27	1.60%
greenyellow	[30:49]	7	0.41%
lawngreen	50+	1472	87.4%
All colors	1683	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
156	263	2 : View List ['flac__utils_set_channel_mask_tag', 'FLAC__metadata_object_clone']	160	1800	EncoderSession_init_encoder	call site: 00000	/src/flac/oss-fuzz/../src/flac/encode.c:1909
74	74	4 : View List ['strncmp', 'strlen', 'strtod', 'strchr']	74	74	FLAC__stream_encoder_set_apodization	call site: 00000	/src/flac/src/libFLAC/stream_encoder.c:1824
48	122	11 : View List ['FLAC__metadata_simple_iterator_next', 'fseeko', 'fread', 'abort', 'FLAC__metadata_simple_iterator_get_block_offset', 'unpack32be_', 'FLAC__metadata_simple_iterator_get_block_length', 'FLAC__metadata_simple_iterator_get_application_id', 'append_block_', 'FLAC__metadata_simple_iterator_get_block_type', 'memcmp']	48	122	read_from_flac_	call site: 00000	/src/flac/oss-fuzz/../src/flac/foreign_metadata.c:603
42	42	1 : View List ['write_to_iff_']	46	46	flac__foreign_metadata_write_to_iff	call site: 00000	/src/flac/oss-fuzz/../src/flac/foreign_metadata.c:924
41	41	1 : View List ['FLAC__bitwriter_write_utf8_uint64']	41	255	FLAC__frame_add_header	call site: 00000	/src/flac/src/libFLAC/stream_encoder_framing.c:356
28	28	1 : View List ['FLAC__replaygain_synthesis__apply_gain']	32	32	write_callback	call site: 00000	/src/flac/oss-fuzz/../src/flac/decode.c:1256
26	65	8 : View List ['fread', 'fseeko', 'ftello', 'feof', 'append_block_', 'memcmp', 'unpack32le_', 'unpack64le_']	26	65	read_from_wave_	call site: 00000	/src/flac/oss-fuzz/../src/flac/foreign_metadata.c:292
18	18	1 : View List ['flac__utils_canonicalize_cue_specification']	34	34	metadata_callback	call site: 00000	/src/flac/oss-fuzz/../src/flac/decode.c:1513
18	18	4 : View List ['iconv', 'realloc', '__errno_location', 'safe_malloc_add_2op_.552']	26	26	iconvert	call site: 00000	/src/flac/src/share/utf8/iconvert.c:144
17	17	1 : View List ['print_verify_error']	19	2082	EncoderSession_finish_ok	call site: 00000	/src/flac/oss-fuzz/../src/flac/encode.c:1514
17	17	1 : View List ['print_verify_error']	17	1941	EncoderSession_finish_error	call site: 00000	/src/flac/oss-fuzz/../src/flac/encode.c:1556
12	12	2 : View List ['strncmp', 'strlen']	12	12	share___getopt_internal	call site: 00000	/src/flac/src/share/getopt/getopt.c:801

Runtime coverage analysis

Covered functions

1178

Functions that are reachable but not covered

43

Reachable functions

671

Percentage of reachable functions covered

93.59%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/flac/oss-fuzz/metadata.cc	4
/src/flac/src/libFLAC++/metadata.cpp	119
/src/flac/src/libFLAC/metadata_object.c	71
/src/flac/src/libFLAC/../../include/share/alloc.h	8
/src/flac/src/libFLAC/memory.c	1
/src/flac/src/libFLAC/metadata_iterators.c	112
/src/flac/src/libFLAC/stream_decoder.c	31
/src/flac/src/libFLAC/bitreader.c	23
/src/flac/src/libFLAC/format.c	9
/src/flac/src/libFLAC/ogg_decoder_aspect.c	6
/src/ogg/src/framing.c	26
/src/flac/src/libFLAC/cpu.c	5
/src/flac/src/libFLAC/./include/private/bitmath.h	2
/src/flac/src/libFLAC/crc.c	1
/src/flac/src/libFLAC/md5.c	3
/src/flac/src/libFLAC++/../../include/FLAC++/metadata.h	24
/src/flac/oss-fuzz/../include/FLAC++/metadata.h	8
/src/flac/src/libFLAC++/../../include/share/alloc.h	3

Fuzzer: fuzzer_tool_metaflac

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	250	11.7%
gold	[1:9]	290	13.6%
yellow	[10:29]	54	2.53%
greenyellow	[30:49]	64	3.00%
lawngreen	50+	1473	69.1%
All colors	2131	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
813	813	1 : View List ['chain_read_ogg_cb_']	815	815	chain_read_	call site: 00655	/src/flac/src/libFLAC/metadata_iterators.c:1613
169	169	1 : View List ['read_callback_ogg_aspect_']	169	169	read_callback_	call site: 00710	/src/flac/src/libFLAC/stream_decoder.c:3059
53	53	1 : View List ['FLAC__MD5Accumulate']	53	53	write_audio_frame_to_client_	call site: 01976	/src/flac/src/libFLAC/stream_decoder.c:3261
16	16	1 : View List ['FLAC__ogg_decoder_aspect_reset']	16	24	FLAC__stream_decoder_reset	call site: 00754	/src/flac/src/libFLAC/stream_decoder.c:938
14	14	1 : View List ['ensure_null_terminated_']	14	19	vorbiscomment_set_entry_	call site: 01600	/src/flac/src/libFLAC/metadata_object.c:265
13	13	1 : View List ['FLAC__ogg_decoder_aspect_flush']	13	15	FLAC__stream_decoder_flush	call site: 00757	/src/flac/src/libFLAC/stream_decoder.c:912
12	12	1 : View List ['FLAC__ogg_decoder_aspect_finish']	16	20	FLAC__stream_decoder_finish	call site: 00779	/src/flac/src/libFLAC/stream_decoder.c:644
12	12	2 : View List ['strncmp', 'strlen']	12	12	share___getopt_internal	call site: 00043	/src/flac/src/share/getopt/getopt.c:785
8	8	1 : View List ['die']	93	311	set_vc_field	call site: 01570	/src/flac/oss-fuzz/../src/metaflac/operations_shorthand_vorbiscomment.c:255
8	8	1 : View List ['die']	42	42	parse_block_type	call site: 00321	/src/flac/oss-fuzz/../src/metaflac/options.c:1045
8	8	1 : View List ['die']	20	4016	do_major_operation_on_file	call site: 00634	/src/flac/oss-fuzz/../src/metaflac/operations.c:120
8	8	1 : View List ['die']	18	18	parse_block_number	call site: 00307	/src/flac/oss-fuzz/../src/metaflac/options.c:1006

Runtime coverage analysis

Covered functions

397

Functions that are reachable but not covered

121

Reachable functions

513

Percentage of reachable functions covered

76.41%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/flac/oss-fuzz/tool_metaflac.c	1
/src/flac/oss-fuzz/./../src/metaflac/main.c	1
/src/flac/oss-fuzz/../src/metaflac/options.c	24
/src/flac/src/share/getopt/getopt1.c	1
/src/flac/src/share/getopt/getopt.c	3
/src/flac/oss-fuzz/../src/metaflac/utils.c	9
/src/flac/oss-fuzz/../include/share/alloc.h	5
/src/flac/src/libFLAC/format.c	12
/src/flac/oss-fuzz/../include/share/safe_str.h	1
/src/flac/src/share/grabbag/alloc.c	1
/src/flac/oss-fuzz/../src/metaflac/usage.c	4
/src/flac/oss-fuzz/../src/metaflac/operations.c	16
/src/flac/src/libFLAC/metadata_iterators.c	79
/src/flac/src/libFLAC/metadata_object.c	44
/src/flac/src/libFLAC/stream_decoder.c	48
/src/flac/src/libFLAC/bitreader.c	32
/src/flac/src/libFLAC/ogg_decoder_aspect.c	6
/src/ogg/src/framing.c	26
/src/flac/src/libFLAC/cpu.c	5
/src/flac/src/libFLAC/./include/private/bitmath.h	3
/src/flac/src/libFLAC/crc.c	1
/src/flac/src/libFLAC/md5.c	6
/src/flac/src/libFLAC/../../include/share/alloc.h	11
/src/flac/src/libFLAC/memory.c	3
/src/flac/src/share/utf8/utf8.c	3
/src/flac/src/libFLAC/bitwriter.c	14
/src/flac/src/libFLAC/stream_encoder_framing.c	1
/src/flac/oss-fuzz/../src/metaflac/operations_shorthand_streaminfo.c	1
/src/flac/oss-fuzz/../src/metaflac/operations_shorthand_vorbiscomment.c	8
/src/flac/src/share/grabbag/file.c	3
/src/flac/oss-fuzz/../src/metaflac/operations_shorthand_cuesheet.c	3
/src/flac/src/share/grabbag/cuesheet.c	9
/src/flac/src/share/../../include/share/safe_str.h	1
/src/flac/src/share/grabbag/snprintf.c	1
/src/flac/oss-fuzz/../src/metaflac/operations_shorthand_picture.c	3
/src/flac/src/share/grabbag/picture.c	7
/src/flac/src/share/../../include/share/alloc.h	4
/src/flac/oss-fuzz/../src/metaflac/operations_shorthand_seektable.c	3
/src/flac/src/share/grabbag/seektable.c	1
/src/flac/src/libFLAC/fixed.c	3
/src/flac/src/libFLAC/lpc.c	5
/src/flac/src/libFLAC/bitmath.c	1
/src/flac/src/share/grabbag/replaygain.c	17
/src/flac/src/share/replaygain_analysis/replaygain_analysis.c	10

Fuzzer: fuzzer_reencoder

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	266	17.6%
gold	[1:9]	8	0.53%
yellow	[10:29]	12	0.79%
greenyellow	[30:49]	2	0.13%
lawngreen	50+	1215	80.8%
All colors	1503	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
89	89	4 : View List ['simple_ogg_page__set_at', 'simple_ogg_page__init', 'simple_ogg_page__get_at', 'simple_ogg_page__clear']	89	89	update_ogg_metadata_	call site: 01068	/src/flac/src/libFLAC/stream_encoder.c:2986
74	74	4 : View List ['strncmp', 'strlen', 'strtod', 'strchr']	74	74	FLAC__stream_encoder_set_apodization	call site: 00065	/src/flac/src/libFLAC/stream_encoder.c:1824
41	41	1 : View List ['FLAC__bitwriter_write_utf8_uint64']	41	255	FLAC__frame_add_header	call site: 00585	/src/flac/src/libFLAC/stream_encoder_framing.c:356
18	20	3 : View List ['FLAC__bitreader_is_consumed_byte_aligned', 'abort', 'FLAC__stream_decoder_get_input_bytes_unconsumed']	18	20	FLAC__stream_decoder_get_decode_position	call site: 00888	/src/flac/src/libFLAC/stream_decoder.c:882
17	26	3 : View List ['FLAC__format_seektable_sort', 'abort', 'FLAC__format_seektable_is_legal']	17	26	update_metadata_	call site: 01092	/src/flac/src/libFLAC/stream_encoder.c:2838
8	262	11 : View List ['read_zero_padding_', 'FLAC__bitreader_clear', 'abort', 'send_error_to_client_', 'free', 'FLAC__bitreader_read_raw_uint32', 'write_audio_frame_to_client_', 'FLAC__bitreader_get_read_crc16', 'safe_calloc_', 'undo_channel_coding', 'FLAC__bitreader_rewind_to_after_last_seen_framesync']	8	262	read_frame_	call site: 00945	/src/flac/src/libFLAC/stream_decoder.c:2095
5	5	1 : View List ['FLAC__window_hann']	5	5	FLAC__window_tukey	call site: 00429	/src/flac/src/libFLAC/window.c:203
2	9	2 : View List ['safe_malloc_', 'abort']	2	9	copy_vcentry_	call site: 00000	/src/flac/src/libFLAC/metadata_object.c:133
2	2	1 : View List ['fclose']	4	8	FLAC__stream_decoder_finish	call site: 01106	/src/flac/src/libFLAC/stream_decoder.c:648
2	2	1 : View List ['fclose']	2	43	FLAC__stream_encoder_finish	call site: 01100	/src/flac/src/libFLAC/stream_encoder.c:1531
2	2	1 : View List ['memcmp']	2	6	FLAC__stream_decoder_finish	call site: 01109	/src/flac/src/libFLAC/stream_decoder.c:654
2	2	1 : View List ['abort']	2	2	FLAC__bitwriter_write_rice_signed_block	call site: 00689	/src/flac/src/libFLAC/bitwriter.c:690

Runtime coverage analysis

Covered functions

425

Functions that are reachable but not covered

71

Reachable functions

482

Percentage of reachable functions covered

85.27%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/flac/oss-fuzz/reencoder.cc	4
/src/flac/oss-fuzz/./fuzzing/datasource/datasource.hpp	10
/src/flac/src/libFLAC++/stream_encoder.cpp	46
/src/flac/src/libFLAC/stream_encoder.c	71
/src/flac/src/libFLAC/bitwriter.c	24
/src/flac/src/libFLAC/ogg_encoder_aspect.c	6