Fuzz introspector
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues
Report generation date: 2023-06-07

Project overview: freetype2

High level conclusions

Reachability and coverage overview

Functions statically reachable by fuzzers
11.0%
440 / 4172
Cyclomatic complexity statically reachable by fuzzers
13.0%
3788 / 29009
Runtime code coverage of functions
51.0%
2115 / 4172

Warning: The number of runtime covered functions are larger than the number of reachable functions. This means that Fuzz Introspector found there are more functions covered at runtime than what is considered reachable based on the static analysis. This is a limitation in the analysis as anything covered at runtime is by definition reachable by the fuzzers.
This is likely due to a limitation in the static analysis. In this case, the count of functions covered at runtime is the true value, which means this is what should be considered "achieved" by the fuzzer.

Use the project functions table below to query all functions that were not covered at runtime.

Fuzzers overview

Fuzzer Fuzzer filename Functions Reached Functions unreached Fuzzer depth Files reached Basic blocks reached Cyclomatic complexity Details
gzip fuzzing/src/fuzzers/template.cpp 112 3362 11 18 1715 609 template.cpp
bzip2 fuzzing/src/fuzzers/template.cpp 103 3371 11 15 1620 626 template.cpp
lzw fuzzing/src/fuzzers/template.cpp 94 3380 11 13 589 277 template.cpp
cff-ftengine fuzzing/src/fuzzers/template.cpp 332 3768 15 23 5980 2302 template.cpp
type1-ftengine fuzzing/src/fuzzers/template.cpp 332 3752 15 23 5980 2302 template.cpp
truetype-render-i35 fuzzing/src/fuzzers/template.cpp 332 3732 15 23 5980 2302 template.cpp
type42 fuzzing/src/fuzzers/template.cpp 332 3730 15 23 5980 2302 template.cpp
ftfuzzer fuzzing/src/legacy/ftfuzzer.cc 342 3580 11 22 6764 2534 ftfuzzer.cc
windowsfnt-render fuzzing/src/fuzzers/template.cpp 332 3701 15 23 5980 2302 template.cpp
pcf fuzzing/src/fuzzers/template.cpp 332 3705 15 23 5980 2302 template.cpp
cidtype1-render fuzzing/src/fuzzers/template.cpp 332 3725 15 23 5980 2302 template.cpp
windowsfnt fuzzing/src/fuzzers/template.cpp 332 3700 15 23 5980 2302 template.cpp
colrv1 fuzzing/src/fuzzers/template.cpp 332 3695 15 23 5980 2302 template.cpp
pcf-render fuzzing/src/fuzzers/template.cpp 332 3701 15 23 5980 2302 template.cpp
cff-render-ftengine fuzzing/src/fuzzers/template.cpp 332 3732 15 23 5980 2302 template.cpp
glyphs-bitmaps-pcf fuzzing/src/fuzzers/template.cpp 332 3714 15 23 5980 2302 template.cpp
type1-tar fuzzing/src/fuzzers/template.cpp 332 3752 15 23 5980 2302 template.cpp
cidtype1-render-ftengine fuzzing/src/fuzzers/template.cpp 332 3727 15 23 5980 2302 template.cpp
type1-render-tar fuzzing/src/fuzzers/template.cpp 332 3732 15 23 5980 2302 template.cpp
type1-render-ftengine fuzzing/src/fuzzers/template.cpp 332 3732 15 23 5980 2302 template.cpp
cidtype1 fuzzing/src/fuzzers/template.cpp 332 3737 15 23 5980 2302 template.cpp
type42-render fuzzing/src/fuzzers/template.cpp 332 3725 15 23 5980 2302 template.cpp
truetype-render fuzzing/src/fuzzers/template.cpp 332 3730 15 23 5980 2302 template.cpp
type1 fuzzing/src/fuzzers/template.cpp 332 3750 15 23 5980 2302 template.cpp
type1-render fuzzing/src/fuzzers/template.cpp 332 3730 15 23 5980 2302 template.cpp
truetype fuzzing/src/fuzzers/template.cpp 332 3734 15 23 5980 2302 template.cpp
cidtype1-ftengine fuzzing/src/fuzzers/template.cpp 332 3739 15 23 5980 2302 template.cpp
cff fuzzing/src/fuzzers/template.cpp 332 3766 15 23 5980 2302 template.cpp
truetype-render-i38 fuzzing/src/fuzzers/template.cpp 332 3732 15 23 5980 2302 template.cpp
bdf-render fuzzing/src/fuzzers/template.cpp 332 3701 15 23 5980 2302 template.cpp
glyphs-outlines fuzzing/src/fuzzers/template.cpp 332 3731 15 23 5980 2302 template.cpp
bdf fuzzing/src/fuzzers/template.cpp 332 3705 15 23 5980 2302 template.cpp
cff-render fuzzing/src/fuzzers/template.cpp 332 3730 15 23 5980 2302 template.cpp

Fuzzer details

Fuzzer: gzip

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 63 43.7%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 2 1.38%
lawngreen 50+ 79 54.8%
All colors 144 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
35 35 2 :

['z_crc32', 'z_adler32']

35 35 z_inflate call site: 00075 /src/freetype2-testing/external/zlib/inflate.c:1266
2 2 1 :

['FT_Done_Memory']

2 49 FT_Init_FreeType call site: 00000 /src/freetype2-testing/external/freetype2/src/base/ftinit.c:225
0 152 3 :

['fixedtables', 'z_inflate_fast', 'z_inflate_table']

300 462 z_inflate call site: 00074 /src/freetype2-testing/external/zlib/inflate.c:1222
0 3 1 :

['ft_mem_free']

0 3 FT_Add_Module call site: 00000 /src/freetype2-testing/external/freetype2/src/base/ftobjs.c:5154
0 0 None 300 462 z_inflate call site: 00051 /src/freetype2-testing/external/zlib/inflate.c:658
0 0 None 300 462 z_inflate call site: 00072 /src/freetype2-testing/external/zlib/inflate.c:1198
0 0 None 102 144 FT_Add_Module call site: 00000 /src/freetype2-testing/external/freetype2/src/base/ftobjs.c:5083
0 0 None 102 144 FT_Add_Module call site: 00000 /src/freetype2-testing/external/freetype2/src/base/ftobjs.c:5086
0 0 None 100 142 FT_Add_Module call site: 00000 /src/freetype2-testing/external/freetype2/src/base/ftobjs.c:5097
0 0 None 35 45 z_inflate call site: 00068 /src/freetype2-testing/external/zlib/inflate.c:871
0 0 None 18 18 FT_Set_Default_Properties call site: 00000 /src/freetype2-testing/external/freetype2/src/base/ftinit.c:126
0 0 None 2 212 FT_Init_FreeType call site: 00000 /src/freetype2-testing/external/freetype2/src/base/ftinit.c:215

Runtime coverage analysis

Covered functions
86
Functions that are reachable but not covered
54
Reachable functions
112
Percentage of reachable functions covered
51.79%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/src/fuzzers/template.cpp 1
fuzzing/src/targets/support/GzipFuzzTarget.cpp 1
fuzzing/src/targets/FuzzTarget.h 1
fuzzing/src/utils/FreeTypeStream.cpp 4
external/freetype2/src/base/ftstream.c 11
fuzzing/src/utils/FreeTypeStream.h 3
external/freetype2/src/gzip/ftgzip.c 14
external/freetype2/src/base/ftutil.c 3
external/zlib/inflate.c 9
external/zlib/zutil.c 2
external/zlib/crc32.c 4
external/zlib/adler32.c 2
external/zlib/inftrees.c 1
external/zlib/inffast.c 1
external/llvm-project/libcxxabi/src/cxa_exception.cpp 5
external/llvm-project/libcxxabi/src/cxa_exception_storage.cpp 4
external/llvm-project/libcxxabi/src/fallback_malloc.cpp 12
external/llvm-project/libcxxabi/src/abort_message.cpp 1

Fuzzer: bzip2

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 62 51.6%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 58 48.3%
All colors 120 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
6 6 1 :

['BZ2_indexIntoF']

6 6 BZ2_decompress call site: 00053 /src/freetype2-testing/external/bzip2/decompress.c:530
2 2 1 :

['FT_Done_Memory']

2 49 FT_Init_FreeType call site: 00000 /src/freetype2-testing/external/freetype2/src/base/ftinit.c:225
0 3 1 :

['ft_mem_free']

0 3 FT_Add_Module call site: 00000 /src/freetype2-testing/external/freetype2/src/base/ftobjs.c:5154
0 3 1 :

['ft_mem_free']

0 3 FT_Stream_OpenBzip2 call site: 00013 /src/freetype2-testing/external/freetype2/src/bzip2/ftbzip2.c:501
0 0 None 102 144 FT_Add_Module call site: 00000 /src/freetype2-testing/external/freetype2/src/base/ftobjs.c:5083
0 0 None 102 144 FT_Add_Module call site: 00000 /src/freetype2-testing/external/freetype2/src/base/ftobjs.c:5086
0 0 None 100 142 FT_Add_Module call site: 00000 /src/freetype2-testing/external/freetype2/src/base/ftobjs.c:5097
0 0 None 48 371 BZ2_bzDecompress call site: 00034 /src/freetype2-testing/external/bzip2/bzlib.c:820
0 0 None 48 371 BZ2_bzDecompress call site: 00046 /src/freetype2-testing/external/bzip2/bzlib.c:826
0 0 None 18 18 FT_Set_Default_Properties call site: 00000 /src/freetype2-testing/external/freetype2/src/base/ftinit.c:126
0 0 None 6 19 BZ2_decompress call site: 00049 /src/freetype2-testing/external/bzip2/decompress.c:211
0 0 None 6 19 BZ2_decompress call site: 00049 /src/freetype2-testing/external/bzip2/decompress.c:238

Runtime coverage analysis

Covered functions
78
Functions that are reachable but not covered
54
Reachable functions
103
Percentage of reachable functions covered
47.57%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/src/fuzzers/template.cpp 1
fuzzing/src/targets/support/Bzip2FuzzTarget.cpp 1
fuzzing/src/targets/FuzzTarget.h 1
fuzzing/src/utils/FreeTypeStream.cpp 4
external/freetype2/src/base/ftstream.c 7
fuzzing/src/utils/FreeTypeStream.h 3
external/freetype2/src/bzip2/ftbzip2.c 13
external/freetype2/src/base/ftutil.c 2
external/bzip2/bzlib.c 11
external/bzip2/decompress.c 2
external/bzip2/huffman.c 1
external/llvm-project/libcxxabi/src/cxa_exception.cpp 5
external/llvm-project/libcxxabi/src/cxa_exception_storage.cpp 4
external/llvm-project/libcxxabi/src/fallback_malloc.cpp 12
external/llvm-project/libcxxabi/src/abort_message.cpp 1

Fuzzer: lzw

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 42 42.0%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 58 57.9%
All colors 100 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2 2 1 :

['FT_Done_Memory']

2 49 FT_Init_FreeType call site: 00000 /src/freetype2-testing/external/freetype2/src/base/ftinit.c:225
0 3 1 :

['ft_mem_free']

0 3 FT_Add_Module call site: 00000 /src/freetype2-testing/external/freetype2/src/base/ftobjs.c:5154
0 3 1 :

['ft_mem_free']

0 3 ft_mem_qrealloc call site: 00032 /src/freetype2-testing/external/freetype2/src/base/ftutil.c:132
0 3 1 :

['ft_mem_free']

0 3 FT_Stream_OpenLZW call site: 00013 /src/freetype2-testing/external/freetype2/src/lzw/ftlzw.c:375
0 0 None 102 144 FT_Add_Module call site: 00000 /src/freetype2-testing/external/freetype2/src/base/ftobjs.c:5083
0 0 None 102 144 FT_Add_Module call site: 00000 /src/freetype2-testing/external/freetype2/src/base/ftobjs.c:5086
0 0 None 100 142 FT_Add_Module call site: 00000 /src/freetype2-testing/external/freetype2/src/base/ftobjs.c:5097
0 0 None 18 18 FT_Set_Default_Properties call site: 00000 /src/freetype2-testing/external/freetype2/src/base/ftinit.c:126
0 0 None 2 212 FT_Init_FreeType call site: 00000 /src/freetype2-testing/external/freetype2/src/base/ftinit.c:215
0 0 None 2 2 FT_Get_Module call site: 00000 /src/freetype2-testing/external/freetype2/src/base/ftobjs.c:5192
0 0 None 0 89 ft_lzw_file_skip_output call site: 00023 /src/freetype2-testing/external/freetype2/src/lzw/ftlzw.c:198
0 0 None 0 55 FT_Stream_OpenLZW call site: 00007 /src/freetype2-testing/external/freetype2/src/lzw/ftlzw.c:350

Runtime coverage analysis

Covered functions
77
Functions that are reachable but not covered
47
Reachable functions
94
Percentage of reachable functions covered
50.0%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/src/fuzzers/template.cpp 1
fuzzing/src/targets/support/LzwFuzzTarget.cpp 1
fuzzing/src/targets/FuzzTarget.h 1
fuzzing/src/utils/FreeTypeStream.cpp 4
external/freetype2/src/base/ftstream.c 7
fuzzing/src/utils/FreeTypeStream.h 3
external/freetype2/src/lzw/ftlzw.c 10
external/freetype2/src/base/ftutil.c 4
external/freetype2/src/lzw/ftzopen.c 8
external/llvm-project/libcxxabi/src/cxa_exception.cpp 5
external/llvm-project/libcxxabi/src/cxa_exception_storage.cpp 4
external/llvm-project/libcxxabi/src/fallback_malloc.cpp 12
external/llvm-project/libcxxabi/src/abort_message.cpp 1

Fuzzer: cff-ftengine

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 199 53.7%
gold [1:9] 3 0.81%
yellow [10:29] 1 0.27%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 167 45.1%
All colors 370 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
1685 1685 1 :

['freetype::TarReader::extract_data(unsigned char const*, unsigned long)']

1685 1685 freetype::FaceLoader::set_raw_bytes(unsignedcharconst*,unsignedlong) call site: 00000 /src/freetype2-testing/fuzzing/src/utils/faceloader.cpp:64
638 711 11 :

['FT_MulDiv', 'pcf_interpret_style', 'pcf_has_table_type', 'ft_mem_alloc', 'pcf_get_properties', 'pcf_get_metrics', 'pcf_get_bitmaps', 'ft_mem_strdup', 'pcf_find_property', 'pcf_get_accel', 'pcf_get_encodings']

638 711 pcf_load_font call site: 00000 /src/freetype2-testing/external/freetype2/src/pcf/pcfread.c:1427
520 602 4 :

['FT_Get_Module', 'FT_Done_Size', 'FT_CMap_New', 'FT_Open_Face']

520 602 T42_Face_Init call site: 00000 /src/freetype2-testing/external/freetype2/src/type42/t42objs.c:205
406 406 1 :

['ft_bzip2_file_skip_output']

406 807 ft_bzip2_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/bzip2/ftbzip2.c:390
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:817
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1246
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1281
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1519
335 335 1 :

['ft_gzip_file_skip_output']

335 665 ft_gzip_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/gzip/ftgzip.c:500
178 229 4 :

['pfr_log_font_load', 'ft_mem_qrealloc', 'FT_CMap_New', 'pfr_phy_font_load']

178 229 pfr_face_init call site: 00000 /src/freetype2-testing/external/freetype2/src/pfr/pfrobjs.c:113
95 95 1 :

['ft_lzw_file_skip_output']

95 187 ft_lzw_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/lzw/ftlzw.c:262
49 62 5 :

['t1_lookup_glyph_by_stdcharcode', 'FT_GlyphLoader_CheckSubGlyphs', 'FT_GlyphLoader_Prepare', 't1_decoder_parse_glyph', 'FT_RoundFix']

49 62 t1operator_seac call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:284

Runtime coverage analysis

Covered functions
1045
Functions that are reachable but not covered
247
Reachable functions
332
Percentage of reachable functions covered
25.6%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/src/fuzzers/template.cpp 1
fuzzing/src/targets/FaceFuzzTarget.cpp 1
fuzzing/src/targets/FuzzTarget.h 1
fuzzing/src/iterators/faceloaditerator.cpp 3
fuzzing/src/utils/faceloader.cpp 8
fuzzing/src/utils/tarreader.cpp 1
external/libarchive/libarchive/archive_read.c 22
external/libarchive/libarchive/archive_entry.c 1
external/libarchive/libarchive/archive_read_support_format_tar.c 9
external/libarchive/libarchive/archive_check_magic.c 6
external/libarchive/libarchive/archive_util.c 3
external/libarchive/libarchive/archive_string_sprintf.c 3
external/libarchive/libarchive/archive_string.c 7
external/libarchive/libarchive/archive_read_open_memory.c 7
external/libarchive/libarchive/archive_virtual.c 2
fuzzing/src/utils/utils.cpp 1
external/freetype2/src/base/ftobjs.c 30
external/freetype2/src/base/ftutil.c 8
external/freetype2/src/base/ftgloadr.c 4
external/freetype2/src/base/ftstream.c 9
external/freetype2/builds/unix/ftsystem.c 5
external/freetype2/src/base/ftrfork.c 6
external/freetype2/src/base/ftfntfmt.c 1

Fuzzer: type1-ftengine

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 199 53.7%
gold [1:9] 4 1.08%
yellow [10:29] 0 0.0%
greenyellow [30:49] 1 0.27%
lawngreen 50+ 166 44.8%
All colors 370 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2297 2335 10 :

['cff_builder_start_point', 'cff_builder_add_point', 'cff_builder_add_point1', 'cff_random', 'FT_GlyphLoader_Add', 'cff_check_points', 'cff_builder_close_contour', 'FT_DivFix', 'FT_MulFix_x86_64.3560', 'cff_operator_seac']

2297 2335 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:1948
2297 2335 10 :

['cff_builder_start_point', 'cff_builder_add_point', 'cff_builder_add_point1', 'cff_random', 'FT_GlyphLoader_Add', 'cff_check_points', 'cff_builder_close_contour', 'FT_DivFix', 'FT_MulFix_x86_64.3560', 'cff_operator_seac']

2297 2335 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:2242
1685 1685 1 :

['freetype::TarReader::extract_data(unsigned char const*, unsigned long)']

1685 1685 freetype::FaceLoader::set_raw_bytes(unsignedcharconst*,unsignedlong) call site: 00000 /src/freetype2-testing/fuzzing/src/utils/faceloader.cpp:64
638 711 11 :

['FT_MulDiv', 'pcf_interpret_style', 'pcf_has_table_type', 'ft_mem_alloc', 'pcf_get_properties', 'pcf_get_metrics', 'pcf_get_bitmaps', 'ft_mem_strdup', 'pcf_find_property', 'pcf_get_accel', 'pcf_get_encodings']

638 711 pcf_load_font call site: 00000 /src/freetype2-testing/external/freetype2/src/pcf/pcfread.c:1427
520 602 4 :

['FT_Get_Module', 'FT_Done_Size', 'FT_CMap_New', 'FT_Open_Face']

520 602 T42_Face_Init call site: 00000 /src/freetype2-testing/external/freetype2/src/type42/t42objs.c:205
406 406 1 :

['ft_bzip2_file_skip_output']

406 807 ft_bzip2_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/bzip2/ftbzip2.c:390
335 335 1 :

['ft_gzip_file_skip_output']

335 665 ft_gzip_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/gzip/ftgzip.c:500
280 293 3 :

['cff_builder_close_contour', 'FT_GlyphLoader_Add', 'cff_operator_seac']

280 293 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:1636
178 229 4 :

['pfr_log_font_load', 'ft_mem_qrealloc', 'FT_CMap_New', 'pfr_phy_font_load']

178 229 pfr_face_init call site: 00000 /src/freetype2-testing/external/freetype2/src/pfr/pfrobjs.c:113
95 95 1 :

['ft_lzw_file_skip_output']

95 187 ft_lzw_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/lzw/ftlzw.c:262
80 80 20 :

['std::__1::set , std::__1::allocator >::begin()', 'std::__1::__wrap_iter ::operator*() const', 'std::__1::__tree_const_iterator *, long>::operator*() const', 'FT_Face_GetVariantsOfChar', 'std::__1::__tree_const_iterator *, long>::operator++()', 'std::__1::__wrap_iter ::operator++()', 'bool std::__1::operator!= (std::__1::__wrap_iter const&, std::__1::__wrap_iter const&)', 'std::__1::vector >::begin()', 'std::__1::unique_ptr ::get() const', 'std::__1::vector >::size() const', 'FT_Face_GetCharVariantIsDefault', 'FT_Face_GetCharsOfVariant', 'std::__1::vector >::push_back(unsigned int const&)', 'std::__1::set , std::__1::allocator >::size() const', 'std::__1::vector >::end()', 'std::__1::set , std::__1::allocator >::clear()', 'std::__1::operator!=(std::__1::__tree_const_iterator *, long> const&, std::__1::__tree_const_iterator *, long> const&)', 'std::__1::set , std::__1::allocator >::end()', 'FT_Face_GetCharVariantIndex', 'std::__1::set , std::__1::allocator >::insert(unsigned int const&)']

80 80 freetype::FaceVisitorVariants::run(std::__1::unique_ptr ) call site: 00000 /src/freetype2-testing/fuzzing/src/visitors/facevisitor-variants.cpp:43
37 73 3 :

['FT_Match_Size', 'FT_Request_Metrics', 'FT_Select_Size']

37 73 FT_Request_Size call site: 00000 /src/freetype2-testing/external/freetype2/src/base/ftobjs.c:3465

Runtime coverage analysis

Covered functions
914
Functions that are reachable but not covered
247
Reachable functions
332
Percentage of reachable functions covered
25.6%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/src/fuzzers/template.cpp 1
fuzzing/src/targets/FaceFuzzTarget.cpp 1
fuzzing/src/targets/FuzzTarget.h 1
fuzzing/src/iterators/faceloaditerator.cpp 3
fuzzing/src/utils/faceloader.cpp 8
fuzzing/src/utils/tarreader.cpp 1
external/libarchive/libarchive/archive_read.c 22
external/libarchive/libarchive/archive_entry.c 1
external/libarchive/libarchive/archive_read_support_format_tar.c 9
external/libarchive/libarchive/archive_check_magic.c 6
external/libarchive/libarchive/archive_util.c 3
external/libarchive/libarchive/archive_string_sprintf.c 3
external/libarchive/libarchive/archive_string.c 7
external/libarchive/libarchive/archive_read_open_memory.c 7
external/libarchive/libarchive/archive_virtual.c 2
fuzzing/src/utils/utils.cpp 1
external/freetype2/src/base/ftobjs.c 30
external/freetype2/src/base/ftutil.c 8
external/freetype2/src/base/ftgloadr.c 4
external/freetype2/src/base/ftstream.c 9
external/freetype2/builds/unix/ftsystem.c 5
external/freetype2/src/base/ftrfork.c 6
external/freetype2/src/base/ftfntfmt.c 1

Fuzzer: truetype-render-i35

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 201 54.3%
gold [1:9] 2 0.54%
yellow [10:29] 1 0.27%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 166 44.8%
All colors 370 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2297 2335 10 :

['cff_builder_start_point', 'cff_builder_add_point', 'cff_builder_add_point1', 'cff_random', 'FT_GlyphLoader_Add', 'cff_check_points', 'cff_builder_close_contour', 'FT_DivFix', 'FT_MulFix_x86_64.3560', 'cff_operator_seac']

2297 2335 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:1948
2297 2335 10 :

['cff_builder_start_point', 'cff_builder_add_point', 'cff_builder_add_point1', 'cff_random', 'FT_GlyphLoader_Add', 'cff_check_points', 'cff_builder_close_contour', 'FT_DivFix', 'FT_MulFix_x86_64.3560', 'cff_operator_seac']

2297 2335 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:2242
1685 1685 1 :

['freetype::TarReader::extract_data(unsigned char const*, unsigned long)']

1685 1685 freetype::FaceLoader::set_raw_bytes(unsignedcharconst*,unsignedlong) call site: 00000 /src/freetype2-testing/fuzzing/src/utils/faceloader.cpp:64
638 711 11 :

['FT_MulDiv', 'pcf_interpret_style', 'pcf_has_table_type', 'ft_mem_alloc', 'pcf_get_properties', 'pcf_get_metrics', 'pcf_get_bitmaps', 'ft_mem_strdup', 'pcf_find_property', 'pcf_get_accel', 'pcf_get_encodings']

638 711 pcf_load_font call site: 00000 /src/freetype2-testing/external/freetype2/src/pcf/pcfread.c:1427
520 602 4 :

['FT_Get_Module', 'FT_Done_Size', 'FT_CMap_New', 'FT_Open_Face']

520 602 T42_Face_Init call site: 00000 /src/freetype2-testing/external/freetype2/src/type42/t42objs.c:205
406 406 1 :

['ft_bzip2_file_skip_output']

406 807 ft_bzip2_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/bzip2/ftbzip2.c:390
335 335 1 :

['ft_gzip_file_skip_output']

335 665 ft_gzip_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/gzip/ftgzip.c:500
280 293 3 :

['cff_builder_close_contour', 'FT_GlyphLoader_Add', 'cff_operator_seac']

280 293 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:1636
178 229 4 :

['pfr_log_font_load', 'ft_mem_qrealloc', 'FT_CMap_New', 'pfr_phy_font_load']

178 229 pfr_face_init call site: 00000 /src/freetype2-testing/external/freetype2/src/pfr/pfrobjs.c:113
174 174 2 :

['cff_encoding_load', 'cff_charset_load']

174 255 cff_font_load call site: 00000 /src/freetype2-testing/external/freetype2/src/cff/cffload.c:2495
95 95 1 :

['ft_lzw_file_skip_output']

95 187 ft_lzw_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/lzw/ftlzw.c:262
37 50 3 :

['ft_mem_alloc', 'ft_mem_free', 'FT_Stream_Open']

37 50 FT_Stream_New call site: 00208 /src/freetype2-testing/external/freetype2/src/base/ftobjs.c:231

Runtime coverage analysis

Covered functions
1267
Functions that are reachable but not covered
247
Reachable functions
332
Percentage of reachable functions covered
25.6%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/src/fuzzers/template.cpp 1
fuzzing/src/targets/FaceFuzzTarget.cpp 1
fuzzing/src/targets/FuzzTarget.h 1
fuzzing/src/iterators/faceloaditerator.cpp 3
fuzzing/src/utils/faceloader.cpp 8
fuzzing/src/utils/tarreader.cpp 1
external/libarchive/libarchive/archive_read.c 22
external/libarchive/libarchive/archive_entry.c 1
external/libarchive/libarchive/archive_read_support_format_tar.c 9
external/libarchive/libarchive/archive_check_magic.c 6
external/libarchive/libarchive/archive_util.c 3
external/libarchive/libarchive/archive_string_sprintf.c 3
external/libarchive/libarchive/archive_string.c 7
external/libarchive/libarchive/archive_read_open_memory.c 7
external/libarchive/libarchive/archive_virtual.c 2
fuzzing/src/utils/utils.cpp 1
external/freetype2/src/base/ftobjs.c 30
external/freetype2/src/base/ftutil.c 8
external/freetype2/src/base/ftgloadr.c 4
external/freetype2/src/base/ftstream.c 9
external/freetype2/builds/unix/ftsystem.c 5
external/freetype2/src/base/ftrfork.c 6
external/freetype2/src/base/ftfntfmt.c 1

Fuzzer: type42

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 199 53.7%
gold [1:9] 5 1.35%
yellow [10:29] 0 0.0%
greenyellow [30:49] 1 0.27%
lawngreen 50+ 165 44.5%
All colors 370 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2297 2335 10 :

['cff_builder_start_point', 'cff_builder_add_point', 'cff_builder_add_point1', 'cff_random', 'FT_GlyphLoader_Add', 'cff_check_points', 'cff_builder_close_contour', 'FT_DivFix', 'FT_MulFix_x86_64.3560', 'cff_operator_seac']

2297 2335 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:1948
2297 2335 10 :

['cff_builder_start_point', 'cff_builder_add_point', 'cff_builder_add_point1', 'cff_random', 'FT_GlyphLoader_Add', 'cff_check_points', 'cff_builder_close_contour', 'FT_DivFix', 'FT_MulFix_x86_64.3560', 'cff_operator_seac']

2297 2335 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:2242
1685 1685 1 :

['freetype::TarReader::extract_data(unsigned char const*, unsigned long)']

1685 1685 freetype::FaceLoader::set_raw_bytes(unsignedcharconst*,unsignedlong) call site: 00000 /src/freetype2-testing/fuzzing/src/utils/faceloader.cpp:64
638 711 11 :

['FT_MulDiv', 'pcf_interpret_style', 'pcf_has_table_type', 'ft_mem_alloc', 'pcf_get_properties', 'pcf_get_metrics', 'pcf_get_bitmaps', 'ft_mem_strdup', 'pcf_find_property', 'pcf_get_accel', 'pcf_get_encodings']

638 711 pcf_load_font call site: 00000 /src/freetype2-testing/external/freetype2/src/pcf/pcfread.c:1427
406 406 1 :

['ft_bzip2_file_skip_output']

406 807 ft_bzip2_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/bzip2/ftbzip2.c:390
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:817
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1246
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1281
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1519
335 335 1 :

['ft_gzip_file_skip_output']

335 665 ft_gzip_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/gzip/ftgzip.c:500
280 293 3 :

['cff_builder_close_contour', 'FT_GlyphLoader_Add', 'cff_operator_seac']

280 293 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:1636
181 195 2 :

['TT_Vary_Apply_Glyph_Deltas', 'ft_mem_qrealloc']

206 223 TT_Process_Simple_Glyph call site: 00000 /src/freetype2-testing/external/freetype2/src/truetype/ttgload.c:939

Runtime coverage analysis

Covered functions
868
Functions that are reachable but not covered
247
Reachable functions
332
Percentage of reachable functions covered
25.6%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/src/fuzzers/template.cpp 1
fuzzing/src/targets/FaceFuzzTarget.cpp 1
fuzzing/src/targets/FuzzTarget.h 1
fuzzing/src/iterators/faceloaditerator.cpp 3
fuzzing/src/utils/faceloader.cpp 8
fuzzing/src/utils/tarreader.cpp 1
external/libarchive/libarchive/archive_read.c 22
external/libarchive/libarchive/archive_entry.c 1
external/libarchive/libarchive/archive_read_support_format_tar.c 9
external/libarchive/libarchive/archive_check_magic.c 6
external/libarchive/libarchive/archive_util.c 3
external/libarchive/libarchive/archive_string_sprintf.c 3
external/libarchive/libarchive/archive_string.c 7
external/libarchive/libarchive/archive_read_open_memory.c 7
external/libarchive/libarchive/archive_virtual.c 2
fuzzing/src/utils/utils.cpp 1
external/freetype2/src/base/ftobjs.c 30
external/freetype2/src/base/ftutil.c 8
external/freetype2/src/base/ftgloadr.c 4
external/freetype2/src/base/ftstream.c 9
external/freetype2/builds/unix/ftsystem.c 5
external/freetype2/src/base/ftrfork.c 6
external/freetype2/src/base/ftfntfmt.c 1

Fuzzer: ftfuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 130 31.7%
gold [1:9] 4 0.97%
yellow [10:29] 4 0.97%
greenyellow [30:49] 1 0.24%
lawngreen 50+ 270 66.0%
All colors 409 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2297 2335 10 :

['cff_builder_start_point', 'cff_builder_add_point', 'cff_builder_add_point1', 'cff_random', 'FT_GlyphLoader_Add', 'cff_check_points', 'cff_builder_close_contour', 'FT_DivFix', 'FT_MulFix_x86_64.3560', 'cff_operator_seac']

2297 2335 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:2242
406 406 1 :

['ft_bzip2_file_skip_output']

406 807 ft_bzip2_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/bzip2/ftbzip2.c:390
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:817
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1040
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1246
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1281
368 368 1 :

['OSS_FUZZ_png_start_read_image']

368 1685 OSS_FUZZ_png_read_image call site: 00000 /src/freetype2-testing/external/libpng/build/../pngread.c:712
280 293 3 :

['cff_builder_close_contour', 'FT_GlyphLoader_Add', 'cff_operator_seac']

280 293 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:1636
274 317 8 :

['OSS_FUZZ_png_gamma_significant', 'OSS_FUZZ_png_build_gamma_table', 'OSS_FUZZ_png_gamma_8bit_correct', 'OSS_FUZZ_png_gamma_correct', 'OSS_FUZZ_png_error', 'OSS_FUZZ_png_reciprocal', 'OSS_FUZZ_png_warning', 'OSS_FUZZ_png_reciprocal2']

274 317 OSS_FUZZ_png_init_read_transformations call site: 00000 /src/freetype2-testing/external/libpng/build/../pngrtran.c:1574
261 261 1 :

['FT_Render_Glyph']

261 261 FT_Load_Glyph call site: 00394 /src/freetype2-testing/external/freetype2/src/base/ftobjs.c:1168
203 280 2 :

['archive_set_error', 'gnu_sparse_10_read']

203 280 tar_read_header call site: 00000 /src/freetype2-testing/external/libarchive/libarchive/archive_read_support_format_tar.c:852
115 115 1 :

['png_cache_unknown_chunk']

201 273 OSS_FUZZ_png_handle_unknown call site: 00000 /src/freetype2-testing/external/libpng/build/../pngrutil.c:3028

Runtime coverage analysis

Covered functions
1607
Functions that are reachable but not covered
101
Reachable functions
342
Percentage of reachable functions covered
70.47%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/src/legacy/ftfuzzer.cc 6
external/libarchive/libarchive/archive_read.c 22
external/libarchive/libarchive/archive_entry.c 1
external/libarchive/libarchive/archive_read_support_format_tar.c 9
external/libarchive/libarchive/archive_check_magic.c 6
external/libarchive/libarchive/archive_util.c 3
external/libarchive/libarchive/archive_string_sprintf.c 3
external/libarchive/libarchive/archive_string.c 7
external/libarchive/libarchive/archive_read_open_memory.c 7
external/libarchive/libarchive/archive_virtual.c 2
external/freetype2/src/base/ftobjs.c 45
external/freetype2/src/base/ftutil.c 8
external/freetype2/src/base/ftstream.c 9
external/freetype2/builds/unix/ftsystem.c 5
external/freetype2/src/base/ftrfork.c 6
external/freetype2/src/base/ftgloadr.c 4
external/freetype2/src/base/ftcalc.c 3
external/freetype2/include/freetype/internal/ftcalc.h 1
external/freetype2/src/base/ftmm.c 4
external/freetype2/src/base/ftfntfmt.c 1
external/freetype2/src/base/ftoutln.c 5
external/freetype2/src/base/ftlcdfil.c 1

Fuzzer: windowsfnt-render

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 200 54.0%
gold [1:9] 5 1.35%
yellow [10:29] 1 0.27%
greenyellow [30:49] 1 0.27%
lawngreen 50+ 163 44.0%
All colors 370 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2297 2335 10 :

['cff_builder_start_point', 'cff_builder_add_point', 'cff_builder_add_point1', 'cff_random', 'FT_GlyphLoader_Add', 'cff_check_points', 'cff_builder_close_contour', 'FT_DivFix', 'FT_MulFix_x86_64.3560', 'cff_operator_seac']

2297 2335 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:1948
2297 2335 10 :

['cff_builder_start_point', 'cff_builder_add_point', 'cff_builder_add_point1', 'cff_random', 'FT_GlyphLoader_Add', 'cff_check_points', 'cff_builder_close_contour', 'FT_DivFix', 'FT_MulFix_x86_64.3560', 'cff_operator_seac']

2297 2335 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:2242
1685 1685 1 :

['freetype::TarReader::extract_data(unsigned char const*, unsigned long)']

1685 1685 freetype::FaceLoader::set_raw_bytes(unsignedcharconst*,unsignedlong) call site: 00000 /src/freetype2-testing/fuzzing/src/utils/faceloader.cpp:64
638 711 11 :

['FT_MulDiv', 'pcf_interpret_style', 'pcf_has_table_type', 'ft_mem_alloc', 'pcf_get_properties', 'pcf_get_metrics', 'pcf_get_bitmaps', 'ft_mem_strdup', 'pcf_find_property', 'pcf_get_accel', 'pcf_get_encodings']

638 711 pcf_load_font call site: 00000 /src/freetype2-testing/external/freetype2/src/pcf/pcfread.c:1427
520 602 4 :

['FT_Get_Module', 'FT_Done_Size', 'FT_CMap_New', 'FT_Open_Face']

520 602 T42_Face_Init call site: 00000 /src/freetype2-testing/external/freetype2/src/type42/t42objs.c:205
406 406 1 :

['ft_bzip2_file_skip_output']

406 807 ft_bzip2_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/bzip2/ftbzip2.c:390
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:817
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:916
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1083
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1246
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1281
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1533

Runtime coverage analysis

Covered functions
774
Functions that are reachable but not covered
247
Reachable functions
332
Percentage of reachable functions covered
25.6%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/src/fuzzers/template.cpp 1
fuzzing/src/targets/FaceFuzzTarget.cpp 1
fuzzing/src/targets/FuzzTarget.h 1
fuzzing/src/iterators/faceloaditerator.cpp 3
fuzzing/src/utils/faceloader.cpp 8
fuzzing/src/utils/tarreader.cpp 1
external/libarchive/libarchive/archive_read.c 22
external/libarchive/libarchive/archive_entry.c 1
external/libarchive/libarchive/archive_read_support_format_tar.c 9
external/libarchive/libarchive/archive_check_magic.c 6
external/libarchive/libarchive/archive_util.c 3
external/libarchive/libarchive/archive_string_sprintf.c 3
external/libarchive/libarchive/archive_string.c 7
external/libarchive/libarchive/archive_read_open_memory.c 7
external/libarchive/libarchive/archive_virtual.c 2
fuzzing/src/utils/utils.cpp 1
external/freetype2/src/base/ftobjs.c 30
external/freetype2/src/base/ftutil.c 8
external/freetype2/src/base/ftgloadr.c 4
external/freetype2/src/base/ftstream.c 9
external/freetype2/builds/unix/ftsystem.c 5
external/freetype2/src/base/ftrfork.c 6
external/freetype2/src/base/ftfntfmt.c 1

Fuzzer: pcf

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 199 53.7%
gold [1:9] 5 1.35%
yellow [10:29] 1 0.27%
greenyellow [30:49] 1 0.27%
lawngreen 50+ 164 44.3%
All colors 370 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2323 2335 10 :

['cff_builder_start_point', 'cff_builder_add_point', 'cff_builder_add_point1', 'cff_random', 'FT_GlyphLoader_Add', 'cff_check_points', 'cff_builder_close_contour', 'FT_DivFix', 'FT_MulFix_x86_64.3560', 'cff_operator_seac']

2323 2335 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:2242
1685 1685 1 :

['freetype::TarReader::extract_data(unsigned char const*, unsigned long)']

1685 1685 freetype::FaceLoader::set_raw_bytes(unsignedcharconst*,unsignedlong) call site: 00000 /src/freetype2-testing/fuzzing/src/utils/faceloader.cpp:64
520 602 4 :

['FT_Get_Module', 'FT_Done_Size', 'FT_CMap_New', 'FT_Open_Face']

520 602 T42_Face_Init call site: 00000 /src/freetype2-testing/external/freetype2/src/type42/t42objs.c:205
406 406 1 :

['ft_bzip2_file_skip_output']

406 807 ft_bzip2_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/bzip2/ftbzip2.c:390
293 293 3 :

['cff_builder_close_contour', 'FT_GlyphLoader_Add', 'cff_operator_seac']

293 293 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:1636
178 229 4 :

['pfr_log_font_load', 'ft_mem_qrealloc', 'FT_CMap_New', 'pfr_phy_font_load']

178 229 pfr_face_init call site: 00000 /src/freetype2-testing/external/freetype2/src/pfr/pfrobjs.c:113
95 95 1 :

['ft_lzw_file_skip_output']

95 187 ft_lzw_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/lzw/ftlzw.c:262
80 80 20 :

['std::__1::set , std::__1::allocator >::begin()', 'std::__1::__wrap_iter ::operator*() const', 'std::__1::__tree_const_iterator *, long>::operator*() const', 'FT_Face_GetVariantsOfChar', 'std::__1::__tree_const_iterator *, long>::operator++()', 'std::__1::__wrap_iter ::operator++()', 'bool std::__1::operator!= (std::__1::__wrap_iter const&, std::__1::__wrap_iter const&)', 'std::__1::vector >::begin()', 'std::__1::unique_ptr ::get() const', 'std::__1::vector >::size() const', 'FT_Face_GetCharVariantIsDefault', 'FT_Face_GetCharsOfVariant', 'std::__1::vector >::push_back(unsigned int const&)', 'std::__1::set , std::__1::allocator >::size() const', 'std::__1::vector >::end()', 'std::__1::set , std::__1::allocator >::clear()', 'std::__1::operator!=(std::__1::__tree_const_iterator *, long> const&, std::__1::__tree_const_iterator *, long> const&)', 'std::__1::set , std::__1::allocator >::end()', 'FT_Face_GetCharVariantIndex', 'std::__1::set , std::__1::allocator >::insert(unsigned int const&)']

80 80 freetype::FaceVisitorVariants::run(std::__1::unique_ptr ) call site: 00000 /src/freetype2-testing/fuzzing/src/visitors/facevisitor-variants.cpp:43
37 50 3 :

['ft_mem_alloc', 'ft_mem_free', 'FT_Stream_Open']

37 50 FT_Stream_New call site: 00208 /src/freetype2-testing/external/freetype2/src/base/ftobjs.c:231
36 36 4 :

['FT_Vector_Transform', 'FT_Outline_Translate', 'FT_Outline_Transform', 'ft_lookup_glyph_renderer']

352 352 FT_Load_Glyph call site: 00000 /src/freetype2-testing/external/freetype2/src/base/ftobjs.c:1123
35 35 1 :

['ft_bzip2_file_reset']

441 842 ft_bzip2_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/bzip2/ftbzip2.c:382
26 102 4 :

['FT_CMap_New', 'strcmp', 'FT_RoundFix', 'T1_Compute_Max_Advance']

26 102 T1_Face_Init call site: 00000 /src/freetype2-testing/external/freetype2/src/type1/t1objs.c:359

Runtime coverage analysis

Covered functions
780
Functions that are reachable but not covered
247
Reachable functions
332
Percentage of reachable functions covered
25.6%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/src/fuzzers/template.cpp 1
fuzzing/src/targets/FaceFuzzTarget.cpp 1
fuzzing/src/targets/FuzzTarget.h 1
fuzzing/src/iterators/faceloaditerator.cpp 3
fuzzing/src/utils/faceloader.cpp 8
fuzzing/src/utils/tarreader.cpp 1
external/libarchive/libarchive/archive_read.c 22
external/libarchive/libarchive/archive_entry.c 1
external/libarchive/libarchive/archive_read_support_format_tar.c 9
external/libarchive/libarchive/archive_check_magic.c 6
external/libarchive/libarchive/archive_util.c 3
external/libarchive/libarchive/archive_string_sprintf.c 3
external/libarchive/libarchive/archive_string.c 7
external/libarchive/libarchive/archive_read_open_memory.c 7
external/libarchive/libarchive/archive_virtual.c 2
fuzzing/src/utils/utils.cpp 1
external/freetype2/src/base/ftobjs.c 30
external/freetype2/src/base/ftutil.c 8
external/freetype2/src/base/ftgloadr.c 4
external/freetype2/src/base/ftstream.c 9
external/freetype2/builds/unix/ftsystem.c 5
external/freetype2/src/base/ftrfork.c 6
external/freetype2/src/base/ftfntfmt.c 1

Fuzzer: cidtype1-render

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 200 54.0%
gold [1:9] 3 0.81%
yellow [10:29] 2 0.54%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 165 44.5%
All colors 370 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2297 2335 10 :

['cff_builder_start_point', 'cff_builder_add_point', 'cff_builder_add_point1', 'cff_random', 'FT_GlyphLoader_Add', 'cff_check_points', 'cff_builder_close_contour', 'FT_DivFix', 'FT_MulFix_x86_64.3560', 'cff_operator_seac']

2297 2335 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:1948
2297 2335 10 :

['cff_builder_start_point', 'cff_builder_add_point', 'cff_builder_add_point1', 'cff_random', 'FT_GlyphLoader_Add', 'cff_check_points', 'cff_builder_close_contour', 'FT_DivFix', 'FT_MulFix_x86_64.3560', 'cff_operator_seac']

2297 2335 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:2242
1685 1685 1 :

['freetype::TarReader::extract_data(unsigned char const*, unsigned long)']

1685 1685 freetype::FaceLoader::set_raw_bytes(unsignedcharconst*,unsignedlong) call site: 00000 /src/freetype2-testing/fuzzing/src/utils/faceloader.cpp:64
638 711 11 :

['FT_MulDiv', 'pcf_interpret_style', 'pcf_has_table_type', 'ft_mem_alloc', 'pcf_get_properties', 'pcf_get_metrics', 'pcf_get_bitmaps', 'ft_mem_strdup', 'pcf_find_property', 'pcf_get_accel', 'pcf_get_encodings']

638 711 pcf_load_font call site: 00000 /src/freetype2-testing/external/freetype2/src/pcf/pcfread.c:1427
520 602 4 :

['FT_Get_Module', 'FT_Done_Size', 'FT_CMap_New', 'FT_Open_Face']

520 602 T42_Face_Init call site: 00000 /src/freetype2-testing/external/freetype2/src/type42/t42objs.c:205
406 406 1 :

['ft_bzip2_file_skip_output']

406 807 ft_bzip2_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/bzip2/ftbzip2.c:390
335 335 1 :

['ft_gzip_file_skip_output']

335 665 ft_gzip_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/gzip/ftgzip.c:500
280 293 3 :

['cff_builder_close_contour', 'FT_GlyphLoader_Add', 'cff_operator_seac']

280 293 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:1636
178 229 4 :

['pfr_log_font_load', 'ft_mem_qrealloc', 'FT_CMap_New', 'pfr_phy_font_load']

178 229 pfr_face_init call site: 00000 /src/freetype2-testing/external/freetype2/src/pfr/pfrobjs.c:113
174 174 2 :

['cff_encoding_load', 'cff_charset_load']

174 255 cff_font_load call site: 00000 /src/freetype2-testing/external/freetype2/src/cff/cffload.c:2495
126 11392 43 :

['cf2_hintmask_read', 'cf2_stack_pop', 'cf2_buf_isEnd', 'cf2_doStems', 'FT_GlyphLoader_Prepare', 'cf2_buf_readByte', 'cf2_initLocalRegionBuffer', 'cf2_hintmask_isValid', 'cf2_stack_count', 'FT_MulFix_x86_64.3560', 'cf2_stack_pushFixed', 'cf2_doBlend', 'cf2_glyphpath_moveTo', 'cf2_hintmask_init', 'FT_RoundFix', 'cf2_stack_popFixed', 'cf2_freeT1SeacComponent', 'cf2_freeSeacComponent', 'cf2_stack_popInt', 'cf2_arrstack_getPointer', 'FT_DivFix', 'cf2_glyphpath_closeOpenPath', 'cf2_getT1SeacComponent', 'cf2_initGlobalRegionBuffer', 'cff_random', 'ps_builder_check_points', 'cf2_arrstack_size', 'cf2_hintmap_build', 'FT_GlyphLoader_CheckSubGlyphs', 'cf2_stack_clear', 'cf2_glyphpath_lineTo', 'cf2_doFlex', 'cf2_glyphpath_curveTo', 't1_lookup_glyph_by_stdcharcode_ps', 'cf2_arrstack_clear', 'cf2_hintmap_init', 'cf2_interpT2CharString', 'ft_hash_num_lookup', 'cf2_getSeacComponent', 'cf2_stack_getReal', 'cf2_stack_setReal', 'cf2_stack_pushInt', 'cf2_stack_roll']

126 11423 cf2_interpT2CharString call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/psintrp.c:1017
95 95 1 :

['ft_lzw_file_skip_output']

95 187 ft_lzw_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/lzw/ftlzw.c:262

Runtime coverage analysis

Covered functions
992
Functions that are reachable but not covered
247
Reachable functions
332
Percentage of reachable functions covered
25.6%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/src/fuzzers/template.cpp 1
fuzzing/src/targets/FaceFuzzTarget.cpp 1
fuzzing/src/targets/FuzzTarget.h 1
fuzzing/src/iterators/faceloaditerator.cpp 3
fuzzing/src/utils/faceloader.cpp 8
fuzzing/src/utils/tarreader.cpp 1
external/libarchive/libarchive/archive_read.c 22
external/libarchive/libarchive/archive_entry.c 1
external/libarchive/libarchive/archive_read_support_format_tar.c 9
external/libarchive/libarchive/archive_check_magic.c 6
external/libarchive/libarchive/archive_util.c 3
external/libarchive/libarchive/archive_string_sprintf.c 3
external/libarchive/libarchive/archive_string.c 7
external/libarchive/libarchive/archive_read_open_memory.c 7
external/libarchive/libarchive/archive_virtual.c 2
fuzzing/src/utils/utils.cpp 1
external/freetype2/src/base/ftobjs.c 30
external/freetype2/src/base/ftutil.c 8
external/freetype2/src/base/ftgloadr.c 4
external/freetype2/src/base/ftstream.c 9
external/freetype2/builds/unix/ftsystem.c 5
external/freetype2/src/base/ftrfork.c 6
external/freetype2/src/base/ftfntfmt.c 1

Fuzzer: windowsfnt

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 199 53.7%
gold [1:9] 5 1.35%
yellow [10:29] 2 0.54%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 164 44.3%
All colors 370 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2323 2335 10 :

['cff_builder_start_point', 'cff_builder_add_point', 'cff_builder_add_point1', 'cff_random', 'FT_GlyphLoader_Add', 'cff_check_points', 'cff_builder_close_contour', 'FT_DivFix', 'FT_MulFix_x86_64.3560', 'cff_operator_seac']

2323 2335 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:1948
2323 2335 10 :

['cff_builder_start_point', 'cff_builder_add_point', 'cff_builder_add_point1', 'cff_random', 'FT_GlyphLoader_Add', 'cff_check_points', 'cff_builder_close_contour', 'FT_DivFix', 'FT_MulFix_x86_64.3560', 'cff_operator_seac']

2323 2335 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:2242
1685 1685 1 :

['freetype::TarReader::extract_data(unsigned char const*, unsigned long)']

1685 1685 freetype::FaceLoader::set_raw_bytes(unsignedcharconst*,unsignedlong) call site: 00000 /src/freetype2-testing/fuzzing/src/utils/faceloader.cpp:64
638 711 11 :

['FT_MulDiv', 'pcf_interpret_style', 'pcf_has_table_type', 'ft_mem_alloc', 'pcf_get_properties', 'pcf_get_metrics', 'pcf_get_bitmaps', 'ft_mem_strdup', 'pcf_find_property', 'pcf_get_accel', 'pcf_get_encodings']

638 711 pcf_load_font call site: 00000 /src/freetype2-testing/external/freetype2/src/pcf/pcfread.c:1427
520 602 4 :

['FT_Get_Module', 'FT_Done_Size', 'FT_CMap_New', 'FT_Open_Face']

520 602 T42_Face_Init call site: 00000 /src/freetype2-testing/external/freetype2/src/type42/t42objs.c:205
406 406 1 :

['ft_bzip2_file_skip_output']

406 807 ft_bzip2_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/bzip2/ftbzip2.c:390
335 335 1 :

['ft_gzip_file_skip_output']

335 665 ft_gzip_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/gzip/ftgzip.c:500
293 293 3 :

['cff_builder_close_contour', 'FT_GlyphLoader_Add', 'cff_operator_seac']

293 293 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:1636
178 229 4 :

['pfr_log_font_load', 'ft_mem_qrealloc', 'FT_CMap_New', 'pfr_phy_font_load']

178 229 pfr_face_init call site: 00000 /src/freetype2-testing/external/freetype2/src/pfr/pfrobjs.c:113
174 174 2 :

['cff_encoding_load', 'cff_charset_load']

174 255 cff_font_load call site: 00000 /src/freetype2-testing/external/freetype2/src/cff/cffload.c:2495
95 95 1 :

['ft_lzw_file_skip_output']

95 187 ft_lzw_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/lzw/ftlzw.c:262
37 50 3 :

['ft_mem_alloc', 'ft_mem_free', 'FT_Stream_Open']

37 50 FT_Stream_New call site: 00208 /src/freetype2-testing/external/freetype2/src/base/ftobjs.c:231

Runtime coverage analysis

Covered functions
746
Functions that are reachable but not covered
247
Reachable functions
332
Percentage of reachable functions covered
25.6%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/src/fuzzers/template.cpp 1
fuzzing/src/targets/FaceFuzzTarget.cpp 1
fuzzing/src/targets/FuzzTarget.h 1
fuzzing/src/iterators/faceloaditerator.cpp 3
fuzzing/src/utils/faceloader.cpp 8
fuzzing/src/utils/tarreader.cpp 1
external/libarchive/libarchive/archive_read.c 22
external/libarchive/libarchive/archive_entry.c 1
external/libarchive/libarchive/archive_read_support_format_tar.c 9
external/libarchive/libarchive/archive_check_magic.c 6
external/libarchive/libarchive/archive_util.c 3
external/libarchive/libarchive/archive_string_sprintf.c 3
external/libarchive/libarchive/archive_string.c 7
external/libarchive/libarchive/archive_read_open_memory.c 7
external/libarchive/libarchive/archive_virtual.c 2
fuzzing/src/utils/utils.cpp 1
external/freetype2/src/base/ftobjs.c 30
external/freetype2/src/base/ftutil.c 8
external/freetype2/src/base/ftgloadr.c 4
external/freetype2/src/base/ftstream.c 9
external/freetype2/builds/unix/ftsystem.c 5
external/freetype2/src/base/ftrfork.c 6
external/freetype2/src/base/ftfntfmt.c 1

Fuzzer: colrv1

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 200 54.0%
gold [1:9] 2 0.54%
yellow [10:29] 1 0.27%
greenyellow [30:49] 1 0.27%
lawngreen 50+ 166 44.8%
All colors 370 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2323 2335 10 :

['cff_builder_start_point', 'cff_builder_add_point', 'cff_builder_add_point1', 'cff_random', 'FT_GlyphLoader_Add', 'cff_check_points', 'cff_builder_close_contour', 'FT_DivFix', 'FT_MulFix_x86_64.3560', 'cff_operator_seac']

2323 2335 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:2242
1685 1685 1 :

['freetype::TarReader::extract_data(unsigned char const*, unsigned long)']

1685 1685 freetype::FaceLoader::set_raw_bytes(unsignedcharconst*,unsignedlong) call site: 00000 /src/freetype2-testing/fuzzing/src/utils/faceloader.cpp:64
638 711 11 :

['FT_MulDiv', 'pcf_interpret_style', 'pcf_has_table_type', 'ft_mem_alloc', 'pcf_get_properties', 'pcf_get_metrics', 'pcf_get_bitmaps', 'ft_mem_strdup', 'pcf_find_property', 'pcf_get_accel', 'pcf_get_encodings']

638 711 pcf_load_font call site: 00000 /src/freetype2-testing/external/freetype2/src/pcf/pcfread.c:1427
520 602 4 :

['FT_Get_Module', 'FT_Done_Size', 'FT_CMap_New', 'FT_Open_Face']

520 602 T42_Face_Init call site: 00000 /src/freetype2-testing/external/freetype2/src/type42/t42objs.c:205
406 406 1 :

['ft_bzip2_file_skip_output']

406 807 ft_bzip2_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/bzip2/ftbzip2.c:390
335 335 1 :

['ft_gzip_file_skip_output']

335 665 ft_gzip_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/gzip/ftgzip.c:500
293 293 3 :

['cff_builder_close_contour', 'FT_GlyphLoader_Add', 'cff_operator_seac']

293 293 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:1636
178 229 4 :

['pfr_log_font_load', 'ft_mem_qrealloc', 'FT_CMap_New', 'pfr_phy_font_load']

178 229 pfr_face_init call site: 00000 /src/freetype2-testing/external/freetype2/src/pfr/pfrobjs.c:113
95 95 1 :

['ft_lzw_file_skip_output']

95 187 ft_lzw_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/lzw/ftlzw.c:262
37 50 3 :

['ft_mem_alloc', 'ft_mem_free', 'FT_Stream_Open']

37 50 FT_Stream_New call site: 00208 /src/freetype2-testing/external/freetype2/src/base/ftobjs.c:231
35 35 1 :

['ft_bzip2_file_reset']

441 842 ft_bzip2_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/bzip2/ftbzip2.c:382
26 102 4 :

['FT_CMap_New', 'strcmp', 'FT_RoundFix', 'T1_Compute_Max_Advance']

26 102 T1_Face_Init call site: 00000 /src/freetype2-testing/external/freetype2/src/type1/t1objs.c:359

Runtime coverage analysis

Covered functions
795
Functions that are reachable but not covered
247
Reachable functions
332
Percentage of reachable functions covered
25.6%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/src/fuzzers/template.cpp 1
fuzzing/src/targets/FaceFuzzTarget.cpp 1
fuzzing/src/targets/FuzzTarget.h 1
fuzzing/src/iterators/faceloaditerator.cpp 3
fuzzing/src/utils/faceloader.cpp 8
fuzzing/src/utils/tarreader.cpp 1
external/libarchive/libarchive/archive_read.c 22
external/libarchive/libarchive/archive_entry.c 1
external/libarchive/libarchive/archive_read_support_format_tar.c 9
external/libarchive/libarchive/archive_check_magic.c 6
external/libarchive/libarchive/archive_util.c 3
external/libarchive/libarchive/archive_string_sprintf.c 3
external/libarchive/libarchive/archive_string.c 7
external/libarchive/libarchive/archive_read_open_memory.c 7
external/libarchive/libarchive/archive_virtual.c 2
fuzzing/src/utils/utils.cpp 1
external/freetype2/src/base/ftobjs.c 30
external/freetype2/src/base/ftutil.c 8
external/freetype2/src/base/ftgloadr.c 4
external/freetype2/src/base/ftstream.c 9
external/freetype2/builds/unix/ftsystem.c 5
external/freetype2/src/base/ftrfork.c 6
external/freetype2/src/base/ftfntfmt.c 1

Fuzzer: pcf-render

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 200 54.0%
gold [1:9] 5 1.35%
yellow [10:29] 1 0.27%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 164 44.3%
All colors 370 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2297 2335 10 :

['cff_builder_start_point', 'cff_builder_add_point', 'cff_builder_add_point1', 'cff_random', 'FT_GlyphLoader_Add', 'cff_check_points', 'cff_builder_close_contour', 'FT_DivFix', 'FT_MulFix_x86_64.3560', 'cff_operator_seac']

2297 2335 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:2242
1685 1685 1 :

['freetype::TarReader::extract_data(unsigned char const*, unsigned long)']

1685 1685 freetype::FaceLoader::set_raw_bytes(unsignedcharconst*,unsignedlong) call site: 00000 /src/freetype2-testing/fuzzing/src/utils/faceloader.cpp:64
520 602 4 :

['FT_Get_Module', 'FT_Done_Size', 'FT_CMap_New', 'FT_Open_Face']

520 602 T42_Face_Init call site: 00000 /src/freetype2-testing/external/freetype2/src/type42/t42objs.c:205
406 406 1 :

['ft_bzip2_file_skip_output']

406 807 ft_bzip2_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/bzip2/ftbzip2.c:390
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:817
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:848
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:880
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1019
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1246
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1281
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1519
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1533

Runtime coverage analysis

Covered functions
794
Functions that are reachable but not covered
247
Reachable functions
332
Percentage of reachable functions covered
25.6%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/src/fuzzers/template.cpp 1
fuzzing/src/targets/FaceFuzzTarget.cpp 1
fuzzing/src/targets/FuzzTarget.h 1
fuzzing/src/iterators/faceloaditerator.cpp 3
fuzzing/src/utils/faceloader.cpp 8
fuzzing/src/utils/tarreader.cpp 1
external/libarchive/libarchive/archive_read.c 22
external/libarchive/libarchive/archive_entry.c 1
external/libarchive/libarchive/archive_read_support_format_tar.c 9
external/libarchive/libarchive/archive_check_magic.c 6
external/libarchive/libarchive/archive_util.c 3
external/libarchive/libarchive/archive_string_sprintf.c 3
external/libarchive/libarchive/archive_string.c 7
external/libarchive/libarchive/archive_read_open_memory.c 7
external/libarchive/libarchive/archive_virtual.c 2
fuzzing/src/utils/utils.cpp 1
external/freetype2/src/base/ftobjs.c 30
external/freetype2/src/base/ftutil.c 8
external/freetype2/src/base/ftgloadr.c 4
external/freetype2/src/base/ftstream.c 9
external/freetype2/builds/unix/ftsystem.c 5
external/freetype2/src/base/ftrfork.c 6
external/freetype2/src/base/ftfntfmt.c 1

Fuzzer: cff-render-ftengine

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 201 54.3%
gold [1:9] 2 0.54%
yellow [10:29] 1 0.27%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 166 44.8%
All colors 370 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
1685 1685 1 :

['freetype::TarReader::extract_data(unsigned char const*, unsigned long)']

1685 1685 freetype::FaceLoader::set_raw_bytes(unsignedcharconst*,unsignedlong) call site: 00000 /src/freetype2-testing/fuzzing/src/utils/faceloader.cpp:64
638 711 11 :

['FT_MulDiv', 'pcf_interpret_style', 'pcf_has_table_type', 'ft_mem_alloc', 'pcf_get_properties', 'pcf_get_metrics', 'pcf_get_bitmaps', 'ft_mem_strdup', 'pcf_find_property', 'pcf_get_accel', 'pcf_get_encodings']

638 711 pcf_load_font call site: 00000 /src/freetype2-testing/external/freetype2/src/pcf/pcfread.c:1427
520 602 4 :

['FT_Get_Module', 'FT_Done_Size', 'FT_CMap_New', 'FT_Open_Face']

520 602 T42_Face_Init call site: 00000 /src/freetype2-testing/external/freetype2/src/type42/t42objs.c:205
464 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

464 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1246
464 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

464 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1533
406 406 1 :

['ft_bzip2_file_skip_output']

406 807 ft_bzip2_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/bzip2/ftbzip2.c:390
335 335 1 :

['ft_gzip_file_skip_output']

335 665 ft_gzip_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/gzip/ftgzip.c:500
178 229 4 :

['pfr_log_font_load', 'ft_mem_qrealloc', 'FT_CMap_New', 'pfr_phy_font_load']

178 229 pfr_face_init call site: 00000 /src/freetype2-testing/external/freetype2/src/pfr/pfrobjs.c:113
115 230 9 :

['FT_MulFix_x86_64.697', 'FT_Stream_GetUShort', 'ft_var_readpackeddeltas', 'FT_Stream_GetULong', 'ft_mem_realloc', 'FT_Stream_EnterFrame', 'ft_var_apply_tuple', 'FT_Stream_ExitFrame', 'ft_var_readpackedpoints']

115 257 tt_face_vary_cvt call site: 00000 /src/freetype2-testing/external/freetype2/src/truetype/ttgxvar.c:3572
95 95 1 :

['ft_lzw_file_skip_output']

95 187 ft_lzw_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/lzw/ftlzw.c:262
37 50 3 :

['ft_mem_alloc', 'ft_mem_free', 'FT_Stream_Open']

37 50 FT_Stream_New call site: 00208 /src/freetype2-testing/external/freetype2/src/base/ftobjs.c:231
35 35 1 :

['ft_bzip2_file_reset']

441 842 ft_bzip2_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/bzip2/ftbzip2.c:382

Runtime coverage analysis

Covered functions
1125
Functions that are reachable but not covered
247
Reachable functions
332
Percentage of reachable functions covered
25.6%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/src/fuzzers/template.cpp 1
fuzzing/src/targets/FaceFuzzTarget.cpp 1
fuzzing/src/targets/FuzzTarget.h 1
fuzzing/src/iterators/faceloaditerator.cpp 3
fuzzing/src/utils/faceloader.cpp 8
fuzzing/src/utils/tarreader.cpp 1
external/libarchive/libarchive/archive_read.c 22
external/libarchive/libarchive/archive_entry.c 1
external/libarchive/libarchive/archive_read_support_format_tar.c 9
external/libarchive/libarchive/archive_check_magic.c 6
external/libarchive/libarchive/archive_util.c 3
external/libarchive/libarchive/archive_string_sprintf.c 3
external/libarchive/libarchive/archive_string.c 7
external/libarchive/libarchive/archive_read_open_memory.c 7
external/libarchive/libarchive/archive_virtual.c 2
fuzzing/src/utils/utils.cpp 1
external/freetype2/src/base/ftobjs.c 30
external/freetype2/src/base/ftutil.c 8
external/freetype2/src/base/ftgloadr.c 4
external/freetype2/src/base/ftstream.c 9
external/freetype2/builds/unix/ftsystem.c 5
external/freetype2/src/base/ftrfork.c 6
external/freetype2/src/base/ftfntfmt.c 1

Fuzzer: glyphs-bitmaps-pcf

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 200 54.0%
gold [1:9] 5 1.35%
yellow [10:29] 1 0.27%
greenyellow [30:49] 1 0.27%
lawngreen 50+ 163 44.0%
All colors 370 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2297 2335 10 :

['cff_builder_start_point', 'cff_builder_add_point', 'cff_builder_add_point1', 'cff_random', 'FT_GlyphLoader_Add', 'cff_check_points', 'cff_builder_close_contour', 'FT_DivFix', 'FT_MulFix_x86_64.3560', 'cff_operator_seac']

2297 2335 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:2242
1685 1685 1 :

['freetype::TarReader::extract_data(unsigned char const*, unsigned long)']

1685 1685 freetype::FaceLoader::set_raw_bytes(unsignedcharconst*,unsignedlong) call site: 00000 /src/freetype2-testing/fuzzing/src/utils/faceloader.cpp:64
520 602 4 :

['FT_Get_Module', 'FT_Done_Size', 'FT_CMap_New', 'FT_Open_Face']

520 602 T42_Face_Init call site: 00000 /src/freetype2-testing/external/freetype2/src/type42/t42objs.c:205
406 406 1 :

['ft_bzip2_file_skip_output']

406 807 ft_bzip2_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/bzip2/ftbzip2.c:390
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:817
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1246
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1281
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1519
280 293 3 :

['cff_builder_close_contour', 'FT_GlyphLoader_Add', 'cff_operator_seac']

280 293 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:1636
178 229 4 :

['pfr_log_font_load', 'ft_mem_qrealloc', 'FT_CMap_New', 'pfr_phy_font_load']

178 229 pfr_face_init call site: 00000 /src/freetype2-testing/external/freetype2/src/pfr/pfrobjs.c:113
95 95 1 :

['ft_lzw_file_skip_output']

95 187 ft_lzw_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/lzw/ftlzw.c:262
58 62 5 :

['t1_lookup_glyph_by_stdcharcode', 'FT_GlyphLoader_CheckSubGlyphs', 'FT_GlyphLoader_Prepare', 't1_decoder_parse_glyph', 'FT_RoundFix']

58 62 t1operator_seac call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:284

Runtime coverage analysis

Covered functions
824
Functions that are reachable but not covered
247
Reachable functions
332
Percentage of reachable functions covered
25.6%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/src/fuzzers/template.cpp 1
fuzzing/src/targets/FaceFuzzTarget.cpp 1
fuzzing/src/targets/FuzzTarget.h 1
fuzzing/src/iterators/faceloaditerator.cpp 3
fuzzing/src/utils/faceloader.cpp 8
fuzzing/src/utils/tarreader.cpp 1
external/libarchive/libarchive/archive_read.c 22
external/libarchive/libarchive/archive_entry.c 1
external/libarchive/libarchive/archive_read_support_format_tar.c 9
external/libarchive/libarchive/archive_check_magic.c 6
external/libarchive/libarchive/archive_util.c 3
external/libarchive/libarchive/archive_string_sprintf.c 3
external/libarchive/libarchive/archive_string.c 7
external/libarchive/libarchive/archive_read_open_memory.c 7
external/libarchive/libarchive/archive_virtual.c 2
fuzzing/src/utils/utils.cpp 1
external/freetype2/src/base/ftobjs.c 30
external/freetype2/src/base/ftutil.c 8
external/freetype2/src/base/ftgloadr.c 4
external/freetype2/src/base/ftstream.c 9
external/freetype2/builds/unix/ftsystem.c 5
external/freetype2/src/base/ftrfork.c 6
external/freetype2/src/base/ftfntfmt.c 1

Fuzzer: type1-tar

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 117 31.6%
gold [1:9] 2 0.54%
yellow [10:29] 10 2.70%
greenyellow [30:49] 5 1.35%
lawngreen 50+ 236 63.7%
All colors 370 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
1039 1296 10 :

['cff_charset_load', 'ft_mem_realloc', 'CFF_Load_FD_Select', 'cff_index_init', 'cff_vstore_load', 'cff_index_get_pointers', 'cff_subfont_load', 'cff_index_get_name', 'cff_encoding_load', 'FT_Stream_Seek']

1039 1318 cff_font_load call site: 00000 /src/freetype2-testing/external/freetype2/src/cff/cffload.c:2376
638 711 11 :

['FT_MulDiv', 'pcf_interpret_style', 'pcf_has_table_type', 'ft_mem_alloc', 'pcf_get_properties', 'pcf_get_metrics', 'pcf_get_bitmaps', 'ft_mem_strdup', 'pcf_find_property', 'pcf_get_accel', 'pcf_get_encodings']

638 711 pcf_load_font call site: 00000 /src/freetype2-testing/external/freetype2/src/pcf/pcfread.c:1427
564 564 9 :

['FT_Set_Named_Instance', 'tt_face_load_cvt', 'tt_face_load_hdmx', 'tt_face_load_prep', 'tt_check_trickyness', 'TT_Init_Glyph_Loading', 'tt_check_single_notdef', 'tt_face_load_loca', 'tt_face_load_fpgm']

564 564 tt_face_init call site: 00000 /src/freetype2-testing/external/freetype2/src/truetype/ttobjs.c:714
520 602 4 :

['FT_Get_Module', 'FT_Done_Size', 'FT_CMap_New', 'FT_Open_Face']

520 602 T42_Face_Init call site: 00000 /src/freetype2-testing/external/freetype2/src/type42/t42objs.c:205
406 406 1 :

['ft_bzip2_file_skip_output']

406 807 ft_bzip2_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/bzip2/ftbzip2.c:390
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:817
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1061
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1246
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1281
335 335 1 :

['ft_gzip_file_skip_output']

335 665 ft_gzip_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/gzip/ftgzip.c:500
318 345 4 :

['FT_Stream_OpenMemory', 'reconstruct_font', 'ft_mem_qrealloc', 'FT_Stream_Free']

318 373 woff2_open_font call site: 00000 /src/freetype2-testing/external/freetype2/src/sfnt/sfwoff2.c:2280
253 403 13 :

['FT_Set_Named_Instance', 'FT_MulDiv', 'FT_Vector_Transform_Scaled', 'remove_style', 'FT_Matrix_Multiply_Scaled', 'strcmp', 'cff_index_get_sid_string', 'strncmp', 'cff_index_get_name', 'remove_subset_prefix', 'cff_strcpy', 'FT_DivFix', 'FT_CMap_New']

253 403 cff_face_init call site: 00000 /src/freetype2-testing/external/freetype2/src/cff/cffobjs.c:637

Runtime coverage analysis

Covered functions
1072
Functions that are reachable but not covered
74
Reachable functions
332
Percentage of reachable functions covered
77.71%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/src/fuzzers/template.cpp 1
fuzzing/src/targets/FaceFuzzTarget.cpp 1
fuzzing/src/targets/FuzzTarget.h 1
fuzzing/src/iterators/faceloaditerator.cpp 3
fuzzing/src/utils/faceloader.cpp 8
fuzzing/src/utils/tarreader.cpp 1
external/libarchive/libarchive/archive_read.c 22
external/libarchive/libarchive/archive_entry.c 1
external/libarchive/libarchive/archive_read_support_format_tar.c 9
external/libarchive/libarchive/archive_check_magic.c 6
external/libarchive/libarchive/archive_util.c 3
external/libarchive/libarchive/archive_string_sprintf.c 3
external/libarchive/libarchive/archive_string.c 7
external/libarchive/libarchive/archive_read_open_memory.c 7
external/libarchive/libarchive/archive_virtual.c 2
fuzzing/src/utils/utils.cpp 1
external/freetype2/src/base/ftobjs.c 30
external/freetype2/src/base/ftutil.c 8
external/freetype2/src/base/ftgloadr.c 4
external/freetype2/src/base/ftstream.c 9
external/freetype2/builds/unix/ftsystem.c 5
external/freetype2/src/base/ftrfork.c 6
external/freetype2/src/base/ftfntfmt.c 1

Fuzzer: cidtype1-render-ftengine

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 200 54.0%
gold [1:9] 3 0.81%
yellow [10:29] 2 0.54%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 165 44.5%
All colors 370 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2297 2335 10 :

['cff_builder_start_point', 'cff_builder_add_point', 'cff_builder_add_point1', 'cff_random', 'FT_GlyphLoader_Add', 'cff_check_points', 'cff_builder_close_contour', 'FT_DivFix', 'FT_MulFix_x86_64.3560', 'cff_operator_seac']

2297 2335 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:2242
1685 1685 1 :

['freetype::TarReader::extract_data(unsigned char const*, unsigned long)']

1685 1685 freetype::FaceLoader::set_raw_bytes(unsignedcharconst*,unsignedlong) call site: 00000 /src/freetype2-testing/fuzzing/src/utils/faceloader.cpp:64
638 711 11 :

['FT_MulDiv', 'pcf_interpret_style', 'pcf_has_table_type', 'ft_mem_alloc', 'pcf_get_properties', 'pcf_get_metrics', 'pcf_get_bitmaps', 'ft_mem_strdup', 'pcf_find_property', 'pcf_get_accel', 'pcf_get_encodings']

638 711 pcf_load_font call site: 00000 /src/freetype2-testing/external/freetype2/src/pcf/pcfread.c:1427
520 602 4 :

['FT_Get_Module', 'FT_Done_Size', 'FT_CMap_New', 'FT_Open_Face']

520 602 T42_Face_Init call site: 00000 /src/freetype2-testing/external/freetype2/src/type42/t42objs.c:205
406 406 1 :

['ft_bzip2_file_skip_output']

406 807 ft_bzip2_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/bzip2/ftbzip2.c:390
335 335 1 :

['ft_gzip_file_skip_output']

335 665 ft_gzip_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/gzip/ftgzip.c:500
280 293 3 :

['cff_builder_close_contour', 'FT_GlyphLoader_Add', 'cff_operator_seac']

280 293 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:1636
178 229 4 :

['pfr_log_font_load', 'ft_mem_qrealloc', 'FT_CMap_New', 'pfr_phy_font_load']

178 229 pfr_face_init call site: 00000 /src/freetype2-testing/external/freetype2/src/pfr/pfrobjs.c:113
95 95 1 :

['ft_lzw_file_skip_output']

95 187 ft_lzw_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/lzw/ftlzw.c:262
40 40 3 :

['FT_Get_Char_Index', 'af_shaper_get_coverage', 'FT_Get_Next_Char']

40 40 af_face_globals_compute_style_coverage call site: 00000 /src/freetype2-testing/external/freetype2/src/autofit/afglobal.c:142
37 73 3 :

['FT_Match_Size', 'FT_Request_Metrics', 'FT_Select_Size']

37 73 FT_Request_Size call site: 00000 /src/freetype2-testing/external/freetype2/src/base/ftobjs.c:3465
37 50 3 :

['ft_mem_alloc', 'ft_mem_free', 'FT_Stream_Open']

37 50 FT_Stream_New call site: 00208 /src/freetype2-testing/external/freetype2/src/base/ftobjs.c:231

Runtime coverage analysis

Covered functions
985
Functions that are reachable but not covered
247
Reachable functions
332
Percentage of reachable functions covered
25.6%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/src/fuzzers/template.cpp 1
fuzzing/src/targets/FaceFuzzTarget.cpp 1
fuzzing/src/targets/FuzzTarget.h 1
fuzzing/src/iterators/faceloaditerator.cpp 3
fuzzing/src/utils/faceloader.cpp 8
fuzzing/src/utils/tarreader.cpp 1
external/libarchive/libarchive/archive_read.c 22
external/libarchive/libarchive/archive_entry.c 1
external/libarchive/libarchive/archive_read_support_format_tar.c 9
external/libarchive/libarchive/archive_check_magic.c 6
external/libarchive/libarchive/archive_util.c 3
external/libarchive/libarchive/archive_string_sprintf.c 3
external/libarchive/libarchive/archive_string.c 7
external/libarchive/libarchive/archive_read_open_memory.c 7
external/libarchive/libarchive/archive_virtual.c 2
fuzzing/src/utils/utils.cpp 1
external/freetype2/src/base/ftobjs.c 30
external/freetype2/src/base/ftutil.c 8
external/freetype2/src/base/ftgloadr.c 4
external/freetype2/src/base/ftstream.c 9
external/freetype2/builds/unix/ftsystem.c 5
external/freetype2/src/base/ftrfork.c 6
external/freetype2/src/base/ftfntfmt.c 1

Fuzzer: type1-render-tar

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 118 31.8%
gold [1:9] 10 2.70%
yellow [10:29] 8 2.16%
greenyellow [30:49] 9 2.43%
lawngreen 50+ 225 60.8%
All colors 370 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
1065 1163 11 :

['ft_mem_qalloc', 'FT_Stream_OpenMemory', 'reconstruct_font', 'FT_Stream_EnterFrame', 'ft_mem_alloc', 'FT_Stream_ExitFrame', 'qsort', 'woff2_decompress', 'FT_Stream_Free', 'ft_mem_qrealloc', 'compute_ULong_sum']

1065 1194 woff2_open_font call site: 00000 /src/freetype2-testing/external/freetype2/src/sfnt/sfwoff2.c:2115
1039 1296 10 :

['cff_charset_load', 'ft_mem_realloc', 'CFF_Load_FD_Select', 'cff_index_init', 'cff_vstore_load', 'cff_index_get_pointers', 'cff_subfont_load', 'cff_index_get_name', 'cff_encoding_load', 'FT_Stream_Seek']

1039 1318 cff_font_load call site: 00000 /src/freetype2-testing/external/freetype2/src/cff/cffload.c:2376
638 711 11 :

['FT_MulDiv', 'pcf_interpret_style', 'pcf_has_table_type', 'ft_mem_alloc', 'pcf_get_properties', 'pcf_get_metrics', 'pcf_get_bitmaps', 'ft_mem_strdup', 'pcf_find_property', 'pcf_get_accel', 'pcf_get_encodings']

638 711 pcf_load_font call site: 00000 /src/freetype2-testing/external/freetype2/src/pcf/pcfread.c:1427
564 564 9 :

['FT_Set_Named_Instance', 'tt_face_load_cvt', 'tt_face_load_hdmx', 'tt_face_load_prep', 'tt_check_trickyness', 'TT_Init_Glyph_Loading', 'tt_check_single_notdef', 'tt_face_load_loca', 'tt_face_load_fpgm']

564 564 tt_face_init call site: 00000 /src/freetype2-testing/external/freetype2/src/truetype/ttobjs.c:714
520 602 4 :

['FT_Get_Module', 'FT_Done_Size', 'FT_CMap_New', 'FT_Open_Face']

520 602 T42_Face_Init call site: 00000 /src/freetype2-testing/external/freetype2/src/type42/t42objs.c:205
406 406 1 :

['ft_bzip2_file_skip_output']

406 807 ft_bzip2_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/bzip2/ftbzip2.c:390
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:817
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1040
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1083
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1246
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1281
380 442 7 :

['FT_Stream_OpenMemory', 'FT_Stream_EnterFrame', 'FT_Stream_ExitFrame', 'ft_mem_qrealloc', 'FT_Gzip_Uncompress', 'FT_Stream_Seek', 'FT_Stream_Free']

380 458 woff_open_font call site: 00000 /src/freetype2-testing/external/freetype2/src/sfnt/sfwoff.c:321

Runtime coverage analysis

Covered functions
1029
Functions that are reachable but not covered
89
Reachable functions
332
Percentage of reachable functions covered
73.19%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/src/fuzzers/template.cpp 1
fuzzing/src/targets/FaceFuzzTarget.cpp 1
fuzzing/src/targets/FuzzTarget.h 1
fuzzing/src/iterators/faceloaditerator.cpp 3
fuzzing/src/utils/faceloader.cpp 8
fuzzing/src/utils/tarreader.cpp 1
external/libarchive/libarchive/archive_read.c 22
external/libarchive/libarchive/archive_entry.c 1
external/libarchive/libarchive/archive_read_support_format_tar.c 9
external/libarchive/libarchive/archive_check_magic.c 6
external/libarchive/libarchive/archive_util.c 3
external/libarchive/libarchive/archive_string_sprintf.c 3
external/libarchive/libarchive/archive_string.c 7
external/libarchive/libarchive/archive_read_open_memory.c 7
external/libarchive/libarchive/archive_virtual.c 2
fuzzing/src/utils/utils.cpp 1
external/freetype2/src/base/ftobjs.c 30
external/freetype2/src/base/ftutil.c 8
external/freetype2/src/base/ftgloadr.c 4
external/freetype2/src/base/ftstream.c 9
external/freetype2/builds/unix/ftsystem.c 5
external/freetype2/src/base/ftrfork.c 6
external/freetype2/src/base/ftfntfmt.c 1

Fuzzer: type1-render-ftengine

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 200 54.0%
gold [1:9] 5 1.35%
yellow [10:29] 0 0.0%
greenyellow [30:49] 1 0.27%
lawngreen 50+ 164 44.3%
All colors 370 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2297 2335 10 :

['cff_builder_start_point', 'cff_builder_add_point', 'cff_builder_add_point1', 'cff_random', 'FT_GlyphLoader_Add', 'cff_check_points', 'cff_builder_close_contour', 'FT_DivFix', 'FT_MulFix_x86_64.3560', 'cff_operator_seac']

2297 2335 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:1948
2297 2335 10 :

['cff_builder_start_point', 'cff_builder_add_point', 'cff_builder_add_point1', 'cff_random', 'FT_GlyphLoader_Add', 'cff_check_points', 'cff_builder_close_contour', 'FT_DivFix', 'FT_MulFix_x86_64.3560', 'cff_operator_seac']

2297 2335 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:2242
1685 1685 1 :

['freetype::TarReader::extract_data(unsigned char const*, unsigned long)']

1685 1685 freetype::FaceLoader::set_raw_bytes(unsignedcharconst*,unsignedlong) call site: 00000 /src/freetype2-testing/fuzzing/src/utils/faceloader.cpp:64
638 711 11 :

['FT_MulDiv', 'pcf_interpret_style', 'pcf_has_table_type', 'ft_mem_alloc', 'pcf_get_properties', 'pcf_get_metrics', 'pcf_get_bitmaps', 'ft_mem_strdup', 'pcf_find_property', 'pcf_get_accel', 'pcf_get_encodings']

638 711 pcf_load_font call site: 00000 /src/freetype2-testing/external/freetype2/src/pcf/pcfread.c:1427
520 602 4 :

['FT_Get_Module', 'FT_Done_Size', 'FT_CMap_New', 'FT_Open_Face']

520 602 T42_Face_Init call site: 00000 /src/freetype2-testing/external/freetype2/src/type42/t42objs.c:205
406 406 1 :

['ft_bzip2_file_skip_output']

406 807 ft_bzip2_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/bzip2/ftbzip2.c:390
335 335 1 :

['ft_gzip_file_skip_output']

335 665 ft_gzip_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/gzip/ftgzip.c:500
280 293 3 :

['cff_builder_close_contour', 'FT_GlyphLoader_Add', 'cff_operator_seac']

280 293 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:1636
178 229 4 :

['pfr_log_font_load', 'ft_mem_qrealloc', 'FT_CMap_New', 'pfr_phy_font_load']

178 229 pfr_face_init call site: 00000 /src/freetype2-testing/external/freetype2/src/pfr/pfrobjs.c:113
95 95 1 :

['ft_lzw_file_skip_output']

95 187 ft_lzw_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/lzw/ftlzw.c:262
37 73 3 :

['FT_Match_Size', 'FT_Request_Metrics', 'FT_Select_Size']

37 73 FT_Request_Size call site: 00000 /src/freetype2-testing/external/freetype2/src/base/ftobjs.c:3465
37 50 3 :

['ft_mem_alloc', 'ft_mem_free', 'FT_Stream_Open']

37 50 FT_Stream_New call site: 00208 /src/freetype2-testing/external/freetype2/src/base/ftobjs.c:231

Runtime coverage analysis

Covered functions
1045
Functions that are reachable but not covered
247
Reachable functions
332
Percentage of reachable functions covered
25.6%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/src/fuzzers/template.cpp 1
fuzzing/src/targets/FaceFuzzTarget.cpp 1
fuzzing/src/targets/FuzzTarget.h 1
fuzzing/src/iterators/faceloaditerator.cpp 3
fuzzing/src/utils/faceloader.cpp 8
fuzzing/src/utils/tarreader.cpp 1
external/libarchive/libarchive/archive_read.c 22
external/libarchive/libarchive/archive_entry.c 1
external/libarchive/libarchive/archive_read_support_format_tar.c 9
external/libarchive/libarchive/archive_check_magic.c 6
external/libarchive/libarchive/archive_util.c 3
external/libarchive/libarchive/archive_string_sprintf.c 3
external/libarchive/libarchive/archive_string.c 7
external/libarchive/libarchive/archive_read_open_memory.c 7
external/libarchive/libarchive/archive_virtual.c 2
fuzzing/src/utils/utils.cpp 1
external/freetype2/src/base/ftobjs.c 30
external/freetype2/src/base/ftutil.c 8
external/freetype2/src/base/ftgloadr.c 4
external/freetype2/src/base/ftstream.c 9
external/freetype2/builds/unix/ftsystem.c 5
external/freetype2/src/base/ftrfork.c 6
external/freetype2/src/base/ftfntfmt.c 1

Fuzzer: cidtype1

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 199 53.7%
gold [1:9] 0 0.0%
yellow [10:29] 5 1.35%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 166 44.8%
All colors 370 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2323 2335 10 :

['cff_builder_start_point', 'cff_builder_add_point', 'cff_builder_add_point1', 'cff_random', 'FT_GlyphLoader_Add', 'cff_check_points', 'cff_builder_close_contour', 'FT_DivFix', 'FT_MulFix_x86_64.3560', 'cff_operator_seac']

2323 2335 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:1948
2323 2335 10 :

['cff_builder_start_point', 'cff_builder_add_point', 'cff_builder_add_point1', 'cff_random', 'FT_GlyphLoader_Add', 'cff_check_points', 'cff_builder_close_contour', 'FT_DivFix', 'FT_MulFix_x86_64.3560', 'cff_operator_seac']

2323 2335 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:2242
1685 1685 1 :

['freetype::TarReader::extract_data(unsigned char const*, unsigned long)']

1685 1685 freetype::FaceLoader::set_raw_bytes(unsignedcharconst*,unsignedlong) call site: 00000 /src/freetype2-testing/fuzzing/src/utils/faceloader.cpp:64
638 711 11 :

['FT_MulDiv', 'pcf_interpret_style', 'pcf_has_table_type', 'ft_mem_alloc', 'pcf_get_properties', 'pcf_get_metrics', 'pcf_get_bitmaps', 'ft_mem_strdup', 'pcf_find_property', 'pcf_get_accel', 'pcf_get_encodings']

638 711 pcf_load_font call site: 00000 /src/freetype2-testing/external/freetype2/src/pcf/pcfread.c:1427
520 602 4 :

['FT_Get_Module', 'FT_Done_Size', 'FT_CMap_New', 'FT_Open_Face']

520 602 T42_Face_Init call site: 00000 /src/freetype2-testing/external/freetype2/src/type42/t42objs.c:205
406 406 1 :

['ft_bzip2_file_skip_output']

406 807 ft_bzip2_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/bzip2/ftbzip2.c:390
335 335 1 :

['ft_gzip_file_skip_output']

335 665 ft_gzip_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/gzip/ftgzip.c:500
293 293 3 :

['cff_builder_close_contour', 'FT_GlyphLoader_Add', 'cff_operator_seac']

293 293 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:1636
178 229 4 :

['pfr_log_font_load', 'ft_mem_qrealloc', 'FT_CMap_New', 'pfr_phy_font_load']

178 229 pfr_face_init call site: 00000 /src/freetype2-testing/external/freetype2/src/pfr/pfrobjs.c:113
95 95 1 :

['ft_lzw_file_skip_output']

95 187 ft_lzw_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/lzw/ftlzw.c:262
80 80 20 :

['std::__1::set , std::__1::allocator >::begin()', 'std::__1::__wrap_iter ::operator*() const', 'std::__1::__tree_const_iterator *, long>::operator*() const', 'FT_Face_GetVariantsOfChar', 'std::__1::__tree_const_iterator *, long>::operator++()', 'std::__1::__wrap_iter ::operator++()', 'bool std::__1::operator!= (std::__1::__wrap_iter const&, std::__1::__wrap_iter const&)', 'std::__1::vector >::begin()', 'std::__1::unique_ptr ::get() const', 'std::__1::vector >::size() const', 'FT_Face_GetCharVariantIsDefault', 'FT_Face_GetCharsOfVariant', 'std::__1::vector >::push_back(unsigned int const&)', 'std::__1::set , std::__1::allocator >::size() const', 'std::__1::vector >::end()', 'std::__1::set , std::__1::allocator >::clear()', 'std::__1::operator!=(std::__1::__tree_const_iterator *, long> const&, std::__1::__tree_const_iterator *, long> const&)', 'std::__1::set , std::__1::allocator >::end()', 'FT_Face_GetCharVariantIndex', 'std::__1::set , std::__1::allocator >::insert(unsigned int const&)']

80 80 freetype::FaceVisitorVariants::run(std::__1::unique_ptr ) call site: 00000 /src/freetype2-testing/fuzzing/src/visitors/facevisitor-variants.cpp:43
37 73 3 :

['FT_Match_Size', 'FT_Request_Metrics', 'FT_Select_Size']

37 73 FT_Request_Size call site: 00000 /src/freetype2-testing/external/freetype2/src/base/ftobjs.c:3465

Runtime coverage analysis

Covered functions
800
Functions that are reachable but not covered
247
Reachable functions
332
Percentage of reachable functions covered
25.6%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/src/fuzzers/template.cpp 1
fuzzing/src/targets/FaceFuzzTarget.cpp 1
fuzzing/src/targets/FuzzTarget.h 1
fuzzing/src/iterators/faceloaditerator.cpp 3
fuzzing/src/utils/faceloader.cpp 8
fuzzing/src/utils/tarreader.cpp 1
external/libarchive/libarchive/archive_read.c 22
external/libarchive/libarchive/archive_entry.c 1
external/libarchive/libarchive/archive_read_support_format_tar.c 9
external/libarchive/libarchive/archive_check_magic.c 6
external/libarchive/libarchive/archive_util.c 3
external/libarchive/libarchive/archive_string_sprintf.c 3
external/libarchive/libarchive/archive_string.c 7
external/libarchive/libarchive/archive_read_open_memory.c 7
external/libarchive/libarchive/archive_virtual.c 2
fuzzing/src/utils/utils.cpp 1
external/freetype2/src/base/ftobjs.c 30
external/freetype2/src/base/ftutil.c 8
external/freetype2/src/base/ftgloadr.c 4
external/freetype2/src/base/ftstream.c 9
external/freetype2/builds/unix/ftsystem.c 5
external/freetype2/src/base/ftrfork.c 6
external/freetype2/src/base/ftfntfmt.c 1

Fuzzer: type42-render

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 200 54.0%
gold [1:9] 5 1.35%
yellow [10:29] 2 0.54%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 163 44.0%
All colors 370 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2297 2335 10 :

['cff_builder_start_point', 'cff_builder_add_point', 'cff_builder_add_point1', 'cff_random', 'FT_GlyphLoader_Add', 'cff_check_points', 'cff_builder_close_contour', 'FT_DivFix', 'FT_MulFix_x86_64.3560', 'cff_operator_seac']

2297 2335 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:2242
1685 1685 1 :

['freetype::TarReader::extract_data(unsigned char const*, unsigned long)']

1685 1685 freetype::FaceLoader::set_raw_bytes(unsignedcharconst*,unsignedlong) call site: 00000 /src/freetype2-testing/fuzzing/src/utils/faceloader.cpp:64
638 711 11 :

['FT_MulDiv', 'pcf_interpret_style', 'pcf_has_table_type', 'ft_mem_alloc', 'pcf_get_properties', 'pcf_get_metrics', 'pcf_get_bitmaps', 'ft_mem_strdup', 'pcf_find_property', 'pcf_get_accel', 'pcf_get_encodings']

638 711 pcf_load_font call site: 00000 /src/freetype2-testing/external/freetype2/src/pcf/pcfread.c:1427
406 406 1 :

['ft_bzip2_file_skip_output']

406 807 ft_bzip2_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/bzip2/ftbzip2.c:390
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:817
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1246
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1281
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1533
335 335 1 :

['ft_gzip_file_skip_output']

335 665 ft_gzip_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/gzip/ftgzip.c:500
280 293 3 :

['cff_builder_close_contour', 'FT_GlyphLoader_Add', 'cff_operator_seac']

280 293 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:1636
181 195 2 :

['TT_Vary_Apply_Glyph_Deltas', 'ft_mem_qrealloc']

181 223 TT_Process_Simple_Glyph call site: 00000 /src/freetype2-testing/external/freetype2/src/truetype/ttgload.c:939
178 229 4 :

['pfr_log_font_load', 'ft_mem_qrealloc', 'FT_CMap_New', 'pfr_phy_font_load']

178 229 pfr_face_init call site: 00000 /src/freetype2-testing/external/freetype2/src/pfr/pfrobjs.c:113

Runtime coverage analysis

Covered functions
1179
Functions that are reachable but not covered
247
Reachable functions
332
Percentage of reachable functions covered
25.6%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/src/fuzzers/template.cpp 1
fuzzing/src/targets/FaceFuzzTarget.cpp 1
fuzzing/src/targets/FuzzTarget.h 1
fuzzing/src/iterators/faceloaditerator.cpp 3
fuzzing/src/utils/faceloader.cpp 8
fuzzing/src/utils/tarreader.cpp 1
external/libarchive/libarchive/archive_read.c 22
external/libarchive/libarchive/archive_entry.c 1
external/libarchive/libarchive/archive_read_support_format_tar.c 9
external/libarchive/libarchive/archive_check_magic.c 6
external/libarchive/libarchive/archive_util.c 3
external/libarchive/libarchive/archive_string_sprintf.c 3
external/libarchive/libarchive/archive_string.c 7
external/libarchive/libarchive/archive_read_open_memory.c 7
external/libarchive/libarchive/archive_virtual.c 2
fuzzing/src/utils/utils.cpp 1
external/freetype2/src/base/ftobjs.c 30
external/freetype2/src/base/ftutil.c 8
external/freetype2/src/base/ftgloadr.c 4
external/freetype2/src/base/ftstream.c 9
external/freetype2/builds/unix/ftsystem.c 5
external/freetype2/src/base/ftrfork.c 6
external/freetype2/src/base/ftfntfmt.c 1

Fuzzer: truetype-render

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 206 55.6%
gold [1:9] 9 2.43%
yellow [10:29] 11 2.97%
greenyellow [30:49] 6 1.62%
lawngreen 50+ 138 37.2%
All colors 370 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
1685 1685 1 :

['freetype::TarReader::extract_data(unsigned char const*, unsigned long)']

1685 1685 freetype::FaceLoader::set_raw_bytes(unsignedcharconst*,unsignedlong) call site: 00000 /src/freetype2-testing/fuzzing/src/utils/faceloader.cpp:64
1199 1704 5 :

['woff2_open_font', 'FT_Stream_Pos', 'FT_Stream_ReadULong', 'woff_open_font', 'FT_Stream_Seek']

1199 1776 sfnt_open_font call site: 00000 /src/freetype2-testing/external/freetype2/src/sfnt/sfobjs.c:402
638 711 11 :

['FT_MulDiv', 'pcf_interpret_style', 'pcf_has_table_type', 'ft_mem_alloc', 'pcf_get_properties', 'pcf_get_metrics', 'pcf_get_bitmaps', 'ft_mem_strdup', 'pcf_find_property', 'pcf_get_accel', 'pcf_get_encodings']

638 711 pcf_load_font call site: 00000 /src/freetype2-testing/external/freetype2/src/pcf/pcfread.c:1420
520 602 4 :

['FT_Get_Module', 'FT_Done_Size', 'FT_CMap_New', 'FT_Open_Face']

520 602 T42_Face_Init call site: 00000 /src/freetype2-testing/external/freetype2/src/type42/t42objs.c:201
406 406 1 :

['ft_bzip2_file_skip_output']

406 807 ft_bzip2_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/bzip2/ftbzip2.c:390
335 335 1 :

['ft_gzip_file_skip_output']

335 665 ft_gzip_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/gzip/ftgzip.c:500
220 932 15 :

['FT_Set_Named_Instance', 'FT_MulDiv', 'cff_font_load', 'FT_Vector_Transform_Scaled', 'remove_style', 'FT_Matrix_Multiply_Scaled', 'ft_mem_alloc', 'strcmp', 'cff_index_get_sid_string', 'strncmp', 'cff_index_get_name', 'remove_subset_prefix', 'cff_strcpy', 'FT_DivFix', 'FT_CMap_New']

220 932 cff_face_init call site: 00000 /src/freetype2-testing/external/freetype2/src/cff/cffobjs.c:555
220 403 13 :

['FT_Set_Named_Instance', 'FT_MulDiv', 'FT_Vector_Transform_Scaled', 'remove_style', 'FT_Matrix_Multiply_Scaled', 'strcmp', 'cff_index_get_sid_string', 'strncmp', 'cff_index_get_name', 'remove_subset_prefix', 'cff_strcpy', 'FT_DivFix', 'FT_CMap_New']

220 403 cff_face_init call site: 00000 /src/freetype2-testing/external/freetype2/src/cff/cffobjs.c:632
95 95 1 :

['ft_lzw_file_skip_output']

95 187 ft_lzw_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/lzw/ftlzw.c:262
61 148 3 :

['FT_Stream_GetULong', 'tt_var_load_item_variation_store', 'tt_var_load_delta_set_index_mapping']

61 154 ft_var_load_avar call site: 00000 /src/freetype2-testing/external/freetype2/src/truetype/ttgxvar.c:460
61 61 1 :

['tt_var_load_delta_set_index_mapping']

61 61 ft_var_load_hvvar call site: 00000 /src/freetype2-testing/external/freetype2/src/truetype/ttgxvar.c:937
53 70 3 :

['tt_var_get_item_delta', 'ft_mem_free', 'ft_mem_qrealloc']

53 70 ft_var_to_normalized call site: 00000 /src/freetype2-testing/external/freetype2/src/truetype/ttgxvar.c:2109

Runtime coverage analysis

Covered functions
957
Functions that are reachable but not covered
247
Reachable functions
332
Percentage of reachable functions covered
25.6%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/src/fuzzers/template.cpp 1
fuzzing/src/targets/FaceFuzzTarget.cpp 1
fuzzing/src/targets/FuzzTarget.h 1
fuzzing/src/iterators/faceloaditerator.cpp 3
fuzzing/src/utils/faceloader.cpp 8
fuzzing/src/utils/tarreader.cpp 1
external/libarchive/libarchive/archive_read.c 22
external/libarchive/libarchive/archive_entry.c 1
external/libarchive/libarchive/archive_read_support_format_tar.c 9
external/libarchive/libarchive/archive_check_magic.c 6
external/libarchive/libarchive/archive_util.c 3
external/libarchive/libarchive/archive_string_sprintf.c 3
external/libarchive/libarchive/archive_string.c 7
external/libarchive/libarchive/archive_read_open_memory.c 7
external/libarchive/libarchive/archive_virtual.c 2
fuzzing/src/utils/utils.cpp 1
external/freetype2/src/base/ftobjs.c 30
external/freetype2/src/base/ftutil.c 8
external/freetype2/src/base/ftgloadr.c 4
external/freetype2/src/base/ftstream.c 9
external/freetype2/builds/unix/ftsystem.c 5
external/freetype2/src/base/ftrfork.c 6
external/freetype2/src/base/ftfntfmt.c 1

Fuzzer: type1

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 199 53.7%
gold [1:9] 0 0.0%
yellow [10:29] 4 1.08%
greenyellow [30:49] 1 0.27%
lawngreen 50+ 166 44.8%
All colors 370 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2297 2335 10 :

['cff_builder_start_point', 'cff_builder_add_point', 'cff_builder_add_point1', 'cff_random', 'FT_GlyphLoader_Add', 'cff_check_points', 'cff_builder_close_contour', 'FT_DivFix', 'FT_MulFix_x86_64.3560', 'cff_operator_seac']

2297 2335 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:1948
2297 2335 10 :

['cff_builder_start_point', 'cff_builder_add_point', 'cff_builder_add_point1', 'cff_random', 'FT_GlyphLoader_Add', 'cff_check_points', 'cff_builder_close_contour', 'FT_DivFix', 'FT_MulFix_x86_64.3560', 'cff_operator_seac']

2297 2335 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:2242
1685 1685 1 :

['freetype::TarReader::extract_data(unsigned char const*, unsigned long)']

1685 1685 freetype::FaceLoader::set_raw_bytes(unsignedcharconst*,unsignedlong) call site: 00000 /src/freetype2-testing/fuzzing/src/utils/faceloader.cpp:64
638 711 11 :

['FT_MulDiv', 'pcf_interpret_style', 'pcf_has_table_type', 'ft_mem_alloc', 'pcf_get_properties', 'pcf_get_metrics', 'pcf_get_bitmaps', 'ft_mem_strdup', 'pcf_find_property', 'pcf_get_accel', 'pcf_get_encodings']

638 711 pcf_load_font call site: 00000 /src/freetype2-testing/external/freetype2/src/pcf/pcfread.c:1427
520 602 4 :

['FT_Get_Module', 'FT_Done_Size', 'FT_CMap_New', 'FT_Open_Face']

520 602 T42_Face_Init call site: 00000 /src/freetype2-testing/external/freetype2/src/type42/t42objs.c:205
406 406 1 :

['ft_bzip2_file_skip_output']

406 807 ft_bzip2_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/bzip2/ftbzip2.c:390
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:817
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1246
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1281
335 335 1 :

['ft_gzip_file_skip_output']

335 665 ft_gzip_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/gzip/ftgzip.c:500
280 293 3 :

['cff_builder_close_contour', 'FT_GlyphLoader_Add', 'cff_operator_seac']

280 293 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:1636
178 229 4 :

['pfr_log_font_load', 'ft_mem_qrealloc', 'FT_CMap_New', 'pfr_phy_font_load']

178 229 pfr_face_init call site: 00000 /src/freetype2-testing/external/freetype2/src/pfr/pfrobjs.c:113

Runtime coverage analysis

Covered functions
1001
Functions that are reachable but not covered
247
Reachable functions
332
Percentage of reachable functions covered
25.6%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/src/fuzzers/template.cpp 1
fuzzing/src/targets/FaceFuzzTarget.cpp 1
fuzzing/src/targets/FuzzTarget.h 1
fuzzing/src/iterators/faceloaditerator.cpp 3
fuzzing/src/utils/faceloader.cpp 8
fuzzing/src/utils/tarreader.cpp 1
external/libarchive/libarchive/archive_read.c 22
external/libarchive/libarchive/archive_entry.c 1
external/libarchive/libarchive/archive_read_support_format_tar.c 9
external/libarchive/libarchive/archive_check_magic.c 6
external/libarchive/libarchive/archive_util.c 3
external/libarchive/libarchive/archive_string_sprintf.c 3
external/libarchive/libarchive/archive_string.c 7
external/libarchive/libarchive/archive_read_open_memory.c 7
external/libarchive/libarchive/archive_virtual.c 2
fuzzing/src/utils/utils.cpp 1
external/freetype2/src/base/ftobjs.c 30
external/freetype2/src/base/ftutil.c 8
external/freetype2/src/base/ftgloadr.c 4
external/freetype2/src/base/ftstream.c 9
external/freetype2/builds/unix/ftsystem.c 5
external/freetype2/src/base/ftrfork.c 6
external/freetype2/src/base/ftfntfmt.c 1

Fuzzer: type1-render

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 201 54.3%
gold [1:9] 4 1.08%
yellow [10:29] 1 0.27%
greenyellow [30:49] 2 0.54%
lawngreen 50+ 162 43.7%
All colors 370 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2297 2335 10 :

['cff_builder_start_point', 'cff_builder_add_point', 'cff_builder_add_point1', 'cff_random', 'FT_GlyphLoader_Add', 'cff_check_points', 'cff_builder_close_contour', 'FT_DivFix', 'FT_MulFix_x86_64.3560', 'cff_operator_seac']

2297 2335 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:1948
2297 2335 10 :

['cff_builder_start_point', 'cff_builder_add_point', 'cff_builder_add_point1', 'cff_random', 'FT_GlyphLoader_Add', 'cff_check_points', 'cff_builder_close_contour', 'FT_DivFix', 'FT_MulFix_x86_64.3560', 'cff_operator_seac']

2297 2335 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:2242
1685 1685 1 :

['freetype::TarReader::extract_data(unsigned char const*, unsigned long)']

1685 1685 freetype::FaceLoader::set_raw_bytes(unsignedcharconst*,unsignedlong) call site: 00000 /src/freetype2-testing/fuzzing/src/utils/faceloader.cpp:64
638 711 11 :

['FT_MulDiv', 'pcf_interpret_style', 'pcf_has_table_type', 'ft_mem_alloc', 'pcf_get_properties', 'pcf_get_metrics', 'pcf_get_bitmaps', 'ft_mem_strdup', 'pcf_find_property', 'pcf_get_accel', 'pcf_get_encodings']

638 711 pcf_load_font call site: 00000 /src/freetype2-testing/external/freetype2/src/pcf/pcfread.c:1427
520 602 4 :

['FT_Get_Module', 'FT_Done_Size', 'FT_CMap_New', 'FT_Open_Face']

520 602 T42_Face_Init call site: 00000 /src/freetype2-testing/external/freetype2/src/type42/t42objs.c:205
406 406 1 :

['ft_bzip2_file_skip_output']

406 807 ft_bzip2_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/bzip2/ftbzip2.c:390
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:814
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1019
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1246
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1281
335 335 1 :

['ft_gzip_file_skip_output']

335 665 ft_gzip_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/gzip/ftgzip.c:500
280 293 3 :

['cff_builder_close_contour', 'FT_GlyphLoader_Add', 'cff_operator_seac']

280 293 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:1636

Runtime coverage analysis

Covered functions
1081
Functions that are reachable but not covered
247
Reachable functions
332
Percentage of reachable functions covered
25.6%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/src/fuzzers/template.cpp 1
fuzzing/src/targets/FaceFuzzTarget.cpp 1
fuzzing/src/targets/FuzzTarget.h 1
fuzzing/src/iterators/faceloaditerator.cpp 3
fuzzing/src/utils/faceloader.cpp 8
fuzzing/src/utils/tarreader.cpp 1
external/libarchive/libarchive/archive_read.c 22
external/libarchive/libarchive/archive_entry.c 1
external/libarchive/libarchive/archive_read_support_format_tar.c 9
external/libarchive/libarchive/archive_check_magic.c 6
external/libarchive/libarchive/archive_util.c 3
external/libarchive/libarchive/archive_string_sprintf.c 3
external/libarchive/libarchive/archive_string.c 7
external/libarchive/libarchive/archive_read_open_memory.c 7
external/libarchive/libarchive/archive_virtual.c 2
fuzzing/src/utils/utils.cpp 1
external/freetype2/src/base/ftobjs.c 30
external/freetype2/src/base/ftutil.c 8
external/freetype2/src/base/ftgloadr.c 4
external/freetype2/src/base/ftstream.c 9
external/freetype2/builds/unix/ftsystem.c 5
external/freetype2/src/base/ftrfork.c 6
external/freetype2/src/base/ftfntfmt.c 1

Fuzzer: truetype

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 200 54.0%
gold [1:9] 2 0.54%
yellow [10:29] 2 0.54%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 166 44.8%
All colors 370 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2297 2335 10 :

['cff_builder_start_point', 'cff_builder_add_point', 'cff_builder_add_point1', 'cff_random', 'FT_GlyphLoader_Add', 'cff_check_points', 'cff_builder_close_contour', 'FT_DivFix', 'FT_MulFix_x86_64.3560', 'cff_operator_seac']

2297 2335 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:1948
2297 2335 10 :

['cff_builder_start_point', 'cff_builder_add_point', 'cff_builder_add_point1', 'cff_random', 'FT_GlyphLoader_Add', 'cff_check_points', 'cff_builder_close_contour', 'FT_DivFix', 'FT_MulFix_x86_64.3560', 'cff_operator_seac']

2297 2335 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:2242
1685 1685 1 :

['freetype::TarReader::extract_data(unsigned char const*, unsigned long)']

1685 1685 freetype::FaceLoader::set_raw_bytes(unsignedcharconst*,unsignedlong) call site: 00000 /src/freetype2-testing/fuzzing/src/utils/faceloader.cpp:64
638 711 11 :

['FT_MulDiv', 'pcf_interpret_style', 'pcf_has_table_type', 'ft_mem_alloc', 'pcf_get_properties', 'pcf_get_metrics', 'pcf_get_bitmaps', 'ft_mem_strdup', 'pcf_find_property', 'pcf_get_accel', 'pcf_get_encodings']

638 711 pcf_load_font call site: 00000 /src/freetype2-testing/external/freetype2/src/pcf/pcfread.c:1427
520 602 4 :

['FT_Get_Module', 'FT_Done_Size', 'FT_CMap_New', 'FT_Open_Face']

520 602 T42_Face_Init call site: 00000 /src/freetype2-testing/external/freetype2/src/type42/t42objs.c:205
454 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

454 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:817
454 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

454 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1246
454 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

454 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1519
454 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

454 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1533
406 406 1 :

['ft_bzip2_file_skip_output']

406 807 ft_bzip2_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/bzip2/ftbzip2.c:390
335 335 1 :

['ft_gzip_file_skip_output']

335 665 ft_gzip_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/gzip/ftgzip.c:500
280 293 3 :

['cff_builder_close_contour', 'FT_GlyphLoader_Add', 'cff_operator_seac']

280 293 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:1636

Runtime coverage analysis

Covered functions
1161
Functions that are reachable but not covered
247
Reachable functions
332
Percentage of reachable functions covered
25.6%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/src/fuzzers/template.cpp 1
fuzzing/src/targets/FaceFuzzTarget.cpp 1
fuzzing/src/targets/FuzzTarget.h 1
fuzzing/src/iterators/faceloaditerator.cpp 3
fuzzing/src/utils/faceloader.cpp 8
fuzzing/src/utils/tarreader.cpp 1
external/libarchive/libarchive/archive_read.c 22
external/libarchive/libarchive/archive_entry.c 1
external/libarchive/libarchive/archive_read_support_format_tar.c 9
external/libarchive/libarchive/archive_check_magic.c 6
external/libarchive/libarchive/archive_util.c 3
external/libarchive/libarchive/archive_string_sprintf.c 3
external/libarchive/libarchive/archive_string.c 7
external/libarchive/libarchive/archive_read_open_memory.c 7
external/libarchive/libarchive/archive_virtual.c 2
fuzzing/src/utils/utils.cpp 1
external/freetype2/src/base/ftobjs.c 30
external/freetype2/src/base/ftutil.c 8
external/freetype2/src/base/ftgloadr.c 4
external/freetype2/src/base/ftstream.c 9
external/freetype2/builds/unix/ftsystem.c 5
external/freetype2/src/base/ftrfork.c 6
external/freetype2/src/base/ftfntfmt.c 1

Fuzzer: cidtype1-ftengine

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 199 53.7%
gold [1:9] 3 0.81%
yellow [10:29] 3 0.81%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 165 44.5%
All colors 370 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2297 2335 10 :

['cff_builder_start_point', 'cff_builder_add_point', 'cff_builder_add_point1', 'cff_random', 'FT_GlyphLoader_Add', 'cff_check_points', 'cff_builder_close_contour', 'FT_DivFix', 'FT_MulFix_x86_64.3560', 'cff_operator_seac']

2297 2335 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:1948
2297 2335 10 :

['cff_builder_start_point', 'cff_builder_add_point', 'cff_builder_add_point1', 'cff_random', 'FT_GlyphLoader_Add', 'cff_check_points', 'cff_builder_close_contour', 'FT_DivFix', 'FT_MulFix_x86_64.3560', 'cff_operator_seac']

2297 2335 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:2242
1685 1685 1 :

['freetype::TarReader::extract_data(unsigned char const*, unsigned long)']

1685 1685 freetype::FaceLoader::set_raw_bytes(unsignedcharconst*,unsignedlong) call site: 00000 /src/freetype2-testing/fuzzing/src/utils/faceloader.cpp:64
638 711 11 :

['FT_MulDiv', 'pcf_interpret_style', 'pcf_has_table_type', 'ft_mem_alloc', 'pcf_get_properties', 'pcf_get_metrics', 'pcf_get_bitmaps', 'ft_mem_strdup', 'pcf_find_property', 'pcf_get_accel', 'pcf_get_encodings']

638 711 pcf_load_font call site: 00000 /src/freetype2-testing/external/freetype2/src/pcf/pcfread.c:1427
520 602 4 :

['FT_Get_Module', 'FT_Done_Size', 'FT_CMap_New', 'FT_Open_Face']

520 602 T42_Face_Init call site: 00000 /src/freetype2-testing/external/freetype2/src/type42/t42objs.c:205
454 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

454 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:817
454 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

454 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1246
454 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

454 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1519
406 406 1 :

['ft_bzip2_file_skip_output']

406 807 ft_bzip2_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/bzip2/ftbzip2.c:390
335 335 1 :

['ft_gzip_file_skip_output']

335 665 ft_gzip_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/gzip/ftgzip.c:500
280 293 3 :

['cff_builder_close_contour', 'FT_GlyphLoader_Add', 'cff_operator_seac']

280 293 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:1636
178 229 4 :

['pfr_log_font_load', 'ft_mem_qrealloc', 'FT_CMap_New', 'pfr_phy_font_load']

178 229 pfr_face_init call site: 00000 /src/freetype2-testing/external/freetype2/src/pfr/pfrobjs.c:113

Runtime coverage analysis

Covered functions
824
Functions that are reachable but not covered
247
Reachable functions
332
Percentage of reachable functions covered
25.6%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/src/fuzzers/template.cpp 1
fuzzing/src/targets/FaceFuzzTarget.cpp 1
fuzzing/src/targets/FuzzTarget.h 1
fuzzing/src/iterators/faceloaditerator.cpp 3
fuzzing/src/utils/faceloader.cpp 8
fuzzing/src/utils/tarreader.cpp 1
external/libarchive/libarchive/archive_read.c 22
external/libarchive/libarchive/archive_entry.c 1
external/libarchive/libarchive/archive_read_support_format_tar.c 9
external/libarchive/libarchive/archive_check_magic.c 6
external/libarchive/libarchive/archive_util.c 3
external/libarchive/libarchive/archive_string_sprintf.c 3
external/libarchive/libarchive/archive_string.c 7
external/libarchive/libarchive/archive_read_open_memory.c 7
external/libarchive/libarchive/archive_virtual.c 2
fuzzing/src/utils/utils.cpp 1
external/freetype2/src/base/ftobjs.c 30
external/freetype2/src/base/ftutil.c 8
external/freetype2/src/base/ftgloadr.c 4
external/freetype2/src/base/ftstream.c 9
external/freetype2/builds/unix/ftsystem.c 5
external/freetype2/src/base/ftrfork.c 6
external/freetype2/src/base/ftfntfmt.c 1

Fuzzer: cff

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 199 53.7%
gold [1:9] 4 1.08%
yellow [10:29] 1 0.27%
greenyellow [30:49] 1 0.27%
lawngreen 50+ 165 44.5%
All colors 370 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
1685 1685 1 :

['freetype::TarReader::extract_data(unsigned char const*, unsigned long)']

1685 1685 freetype::FaceLoader::set_raw_bytes(unsignedcharconst*,unsignedlong) call site: 00000 /src/freetype2-testing/fuzzing/src/utils/faceloader.cpp:64
638 711 11 :

['FT_MulDiv', 'pcf_interpret_style', 'pcf_has_table_type', 'ft_mem_alloc', 'pcf_get_properties', 'pcf_get_metrics', 'pcf_get_bitmaps', 'ft_mem_strdup', 'pcf_find_property', 'pcf_get_accel', 'pcf_get_encodings']

638 711 pcf_load_font call site: 00000 /src/freetype2-testing/external/freetype2/src/pcf/pcfread.c:1427
520 602 4 :

['FT_Get_Module', 'FT_Done_Size', 'FT_CMap_New', 'FT_Open_Face']

520 602 T42_Face_Init call site: 00000 /src/freetype2-testing/external/freetype2/src/type42/t42objs.c:205
464 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

464 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:817
464 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

464 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1246
464 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

464 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1519
406 406 1 :

['ft_bzip2_file_skip_output']

406 807 ft_bzip2_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/bzip2/ftbzip2.c:390
335 335 1 :

['ft_gzip_file_skip_output']

335 665 ft_gzip_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/gzip/ftgzip.c:500
280 293 3 :

['cff_builder_close_contour', 'FT_GlyphLoader_Add', 'cff_operator_seac']

280 293 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:1636
178 229 4 :

['pfr_log_font_load', 'ft_mem_qrealloc', 'FT_CMap_New', 'pfr_phy_font_load']

178 229 pfr_face_init call site: 00000 /src/freetype2-testing/external/freetype2/src/pfr/pfrobjs.c:113
95 95 1 :

['ft_lzw_file_skip_output']

95 187 ft_lzw_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/lzw/ftlzw.c:262
37 50 3 :

['ft_mem_alloc', 'ft_mem_free', 'FT_Stream_Open']

37 50 FT_Stream_New call site: 00208 /src/freetype2-testing/external/freetype2/src/base/ftobjs.c:231

Runtime coverage analysis

Covered functions
1140
Functions that are reachable but not covered
247
Reachable functions
332
Percentage of reachable functions covered
25.6%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/src/fuzzers/template.cpp 1
fuzzing/src/targets/FaceFuzzTarget.cpp 1
fuzzing/src/targets/FuzzTarget.h 1
fuzzing/src/iterators/faceloaditerator.cpp 3
fuzzing/src/utils/faceloader.cpp 8
fuzzing/src/utils/tarreader.cpp 1
external/libarchive/libarchive/archive_read.c 22
external/libarchive/libarchive/archive_entry.c 1
external/libarchive/libarchive/archive_read_support_format_tar.c 9
external/libarchive/libarchive/archive_check_magic.c 6
external/libarchive/libarchive/archive_util.c 3
external/libarchive/libarchive/archive_string_sprintf.c 3
external/libarchive/libarchive/archive_string.c 7
external/libarchive/libarchive/archive_read_open_memory.c 7
external/libarchive/libarchive/archive_virtual.c 2
fuzzing/src/utils/utils.cpp 1
external/freetype2/src/base/ftobjs.c 30
external/freetype2/src/base/ftutil.c 8
external/freetype2/src/base/ftgloadr.c 4
external/freetype2/src/base/ftstream.c 9
external/freetype2/builds/unix/ftsystem.c 5
external/freetype2/src/base/ftrfork.c 6
external/freetype2/src/base/ftfntfmt.c 1

Fuzzer: truetype-render-i38

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 205 55.4%
gold [1:9] 7 1.89%
yellow [10:29] 8 2.16%
greenyellow [30:49] 8 2.16%
lawngreen 50+ 142 38.3%
All colors 370 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
1685 1685 1 :

['freetype::TarReader::extract_data(unsigned char const*, unsigned long)']

1685 1685 freetype::FaceLoader::set_raw_bytes(unsignedcharconst*,unsignedlong) call site: 00000 /src/freetype2-testing/fuzzing/src/utils/faceloader.cpp:64
638 711 11 :

['FT_MulDiv', 'pcf_interpret_style', 'pcf_has_table_type', 'ft_mem_alloc', 'pcf_get_properties', 'pcf_get_metrics', 'pcf_get_bitmaps', 'ft_mem_strdup', 'pcf_find_property', 'pcf_get_accel', 'pcf_get_encodings']

638 711 pcf_load_font call site: 00000 /src/freetype2-testing/external/freetype2/src/pcf/pcfread.c:1420
520 602 4 :

['FT_Get_Module', 'FT_Done_Size', 'FT_CMap_New', 'FT_Open_Face']

520 602 T42_Face_Init call site: 00000 /src/freetype2-testing/external/freetype2/src/type42/t42objs.c:205
406 406 1 :

['ft_bzip2_file_skip_output']

406 807 ft_bzip2_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/bzip2/ftbzip2.c:390
335 335 1 :

['ft_gzip_file_skip_output']

335 665 ft_gzip_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/gzip/ftgzip.c:500
280 293 3 :

['cff_builder_close_contour', 'FT_GlyphLoader_Add', 'cff_operator_seac']

280 293 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:1636
220 403 13 :

['FT_Set_Named_Instance', 'FT_MulDiv', 'FT_Vector_Transform_Scaled', 'remove_style', 'FT_Matrix_Multiply_Scaled', 'strcmp', 'cff_index_get_sid_string', 'strncmp', 'cff_index_get_name', 'remove_subset_prefix', 'cff_strcpy', 'FT_DivFix', 'FT_CMap_New']

220 403 cff_face_init call site: 00000 /src/freetype2-testing/external/freetype2/src/cff/cffobjs.c:632
178 229 4 :

['pfr_log_font_load', 'ft_mem_qrealloc', 'FT_CMap_New', 'pfr_phy_font_load']

178 229 pfr_face_init call site: 00000 /src/freetype2-testing/external/freetype2/src/pfr/pfrobjs.c:113
40 40 1 :

['load_format_25']

40 40 load_post_names call site: 00000 /src/freetype2-testing/external/freetype2/src/sfnt/ttpost.c:348
37 50 3 :

['ft_mem_alloc', 'ft_mem_free', 'FT_Stream_Open']

37 50 FT_Stream_New call site: 00208 /src/freetype2-testing/external/freetype2/src/base/ftobjs.c:231
35 35 1 :

['ft_bzip2_file_reset']

441 842 ft_bzip2_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/bzip2/ftbzip2.c:382
28 102 4 :

['FT_CMap_New', 'strcmp', 'FT_RoundFix', 'T1_Compute_Max_Advance']

28 102 T1_Face_Init call site: 00000 /src/freetype2-testing/external/freetype2/src/type1/t1objs.c:351

Runtime coverage analysis

Covered functions
1139
Functions that are reachable but not covered
247
Reachable functions
332
Percentage of reachable functions covered
25.6%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/src/fuzzers/template.cpp 1
fuzzing/src/targets/FaceFuzzTarget.cpp 1
fuzzing/src/targets/FuzzTarget.h 1
fuzzing/src/iterators/faceloaditerator.cpp 3
fuzzing/src/utils/faceloader.cpp 8
fuzzing/src/utils/tarreader.cpp 1
external/libarchive/libarchive/archive_read.c 22
external/libarchive/libarchive/archive_entry.c 1
external/libarchive/libarchive/archive_read_support_format_tar.c 9
external/libarchive/libarchive/archive_check_magic.c 6
external/libarchive/libarchive/archive_util.c 3
external/libarchive/libarchive/archive_string_sprintf.c 3
external/libarchive/libarchive/archive_string.c 7
external/libarchive/libarchive/archive_read_open_memory.c 7
external/libarchive/libarchive/archive_virtual.c 2
fuzzing/src/utils/utils.cpp 1
external/freetype2/src/base/ftobjs.c 30
external/freetype2/src/base/ftutil.c 8
external/freetype2/src/base/ftgloadr.c 4
external/freetype2/src/base/ftstream.c 9
external/freetype2/builds/unix/ftsystem.c 5
external/freetype2/src/base/ftrfork.c 6
external/freetype2/src/base/ftfntfmt.c 1

Fuzzer: bdf-render

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 201 54.3%
gold [1:9] 5 1.35%
yellow [10:29] 2 0.54%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 162 43.7%
All colors 370 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2297 2335 10 :

['cff_builder_start_point', 'cff_builder_add_point', 'cff_builder_add_point1', 'cff_random', 'FT_GlyphLoader_Add', 'cff_check_points', 'cff_builder_close_contour', 'FT_DivFix', 'FT_MulFix_x86_64.3560', 'cff_operator_seac']

2297 2335 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:2242
1685 1685 1 :

['freetype::TarReader::extract_data(unsigned char const*, unsigned long)']

1685 1685 freetype::FaceLoader::set_raw_bytes(unsignedcharconst*,unsignedlong) call site: 00000 /src/freetype2-testing/fuzzing/src/utils/faceloader.cpp:64
638 711 11 :

['FT_MulDiv', 'pcf_interpret_style', 'pcf_has_table_type', 'ft_mem_alloc', 'pcf_get_properties', 'pcf_get_metrics', 'pcf_get_bitmaps', 'ft_mem_strdup', 'pcf_find_property', 'pcf_get_accel', 'pcf_get_encodings']

638 711 pcf_load_font call site: 00000 /src/freetype2-testing/external/freetype2/src/pcf/pcfread.c:1427
520 602 4 :

['FT_Get_Module', 'FT_Done_Size', 'FT_CMap_New', 'FT_Open_Face']

520 602 T42_Face_Init call site: 00000 /src/freetype2-testing/external/freetype2/src/type42/t42objs.c:205
406 406 1 :

['ft_bzip2_file_skip_output']

406 807 ft_bzip2_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/bzip2/ftbzip2.c:390
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:817
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:986
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:997
394 1034 10 :

['t1operator_seac', 't1_builder_close_contour', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 'FT_MulFix_x86_64.3560']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1008
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1019
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1083
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1246

Runtime coverage analysis

Covered functions
777
Functions that are reachable but not covered
247
Reachable functions
332
Percentage of reachable functions covered
25.6%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/src/fuzzers/template.cpp 1
fuzzing/src/targets/FaceFuzzTarget.cpp 1
fuzzing/src/targets/FuzzTarget.h 1
fuzzing/src/iterators/faceloaditerator.cpp 3
fuzzing/src/utils/faceloader.cpp 8
fuzzing/src/utils/tarreader.cpp 1
external/libarchive/libarchive/archive_read.c 22
external/libarchive/libarchive/archive_entry.c 1
external/libarchive/libarchive/archive_read_support_format_tar.c 9
external/libarchive/libarchive/archive_check_magic.c 6
external/libarchive/libarchive/archive_util.c 3
external/libarchive/libarchive/archive_string_sprintf.c 3
external/libarchive/libarchive/archive_string.c 7
external/libarchive/libarchive/archive_read_open_memory.c 7
external/libarchive/libarchive/archive_virtual.c 2
fuzzing/src/utils/utils.cpp 1
external/freetype2/src/base/ftobjs.c 30
external/freetype2/src/base/ftutil.c 8
external/freetype2/src/base/ftgloadr.c 4
external/freetype2/src/base/ftstream.c 9
external/freetype2/builds/unix/ftsystem.c 5
external/freetype2/src/base/ftrfork.c 6
external/freetype2/src/base/ftfntfmt.c 1

Fuzzer: glyphs-outlines

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 202 54.5%
gold [1:9] 2 0.54%
yellow [10:29] 1 0.27%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 165 44.5%
All colors 370 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2297 2335 10 :

['cff_builder_start_point', 'cff_builder_add_point', 'cff_builder_add_point1', 'cff_random', 'FT_GlyphLoader_Add', 'cff_check_points', 'cff_builder_close_contour', 'FT_DivFix', 'FT_MulFix_x86_64.3560', 'cff_operator_seac']

2297 2335 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:1948
2297 2335 10 :

['cff_builder_start_point', 'cff_builder_add_point', 'cff_builder_add_point1', 'cff_random', 'FT_GlyphLoader_Add', 'cff_check_points', 'cff_builder_close_contour', 'FT_DivFix', 'FT_MulFix_x86_64.3560', 'cff_operator_seac']

2297 2335 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:2242
1685 1685 1 :

['freetype::TarReader::extract_data(unsigned char const*, unsigned long)']

1685 1685 freetype::FaceLoader::set_raw_bytes(unsignedcharconst*,unsignedlong) call site: 00000 /src/freetype2-testing/fuzzing/src/utils/faceloader.cpp:64
638 711 11 :

['FT_MulDiv', 'pcf_interpret_style', 'pcf_has_table_type', 'ft_mem_alloc', 'pcf_get_properties', 'pcf_get_metrics', 'pcf_get_bitmaps', 'ft_mem_strdup', 'pcf_find_property', 'pcf_get_accel', 'pcf_get_encodings']

638 711 pcf_load_font call site: 00000 /src/freetype2-testing/external/freetype2/src/pcf/pcfread.c:1427
520 602 4 :

['FT_Get_Module', 'FT_Done_Size', 'FT_CMap_New', 'FT_Open_Face']

520 602 T42_Face_Init call site: 00000 /src/freetype2-testing/external/freetype2/src/type42/t42objs.c:205
486 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

486 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1246
486 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

486 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1362
486 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

486 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1422
486 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

486 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1533
406 406 1 :

['ft_bzip2_file_skip_output']

406 807 ft_bzip2_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/bzip2/ftbzip2.c:390
335 335 1 :

['ft_gzip_file_skip_output']

335 665 ft_gzip_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/gzip/ftgzip.c:500
280 293 3 :

['cff_builder_close_contour', 'FT_GlyphLoader_Add', 'cff_operator_seac']

280 293 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:1636

Runtime coverage analysis

Covered functions
1263
Functions that are reachable but not covered
247
Reachable functions
332
Percentage of reachable functions covered
25.6%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/src/fuzzers/template.cpp 1
fuzzing/src/targets/FaceFuzzTarget.cpp 1
fuzzing/src/targets/FuzzTarget.h 1
fuzzing/src/iterators/faceloaditerator.cpp 3
fuzzing/src/utils/faceloader.cpp 8
fuzzing/src/utils/tarreader.cpp 1
external/libarchive/libarchive/archive_read.c 22
external/libarchive/libarchive/archive_entry.c 1
external/libarchive/libarchive/archive_read_support_format_tar.c 9
external/libarchive/libarchive/archive_check_magic.c 6
external/libarchive/libarchive/archive_util.c 3
external/libarchive/libarchive/archive_string_sprintf.c 3
external/libarchive/libarchive/archive_string.c 7
external/libarchive/libarchive/archive_read_open_memory.c 7
external/libarchive/libarchive/archive_virtual.c 2
fuzzing/src/utils/utils.cpp 1
external/freetype2/src/base/ftobjs.c 30
external/freetype2/src/base/ftutil.c 8
external/freetype2/src/base/ftgloadr.c 4
external/freetype2/src/base/ftstream.c 9
external/freetype2/builds/unix/ftsystem.c 5
external/freetype2/src/base/ftrfork.c 6
external/freetype2/src/base/ftfntfmt.c 1

Fuzzer: bdf

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 200 54.0%
gold [1:9] 5 1.35%
yellow [10:29] 1 0.27%
greenyellow [30:49] 1 0.27%
lawngreen 50+ 163 44.0%
All colors 370 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2297 2335 10 :

['cff_builder_start_point', 'cff_builder_add_point', 'cff_builder_add_point1', 'cff_random', 'FT_GlyphLoader_Add', 'cff_check_points', 'cff_builder_close_contour', 'FT_DivFix', 'FT_MulFix_x86_64.3560', 'cff_operator_seac']

2297 2335 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:1948
2297 2335 10 :

['cff_builder_start_point', 'cff_builder_add_point', 'cff_builder_add_point1', 'cff_random', 'FT_GlyphLoader_Add', 'cff_check_points', 'cff_builder_close_contour', 'FT_DivFix', 'FT_MulFix_x86_64.3560', 'cff_operator_seac']

2297 2335 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:2242
1685 1685 1 :

['freetype::TarReader::extract_data(unsigned char const*, unsigned long)']

1685 1685 freetype::FaceLoader::set_raw_bytes(unsignedcharconst*,unsignedlong) call site: 00000 /src/freetype2-testing/fuzzing/src/utils/faceloader.cpp:64
638 711 11 :

['FT_MulDiv', 'pcf_interpret_style', 'pcf_has_table_type', 'ft_mem_alloc', 'pcf_get_properties', 'pcf_get_metrics', 'pcf_get_bitmaps', 'ft_mem_strdup', 'pcf_find_property', 'pcf_get_accel', 'pcf_get_encodings']

638 711 pcf_load_font call site: 00000 /src/freetype2-testing/external/freetype2/src/pcf/pcfread.c:1427
520 602 4 :

['FT_Get_Module', 'FT_Done_Size', 'FT_CMap_New', 'FT_Open_Face']

520 602 T42_Face_Init call site: 00000 /src/freetype2-testing/external/freetype2/src/type42/t42objs.c:205
406 406 1 :

['ft_bzip2_file_skip_output']

406 807 ft_bzip2_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/bzip2/ftbzip2.c:390
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:817
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1246
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1281
394 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

394 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1519
335 335 1 :

['ft_gzip_file_skip_output']

335 665 ft_gzip_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/gzip/ftgzip.c:500
280 293 3 :

['cff_builder_close_contour', 'FT_GlyphLoader_Add', 'cff_operator_seac']

280 293 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:1636

Runtime coverage analysis

Covered functions
793
Functions that are reachable but not covered
247
Reachable functions
332
Percentage of reachable functions covered
25.6%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/src/fuzzers/template.cpp 1
fuzzing/src/targets/FaceFuzzTarget.cpp 1
fuzzing/src/targets/FuzzTarget.h 1
fuzzing/src/iterators/faceloaditerator.cpp 3
fuzzing/src/utils/faceloader.cpp 8
fuzzing/src/utils/tarreader.cpp 1
external/libarchive/libarchive/archive_read.c 22
external/libarchive/libarchive/archive_entry.c 1
external/libarchive/libarchive/archive_read_support_format_tar.c 9
external/libarchive/libarchive/archive_check_magic.c 6
external/libarchive/libarchive/archive_util.c 3
external/libarchive/libarchive/archive_string_sprintf.c 3
external/libarchive/libarchive/archive_string.c 7
external/libarchive/libarchive/archive_read_open_memory.c 7
external/libarchive/libarchive/archive_virtual.c 2
fuzzing/src/utils/utils.cpp 1
external/freetype2/src/base/ftobjs.c 30
external/freetype2/src/base/ftutil.c 8
external/freetype2/src/base/ftgloadr.c 4
external/freetype2/src/base/ftstream.c 9
external/freetype2/builds/unix/ftsystem.c 5
external/freetype2/src/base/ftrfork.c 6
external/freetype2/src/base/ftfntfmt.c 1

Fuzzer: cff-render

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 200 54.0%
gold [1:9] 5 1.35%
yellow [10:29] 1 0.27%
greenyellow [30:49] 1 0.27%
lawngreen 50+ 163 44.0%
All colors 370 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2297 2335 10 :

['cff_builder_start_point', 'cff_builder_add_point', 'cff_builder_add_point1', 'cff_random', 'FT_GlyphLoader_Add', 'cff_check_points', 'cff_builder_close_contour', 'FT_DivFix', 'FT_MulFix_x86_64.3560', 'cff_operator_seac']

2297 2335 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:2242
1685 1685 1 :

['freetype::TarReader::extract_data(unsigned char const*, unsigned long)']

1685 1685 freetype::FaceLoader::set_raw_bytes(unsignedcharconst*,unsignedlong) call site: 00000 /src/freetype2-testing/fuzzing/src/utils/faceloader.cpp:64
638 711 11 :

['FT_MulDiv', 'pcf_interpret_style', 'pcf_has_table_type', 'ft_mem_alloc', 'pcf_get_properties', 'pcf_get_metrics', 'pcf_get_bitmaps', 'ft_mem_strdup', 'pcf_find_property', 'pcf_get_accel', 'pcf_get_encodings']

638 711 pcf_load_font call site: 00000 /src/freetype2-testing/external/freetype2/src/pcf/pcfread.c:1427
520 602 4 :

['FT_Get_Module', 'FT_Done_Size', 'FT_CMap_New', 'FT_Open_Face']

520 602 T42_Face_Init call site: 00000 /src/freetype2-testing/external/freetype2/src/type42/t42objs.c:205
464 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

464 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:817
464 1034 10 :

['t1operator_seac', 't1_builder_check_points', 't1_builder_add_point', 'FT_GlyphLoader_Add', 't1_builder_add_point1', 'FT_MulFix_x86_64.3560', 't1_builder_start_point', 'ft_hash_num_lookup', 'FT_DivFix', 't1_builder_close_contour']

464 1034 t1_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/t1decode.c:1246
406 406 1 :

['ft_bzip2_file_skip_output']

406 807 ft_bzip2_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/bzip2/ftbzip2.c:390
335 335 1 :

['ft_gzip_file_skip_output']

335 665 ft_gzip_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/gzip/ftgzip.c:500
280 293 3 :

['cff_builder_close_contour', 'FT_GlyphLoader_Add', 'cff_operator_seac']

280 293 cff_decoder_parse_charstrings call site: 00000 /src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c:1636
178 229 4 :

['pfr_log_font_load', 'ft_mem_qrealloc', 'FT_CMap_New', 'pfr_phy_font_load']

178 229 pfr_face_init call site: 00000 /src/freetype2-testing/external/freetype2/src/pfr/pfrobjs.c:113
95 95 1 :

['ft_lzw_file_skip_output']

95 187 ft_lzw_file_io call site: 00000 /src/freetype2-testing/external/freetype2/src/lzw/ftlzw.c:262
37 50 3 :

['ft_mem_alloc', 'ft_mem_free', 'FT_Stream_Open']

37 50 FT_Stream_New call site: 00208 /src/freetype2-testing/external/freetype2/src/base/ftobjs.c:231

Runtime coverage analysis

Covered functions
1165
Functions that are reachable but not covered
247
Reachable functions
332
Percentage of reachable functions covered
25.6%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/src/fuzzers/template.cpp 1
fuzzing/src/targets/FaceFuzzTarget.cpp 1
fuzzing/src/targets/FuzzTarget.h 1
fuzzing/src/iterators/faceloaditerator.cpp 3
fuzzing/src/utils/faceloader.cpp 8
fuzzing/src/utils/tarreader.cpp 1
external/libarchive/libarchive/archive_read.c 22
external/libarchive/libarchive/archive_entry.c 1
external/libarchive/libarchive/archive_read_support_format_tar.c 9
external/libarchive/libarchive/archive_check_magic.c 6
external/libarchive/libarchive/archive_util.c 3
external/libarchive/libarchive/archive_string_sprintf.c 3
external/libarchive/libarchive/archive_string.c 7
external/libarchive/libarchive/archive_read_open_memory.c 7
external/libarchive/libarchive/archive_virtual.c 2
fuzzing/src/utils/utils.cpp 1
external/freetype2/src/base/ftobjs.c 30
external/freetype2/src/base/ftutil.c 8
external/freetype2/src/base/ftgloadr.c 4
external/freetype2/src/base/ftstream.c 9
external/freetype2/builds/unix/ftsystem.c 5
external/freetype2/src/base/ftrfork.c 6
external/freetype2/src/base/ftfntfmt.c 1

Analyses and suggestions

Optimal target analysis

Remaining optimal interesting functions

The following table shows a list of functions that are optimal targets. Optimal targets are identified by finding the functions that in combination, yield a high code coverage.

Func name Functions filename Arg count Args Function depth hitcount instr count bb count cyclomatic complexity Reachable functions Incoming references total cyclomatic complexity Unreached complexity
tt_face_load_sbit_image /src/freetype2-testing/external/freetype2/src/sfnt/ttsbit.c 7 ['struct.TT_FaceRec_.1091 *', 'size_t ', 'int ', 'int ', 'struct.FT_StreamRec_ *', 'struct.FT_Bitmap_ *', 'struct.TT_SBit_MetricsRec_ *'] 7 0 210 24 7 270 0 2733 2330
tt_glyph_load /src/freetype2-testing/external/freetype2/src/truetype/ttdriver.c 4 ['struct.FT_GlyphSlotRec_.223 *', 'struct.FT_SizeRec_.199 *', 'int ', 'int '] 6 0 211 33 13 243 0 1503 1381
sfnt_init_face /src/freetype2-testing/external/freetype2/src/sfnt/sfobjs.c 5 ['struct.FT_StreamRec_ *', 'struct.TT_FaceRec_.1091 *', 'int ', 'int ', 'struct.FT_Parameter_ *'] 6 0 888 129 46 121 0 1716 1260
cf2_decoder_parse_charstrings /src/freetype2-testing/external/freetype2/src/psaux/psft.c 3 ['struct.PS_Decoder_.1556 *', 'char *', 'size_t '] 6 0 442 49 17 134 0 947 860
BDF_Face_Init /src/freetype2-testing/external/freetype2/src/bdf/bdfdrivr.c 5 ['struct.FT_StreamRec_ *', 'struct.FT_FaceRec_.945 *', 'int ', 'int ', 'struct.FT_Parameter_ *'] 4 0 1380 239 76 57 0 695 630
cff_face_init /src/freetype2-testing/external/freetype2/src/cff/cffobjs.c 5 ['struct.FT_StreamRec_ *', 'struct.FT_FaceRec_ *', 'int ', 'int ', 'struct.FT_Parameter_ *'] 4 0 1867 256 88 71 0 720 541
ps_hinter_init /src/freetype2-testing/external/freetype2/src/pshinter/pshmod.c 1 ['struct.FT_ModuleRec_ *'] 5 0 57 3 2 82 0 551 512

Implementing fuzzers that target the above functions will improve reachability such that it becomes:

Functions statically reachable by fuzzers
30.0%
1243 / 4172
Cyclomatic complexity statically reachable by fuzzers
39.0%
11294 / 29009

All functions overview

If you implement fuzzers for these functions, the status of all functions in the project will be:

Func name Functions filename Args Function call depth Reached by Fuzzers Fuzzers runtime hit Func lines hit % I Count BB Count Cyclomatic complexity Functions reached Reached by functions Accumulated cyclomatic complexity Undiscovered complexity

Runtime coverage analysis

This section shows analysis of runtime coverage data.

For futher technical details on how this section is generated, please see the Glossary .

Complex functions with low coverage

Func name Function total lines Lines covered at runtime percentage covered Reached by fuzzers
FT_Set_Default_Properties 53 11 20.75% []
FT_Request_Metrics 105 53 50.47% ['ftfuzzer']
ft_property_do 54 28 51.85% []
ps_property_set 140 32 22.85% []
cff_size_select 37 20 54.05% []
get_x_mins 67 28 41.79% []
tt_cmap8_validate 63 33 52.38% []
af_property_set 128 12 9.375% []
FT_Render_Glyph_Internal 80 30 37.5% ['ftfuzzer']
tt_get_metrics_incremental 33 9 27.27% []
OSS_FUZZ_png_user_version_check 34 17 50.0% []
OSS_FUZZ_png_free_data 169 53 31.36% []
OSS_FUZZ_png_destroy_gamma_table 49 19 38.77% []
cf2_computeDarkening 75 6 8.0% []
cf2_glyphpath_computeOffset 101 7 6.930% []
__archive_check_magic 34 10 29.41% ['cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'ftfuzzer', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render']
__archive_read_filter_ahead 120 65 54.16% ['cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'ftfuzzer', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render']
choose_filters 46 20 43.47% ['cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'ftfuzzer', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render']
advance_file_pointer 69 35 50.72% ['cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'ftfuzzer', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render']
client_skip_proxy 32 16 50.0% ['cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'ftfuzzer', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render']
archive_mstring_get_mbs 37 7 18.91% ['cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'ftfuzzer', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render']
get_sconv_object 33 17 51.51% ['cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'ftfuzzer', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render']
setup_converter 61 14 22.95% ['cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'ftfuzzer', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render']
OSS_FUZZ_png_zstream_error 36 8 22.22% []
OSS_FUZZ_png_check_IHDR 98 32 32.65% []
OSS_FUZZ_png_read_row 146 60 41.09% []
OSS_FUZZ_png_read_end 128 24 18.75% []
OSS_FUZZ_png_init_read_transformations 381 82 21.52% []
png_do_unpack 73 4 5.479% []
png_do_read_filler 162 34 20.98% []
OSS_FUZZ_png_handle_tRNS 78 36 46.15% []
OSS_FUZZ_png_handle_unknown 85 26 30.58% []
OSS_FUZZ_png_combine_row 252 24 9.523% []
OSS_FUZZ_png_read_finish_row 37 12 32.43% []
OSS_FUZZ_png_read_start_row 185 93 50.27% []
read_paint 479 129 26.93% []
std::__1::__next_prime(unsignedlong) 325 5 1.538%
(anonymousnamespace)::colrv1_traverse_paint(FT_FaceRec_*,FT_Opaque_Paint_,std::__1::unordered_set ,std::__1::equal_to ,std::__1::allocator >&) 103 48 46.60% []
(anonymousnamespace)::colrv1_draw_paint(FT_FaceRec_*,FT_COLR_Paint_) 111 28 25.22% []
FT_Bitmap_Embolden 106 15 14.15% []
sdf_raster_render 72 35 48.61% []
get_control_box 78 30 38.46% []

Files and Directories in report

This section shows which files and directories are considered in this report. The main reason for showing this is fuzz introspector may include more code in the reasoning than is desired. This section helps identify if too many files/directories are included, e.g. third party code, which may be irrelevant for the threat model. In the event too much is included, fuzz introspector supports a configuration file that can exclude data from the report. See the following link for more information on how to create a config file: link

Files in report

Source file Reached by Covered by
[] []
/src/freetype2-testing/external/brotli/c/common/platform.c [] []
/src/freetype2-testing/external/freetype2/src/base/fttype1.c [] []
/src/freetype2-testing/fuzzing/src/visitors/glyphvisitor-transform.cpp [] []
/src/freetype2-testing/external/freetype2/src/base/ftcolor.c [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/truetype-render.cpp [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/type1.cpp [] []
/src/freetype2-testing/fuzzing/src/visitors/facevisitor-windowsfnt.cpp [] []
/src/freetype2-testing/external/freetype2/include/freetype/internal/ftcalc.h ['ftfuzzer'] ['ftfuzzer']
/src/freetype2-testing/external/libarchive/libarchive/archive_entry_sparse.c [] []
/src/freetype2-testing/external/freetype2/src/pcf/pcfread.c [] []
/src/freetype2-testing/external/freetype2/src/bzip2/ftbzip2.c ['bzip2'] ['bzip2']
/src/freetype2-testing/fuzzing/src/targets/FaceFuzzTarget.cpp ['cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render'] ['cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render']
/src/freetype2-testing/fuzzing/src/iterators/glyphrenderiterator.h [] []
/src/freetype2-testing/fuzzing/src/visitors/facevisitor-loadglyphs.h [] []
/src/freetype2-testing/external/freetype2/src/pfr/pfrobjs.c [] []
/src/freetype2-testing/fuzzing/src/visitors/glyphvisitor-cbox.cpp [] []
/src/freetype2-testing/external/brotli/c/dec/bit_reader.c [] []
/src/freetype2-testing/external/freetype2/src/cid/cidparse.c [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/type1-render-tar.cpp [] []
/src/freetype2-testing/external/freetype2/src/svg/ftsvg.c [] []
/src/freetype2-testing/external/freetype2/src/base/ftlcdfil.c ['ftfuzzer'] []
/src/freetype2-testing/fuzzing/src/iterators/faceloaditerator.h [] []
/src/freetype2-testing/external/freetype2/src/lzw/ftzopen.c ['lzw'] ['lzw']
/src/freetype2-testing/external/freetype2/src/psnames/pstables.h [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/cidtype1-render-ftengine.h [] []
/src/freetype2-testing/external/freetype2/src/lzw/ftlzw.c ['lzw'] ['lzw']
/src/freetype2-testing/external/freetype2/src/sfnt/ttcolr.c [] []
/src/freetype2-testing/external/freetype2/src/psaux/pserror.c [] []
/src/freetype2-testing/external/bzip2/blocksort.c [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/bdf.cpp [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/type1-render.h [] []
/src/freetype2-testing/external/llvm-project/libcxxabi/src/fallback_malloc.cpp ['gzip', 'bzip2', 'lzw'] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/pcf.cpp [] []
/src/freetype2-testing/external/freetype2/src/base/ftadvanc.c [] []
/src/freetype2-testing/external/freetype2/src/psaux/psarrst.c [] []
/src/freetype2-testing/fuzzing/src/targets/glyphs/bitmaps.h [] []
/src/freetype2-testing/fuzzing/src/visitors/glyphvisitor-cbox.h [] []
/src/freetype2-testing/fuzzing/src/iterators/glyphrenderiterator-allmodes.cpp [] []
/src/freetype2-testing/fuzzing/src/visitors/facevisitor-renderglyphs.h [] []
/src/freetype2-testing/fuzzing/src/iterators/faceprepiterator-multiplemasters.h [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/type1-ftengine.cpp [] []
/src/freetype2-testing/external/freetype2/src/pfr/pfrdrivr.c [] []
/src/freetype2-testing/external/zlib/crc32.c ['gzip'] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/cidtype1-render.cpp [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/type1-tar.h [] []
/src/freetype2-testing/fuzzing/src/visitors/glyphvisitor-bitmap-handling.h [] []
/src/freetype2-testing/external/freetype2/src/sdf/ftbsdf.c [] []
/src/freetype2-testing/external/llvm-project/libcxxabi/src/demangle/ItaniumDemangle.h [] []
/src/freetype2-testing/external/libpng/build/../png.c [] []
/src/freetype2-testing/fuzzing/src/iterators/faceprepiterator-outlines.cpp [] []
/src/freetype2-testing/external/freetype2/src/psaux/psobjs.c [] []
/src/freetype2-testing/external/libpng/build/../pngtrans.c [] []
/src/freetype2-testing/external/freetype2/src/psaux/cffdecode.c [] []
/src/freetype2-testing/external/freetype2/src/base/ftutil.c ['gzip', 'bzip2', 'lzw', 'cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'ftfuzzer', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render'] ['gzip', 'bzip2', 'lzw', 'cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'ftfuzzer', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render']
/src/freetype2-testing/external/freetype2/src/truetype/ttdriver.c [] []
/src/freetype2-testing/external/freetype2/src/pfr/pfrcmap.c [] []
/src/freetype2-testing/fuzzing/src/utils/faceloader.cpp ['cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render'] ['cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render']
/src/freetype2-testing/fuzzing/src/iterators/faceprepiterator-multiplemasters.cpp [] []
/src/freetype2-testing/fuzzing/src/visitors/facevisitor-loadglyphs-outlines.h [] []
/src/freetype2-testing/external/freetype2/src/autofit/afhints.c [] []
/src/freetype2-testing/fuzzing/src/targets/support/Bzip2FuzzTarget.cpp ['bzip2'] ['bzip2']
/src/freetype2-testing/external/freetype2/src/sdf/ftsdfrend.c [] []
/src/freetype2-testing/fuzzing/src/targets/FuzzTarget.h ['gzip', 'bzip2', 'lzw', 'cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render'] ['gzip', 'bzip2', 'lzw', 'cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render']
/src/freetype2-testing/external/freetype2/src/psaux/psblues.c [] []
/src/freetype2-testing/fuzzing/src/visitors/facevisitor.h [] []
/src/freetype2-testing/external/freetype2/src/base/ftoutln.c ['ftfuzzer'] ['ftfuzzer']
/src/freetype2-testing/fuzzing/src/visitors/facevisitor-gasp.cpp [] []
/src/freetype2-testing/external/freetype2/src/base/fthash.c [] []
/src/freetype2-testing/external/freetype2/src/type1/t1objs.c [] []
/src/freetype2-testing/external/freetype2/src/cid/cidobjs.c [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/type1-tar.cpp [] []
/src/freetype2-testing/external/freetype2/src/base/ftmm.c ['ftfuzzer'] ['ftfuzzer']
/src/freetype2-testing/fuzzing/src/visitors/facevisitor-subglyphs.cpp [] []
/src/freetype2-testing/fuzzing/src/iterators/faceloaditerator.cpp ['cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render'] ['cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render']
/src/freetype2-testing/external/freetype2/src/sfnt/pngshim.c [] []
/src/freetype2-testing/external/libpng/build/../pngerror.c [] []
/src/freetype2-testing/external/freetype2/src/pcf/pcfdrivr.c [] []
/src/freetype2-testing/external/freetype2/src/psaux/psread.c [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/type42.cpp [] []
/src/freetype2-testing/fuzzing/../external/llvm-project/build/include/c++/v1/math.h [] []
/src/freetype2-testing/fuzzing/src/visitors/facevisitor-sfntnames.cpp [] []
/src/freetype2-testing/fuzzing/src/visitors/facevisitor-sfntnames.h [] []
/src/freetype2-testing/external/freetype2/src/psaux/psfont.c [] []
/src/freetype2-testing/fuzzing/src/targets/glyphs/bitmaps-pcf.cpp [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/pcf-render.h [] []
/src/freetype2-testing/external/llvm-project/libcxx/src/support/runtime/stdexcept_default.ipp [] []
/src/freetype2-testing/fuzzing/src/legacy/ftfuzzer.cc ['ftfuzzer'] ['ftfuzzer']
/src/freetype2-testing/fuzzing/src/targets/font-drivers/colrv1.h [] []
/src/freetype2-testing/fuzzing/src/utils/FreeTypeStream.cpp ['gzip', 'bzip2', 'lzw'] ['gzip', 'bzip2', 'lzw']
/src/freetype2-testing/fuzzing/src/visitors/facevisitor-cid.cpp [] []
/src/freetype2-testing/fuzzing/src/iterators/glyphrenderiterator-allmodes.h [] []
/src/freetype2-testing/external/freetype2/src/autofit/aflatin.c [] []
/src/freetype2-testing/fuzzing/src/targets/support/Bzip2FuzzTarget.h [] []
/src/freetype2-testing/fuzzing/src/visitors/facevisitor-kerning.cpp [] []
/src/freetype2-testing/external/freetype2/src/sfnt/ttload.c [] []
/src/freetype2-testing/external/freetype2/src/base/ftinit.c [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/windowsfnt-render.cpp [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/cidtype1-ftengine.h [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/type1-render.cpp [] []
/src/freetype2-testing/external/freetype2/src/base/ftbitmap.c [] []
/src/freetype2-testing/external/freetype2/src/sfnt/ttsbit.c [] []
/src/freetype2-testing/fuzzing/src/iterators/glyphloaditerator-naive.cpp [] []
/src/freetype2-testing/fuzzing/src/visitors/facevisitor-renderglyphs.cpp [] []
/src/freetype2-testing/external/libarchive/libarchive/archive_read_open_memory.c ['cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'ftfuzzer', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render'] ['ftfuzzer', 'type1-tar', 'type1-render-tar']
/src/freetype2-testing/external/freetype2/src/truetype/ttpload.c [] []
/src/freetype2-testing/external/llvm-project/libcxxabi/src/stdlib_stdexcept.cpp [] []
/src/freetype2-testing/external/brotli/c/dec/huffman.c [] []
/src/freetype2-testing/external/bzip2/huffman.c ['bzip2'] ['bzip2']
/src/freetype2-testing/fuzzing/src/visitors/glyphvisitor-outlines.cpp [] []
/src/freetype2-testing/external/freetype2/src/autofit/afindic.c [] []
/src/freetype2-testing/fuzzing/src/visitors/facevisitor-truetypetables.h [] []
/src/freetype2-testing/fuzzing/src/targets/support/GzipFuzzTarget.cpp ['gzip'] ['gzip']
/src/freetype2-testing/external/freetype2/src/gzip/ftgzip.c ['gzip'] ['gzip']
/src/freetype2-testing/external/freetype2/src/type1/t1afm.c [] []
/src/freetype2-testing/external/freetype2/src/base/ftsnames.c [] []
/src/freetype2-testing/external/brotli/c/dec/decode.c [] []
/src/freetype2-testing/fuzzing/src/visitors/facevisitor-colrv1.cpp [] []
/src/freetype2-testing/fuzzing/src/visitors/facevisitor-type1tables.h [] []
/src/freetype2-testing/external/libarchive/libarchive/archive_entry.c ['cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'ftfuzzer', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render'] ['ftfuzzer', 'type1-tar', 'type1-render-tar']
/src/freetype2-testing/fuzzing/src/targets/font-drivers/cidtype1-render-ftengine.cpp [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/type42-render.h [] []
/src/freetype2-testing/external/freetype2/src/psaux/psft.c [] []
/src/freetype2-testing/fuzzing/src/targets/glyphs/outlines.cpp [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/bdf.h [] []
/src/freetype2-testing/external/freetype2/src/sfnt/sfobjs.c [] []
/src/freetype2-testing/external/freetype2/src/cff/cffdrivr.c [] []
/src/freetype2-testing/external/freetype2/src/base/ftrfork.c ['cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'ftfuzzer', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render'] ['cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'ftfuzzer', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render']
/src/freetype2-testing/fuzzing/src/targets/font-drivers/type1-render-ftengine.h [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/truetype-render-i38.h [] []
/src/freetype2-testing/fuzzing/src/visitors/facevisitor-bdf.cpp [] []
/src/freetype2-testing/external/freetype2/src/pshinter/pshrec.c [] []
/src/freetype2-testing/external/freetype2/src/autofit/afloader.c [] []
/src/freetype2-testing/external/freetype2/src/type42/t42drivr.c [] []
/src/freetype2-testing/external/libpng/build/../pngread.c [] []
/src/freetype2-testing/external/freetype2/src/psaux/psstack.c [] []
/src/freetype2-testing/fuzzing/src/targets/support/GzipFuzzTarget.h [] []
/src/freetype2-testing/external/freetype2/src/base/fttrigon.c [] []
/src/freetype2-testing/external/bzip2/compress.c [] []
/src/freetype2-testing/external/freetype2/src/pfr/pfrgload.c [] []
/src/freetype2-testing/fuzzing/src/visitors/facevisitor-bdf.h [] []
/src/freetype2-testing/fuzzing/src/visitors/facevisitor-loadglyphs-bitmaps.h [] []
/src/freetype2-testing/external/freetype2/src/sfnt/ttbdf.c [] []
/src/freetype2-testing/external/freetype2/src/base/fterrors.c [] []
/src/freetype2-testing/fuzzing/src/visitors/facevisitor-loadglyphs-outlines.cpp [] []
/src/freetype2-testing/external/freetype2/src/psaux/psconv.c [] []
/src/freetype2-testing/external/freetype2/src/autofit/afshaper.c [] []
/src/freetype2-testing/fuzzing/../external/llvm-project/build/include/c++/v1/stdlib.h [] []
/src/freetype2-testing/external/libarchive/libarchive/archive_string_sprintf.c ['cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'ftfuzzer', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render'] ['ftfuzzer', 'type1-tar', 'type1-render-tar']
/src/freetype2-testing/external/freetype2/src/smooth/ftgrays.c [] []
/src/freetype2-testing/external/libarchive/libarchive/archive_endian.h [] []
/src/freetype2-testing/external/llvm-project/libcxxabi/src/cxa_exception.cpp ['gzip', 'bzip2', 'lzw'] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/type1.h [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/truetype.cpp [] []
/src/freetype2-testing/external/freetype2/src/psaux/pshints.c [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/cidtype1.cpp [] []
/src/freetype2-testing/external/llvm-project/libcxxabi/src/cxa_demangle.cpp [] []
/src/freetype2-testing/external/libarchive/libarchive/archive_entry_xattr.c [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/cff-render.h [] []
/src/freetype2-testing/external/freetype2/src/pshinter/pshmod.c [] []
/src/freetype2-testing/external/llvm-project/libcxxabi/src/stdlib_typeinfo.cpp [] []
/src/freetype2-testing/fuzzing/src/visitors/facevisitor-charcodes.h [] []
/src/freetype2-testing/external/bzip2/bzlib.c ['bzip2'] ['bzip2']
/src/freetype2-testing/fuzzing/src/visitors/facevisitor-trackkerning.h [] []
/src/freetype2-testing/external/freetype2/src/type1/t1driver.c [] []
/src/freetype2-testing/external/freetype2/src/sfnt/woff2tags.c [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/pcf-render.cpp [] []
/src/freetype2-testing/fuzzing/src/utils/utils.cpp ['cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render'] ['cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render']
/src/freetype2-testing/external/brotli/c/common/dictionary.c [] []
/src/freetype2-testing/fuzzing/src/visitors/facevisitor-subglyphs.h [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/truetype-render-i35.cpp [] []
/src/freetype2-testing/external/freetype2/src/winfonts/winfnt.c [] []
/src/freetype2-testing/fuzzing/src/visitors/facevisitor-trackkerning.cpp [] []
/src/freetype2-testing/external/freetype2/src/truetype/ttgxvar.c [] []
/src/freetype2-testing/external/freetype2/src/pshinter/pshglob.c [] []
/src/freetype2-testing/external/freetype2/src/truetype/ttinterp.c [] []
/src/freetype2-testing/external/libpng/build/../pngget.c [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/cidtype1-ftengine.cpp [] []
/src/freetype2-testing/external/freetype2/src/base/ftgasp.c [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/cff-ftengine.h [] []
/src/freetype2-testing/external/llvm-project/libcxxabi/src/cxa_default_handlers.cpp [] []
/src/freetype2-testing/external/freetype2/src/autofit/afdummy.c [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/cff-render.cpp [] []
/src/freetype2-testing/external/libpng/build/../pngmem.c [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/windowsfnt-render.h [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/bdf-render.cpp [] []
/src/freetype2-testing/external/brotli/c/common/transform.c [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/bdf-render.h [] []
/src/freetype2-testing/fuzzing/src/targets/glyphs/bitmaps.cpp [] []
/src/freetype2-testing/external/libarchive/libarchive/archive_util.c ['cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'ftfuzzer', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render'] ['ftfuzzer', 'type1-tar', 'type1-render-tar']
/src/freetype2-testing/external/libpng/build/../pngrio.c [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/cidtype1.h [] []
/src/freetype2-testing/fuzzing/src/visitors/facevisitor-loadglyphs.cpp [] []
/src/freetype2-testing/external/freetype2/src/type1/t1parse.c [] []
/src/freetype2-testing/external/freetype2/src/sfnt/ttkern.c [] []
/src/freetype2-testing/external/freetype2/src/sdf/ftsdf.c [] []
/src/freetype2-testing/external/freetype2/src/pcf/pcfutil.c [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/type1-ftengine.h [] []
/src/freetype2-testing/external/freetype2/src/sfnt/ttpost.c [] []
/src/freetype2-testing/external/freetype2/src/cff/cffcmap.c [] []
/src/freetype2-testing/external/llvm-project/libcxxabi/src/cxa_exception_storage.cpp ['gzip', 'bzip2', 'lzw'] []
/src/freetype2-testing/fuzzing/src/visitors/facevisitor-charcodes.cpp [] []
/src/freetype2-testing/fuzzing/src/targets/glyphs/bitmaps-pcf.h [] []
/src/freetype2-testing/fuzzing/src/iterators/glyphloaditerator-naive.h [] []
/src/freetype2-testing/external/freetype2/src/psnames/psmodule.c [] []
/src/freetype2-testing/fuzzing/src/visitors/facevisitor-multiplemasters.h [] []
/src/freetype2-testing/external/llvm-project/libcxxabi/src/abort_message.cpp ['gzip', 'bzip2', 'lzw'] []
/src/freetype2-testing/external/llvm-project/libcxxabi/src/private_typeinfo.cpp [] []
/src/freetype2-testing/external/freetype2/src/bdf/bdflib.c [] []
/src/freetype2-testing/external/freetype2/src/cff/cffgload.c [] []
/src/freetype2-testing/external/freetype2/src/cid/cidload.c [] []
/src/freetype2-testing/external/freetype2/src/base/ftcid.c [] []
/src/freetype2-testing/fuzzing/src/targets/support/LzwFuzzTarget.h [] []
/src/freetype2-testing/external/freetype2/src/sfnt/ttmtx.c [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/type42.h [] []
/src/freetype2-testing/external/llvm-project/libcxxabi/src/demangle/Utility.h [] []
/src/freetype2-testing/fuzzing/src/targets/support/LzwFuzzTarget.cpp ['lzw'] ['lzw']
/src/freetype2-testing/fuzzing/src/iterators/faceprepiterator-bitmaps.h [] []
/src/freetype2-testing/fuzzing/src/visitors/glyphvisitor-transform.h [] []
/src/freetype2-testing/external/freetype2/src/base/ftobjs.c ['cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'ftfuzzer', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render'] ['cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'ftfuzzer', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render']
/src/freetype2-testing/fuzzing/src/utils/tarreader.h [] []
/src/freetype2-testing/fuzzing/src/utils/FreeTypeStream.h ['gzip', 'bzip2', 'lzw'] ['gzip', 'bzip2', 'lzw']
/src/freetype2-testing/fuzzing/src/visitors/facevisitor-kerning.h [] []
/src/freetype2-testing/external/freetype2/src/truetype/ttobjs.c [] []
/src/freetype2-testing/external/freetype2/src/type1/t1load.c [] []
/src/freetype2-testing/fuzzing/src/iterators/faceprepiterator.h [] []
/src/freetype2-testing/external/freetype2/src/pfr/pfrsbit.c [] []
/src/freetype2-testing/external/freetype2/src/base/ftbdf.c [] []
/src/freetype2-testing/external/freetype2/src/psaux/t1decode.c [] []
/src/freetype2-testing/fuzzing/src/utils/faceloader.h [] []
/src/freetype2-testing/external/freetype2/src/sfnt/sfwoff2.c [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/colrv1.cpp [] []
/src/freetype2-testing/fuzzing/src/iterators/faceprepiterator-bitmaps.cpp [] []
/src/freetype2-testing/external/libarchive/libarchive/archive_read_support_format_tar.c ['cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'ftfuzzer', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render'] ['ftfuzzer', 'type1-tar', 'type1-render-tar']
/src/freetype2-testing/fuzzing/src/visitors/facevisitor-truetypetables.cpp [] []
/src/freetype2-testing/external/freetype2/builds/unix/ftsystem.c ['cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'ftfuzzer', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render'] ['cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'ftfuzzer', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render']
/src/freetype2-testing/fuzzing/src/visitors/facevisitor-colrv1.h [] []
/src/freetype2-testing/fuzzing/src/visitors/facevisitor-variants.h [] []
/src/freetype2-testing/external/freetype2/src/sfnt/ttcmap.c [] []
/src/freetype2-testing/fuzzing/src/iterators/glyphloaditerator.h [] []
/src/freetype2-testing/external/freetype2/src/base/ftdebug.c [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/type1-render-ftengine.cpp [] []
/src/freetype2-testing/fuzzing/src/visitors/facevisitor-loadglyphs-bitmaps.cpp [] []
/src/freetype2-testing/external/brotli/c/dec/state.c [] []
/src/freetype2-testing/external/llvm-project/build/include/c++/v1/stdexcept [] []
/src/freetype2-testing/external/freetype2/src/type42/t42parse.c [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/cidtype1-render.h [] []
/src/freetype2-testing/external/zlib/adler32.c ['gzip'] []
/src/freetype2-testing/external/freetype2/src/pshinter/pshalgo.c [] []
/src/freetype2-testing/external/llvm-project/libcxxabi/src/cxa_virtual.cpp [] []
/src/freetype2-testing/external/freetype2/src/base/ftpsprop.c [] []
/src/freetype2-testing/external/freetype2/src/type42/t42objs.c [] []
/usr/include/ctype.h [] []
/src/freetype2-testing/external/libarchive/libarchive/archive_virtual.c ['cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'ftfuzzer', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render'] ['ftfuzzer', 'type1-tar', 'type1-render-tar']
/src/freetype2-testing/fuzzing/src/fuzzers/template.cpp ['gzip', 'bzip2', 'lzw', 'cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render'] ['gzip', 'bzip2', 'lzw', 'cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render']
/src/freetype2-testing/fuzzing/src/targets/font-drivers/truetype-render-i35.h [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/truetype-render-i38.cpp [] []
/src/freetype2-testing/fuzzing/src/targets/FaceFuzzTarget.h [] []
/src/freetype2-testing/external/freetype2/src/cff/cffparse.c [] []
/src/freetype2-testing/external/freetype2/src/psaux/psintrp.c [] []
/src/freetype2-testing/external/zlib/inflate.c ['gzip'] ['gzip']
/src/freetype2-testing/fuzzing/src/targets/font-drivers/cff.h [] []
/src/freetype2-testing/external/freetype2/src/cid/cidriver.c [] []
/src/freetype2-testing/fuzzing/src/targets/glyphs/outlines.h [] []
/src/freetype2-testing/external/freetype2/src/truetype/ttgload.c [] []
/src/freetype2-testing/external/freetype2/src/sfnt/ttsvg.c [] []
/src/freetype2-testing/fuzzing/src/utils/tarreader.cpp ['cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render'] ['type1-tar', 'type1-render-tar']
/src/freetype2-testing/fuzzing/src/iterators/glyphloaditerator.cpp [] []
/src/freetype2-testing/external/freetype2/src/base/ftwinfnt.c [] []
/src/freetype2-testing/external/freetype2/src/pfr/pfrload.c [] []
/src/freetype2-testing/external/freetype2/src/psaux/t1cmap.c [] []
/src/freetype2-testing/external/freetype2/src/base/ftstream.c ['gzip', 'bzip2', 'lzw', 'cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'ftfuzzer', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render'] ['gzip', 'bzip2', 'lzw', 'cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'ftfuzzer', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render']
/src/freetype2-testing/external/llvm-project/libcxxabi/src/cxa_personality.cpp [] []
/src/freetype2-testing/external/freetype2/src/base/ftcalc.c ['ftfuzzer'] ['ftfuzzer']
/src/freetype2-testing/external/llvm-project/libcxxabi/src/demangle/StringView.h [] []
/src/freetype2-testing/external/freetype2/src/cff/cffload.c [] []
/src/freetype2-testing/external/freetype2/src/base/ftfntfmt.c ['cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'ftfuzzer', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render'] ['cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'ftfuzzer', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render']
/src/freetype2-testing/fuzzing/src/visitors/glyphvisitor-bitmap-handling.cpp [] []
/src/freetype2-testing/fuzzing/src/visitors/glyphvisitor.h [] []
/src/freetype2-testing/fuzzing/src/visitors/facevisitor-cid.h [] []
/src/freetype2-testing/external/freetype2/src/bdf/bdfdrivr.c [] []
/src/freetype2-testing/fuzzing/src/visitors/facevisitor-autohinter.h [] []
/src/freetype2-testing/fuzzing/src/visitors/facevisitor-variants.cpp [] []
/src/freetype2-testing/external/bzip2/decompress.c ['bzip2'] ['bzip2']
/src/freetype2-testing/fuzzing/src/targets/FuzzTarget.cpp [] []
/src/freetype2-testing/external/freetype2/src/autofit/afglobal.c [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/type1-render-tar.h [] []
/src/freetype2-testing/external/freetype2/src/psaux/afmparse.c [] []
/src/freetype2-testing/external/libpng/build/../pngrutil.c [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/windowsfnt.h [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/cff-render-ftengine.cpp [] []
/src/freetype2-testing/external/freetype2/src/sfnt/sfwoff.c [] []
/src/freetype2-testing/external/freetype2/src/base/ftglyph.c [] []
/src/freetype2-testing/external/llvm-project/build/include/c++/v1/exception [] []
/src/freetype2-testing/external/freetype2/src/type1/t1gload.c [] []
/src/freetype2-testing/external/freetype2/src/sfnt/ttcpal.c [] []
/src/freetype2-testing/fuzzing/../external/llvm-project/build/include/c++/v1/stdexcept [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/cff-ftengine.cpp [] []
/src/freetype2-testing/fuzzing/src/visitors/facevisitor-multiplemasters.cpp [] []
/src/freetype2-testing/fuzzing/src/utils/utils.h [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/cff-render-ftengine.h [] []
/src/freetype2-testing/fuzzing/src/visitors/facevisitor-autohinter.cpp [] []
/src/freetype2-testing/fuzzing/src/visitors/facevisitor-gasp.h [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/truetype.h [] []
/src/freetype2-testing/external/llvm-project/libcxxabi/src/stdlib_exception.cpp [] []
/src/freetype2-testing/fuzzing/src/iterators/faceprepiterator.cpp [] []
/src/freetype2-testing/external/freetype2/src/autofit/afmodule.c [] []
/src/freetype2-testing/external/freetype2/src/raster/ftrend1.c [] []
/src/freetype2-testing/external/freetype2/src/base/ftgloadr.c ['cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'ftfuzzer', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render'] ['cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'ftfuzzer', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render']
/src/freetype2-testing/fuzzing/src/targets/font-drivers/cff.cpp [] []
/src/freetype2-testing/external/freetype2/src/autofit/afcjk.c [] []
/src/freetype2-testing/external/libarchive/libarchive/archive_acl.c [] []
/src/freetype2-testing/external/freetype2/src/cff/cffobjs.c [] []
/src/freetype2-testing/fuzzing/src/visitors/glyphvisitor-outlines.h [] []
/src/freetype2-testing/fuzzing/src/visitors/facevisitor-type1tables.cpp [] []
/src/freetype2-testing/external/libpng/build/../pngrtran.c [] []
/src/freetype2-testing/external/freetype2/src/cid/cidgload.c [] []
/src/freetype2-testing/external/libpng/build/../pngset.c [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/truetype-render.h [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/windowsfnt.cpp [] []
/src/freetype2-testing/external/zlib/inffast.c ['gzip'] ['gzip']
/src/freetype2-testing/external/zlib/inftrees.c ['gzip'] ['gzip']
/src/freetype2-testing/fuzzing/src/targets/font-drivers/type42-render.cpp [] []
/src/freetype2-testing/fuzzing/src/targets/font-drivers/pcf.h [] []
/src/freetype2-testing/external/freetype2/src/sfnt/sfdriver.c [] []
/src/freetype2-testing/external/freetype2/src/raster/ftraster.c [] []
/src/freetype2-testing/external/freetype2/src/smooth/ftsmooth.c [] []
/src/freetype2-testing/external/libarchive/libarchive/archive_read.c ['cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'ftfuzzer', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render'] ['ftfuzzer', 'type1-tar', 'type1-render-tar']
/src/freetype2-testing/external/libarchive/libarchive/archive_string.c ['cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'ftfuzzer', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render'] ['ftfuzzer', 'type1-tar', 'type1-render-tar']
/src/freetype2-testing/fuzzing/src/visitors/facevisitor-windowsfnt.h [] []
/src/freetype2-testing/external/freetype2/src/sdf/ftsdfcommon.c [] []
/src/freetype2-testing/external/libarchive/libarchive/archive_check_magic.c ['cff-ftengine', 'type1-ftengine', 'truetype-render-i35', 'type42', 'ftfuzzer', 'windowsfnt-render', 'pcf', 'cidtype1-render', 'windowsfnt', 'colrv1', 'pcf-render', 'cff-render-ftengine', 'glyphs-bitmaps-pcf', 'type1-tar', 'cidtype1-render-ftengine', 'type1-render-tar', 'type1-render-ftengine', 'cidtype1', 'type42-render', 'truetype-render', 'type1', 'type1-render', 'truetype', 'cidtype1-ftengine', 'cff', 'truetype-render-i38', 'bdf-render', 'glyphs-outlines', 'bdf', 'cff-render'] ['ftfuzzer', 'type1-tar', 'type1-render-tar']
/src/freetype2-testing/external/zlib/zutil.c ['gzip'] []
/src/freetype2-testing/fuzzing/src/iterators/faceprepiterator-outlines.h [] []

Directories in report

Directory
/src/freetype2-testing/fuzzing/src/targets/glyphs/
/src/freetype2-testing/external/freetype2/src/smooth/
/src/freetype2-testing/external/freetype2/src/bzip2/
/src/freetype2-testing/external/freetype2/src/sdf/
/src/freetype2-testing/fuzzing/src/targets/support/
/src/freetype2-testing/external/llvm-project/libcxx/src/support/runtime/
/src/freetype2-testing/external/freetype2/src/pshinter/
/src/freetype2-testing/external/freetype2/src/pfr/
/src/freetype2-testing/external/freetype2/src/type42/
/src/freetype2-testing/external/freetype2/src/base/
/usr/include/
/src/freetype2-testing/fuzzing/src/visitors/
/src/freetype2-testing/external/freetype2/src/gzip/
/src/freetype2-testing/external/freetype2/src/cid/
/src/freetype2-testing/fuzzing/src/utils/
/src/freetype2-testing/external/freetype2/src/bdf/
/src/freetype2-testing/external/brotli/c/common/
/src/freetype2-testing/external/bzip2/
/src/freetype2-testing/fuzzing/src/targets/font-drivers/
/src/freetype2-testing/external/brotli/c/dec/
/src/freetype2-testing/external/freetype2/include/freetype/internal/
/src/freetype2-testing/external/freetype2/src/psaux/
/src/freetype2-testing/external/freetype2/src/sfnt/
/src/freetype2-testing/external/llvm-project/libcxxabi/src/demangle/
/src/freetype2-testing/external/freetype2/src/svg/
/src/freetype2-testing/fuzzing/src/fuzzers/
/src/freetype2-testing/external/freetype2/src/winfonts/
/src/freetype2-testing/external/llvm-project/build/include/c++/v1/
/src/freetype2-testing/external/freetype2/src/lzw/
/src/freetype2-testing/fuzzing/src/iterators/
/src/freetype2-testing/external/freetype2/src/psnames/
/src/freetype2-testing/external/libpng/build/../
/src/freetype2-testing/external/freetype2/src/autofit/
/src/freetype2-testing/external/freetype2/builds/unix/
/src/freetype2-testing/external/freetype2/src/pcf/
/src/freetype2-testing/external/libarchive/libarchive/
/src/freetype2-testing/fuzzing/src/targets/
/src/freetype2-testing/fuzzing/../external/llvm-project/build/include/c++/v1/
/src/freetype2-testing/external/llvm-project/libcxxabi/src/
/src/freetype2-testing/fuzzing/src/legacy/
/src/freetype2-testing/external/freetype2/src/type1/
/src/freetype2-testing/external/freetype2/src/raster/
/src/freetype2-testing/external/freetype2/src/truetype/
/src/freetype2-testing/external/zlib/
/src/freetype2-testing/external/freetype2/src/cff/

Metadata section

This sections shows the raw data that is used to produce this report. This is mainly used for further processing and developer debugging.

Fuzzer Calltree file Program data file Coverage file
gzip fuzzerLogFile-0-jR3lsW4qMG.data fuzzerLogFile-0-jR3lsW4qMG.data.yaml gzip.covreport
bzip2 fuzzerLogFile-0-TUCuwZyGCS.data fuzzerLogFile-0-TUCuwZyGCS.data.yaml bzip2.covreport
lzw fuzzerLogFile-0-BymVOr8Ovu.data fuzzerLogFile-0-BymVOr8Ovu.data.yaml lzw.covreport
cff-ftengine fuzzerLogFile-0-OYXdNhkfQV.data fuzzerLogFile-0-OYXdNhkfQV.data.yaml cff-ftengine.covreport
type1-ftengine fuzzerLogFile-0-uPoUSmVApr.data fuzzerLogFile-0-uPoUSmVApr.data.yaml type1-ftengine.covreport
truetype-render-i35 fuzzerLogFile-0-Vmz9KQiSW4.data fuzzerLogFile-0-Vmz9KQiSW4.data.yaml truetype-render-i35.covreport
type42 fuzzerLogFile-0-BXSSEXYIfC.data fuzzerLogFile-0-BXSSEXYIfC.data.yaml type42.covreport
ftfuzzer fuzzerLogFile-0-NzXn6cvQ5J.data fuzzerLogFile-0-NzXn6cvQ5J.data.yaml ftfuzzer.covreport
windowsfnt-render fuzzerLogFile-0-pLPCmZpkhS.data fuzzerLogFile-0-pLPCmZpkhS.data.yaml windowsfnt-render.covreport
pcf fuzzerLogFile-0-gEcojA5J5n.data fuzzerLogFile-0-gEcojA5J5n.data.yaml pcf.covreport
cidtype1-render fuzzerLogFile-0-RkmxADTh6s.data fuzzerLogFile-0-RkmxADTh6s.data.yaml cidtype1-render.covreport
windowsfnt fuzzerLogFile-0-iWH667ImRO.data fuzzerLogFile-0-iWH667ImRO.data.yaml windowsfnt.covreport
colrv1 fuzzerLogFile-0-5E1juSlJJi.data fuzzerLogFile-0-5E1juSlJJi.data.yaml colrv1.covreport
pcf-render fuzzerLogFile-0-kESX9FKWfk.data fuzzerLogFile-0-kESX9FKWfk.data.yaml pcf-render.covreport
cff-render-ftengine fuzzerLogFile-0-XWmx0AdylI.data fuzzerLogFile-0-XWmx0AdylI.data.yaml cff-render-ftengine.covreport
glyphs-bitmaps-pcf fuzzerLogFile-0-Mj9cVBJqX7.data fuzzerLogFile-0-Mj9cVBJqX7.data.yaml glyphs-bitmaps-pcf.covreport
type1-tar fuzzerLogFile-0-ugWMTtGM9S.data fuzzerLogFile-0-ugWMTtGM9S.data.yaml type1-tar.covreport
cidtype1-render-ftengine fuzzerLogFile-0-ZRQISrTpXL.data fuzzerLogFile-0-ZRQISrTpXL.data.yaml cidtype1-render-ftengine.covreport
type1-render-tar fuzzerLogFile-0-FcZqu16un9.data fuzzerLogFile-0-FcZqu16un9.data.yaml type1-render-tar.covreport
type1-render-ftengine fuzzerLogFile-0-i60TgG0Klu.data fuzzerLogFile-0-i60TgG0Klu.data.yaml type1-render-ftengine.covreport
cidtype1 fuzzerLogFile-0-xjnoEiQIu6.data fuzzerLogFile-0-xjnoEiQIu6.data.yaml cidtype1.covreport
type42-render fuzzerLogFile-0-UVL6XSo1uy.data fuzzerLogFile-0-UVL6XSo1uy.data.yaml type42-render.covreport
truetype-render fuzzerLogFile-0-ilhBGROnuw.data fuzzerLogFile-0-ilhBGROnuw.data.yaml truetype-render.covreport
type1 fuzzerLogFile-0-KE7Cb0rmSj.data fuzzerLogFile-0-KE7Cb0rmSj.data.yaml type1.covreport
type1-render fuzzerLogFile-0-X19yabCx9b.data fuzzerLogFile-0-X19yabCx9b.data.yaml type1-render.covreport
truetype fuzzerLogFile-0-6YXEogZ5jr.data fuzzerLogFile-0-6YXEogZ5jr.data.yaml truetype.covreport
cidtype1-ftengine fuzzerLogFile-0-cumSzHzdSw.data fuzzerLogFile-0-cumSzHzdSw.data.yaml cidtype1-ftengine.covreport
cff fuzzerLogFile-0-QeOx7KFTZ7.data fuzzerLogFile-0-QeOx7KFTZ7.data.yaml cff.covreport
truetype-render-i38 fuzzerLogFile-0-3kvRgKPcLg.data fuzzerLogFile-0-3kvRgKPcLg.data.yaml truetype-render-i38.covreport
bdf-render fuzzerLogFile-0-eKDBJMs18t.data fuzzerLogFile-0-eKDBJMs18t.data.yaml bdf-render.covreport
glyphs-outlines fuzzerLogFile-0-18wP4dFgJO.data fuzzerLogFile-0-18wP4dFgJO.data.yaml glyphs-outlines.covreport
bdf fuzzerLogFile-0-36b4rFT0Sx.data fuzzerLogFile-0-36b4rFT0Sx.data.yaml bdf.covreport
cff-render fuzzerLogFile-0-7neowXcu7l.data fuzzerLogFile-0-7neowXcu7l.data.yaml cff-render.covreport