High level conclusions

Fuzzer deps/mruby/oss-fuzz/mruby_fuzzer.c is blocked:

The runtime code coverage of deps/mruby/oss-fuzz/mruby_fuzzer.c covers 0.757% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer deps/brotli/c/fuzz/decode_fuzzer.cc is blocked:

The runtime code coverage of deps/brotli/c/fuzz/decode_fuzzer.cc covers 1.265% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer deps/picotls/fuzz/fuzz-client-hello.c is blocked:

The runtime code coverage of deps/picotls/fuzz/fuzz-client-hello.c covers 1.730% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer deps/hiredis/fuzzing/format_command_fuzzer.c is blocked:

The runtime code coverage of deps/hiredis/fuzzing/format_command_fuzzer.c covers 2.272% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer deps/picotls/fuzz/fuzz-asn1.c is blocked:

The runtime code coverage of deps/picotls/fuzz/fuzz-asn1.c covers 9.259% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer deps/picotls/fuzz/fuzz-server-hello.c is blocked:

The runtime code coverage of deps/picotls/fuzz/fuzz-server-hello.c covers 1.730% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer deps/quicly/fuzz/packet.cc is blocked:

The runtime code coverage of deps/quicly/fuzz/packet.cc covers 4.545% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzers reach 19.00% of cyclomatic complexity.

Fuzzers reach 14.57% of all functions.

Reachability and coverage overview

Functions statically reachable by fuzzers

1441 / 9890

Cyclomatic complexity statically reachable by fuzzers

5951 / 31314

Runtime code coverage of functions

690 / 9890

The following table shows data about each function in the project. The functions included in this table correspond to all functions that exist in the executables of the fuzzers. As such, there may be functions that are from third-party libraries.

For further technical details on the meaning of columns in the below table, please see the Glossary .

Func name	Functions filename	Args	Function call depth	Reached by Fuzzers	Runtime reached by Fuzzers	Combined reached by Fuzzers	Fuzzers runtime hit	Func lines hit %	I Count	BB Count	Cyclomatic complexity	Functions reached	Reached by functions	Accumulated cyclomatic complexity	Undiscovered complexity

Fuzzer: deps/quicly/fuzz/packet.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	936	96.1%
gold	[1:9]	2	0.20%
yellow	[10:29]	1	0.10%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	34	3.49%
All colors	973	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
613	63	h2o_init_request	call site: 00063	test_memcached_ticket_update
204	768	ptls_buffer_init	call site: 00768	test_memcached_ticket_update
58	709	h2o_barrier_wait	call site: 00709	ticket_memcached_update_tickets
29	0	EP	call site: 00000	update_quic_keys
21	683	send_data	call site: 00683	yrmcds_set
3	31	h2o_mem_alloc	call site: 00031	h2o_fatal
2	42	link_conn	call site: 00042	h2o_init_request
2	679	send_data	call site: 00679	hton32
1	40	link_conn	call site: 00040	h2o_linklist_insert
1	49	h2o_init_request	call site: 00049	COPY
1	60	h2o_memcpy	call site: 00060	h2o_fatal
1	677	send_data	call site: 00677

Runtime coverage analysis

Covered functions

753

Functions that are reachable but not covered

21

Reachable functions

22

Percentage of reachable functions covered

4.55%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
deps/quicly/fuzz/packet.cc	18
deps/quicly/lib/quicly.c	6
src/ssl.c	70
deps/quicly/lib/defaults.c	9
deps/picotls/lib/picotls.c	28
lib/common/socket/evloop/epoll.c.h	1
deps/picotls/lib/libaegis.h	2
t/00unit/test.c	4
lib/core/context.c	7
include/h2o/memory.h	4
include/h2o/linklist.h	2
lib/core/request.c	7
lib/common/string.c	6
t/00unit/src/ssl.c	12
deps/libyrmcds/connect.c	15
t/injectaddr.c	11
deps/mruby/mrbgems/mruby-socket/src/socket.c	4
deps/libyrmcds/send.c	20
deps/libyrmcds/send_text.c	8
deps/libyrmcds/recv.c	17
deps/picotls/deps/cifra/src/arm/boot.c	1
deps/yaml/src/api.c	16
deps/yoml/yoml-parser.h	23
deps/yaml/src/parser.c	47
deps/yoml/yoml.h	7
t/00prop/prop.c	1
lib/common/multithread.c	5
deps/libyrmcds/close.c	3
deps/picotls/lib/fusion.c	1
deps/picotls/include/picotls.h	2
deps/quicly/include/quicly/frame.h	2
deps/quicly/lib/frame.c	2

Fuzzer: fuzz/driver_url.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	9	26.4%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	25	73.5%
All colors	34	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
3	0	EP	call site: 00000	h2o_url_parse
3	20	parse_authority_and_path	call site: 00020	h2o_mem_clear_pool
2	26	h2o_mem_release_shared	call site: 00026	dispose
1	32	h2o_mem_free_recycle	call site: 00032

Runtime coverage analysis

Covered functions

753

Functions that are reachable but not covered

11

Reachable functions

21

Percentage of reachable functions covered

47.62%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
fuzz/driver_url.cc	5
lib/common/url.c	9
lib/common/memory.c	4
include/h2o/memory.h	4
lib/handler/access_log.c	1

Fuzzer: fuzz/driver.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4825	82.9%
gold	[1:9]	201	3.45%
yellow	[10:29]	20	0.34%
greenyellow	[30:49]	3	0.05%
lawngreen	50+	766	13.1%
All colors	5815	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
1827	3398	call_handlers	call site: 03398	build_env
664	1067	write_vecs	call site: 01067	test_memcached_ticket_update
375	1955	h2o_http2_accept	call site: 01955	test_memcached_ticket_update
293	2335	quicly_recvstate_dispose	call site: 02335	test_memcached_ticket_update
208	747	h2o_socket_close	call site: 00747	secp256r1_on_exchange
182	1738	send_data	call site: 01738	test_memcached_ticket_update
171	5239	h2o_conn_is_early_data	call site: 05239	h2o_mruby_run_fiber
133	495	h2o_socket_getnumerichost	call site: 00495	h2o_req_getenv
98	2636	ptls_log__recalc_point	call site: 02636	discard_handshake_context
93	5437	h2o_start_response	call site: 05437	on_setup_ostream
87	2747	quicly_ranges_drop_by_range_indices	call site: 02747	on_connect
61	5677	on_read_core	call site: 05677	decode_ssl_input

Runtime coverage analysis

Covered functions

753

Functions that are reachable but not covered

362

Reachable functions

638

Percentage of reachable functions covered

43.26%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
fuzz/driver.cc	32
lib/common/multithread.c	24
deps/mruby/mrbgems/mruby-io/test/mruby_io_test.c	3
lib/core/config.c	22
include/h2o/memory.h	15
lib/handler/mimemap.c	31
lib/common/memory.c	39
lib/handler/access_log.c	6
lib/common/socketpool.c	21
lib/core/configurator.c	10
include/h2o/linklist.h	4
lib/common/string.c	17
include/h2o/string_.h	3
fuzz/driver_common.cc	15
deps/picotls/deps/cifra/src/arm/boot.c	1
lib/common/url.c	20
lib/common/hostinfo.c	6
lib/common/balancer/roundrobin.c	2
lib/handler/proxy.c	2
lib/handler/file.c	5
lib/common/socket/evloop/epoll.c.h	36
lib/common/socket/evloop.c.h	56
deps/mruby/mrbgems/mruby-time/src/time.c	3
lib/common/timerwheel.c	19
lib/common/io_uring.c	8
lib/common/socket.c	66
deps/quicly/t/udpfw.c	2
include/h2o/socket/uv-binding.h	3
lib/core/context.c	25
deps/cloexec/cloexec.c	5
src/main.c	10
lib/common/filecache.c	3
include/h2o/socket/evloop.h	1
lib/http1.c	80
include/h2o.h	14
lib/common/rand.c	3
deps/picotls/lib/openssl.c	5
lib/core/request.c	51
deps/quicly/t/test.c	2
lib/common/socket/uv-binding.c.h	2
lib/core/logconf.c	26
lib/core/util.c	15
deps/picohttpparser/picohttpparser.c	18
deps/picotls/lib/picotls.c	92
deps/picotls/include/picotls.h	18
deps/picotls/lib/libaegis.h	2
deps/picotls/lib/uecc.c	6
deps/picotls/deps/micro-ecc/uECC.c	39
t/00prop/prop.c	2
deps/quicly/lib/quicly.c	176
deps/picotls/lib/fusion.c	45
t/00unit/test.c	4
t/00unit/src/ssl.c	12
deps/libyrmcds/connect.c	15
t/injectaddr.c	11
deps/mruby/mrbgems/mruby-socket/src/socket.c	5
deps/libyrmcds/send.c	20
deps/libyrmcds/send_text.c	8
deps/libyrmcds/recv.c	17
src/ssl.c	71
deps/yaml/src/api.c	16
deps/yoml/yoml-parser.h	23
deps/yaml/src/parser.c	47
deps/yoml/yoml.h	7
deps/libyrmcds/close.c	3
lib/http2/connection.c	27
lib/http2/scheduler.c	20
lib/http3/common.c	65
deps/quicly/lib/defaults.c	9
deps/quicly/include/quicly/cid.h	2
include/h2o/multithread.h	1
deps/quicly/lib/loss.c	5
deps/quicly/include/quicly/sentmap.h	4
deps/quicly/include/quicly/loss.h	5
deps/quicly/lib/sentmap.c	8
deps/quicly/t/loss.c	7
deps/quicly/lib/rate.c	7
deps/quicly/lib/sendstate.c	1
deps/quicly/include/quicly/ranges.h	1
deps/quicly/lib/recvstate.c	1
deps/quicly/include/quicly/linklist.h	1
deps/quicly/lib/remote_cid.c	4
deps/quicly/lib/ranges.c	9
lib/common/http3client.c	13
src/httpclient.c	23
lib/core/headers.c	9
lib/common/token_table.h	1
lib/http3/qpack.c	3
deps/quicly/include/quicly/pacer.h	1
lib/probes_.h	11
lib/http2/frame.c	3
lib/http2/stream.c	5
include/h2o/http2_scheduler.h	1
include/h2o/http2_internal.h	11
lib/common/time.c	9
lib/handler/mruby.c	117
deps/mruby/src/state.c	15
deps/mruby/src/error.c	55
deps/mruby/src/print.c	11
deps/mruby/include/mruby/boxing_word.h	7
deps/mruby/src/object.c	36
deps/mruby/src/vm.c	98
deps/mruby/include/mruby/class.h	3
deps/mruby/src/backtrace.c	13
deps/mruby/src/debug.c	5
deps/mruby/src/symbol.c	33
deps/mruby/src/etc.c	4
deps/mruby/src/gc.c	93
deps/mruby/src/variable.c	55
deps/mruby/include/mruby/value.h	9
deps/mruby/src/class.c	96
deps/mruby/src/hash.c	69
deps/mruby/src/range.c	11
deps/mruby/src/array.c	35
deps/mruby/src/string.c	83
deps/mruby/mrbgems/mruby-bigint/core/bigint.c	45
deps/mruby/include/mruby.h	2
deps/mruby/include/mruby/numeric.h	2
deps/mruby/src/numeric.c	18
deps/mruby/src/kernel.c	10
deps/mruby/mrbgems/mruby-rational/src/rational.c	5
deps/mruby/mrbgems/mruby-complex/src/complex.c	5
deps/mruby-onig-regexp/src/mruby_onig_regexp.c	3
lib/handler/mruby/sender.c	14
lib/handler/mruby/http_request.c	9
lib/handler/mruby/redis.c	8
lib/handler/mruby/sleep.c	1
lib/handler/mruby/middleware.c	25
lib/handler/mruby/channel.c	10
deps/mruby-input-stream/src/mruby_input_stream.c	9
deps/mruby/src/proc.c	9
include/h2o/header.h	1
lib/handler/compress.c	13
lib/handler/compress/brotli.c	8
deps/brotli/c/enc/encode.c	8
lib/handler/compress/gzip.c	10
lib/common/file.c	5
lib/core/proxy.c	3
lib/websocket.c	13

Fuzzer: deps/picotls/fuzz/fuzz-server-hello.c

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	2587	98.2%
gold	[1:9]	2	0.07%
yellow	[10:29]	3	0.11%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	40	1.51%
All colors	2632	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
788	1771	ptls_decode_quicint	call site: 01771	test_memcached_ticket_update
759	731	h2o_barrier_wait	call site: 00731	test_memcached_ticket_update
613	85	h2o_init_request	call site: 00085	test_memcached_ticket_update
277	1491	ptls_buffer_reserve	call site: 01491	test_memcached_ticket_update
68	2563	ptls_log__recalc_point	call site: 02563	ptls_handshake
31	0	EP	call site: 00000	ptls_new
21	705	send_data	call site: 00705	yrmcds_set
19	32	ptls_buffer_init	call site: 00032	h2o_loopback_create
3	53	h2o_mem_alloc	call site: 00053	h2o_fatal
2	64	link_conn	call site: 00064	h2o_init_request
2	701	send_data	call site: 00701	hton32
1	62	link_conn	call site: 00062	h2o_linklist_insert

Runtime coverage analysis

Covered functions

753

Functions that are reachable but not covered

284

Reachable functions

289

Percentage of reachable functions covered

1.73%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
deps/picotls/fuzz/fuzz-server-hello.c	7
deps/picotls/include/picotls.h	18
deps/picotls/lib/picotls.c	236
deps/quicly/lib/quicly.c	24
t/00prop/prop.c	1
t/00unit/src/ssl.c	20
src/ssl.c	61
t/00unit/test.c	4
lib/core/context.c	7
include/h2o/memory.h	4
include/h2o/linklist.h	2
lib/core/request.c	7
lib/common/string.c	6
deps/libyrmcds/connect.c	15
t/injectaddr.c	11
deps/mruby/mrbgems/mruby-socket/src/socket.c	4
deps/libyrmcds/send.c	20
deps/libyrmcds/send_text.c	8
deps/libyrmcds/recv.c	17
deps/picotls/deps/cifra/src/arm/boot.c	1
deps/yaml/src/api.c	16
deps/yoml/yoml-parser.h	23
deps/yaml/src/parser.c	47
deps/yoml/yoml.h	7
lib/common/multithread.c	5
deps/libyrmcds/close.c	3
deps/picotls/lib/libaegis.h	2
deps/picotls/lib/uecc.c	6
deps/picotls/deps/micro-ecc/uECC.c	39
deps/picotls/lib/hpke.c	22
deps/picotls/t/minicrypto.c	1
deps/picotls/t/picotls.c	7
deps/picotls/lib/fusion.c	44
deps/picotls/lib/openssl.c	2
deps/quicly/include/quicly/cid.h	1
deps/quicly/include/quicly/loss.h	1
lib/common/socket/evloop/epoll.c.h	1
deps/mruby/mrbgems/mruby-time/src/time.c	3

Fuzzer: deps/picotls/fuzz/fuzz-asn1.c

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	168	97.1%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	5	2.89%
All colors	173	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
85	0	EP	call site: 00000	ptls_load_certificates
60	112	ptls_buffer__do_pushv	call site: 00112	ptls_minicrypto_load_private_key
14	86	ptls_buffer_init	call site: 00086	ptls_get_pem_object
9	102	ptls_buffer_reserve	call site: 00102	ptls_buffer__release_memory

Runtime coverage analysis

Covered functions

753

Functions that are reachable but not covered

49

Reachable functions

54

Percentage of reachable functions covered

9.26%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
deps/picotls/fuzz/fuzz-asn1.c	13
deps/picotls/lib/asn1.c	8
deps/picotls/deps/cifra/shitlisp/sl-cifra.c	8
deps/picotls/deps/cifra/src/aes.c	12
deps/picotls/deps/cifra/src/bitops.h	1
deps/picotls/deps/cifra/src/ext/handy.h	1
deps/mruby/mrbgems/mruby-io/test/mruby_io_test.c	2
deps/picotls/lib/pembase64.c	15
deps/picotls/include/picotls.h	2
deps/picotls/lib/picotls.c	10
deps/picotls/lib/minicrypto-pem.c	16
deps/picotls/lib/uecc.c	1

Fuzzer: deps/hiredis/fuzzing/format_command_fuzzer.c

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	114	99.1%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	1	0.86%
All colors	115	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
114	0	EP	call site: 00000	redisFormatCommand

Runtime coverage analysis

Covered functions

753

Functions that are reachable but not covered

43

Reachable functions

44

Percentage of reachable functions covered

2.27%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
deps/hiredis/fuzzing/format_command_fuzzer.c	6
deps/hiredis/hiredis.c	22
deps/hiredis/sds.c	20
deps/hiredis/alloc.h	3
deps/hiredis/sds.h	3

Fuzzer: fuzz/driver_h3.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4419	85.7%
gold	[1:9]	181	3.51%
yellow	[10:29]	18	0.34%
greenyellow	[30:49]	2	0.03%
lawngreen	50+	531	10.3%
All colors	5151	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
785	2535	ptls_decode_quicint	call site: 02535	test_memcached_ticket_update
758	1500	ptls_buffer_init	call site: 01500	ptls_new
616	755	h2o_init_request	call site: 00755	test_memcached_ticket_update
303	4075	h2o_quic_send	call site: 04075	send_handshake_flow
273	2259	ptls_buffer_reserve	call site: 02259	test_memcached_ticket_update
230	4381	quicly_ranges_subtract	call site: 04381	send_handshake_flow
179	130	h2o_memis	call site: 00130	h2o_access_log_open_log
159	3392	ptls_log_point_maybe_active	call site: 03392	update_quic_keys
121	1378	send_data	call site: 01378	test_memcached_ticket_update
104	3683	quicly_ranges_drop_by_range_indices	call site: 03683	initiate_close
85	3807	h2o_quic_dispose_conn	call site: 03807	ptls_free
70	3605	quicly_recvstate_dispose	call site: 03605	record_receipt

Runtime coverage analysis

Covered functions

753

Functions that are reachable but not covered

392

Reachable functions

699

Percentage of reachable functions covered

43.92%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
fuzz/driver_h3.cc	39
lib/common/multithread.c	24
deps/mruby/mrbgems/mruby-io/test/mruby_io_test.c	3
lib/handler/access_log.c	21
lib/core/logconf.c	19
include/h2o/memory.h	15
lib/common/string.c	7
include/h2o/string_.h	2
lib/common/token_table.h	1
lib/common/memory.c	38
lib/common/serverutil.c	23
lib/core/config.c	22
lib/handler/mimemap.c	31
lib/common/socketpool.c	21
lib/core/configurator.c	10
include/h2o/linklist.h	4
fuzz/driver_common.cc	12
lib/common/url.c	12
lib/common/hostinfo.c	6
lib/common/balancer/roundrobin.c	2
deps/picotls/deps/cifra/src/arm/boot.c	1
lib/handler/proxy.c	2
lib/handler/file.c	5
lib/core/context.c	20
lib/common/socket/evloop.c.h	54
deps/cloexec/cloexec.c	5
src/main.c	3
lib/common/socket.c	37
lib/common/filecache.c	3
include/h2o/socket/uv-binding.h	3
include/h2o/socket/evloop.h	1
lib/common/timerwheel.c	19
lib/common/socket/evloop/epoll.c.h	35
deps/mruby/mrbgems/mruby-time/src/time.c	3
lib/common/io_uring.c	8
deps/quicly/t/udpfw.c	2
lib/http3/server.c	22
lib/http3/common.c	49
deps/quicly/lib/quicly.c	281
deps/picotls/lib/picotls.c	236
t/00unit/test.c	4
lib/core/request.c	7
t/00unit/src/ssl.c	20
deps/libyrmcds/connect.c	15
t/injectaddr.c	11
deps/mruby/mrbgems/mruby-socket/src/socket.c	5
deps/libyrmcds/send.c	20
deps/libyrmcds/send_text.c	8
deps/libyrmcds/recv.c	17
src/ssl.c	74
deps/yaml/src/api.c	16
deps/yoml/yoml-parser.h	23
deps/yaml/src/parser.c	47
deps/yoml/yoml.h	7
t/00prop/prop.c	1
deps/libyrmcds/close.c	3
deps/picotls/include/picotls.h	21
deps/picotls/lib/openssl.c	5
deps/picotls/lib/libaegis.h	2
deps/picotls/lib/uecc.c	6
deps/picotls/deps/micro-ecc/uECC.c	39
deps/picotls/lib/hpke.c	22
deps/picotls/t/minicrypto.c	1
deps/picotls/t/picotls.c	7
deps/picotls/lib/fusion.c	45
deps/quicly/include/quicly/cid.h	2
deps/quicly/include/quicly/loss.h	8
deps/quicly/lib/local_cid.c	5
deps/quicly/lib/defaults.c	15
deps/quicly/lib/remote_cid.c	7
deps/quicly/lib/rate.c	7
deps/quicly/include/quicly.h	2
deps/quicly/lib/sendstate.c	10
deps/quicly/lib/ranges.c	10
deps/quicly/lib/recvstate.c	6
deps/quicly/lib/streambuf.c	27
deps/quicly/include/quicly/streambuf.h	5
deps/quicly/include/quicly/ranges.h	1
deps/quicly/include/quicly/linklist.h	3
deps/quicly/lib/loss.c	10
deps/quicly/include/quicly/sentmap.h	4
deps/quicly/lib/sentmap.c	8
deps/quicly/t/loss.c	7
lib/http3/qpack.c	6
lib/common/socket/uv-binding.c.h	2
lib/common/file.c	5
deps/quicly/include/quicly/pacer.h	2
include/h2o.h	1
lib/common/rand.c	3
deps/quicly/src/cli.c	47
deps/quicly/include/quicly/frame.h	4
deps/quicly/lib/frame.c	7
deps/quicly/include/quicly/maxsender.h	1
include/h2o/multithread.h	1
lib/common/http3client.c	13
src/httpclient.c	23
lib/core/headers.c	4
fuzz/quicly_mock.c	4
deps/picohttpparser/picohttpparser.c	16
lib/core/proxy.c	3
lib/websocket.c	13

Fuzzer: deps/picotls/fuzz/fuzz-client-hello.c

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	2584	98.2%
gold	[1:9]	2	0.07%
yellow	[10:29]	3	0.11%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	40	1.52%
All colors	2629	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
788	1771	ptls_decode_quicint	call site: 01771	test_memcached_ticket_update
759	731	h2o_barrier_wait	call site: 00731	test_memcached_ticket_update
613	85	h2o_init_request	call site: 00085	test_memcached_ticket_update
277	1491	ptls_buffer_reserve	call site: 01491	test_memcached_ticket_update
65	2563	ptls_log__recalc_point	call site: 02563	ptls_handshake
31	0	EP	call site: 00000	ptls_new
21	705	send_data	call site: 00705	yrmcds_set
19	32	ptls_buffer_init	call site: 00032	h2o_loopback_create
3	53	h2o_mem_alloc	call site: 00053	h2o_fatal
2	64	link_conn	call site: 00064	h2o_init_request
2	701	send_data	call site: 00701	hton32
1	62	link_conn	call site: 00062	h2o_linklist_insert

Runtime coverage analysis

Covered functions

753

Functions that are reachable but not covered

284

Reachable functions

289

Percentage of reachable functions covered

1.73%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
deps/picotls/fuzz/fuzz-client-hello.c	7
deps/picotls/include/picotls.h	18
deps/picotls/lib/picotls.c	236
deps/quicly/lib/quicly.c	24
t/00prop/prop.c	1
t/00unit/src/ssl.c	20
src/ssl.c	61
t/00unit/test.c	4
lib/core/context.c	7
include/h2o/memory.h	4
include/h2o/linklist.h	2
lib/core/request.c	7
lib/common/string.c	6
deps/libyrmcds/connect.c	15
t/injectaddr.c	11
deps/mruby/mrbgems/mruby-socket/src/socket.c	4
deps/libyrmcds/send.c	20
deps/libyrmcds/send_text.c	8
deps/libyrmcds/recv.c	17
deps/picotls/deps/cifra/src/arm/boot.c	1
deps/yaml/src/api.c	16
deps/yoml/yoml-parser.h	23
deps/yaml/src/parser.c	47
deps/yoml/yoml.h	7
lib/common/multithread.c	5
deps/libyrmcds/close.c	3
deps/picotls/lib/libaegis.h	2
deps/picotls/lib/uecc.c	6
deps/picotls/deps/micro-ecc/uECC.c	39
deps/picotls/lib/hpke.c	22
deps/picotls/t/minicrypto.c	1
deps/picotls/t/picotls.c	7
deps/picotls/lib/fusion.c	44
deps/picotls/lib/openssl.c	2
deps/quicly/include/quicly/cid.h	1
deps/quicly/include/quicly/loss.h	1
lib/common/socket/evloop/epoll.c.h	1
deps/mruby/mrbgems/mruby-time/src/time.c	3

Fuzzer: deps/brotli/c/fuzz/decode_fuzzer.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	198	99.4%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	1	0.50%
All colors	199	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
198	0	EP	call site: 00000	BrotliDecoderDecompressStream

Runtime coverage analysis

Covered functions

753

Functions that are reachable but not covered

78

Reachable functions

79

Percentage of reachable functions covered

1.27%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
deps/brotli/c/fuzz/decode_fuzzer.cc	5
deps/brotli/c/dec/decode.c	61
deps/brotli/c/dec/state.c	5
deps/brotli/c/dec/bit_reader.h	10
deps/brotli/c/dec/bit_reader.c	2
deps/brotli/c/dec/huffman.c	6

Fuzzer: deps/mruby/oss-fuzz/mruby_fuzzer.c

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	3026	99.9%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	1	0.03%
All colors	3027	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
3026	0	EP	call site: 00000	mrb_load_string

Runtime coverage analysis

Covered functions

753

Functions that are reachable but not covered

655

Reachable functions

660

Percentage of reachable functions covered

0.76%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
deps/mruby/oss-fuzz/mruby_fuzzer.c	7
deps/mruby/src/state.c	18
deps/mruby/src/error.c	52
deps/mruby/src/print.c	11
deps/mruby/include/mruby/boxing_word.h	7
deps/mruby/src/object.c	33
deps/mruby/src/vm.c	98
deps/mruby/include/mruby/class.h	3
deps/mruby/src/backtrace.c	13
deps/mruby/src/debug.c	5
deps/mruby/src/symbol.c	43
deps/mruby/src/etc.c	1
deps/mruby/src/gc.c	87
deps/mruby/src/variable.c	54
deps/mruby/include/mruby/value.h	7
deps/mruby/src/class.c	40
deps/mruby/src/hash.c	17
deps/mruby/src/range.c	11
deps/mruby/src/array.c	32
deps/mruby/src/string.c	89
deps/mruby/mrbgems/mruby-bigint/core/bigint.c	45
deps/mruby/include/mruby.h	2
deps/mruby/include/mruby/numeric.h	3
deps/mruby/src/numeric.c	20
deps/mruby/src/kernel.c	9
deps/mruby/mrbgems/mruby-rational/src/rational.c	5
deps/mruby/mrbgems/mruby-complex/src/complex.c	5
deps/mruby-onig-regexp/src/mruby_onig_regexp.c	3
deps/mruby/mrbgems/mruby-compiler/core/y.tab.c	24
deps/mruby/src/pool.c	4
deps/mruby/mrbgems/mruby-compiler/core/codegen.c	139
deps/mruby/src/readflt.c	3
deps/mruby/src/proc.c	4
deps/mruby/src/codedump.c	25

Optimal target analysis

Remaining optimal interesting functions

The following table shows a list of functions that are optimal targets. Optimal targets are identified by finding the functions that in combination, yield a high code coverage.

Func name	Functions filename	Arg count	Args	Function depth	hitcount	instr count	bb count	cyclomatic complexity	Reachable functions	Incoming references	total cyclomatic complexity	Unreached complexity
mrb_load_detect_file_cxt	/src/h2o/deps/mruby/mrbgems/mruby-compiler/core/y.tab.c	3	['mrb_state*', 'FILE*', 'mrbc_context*']	150	0	22	6	8	911	0	3907	1650
ocsp_updater_thread	/src/h2o/src/main.c	1	['void*']	16	0	36	6	8	375	0	1027	927
ticket_redis_updater	/src/h2o/src/ssl.c	1	['void*']	13	0	14	3	6	257	0	989	828

Implementing fuzzers that target the above functions will improve reachability such that it becomes:

Functions statically reachable by fuzzers

2074 / 9890

Cyclomatic complexity statically reachable by fuzzers

9356 / 31314

All functions overview

If you implement fuzzers for these functions, the status of all functions in the project will be:

Func name	Functions filename	Args	Function call depth	Reached by Fuzzers	Runtime reached by Fuzzers	Combined reached by Fuzzers	Fuzzers runtime hit	Func lines hit %	I Count	BB Count	Cyclomatic complexity	Functions reached	Reached by functions	Accumulated cyclomatic complexity	Undiscovered complexity

This sections provides heuristics that can be used as input to a fuzz engine when running a given fuzz target. The current focus is on providing input that is usable by libFuzzer.

deps/quicly/fuzz/packet.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['h2o_init_request', 'ptls_buffer_init', 'h2o_barrier_wait', 'send_data', 'h2o_mem_alloc', 'link_conn']

fuzz/driver_url.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['parse_authority_and_path', 'h2o_mem_release_shared', 'h2o_mem_free_recycle']

fuzz/driver.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['call_handlers', 'write_vecs', 'h2o_http2_accept', 'quicly_recvstate_dispose', 'h2o_socket_close', 'send_data', 'h2o_conn_is_early_data', 'h2o_socket_getnumerichost', 'ptls_log__recalc_point', 'h2o_start_response']

deps/picotls/fuzz/fuzz-server-hello.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['ptls_decode_quicint', 'h2o_barrier_wait', 'h2o_init_request', 'ptls_buffer_reserve', 'ptls_log__recalc_point', 'send_data', 'ptls_buffer_init', 'h2o_mem_alloc', 'link_conn']

deps/picotls/fuzz/fuzz-asn1.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['ptls_buffer__do_pushv', 'ptls_buffer_init', 'ptls_buffer_reserve']

deps/hiredis/fuzzing/format_command_fuzzer.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

fuzz/driver_h3.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['ptls_decode_quicint', 'ptls_buffer_init', 'h2o_init_request', 'h2o_quic_send', 'ptls_buffer_reserve', 'quicly_ranges_subtract', 'h2o_memis', 'ptls_log_point_maybe_active', 'send_data', 'quicly_ranges_drop_by_range_indices']

deps/picotls/fuzz/fuzz-client-hello.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['ptls_decode_quicint', 'h2o_barrier_wait', 'h2o_init_request', 'ptls_buffer_reserve', 'ptls_log__recalc_point', 'send_data', 'ptls_buffer_init', 'h2o_mem_alloc', 'link_conn']

deps/brotli/c/fuzz/decode_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

deps/mruby/oss-fuzz/mruby_fuzzer.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

This section shows analysis of runtime coverage data.

For futher technical details on how this section is generated, please see the Glossary .

Complex functions with low coverage

Func name	Function total lines	Lines covered at runtime	percentage covered	Reached by fuzzers
kh_resize_h2o_quic_idmap	62	34	54.83%
quicly_ranges_subtract	50	19	38.0%	['/src/h2o/deps/picotls/fuzz/fuzz-server-hello.c', '/src/h2o/deps/quicly/fuzz/packet.cc', '/src/h2o/deps/hiredis/fuzzing/format_command_fuzzer.c', '/src/h2o/fuzz/driver.cc', '/src/h2o/deps/picotls/fuzz/fuzz-asn1.c', '/src/h2o/fuzz/driver_url.cc', '/src/h2o/fuzz/driver_h3.cc', '/src/h2o/deps/picotls/fuzz/fuzz-client-hello.c', '/src/h2o/deps/mruby/oss-fuzz/mruby_fuzzer.c', '/src/h2o/deps/brotli/c/fuzz/decode_fuzzer.cc']
h2o_filecache_open_file	41	22	53.65%	['/src/h2o/deps/picotls/fuzz/fuzz-server-hello.c', '/src/h2o/deps/quicly/fuzz/packet.cc', '/src/h2o/deps/hiredis/fuzzing/format_command_fuzzer.c', '/src/h2o/fuzz/driver.cc', '/src/h2o/deps/picotls/fuzz/fuzz-asn1.c', '/src/h2o/fuzz/driver_url.cc', '/src/h2o/fuzz/driver_h3.cc', '/src/h2o/deps/picotls/fuzz/fuzz-client-hello.c', '/src/h2o/deps/mruby/oss-fuzz/mruby_fuzzer.c', '/src/h2o/deps/brotli/c/fuzz/decode_fuzzer.cc']
on_head	122	51	41.80%	['/src/h2o/deps/picotls/fuzz/fuzz-server-hello.c', '/src/h2o/deps/quicly/fuzz/packet.cc', '/src/h2o/deps/hiredis/fuzzing/format_command_fuzzer.c', '/src/h2o/fuzz/driver.cc', '/src/h2o/deps/picotls/fuzz/fuzz-asn1.c', '/src/h2o/fuzz/driver_url.cc', '/src/h2o/fuzz/driver_h3.cc', '/src/h2o/deps/picotls/fuzz/fuzz-client-hello.c', '/src/h2o/deps/mruby/oss-fuzz/mruby_fuzzer.c', '/src/h2o/deps/brotli/c/fuzz/decode_fuzzer.cc']
h2o_httpclient_connect	47	14	29.78%	['/src/h2o/deps/picotls/fuzz/fuzz-server-hello.c', '/src/h2o/deps/quicly/fuzz/packet.cc', '/src/h2o/deps/hiredis/fuzzing/format_command_fuzzer.c', '/src/h2o/fuzz/driver.cc', '/src/h2o/deps/picotls/fuzz/fuzz-asn1.c', '/src/h2o/fuzz/driver_url.cc', '/src/h2o/fuzz/driver_h3.cc', '/src/h2o/deps/picotls/fuzz/fuzz-client-hello.c', '/src/h2o/deps/mruby/oss-fuzz/mruby_fuzzer.c', '/src/h2o/deps/brotli/c/fuzz/decode_fuzzer.cc']
h2o_buffer_try_reserve	85	38	44.70%	['/src/h2o/deps/picotls/fuzz/fuzz-server-hello.c', '/src/h2o/deps/quicly/fuzz/packet.cc', '/src/h2o/deps/hiredis/fuzzing/format_command_fuzzer.c', '/src/h2o/fuzz/driver.cc', '/src/h2o/deps/picotls/fuzz/fuzz-asn1.c', '/src/h2o/fuzz/driver_url.cc', '/src/h2o/fuzz/driver_h3.cc', '/src/h2o/deps/picotls/fuzz/fuzz-client-hello.c', '/src/h2o/deps/mruby/oss-fuzz/mruby_fuzzer.c', '/src/h2o/deps/brotli/c/fuzz/decode_fuzzer.cc']
write_core	54	6	11.11%	['/src/h2o/deps/picotls/fuzz/fuzz-server-hello.c', '/src/h2o/deps/quicly/fuzz/packet.cc', '/src/h2o/deps/hiredis/fuzzing/format_command_fuzzer.c', '/src/h2o/fuzz/driver.cc', '/src/h2o/deps/picotls/fuzz/fuzz-asn1.c', '/src/h2o/fuzz/driver_url.cc', '/src/h2o/fuzz/driver_h3.cc', '/src/h2o/deps/picotls/fuzz/fuzz-client-hello.c', '/src/h2o/deps/mruby/oss-fuzz/mruby_fuzzer.c', '/src/h2o/deps/brotli/c/fuzz/decode_fuzzer.cc']
do_write	36	19	52.77%	['/src/h2o/deps/picotls/fuzz/fuzz-server-hello.c', '/src/h2o/deps/quicly/fuzz/packet.cc', '/src/h2o/deps/hiredis/fuzzing/format_command_fuzzer.c', '/src/h2o/fuzz/driver.cc', '/src/h2o/deps/picotls/fuzz/fuzz-asn1.c', '/src/h2o/fuzz/driver_url.cc', '/src/h2o/fuzz/driver_h3.cc', '/src/h2o/deps/picotls/fuzz/fuzz-client-hello.c', '/src/h2o/deps/mruby/oss-fuzz/mruby_fuzzer.c', '/src/h2o/deps/brotli/c/fuzz/decode_fuzzer.cc']
h2o_socketpool_connect	79	33	41.77%	['/src/h2o/deps/picotls/fuzz/fuzz-server-hello.c', '/src/h2o/deps/quicly/fuzz/packet.cc', '/src/h2o/deps/hiredis/fuzzing/format_command_fuzzer.c', '/src/h2o/fuzz/driver.cc', '/src/h2o/deps/picotls/fuzz/fuzz-asn1.c', '/src/h2o/fuzz/driver_url.cc', '/src/h2o/fuzz/driver_h3.cc', '/src/h2o/deps/picotls/fuzz/fuzz-client-hello.c', '/src/h2o/deps/mruby/oss-fuzz/mruby_fuzzer.c', '/src/h2o/deps/brotli/c/fuzz/decode_fuzzer.cc']
h2o_qpack_lookup_content_type	48	15	31.25%	['/src/h2o/deps/picotls/fuzz/fuzz-server-hello.c', '/src/h2o/deps/quicly/fuzz/packet.cc', '/src/h2o/deps/hiredis/fuzzing/format_command_fuzzer.c', '/src/h2o/fuzz/driver.cc', '/src/h2o/deps/picotls/fuzz/fuzz-asn1.c', '/src/h2o/fuzz/driver_url.cc', '/src/h2o/fuzz/driver_h3.cc', '/src/h2o/deps/picotls/fuzz/fuzz-client-hello.c', '/src/h2o/deps/mruby/oss-fuzz/mruby_fuzzer.c', '/src/h2o/deps/brotli/c/fuzz/decode_fuzzer.cc']
create_generator	59	10	16.94%	['/src/h2o/deps/picotls/fuzz/fuzz-server-hello.c', '/src/h2o/deps/quicly/fuzz/packet.cc', '/src/h2o/deps/hiredis/fuzzing/format_command_fuzzer.c', '/src/h2o/fuzz/driver.cc', '/src/h2o/deps/picotls/fuzz/fuzz-asn1.c', '/src/h2o/fuzz/driver_url.cc', '/src/h2o/fuzz/driver_h3.cc', '/src/h2o/deps/picotls/fuzz/fuzz-client-hello.c', '/src/h2o/deps/mruby/oss-fuzz/mruby_fuzzer.c', '/src/h2o/deps/brotli/c/fuzz/decode_fuzzer.cc']
parse_decode_context	41	22	53.65%	['/src/h2o/deps/picotls/fuzz/fuzz-server-hello.c', '/src/h2o/deps/quicly/fuzz/packet.cc', '/src/h2o/deps/hiredis/fuzzing/format_command_fuzzer.c', '/src/h2o/fuzz/driver.cc', '/src/h2o/deps/picotls/fuzz/fuzz-asn1.c', '/src/h2o/fuzz/driver_url.cc', '/src/h2o/fuzz/driver_h3.cc', '/src/h2o/deps/picotls/fuzz/fuzz-client-hello.c', '/src/h2o/deps/mruby/oss-fuzz/mruby_fuzzer.c', '/src/h2o/deps/brotli/c/fuzz/decode_fuzzer.cc']
do_flatten_header	50	11	22.0%	['/src/h2o/deps/picotls/fuzz/fuzz-server-hello.c', '/src/h2o/deps/quicly/fuzz/packet.cc', '/src/h2o/deps/hiredis/fuzzing/format_command_fuzzer.c', '/src/h2o/fuzz/driver.cc', '/src/h2o/deps/picotls/fuzz/fuzz-asn1.c', '/src/h2o/fuzz/driver_url.cc', '/src/h2o/fuzz/driver_h3.cc', '/src/h2o/deps/picotls/fuzz/fuzz-client-hello.c', '/src/h2o/deps/mruby/oss-fuzz/mruby_fuzzer.c', '/src/h2o/deps/brotli/c/fuzz/decode_fuzzer.cc']
run_delayed	59	22	37.28%	['/src/h2o/deps/picotls/fuzz/fuzz-server-hello.c', '/src/h2o/deps/quicly/fuzz/packet.cc', '/src/h2o/deps/hiredis/fuzzing/format_command_fuzzer.c', '/src/h2o/fuzz/driver.cc', '/src/h2o/deps/picotls/fuzz/fuzz-asn1.c', '/src/h2o/fuzz/driver_url.cc', '/src/h2o/fuzz/driver_h3.cc', '/src/h2o/deps/picotls/fuzz/fuzz-client-hello.c', '/src/h2o/deps/mruby/oss-fuzz/mruby_fuzzer.c', '/src/h2o/deps/brotli/c/fuzz/decode_fuzzer.cc']
send_headers	91	21	23.07%	['/src/h2o/deps/picotls/fuzz/fuzz-server-hello.c', '/src/h2o/deps/quicly/fuzz/packet.cc', '/src/h2o/deps/hiredis/fuzzing/format_command_fuzzer.c', '/src/h2o/fuzz/driver.cc', '/src/h2o/deps/picotls/fuzz/fuzz-asn1.c', '/src/h2o/fuzz/driver_url.cc', '/src/h2o/fuzz/driver_h3.cc', '/src/h2o/deps/picotls/fuzz/fuzz-client-hello.c', '/src/h2o/deps/mruby/oss-fuzz/mruby_fuzzer.c', '/src/h2o/deps/brotli/c/fuzz/decode_fuzzer.cc']
h2o_socket_sendvec	33	17	51.51%	['/src/h2o/deps/picotls/fuzz/fuzz-server-hello.c', '/src/h2o/deps/quicly/fuzz/packet.cc', '/src/h2o/deps/hiredis/fuzzing/format_command_fuzzer.c', '/src/h2o/fuzz/driver.cc', '/src/h2o/deps/picotls/fuzz/fuzz-asn1.c', '/src/h2o/fuzz/driver_url.cc', '/src/h2o/fuzz/driver_h3.cc', '/src/h2o/deps/picotls/fuzz/fuzz-client-hello.c', '/src/h2o/deps/mruby/oss-fuzz/mruby_fuzzer.c', '/src/h2o/deps/brotli/c/fuzz/decode_fuzzer.cc']

New fuzzers

The below fuzzers are templates and suggestions for how to target the set of optimal functions above

y.tab.c

Target file: /src/h2o/deps/mruby/mrbgems/mruby-compiler/core/y.tab.c
Target functions: mrb_load_detect_file_cxt

#include "ada_fuzz_header.h"

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  af_safe_gb_init(data, size);

  /* target mrb_load_detect_file_cxt */
  UNKNOWN_TYPE unknown_0;
  UNKNOWN_TYPE unknown_1;
  UNKNOWN_TYPE unknown_2;
  mrb_load_detect_file_cxt(unknown_0, unknown_1, unknown_2);

  af_safe_gb_cleanup();
}

main.c

Target file: /src/h2o/src/main.c
Target functions: ocsp_updater_thread

#include "ada_fuzz_header.h"

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  af_safe_gb_init(data, size);

  /* target ocsp_updater_thread */
  UNKNOWN_TYPE unknown_3;
  ocsp_updater_thread(unknown_3);

  af_safe_gb_cleanup();
}

ssl.c

Target file: /src/h2o/src/ssl.c
Target functions: ticket_redis_updater

#include "ada_fuzz_header.h"

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  af_safe_gb_init(data, size);

  /* target ticket_redis_updater */
  UNKNOWN_TYPE unknown_4;
  ticket_redis_updater(unknown_4);

  af_safe_gb_cleanup();
}

This section shows which files and directories are considered in this report. The main reason for showing this is fuzz introspector may include more code in the reasoning than is desired. This section helps identify if too many files/directories are included, e.g. third party code, which may be irrelevant for the threat model. In the event too much is included, fuzz introspector supports a configuration file that can exclude data from the report. See the following link for more information on how to create a config file: link

Files in report

Source file	Reached by	Covered by
/src/h2o/deps/klib/test/ksort_test.c	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-bigint/core/bigint.c	['fuzz/driver.cc', 'deps/mruby/oss-fuzz/mruby_fuzzer.c']	[]
/src/h2o/deps/picotls/lib/ffx.c	[]	[]
/src/h2o/lib/handler/server_timing.c	[]	[]
/src/h2o/deps/klib/kstring.h	[]	[]
/src/h2o/lib/core/config.c	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	['fuzz/driver.cc', 'fuzz/driver_h3.cc']
/src/h2o/lib/handler/compress.c	['fuzz/driver.cc']	[]
/src/h2o/t/00unit/lib/handler/compress.c	[]	[]
/src/h2o/deps/mruby/src/vm.c	['fuzz/driver.cc', 'deps/mruby/oss-fuzz/mruby_fuzzer.c']	[]
/src/h2o/deps/libyrmcds/t/t.h	[]	[]
/src/h2o/deps/brotli/research/find_opt_references.cc	[]	[]
/src/h2o/deps/picohttpparser/picohttpparser.c	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	['fuzz/driver.cc', 'fuzz/driver_h3.cc']
/src/h2o/lib/http3/common.c	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	['fuzz/driver.cc', 'fuzz/driver_h3.cc']
/src/h2o/lib/http2/http2_debug_state.c	[]	[]
/src/h2o/deps/quicly/include/quicly.h	['fuzz/driver_h3.cc']	['fuzz/driver_h3.cc']
/src/h2o/deps/mruby/include/mruby/array.h	[]	[]
/src/h2o/lib/handler/configurator/server_timing.c	[]	[]
/src/h2o/deps/mruby/src/version.c	[]	[]
/src/h2o/deps/mruby/include/mruby/istruct.h	[]	[]
/src/h2o/t/00unit/lib/common/socket.c	[]	[]
/src/h2o/deps/libyrmcds/socket.c	[]	[]
/src/h2o/deps/quicly/lib/defaults.c	['deps/quicly/fuzz/packet.cc', 'fuzz/driver.cc', 'fuzz/driver_h3.cc']	['deps/quicly/fuzz/packet.cc', 'fuzz/driver.cc', 'fuzz/driver_h3.cc']
/src/h2o/deps/mruby-errno/src/errno.c	[]	[]
/src/h2o/deps/klib/kthread.c	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/mrdb.c	[]	[]
/src/h2o/deps/mruby/oss-fuzz/proto_to_ruby.h	[]	[]
/src/h2o/deps/picotls/deps/cifra/src/bitops.h	['deps/picotls/fuzz/fuzz-asn1.c']	[]
/src/h2o/deps/quicly/include/quicly/streambuf.h	['fuzz/driver_h3.cc']	[]
/src/h2o/lib/common/socket/evloop/kqueue.c.h	[]	[]
/src/h2o/deps/brotli/c/enc/hash_forgetful_chain_inc.h	[]	[]
/src/h2o/lib/common/io_uring.c	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	[]
/src/h2o/deps/mruby/mrbgems/mruby-hash-ext/src/hash-ext.c	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-symbol-ext/src/symbol.c	[]	[]
/src/h2o/lib/core/headers.c	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	['fuzz/driver.cc', 'fuzz/driver_h3.cc']
/src/h2o/deps/mruby/mrbgems/mruby-metaprog/src/metaprog.c	[]	[]
/src/h2o/include/h2o/timerwheel.h	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-test-inline-struct/test/inline.c	[]	[]
/src/h2o/deps/quicly/lib/cc-reno.c	[]	[]
/src/h2o/deps/klib/kseq.h	[]	[]
/src/h2o/deps/picotls/deps/cifra/src/sha256.c	[]	[]
/src/h2o/deps/brotli/c/enc/encode.c	['fuzz/driver.cc']	[]
/src/h2o/deps/quicly/t/simple.c	[]	[]
/src/h2o/deps/hiredis/hiredis.h	[]	[]
/src/h2o/t/00unit/lib/http2/hpack.c	[]	[]
/src/h2o/deps/quicly/lib/local_cid.c	['fuzz/driver_h3.cc']	[]
/src/h2o/deps/mruby/src/object.c	['fuzz/driver.cc', 'deps/mruby/oss-fuzz/mruby_fuzzer.c']	[]
/src/h2o/deps/libyrmcds/recv.c	['deps/quicly/fuzz/packet.cc', 'fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']	[]
/src/h2o/lib/http2/hpack.c	[]	[]
/src/h2o/deps/picotls/deps/cifra/src/hmac.c	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-io/test/mruby_io_test.c	['fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-asn1.c', 'fuzz/driver_h3.cc']	[]
/src/h2o/deps/mruby/mrbgems/mruby-compiler/core/y.tab.c	['deps/mruby/oss-fuzz/mruby_fuzzer.c']	[]
/src/h2o/t/00unit/lib/http3/qpack.c	[]	[]
/src/h2o/include/h2o/openssl_backport.h	[]	[]
/src/h2o/deps/picotls/deps/cifra/src/sha3.c	[]	[]
/src/h2o/deps/hiredis/adapters/libev.h	[]	[]
/src/h2o/deps/hiredis/examples/example-libuv.c	[]	[]
/src/h2o/deps/quicly/lib/cc-cubic.c	[]	[]
/src/h2o/t/00unit/issues/293.c	[]	[]
/src/h2o/lib/core/configurator.c	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	['fuzz/driver.cc', 'fuzz/driver_h3.cc']
/src/h2o/deps/mruby/src/load.c	[]	[]
/src/h2o/deps/picotls/deps/micro-ecc/test/public_key_test_vectors.c	[]	[]
/src/h2o/deps/klib/kstring.c	[]	[]
/src/h2o/lib/handler/configurator/headers.c	[]	[]
/src/h2o/lib/handler/status/ssl.c	[]	[]
/src/h2o/t/injectaddr.c	['deps/quicly/fuzz/packet.cc', 'fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']	[]
/src/h2o/include/h2o.h	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	['fuzz/driver.cc', 'fuzz/driver_h3.cc']
/src/h2o/deps/quicly/t/jumpstart.c	[]	[]
/src/h2o/fuzz/quicly_mock.c	['fuzz/driver_h3.cc']	['fuzz/driver_h3.cc']
/src/h2o/t/00unit/lib/common/absprio.c	[]	[]
/src/h2o/deps/brotli/c/tools/brotli.c	[]	[]
/src/h2o/deps/picotls/deps/cifra/src/testpoly1305.c	[]	[]
/src/h2o/deps/quicly/include/quicly/constants.h	[]	[]
/src/h2o/deps/libyrmcds/connect.c	['deps/quicly/fuzz/packet.cc', 'fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']	[]
/src/h2o/deps/mruby/mrbgems/mruby-array-ext/src/array.c	[]	[]
/src/h2o/fuzz/driver.cc	['fuzz/driver.cc']	['fuzz/driver.cc']
/src/h2o/lib/handler/configurator/compress.c	[]	[]
/src/h2o/t/quic-ndec-initial-gen.c	[]	[]
/src/h2o/lib/common/http3client.c	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	['fuzz/driver.cc', 'fuzz/driver_h3.cc']
/src/h2o/deps/picotls/deps/cifra/src/salsa20.c	[]	[]
/src/h2o/deps/mruby/src/kernel.c	['fuzz/driver.cc', 'deps/mruby/oss-fuzz/mruby_fuzzer.c']	[]
/src/h2o/deps/hiredis/read.c	[]	[]
/src/h2o/lib/handler/file.c	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	['fuzz/driver.cc', 'fuzz/driver_h3.cc']
/src/h2o/deps/mruby/include/mruby/internal.h	[]	[]
/src/h2o/deps/mruby/include/mruby/boxing_nan.h	[]	[]
/src/h2o/include/h2o/socketpool.h	[]	[]
/src/h2o/t/00unit/lib/handler/redirect.c	[]	[]
/src/h2o/t/00unit/lib/http3/frame.c	[]	[]
/src/h2o/deps/quicly/t/loss.c	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	[]
/src/h2o/deps/brotli/c/enc/fast_log.h	[]	[]
/src/h2o/deps/brotli/python/_brotli.cc	[]	[]
/src/h2o/deps/mruby-digest/src/digest.c	[]	[]
/src/h2o/deps/quicly/t/stream-concurrency.c	[]	[]
/src/h2o/include/h2o/pipe_sender.h	[]	[]
/src/h2o/deps/picotls/deps/cifra/shitlisp/sl-cifra.c	['deps/picotls/fuzz/fuzz-asn1.c']	[]
/src/h2o/deps/mruby/include/mruby/string.h	[]	[]
/src/h2o/t/00unit/lib/common/timerwheel.c	[]	[]
/src/h2o/deps/klib/kson.c	[]	[]
/src/h2o/deps/picotls/deps/cifra/src/testsha3.c	[]	[]
/src/h2o/deps/mruby/src/cdump.c	[]	[]
/src/h2o/deps/picotls/deps/cifra/src/testchacha20poly1305.c	[]	[]
/src/h2o/deps/picotls/lib/certificate_compression.c	[]	[]
/src/h2o/deps/klib/bgzf.h	[]	[]
/src/h2o/deps/picotls/lib/mbedtls.c	[]	[]
/src/h2o/lib/handler/errordoc.c	[]	[]
/src/h2o/lib/common/cache.c	[]	[]
/src/h2o/lib/handler/compress/brotli.c	['fuzz/driver.cc']	[]
/src/h2o/deps/mruby/src/pool.c	['deps/mruby/oss-fuzz/mruby_fuzzer.c']	[]
/src/h2o/deps/picotest/picotest.h	[]	[]
/src/h2o/deps/quicly/fuzz/packet.cc	['deps/quicly/fuzz/packet.cc']	['deps/quicly/fuzz/packet.cc']
/src/h2o/deps/quicly/include/quicly/ranges.h	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	['fuzz/driver.cc', 'fuzz/driver_h3.cc']
/src/h2o/deps/brotli/c/include/brotli/decode.h	[]	[]
/src/h2o/lib/handler/mruby/sender.c	['fuzz/driver.cc']	[]
/src/h2o/lib/handler/throttle_resp.c	[]	[]
/src/h2o/deps/brotli/c/fuzz/decode_fuzzer.cc	['deps/brotli/c/fuzz/decode_fuzzer.cc']	['deps/brotli/c/fuzz/decode_fuzzer.cc']
/src/h2o/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apiprint.c	[]	[]
/src/h2o/deps/neverbleed/neverbleed.h	[]	[]
/src/h2o/deps/mruby-json/src/parson.c	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-bigint/core/bigint.h	[]	[]
/src/h2o/deps/cloexec/cloexec.c	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	['fuzz/driver.cc', 'fuzz/driver_h3.cc']
/src/h2o/deps/libyrmcds/yc-cnt.c	[]	[]
/src/h2o/deps/quicly/include/quicly/frame.h	['deps/quicly/fuzz/packet.cc', 'fuzz/driver_h3.cc']	['deps/quicly/fuzz/packet.cc', 'fuzz/driver_h3.cc']
/src/h2o/deps/brotli/c/enc/compress_fragment_two_pass.c	[]	[]
/src/h2o/fuzz/driver_h3.cc	['fuzz/driver_h3.cc']	['fuzz/driver_h3.cc']
/src/h2o/t/00unit/lib/core/headers.c	[]	[]
/src/h2o/deps/picotls/t/util.h	[]	[]
/src/h2o/deps/libgkc/test.c	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-exit/src/mruby-exit.c	[]	[]
/src/h2o/deps/picotls/deps/cifra/src/chash.c	[]	[]
/src/h2o/deps/picotls/t/test.h	[]	[]
/src/h2o/deps/mruby/include/mruby.h	['fuzz/driver.cc', 'deps/mruby/oss-fuzz/mruby_fuzzer.c']	[]
/src/h2o/lib/handler/mruby/channel.c	['fuzz/driver.cc']	[]
/src/h2o/t/00prop/prop.c	['deps/quicly/fuzz/packet.cc', 'fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']	[]
/src/h2o/deps/libyrmcds/send.c	['deps/quicly/fuzz/packet.cc', 'fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']	[]
/src/h2o/deps/yaml/src/yaml_private.h	[]	[]
/src/h2o/deps/brotli/c/dec/bit_reader.c	['deps/brotli/c/fuzz/decode_fuzzer.cc']	[]
/src/h2o/lib/http2/frame.c	['fuzz/driver.cc']	['fuzz/driver.cc']
/src/h2o/deps/brotli/c/enc/static_dict.c	[]	[]
/src/h2o/t/00unit/lib/common/hostinfo.c	[]	[]
/src/h2o/include/h2o/configurator.h	[]	[]
/src/h2o/lib/handler/configurator/throttle_resp.c	[]	[]
/src/h2o/deps/quicly/lib/ranges.c	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	['fuzz/driver.cc', 'fuzz/driver_h3.cc']
/src/h2o/deps/mruby/src/numeric.c	['fuzz/driver.cc', 'deps/mruby/oss-fuzz/mruby_fuzzer.c']	[]
/src/h2o/deps/picotls/t/quiclb.c	[]	[]
/src/h2o/lib/core/context.c	['deps/quicly/fuzz/packet.cc', 'fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']	['deps/quicly/fuzz/packet.cc', 'fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']
/src/h2o/deps/hiredis/adapters/macosx.h	[]	[]
/src/h2o/deps/libyrmcds/strerror.c	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-complex/src/complex.c	['fuzz/driver.cc', 'deps/mruby/oss-fuzz/mruby_fuzzer.c']	[]
/src/h2o/deps/mruby/mrbgems/mruby-cmath/src/cmath.c	[]	[]
/src/h2o/deps/brotli/c/enc/hash_longest_match_inc.h	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/cmdbreak.c	[]	[]
/src/h2o/deps/brotli/c/common/constants.h	[]	[]
/src/h2o/deps/hiredis/hiredis.c	['deps/hiredis/fuzzing/format_command_fuzzer.c']	[]
/src/h2o/deps/picotls/lib/picotls.c	['deps/quicly/fuzz/packet.cc', 'fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'deps/picotls/fuzz/fuzz-asn1.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']	['deps/quicly/fuzz/packet.cc', 'fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'deps/picotls/fuzz/fuzz-asn1.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']
/src/h2o/t/00unit/test.c	['deps/quicly/fuzz/packet.cc', 'fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']	[]
/src/h2o/include/h2o/string_.h	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	['fuzz/driver.cc', 'fuzz/driver_h3.cc']
/src/h2o/t/00unit/lib/handler/headers.c	[]	[]
/src/h2o/deps/yoml/yoml-parser.h	['deps/quicly/fuzz/packet.cc', 'fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']	[]
/src/h2o/deps/klib/kvec.h	[]	[]
/src/h2o/deps/klib/knetfile.c	[]	[]
/src/h2o/deps/golombset/golombset.h	[]	[]
/src/h2o/deps/quicly/include/quicly/loss.h	['fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']	[]
/src/h2o/deps/mruby/mrbgems/mruby-io/src/mruby_io_gem.c	[]	[]
/src/h2o/lib/handler/http2_debug_state.c	[]	[]
/src/h2o/deps/picotls/deps/cifra/src/gcm.c	[]	[]
/src/h2o/deps/mruby-digest/src/picohash.h	[]	[]
/src/h2o/lib/common/memcached.c	[]	[]
/src/h2o/deps/picotls/include/picotls/ffx.h	[]	[]
/src/h2o/deps/picotls/lib/pembase64.c	['deps/picotls/fuzz/fuzz-asn1.c']	[]
/src/h2o/deps/picotls/deps/cifra/src/norx.c	[]	[]
/src/h2o/include/h2o/header.h	['fuzz/driver.cc']	[]
/src/h2o/deps/mruby/include/mruby/range.h	[]	[]
/src/h2o/deps/picotls/fuzz/fuzz-client-hello.c	['deps/picotls/fuzz/fuzz-client-hello.c']	['deps/picotls/fuzz/fuzz-client-hello.c']
/src/h2o/deps/klib/test/kmin_test.c	[]	[]
/src/h2o/deps/brotli/c/enc/hash_longest_match_quickly_inc.h	[]	[]
/src/h2o/include/h2o/httpclient.h	[]	[]
/src/h2o/include/h2o/socket.h	[]	[]
/src/h2o/deps/mruby/src/etc.c	['fuzz/driver.cc', 'deps/mruby/oss-fuzz/mruby_fuzzer.c']	[]
/src/h2o/deps/quicly/include/quicly/sentmap.h	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	[]
/src/h2o/deps/hiredis/adapters/libhv.h	[]	[]
/src/h2o/deps/picotls/deps/cifra/src/sha1.c	[]	[]
/src/h2o/deps/hiredis/adapters/glib.h	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-proc-binding/src/proc-binding.c	[]	[]
/src/h2o/t/00unit/lib/common/serverutil.c	[]	[]
/src/h2o/deps/picotls/lib/cifra/random.c	[]	[]
/src/h2o/deps/yoml/test-yoml.c	[]	[]
/src/h2o/lib/handler/mruby/redis.c	['fuzz/driver.cc']	[]
/src/h2o/deps/mruby/src/readint.c	[]	[]
/src/h2o/deps/yaml/tests/run-dumper.c	[]	[]
/src/h2o/deps/klib/test/kbtree_test.c	[]	[]
/src/h2o/lib/handler/configurator/proxy.c	[]	[]
/src/h2o/deps/hiredis/examples/example-qt.cpp	[]	[]
/src/h2o/lib/common/socket.c	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	['fuzz/driver.cc', 'fuzz/driver_h3.cc']
/src/h2o/t/00unit/lib/core/config.c	[]	[]
/src/h2o/deps/libyrmcds/yc.c	[]	[]
/src/h2o/deps/yaml/src/writer.c	[]	[]
/src/h2o/deps/brotli/c/dec/decode.c	['deps/brotli/c/fuzz/decode_fuzzer.cc']	[]
/src/h2o/lib/handler/redirect.c	[]	[]
/src/h2o/deps/libyrmcds/yrmcds_portability.h	[]	[]
/src/h2o/deps/mruby/oss-fuzz/mruby_fuzzer.c	['deps/mruby/oss-fuzz/mruby_fuzzer.c']	['deps/mruby/oss-fuzz/mruby_fuzzer.c']
/src/h2o/include/h2o/url.h	[]	[]
/src/h2o/deps/mruby/include/mruby/error.h	[]	[]
/src/h2o/deps/mruby-onig-regexp/src/mruby_onig_regexp.c	['fuzz/driver.cc', 'deps/mruby/oss-fuzz/mruby_fuzzer.c']	[]
/src/h2o/deps/mruby/src/backtrace.c	['fuzz/driver.cc', 'deps/mruby/oss-fuzz/mruby_fuzzer.c']	[]
/src/h2o/deps/klib/ksort.h	[]	[]
/src/h2o/t/00unit/lib/core/proxy.c	[]	[]
/src/h2o/deps/hiredis/adapters/libsdevent.h	[]	[]
/src/h2o/deps/quicly/include/quicly/maxsender.h	['fuzz/driver_h3.cc']	[]
/src/h2o/deps/mruby-dir/test/dirtest.c	[]	[]
/src/h2o/deps/brotli/java/org/brotli/wrapper/enc/encoder_jni.cc	[]	[]
/src/h2o/deps/hiredis/examples/example.c	[]	[]
/src/h2o/deps/mruby/src/dump.c	[]	[]
/src/h2o/deps/brotli/c/enc/metablock_inc.h	[]	[]
/src/h2o/deps/picotls/deps/cifra/src/curve25519.tweetnacl.c	[]	[]
/src/h2o/include/h2o/http2_internal.h	['fuzz/driver.cc']	['fuzz/driver.cc']
/src/h2o/deps/quicly/t/lossy.c	[]	[]
/src/h2o/lib/common/socket/uv-binding.c.h	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	['fuzz/driver.cc', 'fuzz/driver_h3.cc']
/src/h2o/deps/quicly/examples/echo.c	[]	[]
/src/h2o/t/00unit/lib/common/httpclient.c	[]	[]
/src/h2o/deps/klib/bgzf.c	[]	[]
/src/h2o/deps/hiredis/adapters/libevent.h	[]	[]
/src/h2o/deps/brotli/c/dec/bit_reader.h	['deps/brotli/c/fuzz/decode_fuzzer.cc']	[]
/src/h2o/deps/yaml/src/api.c	['deps/quicly/fuzz/packet.cc', 'fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']	[]
/src/h2o/lib/handler/configurator/h2olog.c	[]	[]
/src/h2o/t/00unit/issues/percent-encode-zero-byte.c	[]	[]
/src/h2o/deps/hiredis/adapters/redismoduleapi.h	[]	[]
/src/h2o/deps/brotli/research/sieve.cc	[]	[]
/src/h2o/lib/http2/stream.c	['fuzz/driver.cc']	['fuzz/driver.cc']
/src/h2o/lib/core/util.c	['fuzz/driver.cc']	['fuzz/driver.cc']
/src/h2o/deps/quicly/t/ranges.c	[]	[]
/src/h2o/deps/quicly/include/quicly/local_cid.h	[]	[]
/src/h2o/deps/hiredis/sockcompat.c	[]	[]
/src/h2o/deps/brotli/c/enc/brotli_bit_stream.c	[]	[]
/src/h2o/deps/brotli/c/enc/block_splitter.c	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-math/src/math.c	[]	[]
/src/h2o/deps/brotli/c/enc/entropy_encode.h	[]	[]
/src/h2o/deps/picotls/fuzz/fuzz-server-hello.c	['deps/picotls/fuzz/fuzz-server-hello.c']	['deps/picotls/fuzz/fuzz-server-hello.c']
/src/h2o/deps/hiredis/dict.h	[]	[]
/src/h2o/lib/common/token_table.h	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	['fuzz/driver.cc', 'fuzz/driver_h3.cc']
/src/h2o/deps/klib/kopen.c	[]	[]
/src/h2o/deps/yaml/src/dumper.c	[]	[]
/src/h2o/deps/brotli/c/dec/huffman.c	['deps/brotli/c/fuzz/decode_fuzzer.cc']	[]
/src/h2o/deps/mruby/mrbgems/mruby-binding/test/binding.c	[]	[]
/src/h2o/deps/brotli/java/org/brotli/wrapper/common/common_jni.cc	[]	[]
/src/h2o/deps/klib/test/kbit_test.c	[]	[]
/src/h2o/deps/mruby/oss-fuzz/proto_to_ruby.cpp	[]	[]
/src/h2o/include/h2o/http3_common.h	[]	[]
/src/h2o/lib/common/hostinfo.c	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	[]
/src/h2o/lib/http3/qpack.c	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	['fuzz/driver.cc', 'fuzz/driver_h3.cc']
/src/h2o/lib/handler/configurator/reproxy.c	[]	[]
/src/h2o/deps/yaml/include/yaml.h	[]	[]
/src/h2o/deps/mruby-class-new-fiber-safe/src/class-new-fiber-safe.c	[]	[]
/src/h2o/deps/quicly/lib/rate.c	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	[]
/src/h2o/deps/klib/test/khash_test.c	[]	[]
/src/h2o/deps/mruby-dir/src/dir.c	[]	[]
/src/h2o/include/h2o/mruby_.h	[]	[]
/src/h2o/deps/mruby/src/state.c	['fuzz/driver.cc', 'deps/mruby/oss-fuzz/mruby_fuzzer.c']	[]
/src/h2o/t/00unit/src/ssl.c	['deps/quicly/fuzz/packet.cc', 'fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']	[]
/src/h2o/deps/klib/kgraph.h	[]	[]
/src/h2o/lib/handler/mruby/http_request.c	['fuzz/driver.cc']	['fuzz/driver.cc']
/src/h2o/deps/mruby/mrbgems/mruby-range-ext/src/range.c	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-method/src/method.c	[]	[]
/src/h2o/include/h2o/time_.h	[]	[]
/src/h2o/deps/mruby/src/variable.c	['fuzz/driver.cc', 'deps/mruby/oss-fuzz/mruby_fuzzer.c']	[]
/src/h2o/deps/picotls/deps/cifra/src/testsha2.c	[]	[]
/src/h2o/deps/mruby/oss-fuzz/mruby_proto_fuzzer.cpp	[]	[]
/src/h2o/deps/picotls/lib/uecc.c	['fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'deps/picotls/fuzz/fuzz-asn1.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']	[]
/src/h2o/lib/http2/scheduler.c	['fuzz/driver.cc']	['fuzz/driver.cc']
/src/h2o/lib/common/timerwheel.c	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	['fuzz/driver.cc', 'fuzz/driver_h3.cc']
/src/h2o/lib/handler/status/memory.c	[]	[]
/src/h2o/lib/handler/configurator/fastcgi.c	[]	[]
/src/h2o/deps/mruby/include/mruby/value.h	['fuzz/driver.cc', 'deps/mruby/oss-fuzz/mruby_fuzzer.c']	[]
/src/h2o/deps/mruby/include/mruby/data.h	[]	[]
/src/h2o/deps/yaml/tests/run-parser-test-suite.c	[]	[]
/src/h2o/deps/hiredis/win32.h	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-io/src/io.c	[]	[]
/src/h2o/t/00unit/lib/handler/file.c	[]	[]
/src/h2o/deps/quicly/lib/cc-pico.c	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-proc-ext/src/proc.c	[]	[]
/src/h2o/lib/common/http1client.c	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-string-ext/src/string.c	[]	[]
/src/h2o/deps/picotls/picotlsvs/bcrypt-test/bcrypt-test.c	[]	[]
/src/h2o/lib/websocket.c	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	[]
/src/h2o/lib/handler/configurator/headers_util.c	[]	[]
/src/h2o/deps/neverbleed/neverbleed.c	[]	[]
/src/h2o/t/00unit/lib/handler/connect.c	[]	[]
/src/h2o/deps/quicly/t/maxsender.c	[]	[]
/src/h2o/deps/mruby/src/array.c	['fuzz/driver.cc', 'deps/mruby/oss-fuzz/mruby_fuzzer.c']	[]
/src/h2o/deps/brotli/c/enc/memory.h	[]	[]
/src/h2o/deps/mruby/include/mruby/khash.h	[]	[]
/src/h2o/deps/klib/klist.h	[]	[]
/src/h2o/t/00unit/lib/common/cache.c	[]	[]
/src/h2o/deps/mruby/src/string.c	['fuzz/driver.cc', 'deps/mruby/oss-fuzz/mruby_fuzzer.c']	[]
/src/h2o/deps/brotli/c/enc/write_bits.h	[]	[]
/src/h2o/deps/brotli/research/deorummolae.cc	[]	[]
/src/h2o/deps/mruby/examples/mrbgems/c_extension_example/src/example.c	[]	[]
/src/h2o/deps/picotls/lib/fusion.c	['deps/quicly/fuzz/packet.cc', 'fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']	[]
/src/h2o/lib/handler/status/events.c	[]	[]
/src/h2o/deps/picotls/deps/cifra/src/chacha20.c	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-error/src/exception.c	[]	[]
/src/h2o/deps/brotli/c/enc/literal_cost.c	[]	[]
/src/h2o/lib/handler/configurator/expires.c	[]	[]
/src/h2o/deps/picotls/t/cli.c	[]	[]
/src/h2o/t/00unit/lib/handler/mimemap.c	[]	[]
/src/h2o/deps/brotli/c/dec/port.h	[]	[]
/src/h2o/lib/core/logconf.c	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	[]
/src/h2o/deps/yaml/tests/run-emitter-test-suite.c	[]	[]
/src/h2o/deps/hiredis/examples/example-glib.c	[]	[]
/src/h2o/lib/core/pipe_sender.c	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-errno/src/errno.c	[]	[]
/src/h2o/deps/libyrmcds/example/counter.c	[]	[]
/src/h2o/fuzz/driver_url.cc	['fuzz/driver_url.cc']	['fuzz/driver_url.cc']
/src/h2o/lib/handler/configurator/self_trace.c	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-struct/src/struct.c	[]	[]
/src/h2o/lib/handler/headers.c	[]	[]
/src/h2o/deps/mruby/src/hash.c	['fuzz/driver.cc', 'deps/mruby/oss-fuzz/mruby_fuzzer.c']	[]
/src/h2o/deps/picotls/t/hpke.c	[]	[]
/src/h2o/deps/brotli/c/enc/memory.c	[]	[]
/src/h2o/deps/yaml/src/parser.c	['deps/quicly/fuzz/packet.cc', 'fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']	[]
/src/h2o/fuzz/quicly_mock.h	[]	[]
/src/h2o/deps/hiredis/adapters/qt.h	[]	[]
/src/h2o/include/h2o/hostinfo.h	[]	[]
/src/h2o/deps/quicly/t/simulator.c	[]	[]
/src/h2o/t/00unit/lib/handler/throttle_resp.c	[]	[]
/src/h2o/deps/quicly/include/quicly/cc.h	[]	[]
/src/h2o/deps/picotls/t/mbedtls.c	[]	[]
/src/h2o/include/h2o/http2_common.h	[]	[]
/src/h2o/deps/mruby/src/proc.c	['fuzz/driver.cc', 'deps/mruby/oss-fuzz/mruby_fuzzer.c']	[]
/src/h2o/deps/mruby/mrbgems/mruby-numeric-ext/src/numeric_ext.c	[]	[]
/src/h2o/deps/klib/kurl.c	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-binding/src/binding.c	[]	[]
/src/h2o/deps/yaml/tests/test-reader.c	[]	[]
/src/h2o/deps/mruby/src/class.c	['fuzz/driver.cc', 'deps/mruby/oss-fuzz/mruby_fuzzer.c']	[]
/src/h2o/deps/picotls/deps/cifra/src/chacha20poly1305.c	[]	[]
/src/h2o/deps/brotli/c/enc/metablock.h	[]	[]
/src/h2o/deps/quicly/t/frame.c	[]	[]
/src/h2o/deps/quicly/lib/sentmap.c	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	[]
/src/h2o/deps/picotls/t/fusion.c	[]	[]
/src/h2o/deps/quicly/t/remote_cid.c	[]	[]
/src/h2o/lib/handler/configurator/errordoc.c	[]	[]
/src/h2o/deps/klib/ksa.c	[]	[]
/src/h2o/deps/picotls/deps/cifra/src/blockwise.c	[]	[]
/src/h2o/lib/common/multithread.c	['deps/quicly/fuzz/packet.cc', 'fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']	['deps/quicly/fuzz/packet.cc', 'fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']
/src/h2o/deps/mruby/src/compar.c	[]	[]
/src/h2o/lib/common/url.c	['fuzz/driver_url.cc', 'fuzz/driver.cc', 'fuzz/driver_h3.cc']	['fuzz/driver_url.cc', 'fuzz/driver.cc', 'fuzz/driver_h3.cc']
/src/h2o/include/h2o/socket/evloop.h	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	['fuzz/driver.cc', 'fuzz/driver_h3.cc']
/src/h2o/deps/mruby/src/enum.c	[]	[]
/src/h2o/examples/libh2o/websocket.c	[]	[]
/src/h2o/deps/mruby/include/mruby/class.h	['fuzz/driver.cc', 'deps/mruby/oss-fuzz/mruby_fuzzer.c']	[]
/src/h2o/deps/klib/test/ksort_test.cc	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-proc-binding/test/proc-binding.c	[]	[]
/src/h2o/deps/mruby/include/mruby/endian.h	[]	[]
/src/h2o/deps/brotli/c/enc/port.h	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-bin-mrbc/tools/mrbc/stub.c	[]	[]
/src/h2o/deps/hiredis/fuzzing/format_command_fuzzer.c	['deps/hiredis/fuzzing/format_command_fuzzer.c']	['deps/hiredis/fuzzing/format_command_fuzzer.c']
/src/h2o/lib/common/memory.c	['fuzz/driver_url.cc', 'fuzz/driver.cc', 'fuzz/driver_h3.cc']	['fuzz/driver_url.cc', 'fuzz/driver.cc', 'fuzz/driver_h3.cc']
/src/h2o/include/h2o/multithread.h	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	[]
/src/h2o/src/ssl.c	['deps/quicly/fuzz/packet.cc', 'fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']	[]
/src/h2o/deps/brotli/c/enc/entropy_encode.c	[]	[]
/src/h2o/deps/quicly/t/udpfw.c	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	[]
/src/h2o/deps/mruby/mrbgems/mruby-os-memsize/src/memsize.c	[]	[]
/src/h2o/deps/brotli/c/enc/backward_references_hq.c	[]	[]
/src/h2o/deps/picotls/deps/cifra/src/ext/handy.h	['deps/picotls/fuzz/fuzz-asn1.c']	[]
/src/h2o/deps/brotli/c/enc/hash_to_binary_tree_inc.h	[]	[]
/src/h2o/src/main.c	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	[]
/src/h2o/deps/picotls/lib/cifra/aes-common.h	[]	[]
/src/h2o/deps/brotli/c/dec/transform.h	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/cmdrun.c	[]	[]
/src/h2o/deps/quicly/lib/frame.c	['deps/quicly/fuzz/packet.cc', 'fuzz/driver_h3.cc']	[]
/src/h2o/deps/mruby-json/src/mrb_json.c	[]	[]
/src/h2o/deps/brotli/c/enc/quality.h	[]	[]
/src/h2o/deps/picotls/lib/quiclb-impl.h	[]	[]
/src/h2o/lib/common/http2client.c	[]	[]
/src/h2o/deps/mruby/src/codedump.c	['deps/mruby/oss-fuzz/mruby_fuzzer.c']	[]
/src/h2o/deps/mruby-env/src/env.c	[]	[]
/src/h2o/deps/libyrmcds/text_mode.c	[]	[]
/src/h2o/deps/brotli/research/draw_diff.cc	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-sprintf/src/sprintf.c	[]	[]
/src/h2o/deps/picotls/deps/cifra/src/testnorx.c	[]	[]
/src/h2o/deps/mruby/include/mruby/presym/scanning.h	[]	[]
/src/h2o/deps/picotls/deps/cifra/src/aes.c	['deps/picotls/fuzz/fuzz-asn1.c']	[]
/src/h2o/deps/hiredis/sockcompat.h	[]	[]
/src/h2o/deps/picotls/deps/cifra/src/arm/semihost.c	[]	[]
/src/h2o/deps/mruby/include/mruby/object.h	[]	[]
/src/h2o/include/h2o/socket/uv-binding.h	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	[]
/src/h2o/lib/common/socket/evloop/epoll.c.h	['deps/quicly/fuzz/packet.cc', 'fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']	['deps/quicly/fuzz/packet.cc', 'fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']
/src/h2o/deps/klib/khmm.h	[]	[]
/src/h2o/deps/brotli/c/enc/backward_references_inc.h	[]	[]
/src/h2o/deps/hiredis/adapters/ae.h	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-fiber/src/fiber.c	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/cmdprint.c	[]	[]
/src/h2o/deps/yoml/yoml.h	['deps/quicly/fuzz/packet.cc', 'fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']	[]
/src/h2o/deps/picotls/lib/ptlsbcrypt.c	[]	[]
/src/h2o/deps/hiredis/adapters/ivykis.h	[]	[]
/src/h2o/deps/picotls/t/minicrypto.c	['deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']	[]
/src/h2o/deps/mruby/mrbgems/mruby-bin-mrbc/tools/mrbc/mrbc.c	[]	[]
/src/h2o/deps/quicly/lib/sendstate.c	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	['fuzz/driver.cc', 'fuzz/driver_h3.cc']
/src/h2o/deps/yaml/src/emitter.c	[]	[]
/src/h2o/lib/common/string.c	['deps/quicly/fuzz/packet.cc', 'fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']	['deps/quicly/fuzz/packet.cc', 'fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']
/src/h2o/lib/common/balancer/roundrobin.c	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	['fuzz/driver.cc', 'fuzz/driver_h3.cc']
/src/h2o/deps/brotli/c/enc/entropy_encode_static.h	[]	[]
/src/h2o/deps/picotls/lib/minicrypto-pem.c	['deps/picotls/fuzz/fuzz-asn1.c']	[]
/src/h2o/deps/hiredis/examples/example-ae.c	[]	[]
/src/h2o/lib/core/proxy.c	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	['fuzz/driver.cc', 'fuzz/driver_h3.cc']
/src/h2o/deps/quicly/include/quicly/cid.h	['fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']	[]
/src/h2o/deps/mruby/src/init.c	[]	[]
/src/h2o/t/qif.c	[]	[]
/src/h2o/lib/common/time.c	['fuzz/driver.cc']	['fuzz/driver.cc']
/src/h2o/deps/picotls/deps/cifra/src/curve25519.donna.c	[]	[]
/src/h2o/deps/klib/test/kthread_test.c	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-bin-strip/tools/mruby-strip/mruby-strip.c	[]	[]
/src/h2o/deps/brotli/c/enc/command.h	[]	[]
/src/h2o/deps/quicly/include/quicly/sendstate.h	[]	[]
/src/h2o/deps/picotls/lib/libaegis.h	['deps/quicly/fuzz/packet.cc', 'fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']	[]
/src/h2o/deps/hiredis/dict.c	[]	[]
/src/h2o/deps/mruby/include/mruby/irep.h	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-rational/src/rational.c	['fuzz/driver.cc', 'deps/mruby/oss-fuzz/mruby_fuzzer.c']	[]
/src/h2o/lib/handler/reproxy.c	[]	[]
/src/h2o/deps/picotls/deps/cifra/src/ext/cutest.h	[]	[]
/src/h2o/t/00unit/lib/common/string.c	[]	[]
/src/h2o/t/00unit/lib/http2/casper.c	[]	[]
/src/h2o/deps/quicly/t/rate.c	[]	[]
/src/h2o/deps/brotli/research/dictionary_generator.cc	[]	[]
/src/h2o/deps/klib/ksw.c	[]	[]
/src/h2o/deps/ssl-conservatory/openssl/test_client.c	[]	[]
/src/h2o/t/00unit/lib/http2/scheduler.c	[]	[]
/src/h2o/include/h2o/absprio.h	[]	[]
/src/h2o/deps/mruby-input-stream/src/mruby_input_stream.c	['fuzz/driver.cc']	[]
/src/h2o/include/h2o/http2_scheduler.h	['fuzz/driver.cc']	['fuzz/driver.cc']
/src/h2o/deps/mruby/mrbgems/mruby-object-ext/src/object.c	[]	[]
/src/h2o/deps/mruby/include/mruby/proc.h	[]	[]
/src/h2o/deps/mruby/include/mruby/opcode.h	[]	[]
/src/h2o/deps/picotls/deps/cifra/extra_vecs/openssl-hash.c	[]	[]
/src/h2o/lib/common/socket/evloop.c.h	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	['fuzz/driver.cc', 'fuzz/driver_h3.cc']
/src/h2o/deps/picotls/lib/hpke.c	['deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']	[]
/src/h2o/lib/handler/configurator/mruby.c	[]	[]
/src/h2o/deps/quicly/src/cli.c	['fuzz/driver_h3.cc']	['fuzz/driver_h3.cc']
/src/h2o/lib/common/file.c	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	[]
/src/h2o/lib/handler/status/requests.c	[]	[]
/src/h2o/lib/handler/configurator/access_log.c	[]	[]
/src/h2o/deps/picotls/lib/chacha20poly1305.h	[]	[]
/src/h2o/deps/klib/kbit.h	[]	[]
/src/h2o/lib/handler/expires.c	[]	[]
/src/h2o/fuzz/driver_common.cc	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	[]
/src/h2o/deps/mruby/mrbgems/mruby-io/include/mruby/ext/io.h	[]	[]
/src/h2o/lib/common/httpclient.c	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-error/test/exception.c	[]	[]
/src/h2o/deps/klib/kmath.h	[]	[]
/src/h2o/lib/common/serverutil.c	['fuzz/driver_h3.cc']	[]
/src/h2o/deps/brotli/c/enc/hash.h	[]	[]
/src/h2o/deps/quicly/lib/recvstate.c	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	['fuzz/driver.cc', 'fuzz/driver_h3.cc']
/src/h2o/deps/yaml/src/reader.c	[]	[]
/src/h2o/lib/handler/file/_templates.c.h	[]	[]
/src/h2o/deps/picotls/t/picotls.c	['deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']	[]
/src/h2o/deps/mruby/mrbgems/mruby-binding-core/src/binding-core.c	[]	[]
/src/h2o/lib/handler/proxy.c	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	['fuzz/driver.cc', 'fuzz/driver_h3.cc']
/src/h2o/lib/common/absprio.c	[]	[]
/src/h2o/deps/picotls/deps/cifra/src/modes.c	[]	[]
/src/h2o/deps/picotls/t/ptlsbench.c	[]	[]
/src/h2o/deps/brotli/c/enc/context.h	[]	[]
/src/h2o/lib/http2/connection.c	['fuzz/driver.cc']	['fuzz/driver.cc']
/src/h2o/deps/mruby/mrbgems/mruby-test/driver.c	[]	[]
/src/h2o/deps/mruby-file-stat/test/file-stat.c	[]	[]
/src/h2o/deps/hiredis/read.h	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-class-ext/src/class.c	[]	[]
/src/h2o/deps/klib/test/kseq_bench2.c	[]	[]
/src/h2o/deps/picohttpparser/test.c	[]	[]
/src/h2o/deps/yaml/src/loader.c	[]	[]
/src/h2o/deps/mruby-require/src/require.c	[]	[]
/src/h2o/deps/hiredis/ssl.c	[]	[]
/src/h2o/deps/picotls/picotlsvs/picotlsvs/picotlsvs.c	[]	[]
/src/h2o/deps/ssl-conservatory/openssl/openssl_hostname_validation.c	[]	[]
/src/h2o/t/00unit/lib/handler/fastcgi.c	[]	[]
/src/h2o/t/00unit/lib/common/rand.c	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-objectspace/src/mruby_objectspace.c	[]	[]
/src/h2o/deps/libyrmcds/send_text.c	['deps/quicly/fuzz/packet.cc', 'fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']	[]
/src/h2o/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/cmdmisc.c	[]	[]
/src/h2o/lib/common/socket/evloop/poll.c.h	[]	[]
/src/h2o/examples/libh2o/redis-client.c	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apibreak.c	[]	[]
/src/h2o/deps/brotli/c/enc/compress_fragment.c	[]	[]
/src/h2o/deps/klib/test/khash_keith.c	[]	[]
/src/h2o/deps/picotest/picotest.c	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-time/src/time.c	['fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']	[]
/src/h2o/lib/common/balancer/least_conn.c	[]	[]
/src/h2o/t/00unit/lib/common/url.c	[]	[]
/src/h2o/deps/quicly/t/test.c	['fuzz/driver.cc']	[]
/src/h2o/deps/picotls/deps/cifra/src/testaes.c	[]	[]
/src/h2o/deps/brotli/c/enc/metablock.c	[]	[]
/src/h2o/lib/probes_.h	['fuzz/driver.cc']	['fuzz/driver.cc']
/src/h2o/deps/picotls/deps/cifra/src/eax.c	[]	[]
/src/h2o/deps/picotls/picotlsvs/picotls-esni/getopt.c	[]	[]
/src/h2o/deps/brotli/c/include/brotli/port.h	[]	[]
/src/h2o/deps/hiredis/net.c	[]	[]
/src/h2o/deps/quicly/t/pacer.c	[]	[]
/src/h2o/lib/handler/configurator/file.c	[]	[]
/src/h2o/deps/klib/kmath.c	[]	[]
/src/h2o/lib/http1.c	['fuzz/driver.cc']	['fuzz/driver.cc']
/src/h2o/deps/picotls/deps/cifra/src/drbg.c	[]	[]
/src/h2o/lib/handler/access_log.c	['fuzz/driver_url.cc', 'fuzz/driver.cc', 'fuzz/driver_h3.cc']	[]
/src/h2o/deps/picotls/deps/cifra/src/ocb.c	[]	[]
/src/h2o/t/00unit/lib/core/util.c	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-io/src/file.c	[]	[]
/src/h2o/examples/libh2o/simple.c	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apistring.c	[]	[]
/src/h2o/deps/brotli/c/enc/cluster.c	[]	[]
/src/h2o/deps/hiredis/examples/example-qt.h	[]	[]
/src/h2o/lib/http2/cache_digests.c	[]	[]
/src/h2o/deps/picotls/deps/cifra/src/testcurve25519.c	[]	[]
/src/h2o/deps/picotls/lib/openssl.c	['fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']	[]
/src/h2o/deps/quicly/lib/quicly.c	['deps/quicly/fuzz/packet.cc', 'fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']	[]
/src/h2o/deps/picotls/lib/cifra/chacha20.c	[]	[]
/src/h2o/deps/brotli/c/include/brotli/types.h	[]	[]
/src/h2o/deps/neverbleed/test.c	[]	[]
/src/h2o/deps/picotls/deps/cifra/src/ccm.c	[]	[]
/src/h2o/deps/brotli/c/enc/cluster.h	[]	[]
/src/h2o/deps/quicly/include/quicly/linklist.h	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	[]
/src/h2o/deps/mruby/mrbgems/mruby-socket/test/sockettest.c	[]	[]
/src/h2o/deps/klib/khash.h	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-random/src/random.c	[]	[]
/src/h2o/deps/picotls/fuzz/fuzz-asn1.c	['deps/picotls/fuzz/fuzz-asn1.c']	['deps/picotls/fuzz/fuzz-asn1.c']
/src/h2o/deps/mruby/mrbgems/mruby-compiler/core/codegen.c	['deps/mruby/oss-fuzz/mruby_fuzzer.c']	[]
/src/h2o/deps/mruby/include/mruby/boxing_no.h	[]	[]
/src/h2o/deps/brotli/c/enc/backward_references.c	[]	[]
/src/h2o/deps/picotls/deps/cifra/src/arm/main.c	[]	[]
/src/h2o/deps/picotls/deps/cifra/src/cmac.c	[]	[]
/src/h2o/deps/hiredis/adapters/libuv.h	[]	[]
/src/h2o/deps/brotli/java/org/brotli/wrapper/dec/decoder_jni.cc	[]	[]
/src/h2o/deps/hiredis/examples/example-redismoduleapi.c	[]	[]
/src/h2o/deps/quicly/lib/remote_cid.c	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	[]
/src/h2o/t/00unit/lib/common/balancer/least_conn.c	[]	[]
/src/h2o/deps/brotli/c/dec/state.c	['deps/brotli/c/fuzz/decode_fuzzer.cc']	[]
/src/h2o/deps/mruby/include/mruby/presym/enable.h	[]	[]
/src/h2o/deps/quicly/include/quicly/pacer.h	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	[]
/src/h2o/deps/klib/khmm.c	[]	[]
/src/h2o/deps/picotls/deps/cifra/src/arm/boot.c	['deps/quicly/fuzz/packet.cc', 'fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']	[]
/src/h2o/lib/handler/fastcgi.c	[]	[]
/src/h2o/lib/handler/status.c	[]	[]
/src/h2o/lib/common/redis.c	[]	[]
/src/h2o/deps/libyrmcds/set_compression.c	[]	[]
/src/h2o/deps/hiredis/test.c	[]	[]
/src/h2o/lib/common/token.c	[]	[]
/src/h2o/deps/picotls/deps/cifra/src/testmodes.c	[]	[]
/src/h2o/deps/mruby/src/symbol.c	['fuzz/driver.cc', 'deps/mruby/oss-fuzz/mruby_fuzzer.c']	[]
/src/h2o/deps/picotls/deps/cifra/src/testutil.h	[]	[]
/src/h2o/lib/http3/server.c	['fuzz/driver_h3.cc']	['fuzz/driver_h3.cc']
/src/h2o/deps/picotls/deps/cifra/src/testdrbg.c	[]	[]
/src/h2o/deps/picotls/lib/cifra/aes256.c	[]	[]
/src/h2o/lib/common/socketpool.c	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	['fuzz/driver.cc', 'fuzz/driver_h3.cc']
/src/h2o/lib/handler/configurator/http2_debug_state.c	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-io/src/file_test.c	[]	[]
/src/h2o/deps/brotli/c/enc/utf8_util.c	[]	[]
/src/h2o/lib/handler/connect.c	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-test/vformat.c	[]	[]
/src/h2o/lib/http3/frame.c	[]	[]
/src/h2o/deps/quicly/t/sentmap.c	[]	[]
/src/h2o/deps/mruby/include/mruby/presym/disable.h	[]	[]
/src/h2o/deps/picotls/deps/cifra/src/curve25519.naclref.c	[]	[]
/src/h2o/deps/klib/test/kstring_bench2.c	[]	[]
/src/h2o/deps/mruby/include/mruby/throw.h	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-socket/src/socket.c	['deps/quicly/fuzz/packet.cc', 'fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']	[]
/src/h2o/deps/mruby/mrbgems/mruby-sleep/src/sleep.c	[]	[]
/src/h2o/deps/hiredis/sds.h	['deps/hiredis/fuzzing/format_command_fuzzer.c']	[]
/src/h2o/t/00unit/lib/common/multithread.c	[]	[]
/src/h2o/deps/picotls/deps/cifra/src/pbkdf2.c	[]	[]
/src/h2o/lib/common/rand.c	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	[]
/src/h2o/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apilist.c	[]	[]
/src/h2o/deps/brotli/c/common/dictionary.c	[]	[]
/src/h2o/t/00unit/lib/common/balancer/roundrobin.c	[]	[]
/src/h2o/lib/handler/configurator/redirect.c	[]	[]
/src/h2o/lib/core/request.c	['deps/quicly/fuzz/packet.cc', 'fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']	['deps/quicly/fuzz/packet.cc', 'fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']
/src/h2o/deps/picotls/deps/cifra/src/sha512.c	[]	[]
/src/h2o/deps/yaml/src/scanner.c	[]	[]
/src/h2o/deps/mruby/src/numops.c	[]	[]
/src/h2o/deps/mruby/include/mruby/dump.h	[]	[]
/src/h2o/deps/brotli/c/enc/bit_cost.h	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-bin-mruby/tools/mruby/mruby.c	[]	[]
/src/h2o/deps/mruby/src/print.c	['fuzz/driver.cc', 'deps/mruby/oss-fuzz/mruby_fuzzer.c']	[]
/src/h2o/deps/mruby/include/mruby/boxing_word.h	['fuzz/driver.cc', 'deps/mruby/oss-fuzz/mruby_fuzzer.c']	[]
/src/h2o/deps/mruby-file-stat/src/file-stat.c	[]	[]
/src/h2o/deps/klib/test/kstring_test.c	[]	[]
/src/h2o/deps/libyrmcds/counter.c	[]	[]
/src/h2o/lib/handler/mruby/sleep.c	['fuzz/driver.cc']	[]
/src/h2o/deps/picotls/deps/micro-ecc/uECC.c	['fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']	[]
/src/h2o/deps/mruby/src/error.c	['fuzz/driver.cc', 'deps/mruby/oss-fuzz/mruby_fuzzer.c']	[]
/src/h2o/lib/handler/configurator/status.c	[]	[]
/src/h2o/deps/brotli/c/enc/find_match_length.h	[]	[]
/src/h2o/lib/handler/status/durations.c	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-proc-ext/test/proc.c	[]	[]
/src/h2o/include/h2o/memory.h	['deps/quicly/fuzz/packet.cc', 'fuzz/driver_url.cc', 'fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']	['deps/quicly/fuzz/packet.cc', 'fuzz/driver_url.cc', 'fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']
/src/h2o/lib/handler/mimemap.c	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	['fuzz/driver.cc', 'fuzz/driver_h3.cc']
/src/h2o/deps/mruby/src/range.c	['fuzz/driver.cc', 'deps/mruby/oss-fuzz/mruby_fuzzer.c']	[]
/src/h2o/deps/mruby/examples/mrbgems/c_and_ruby_extension_example/src/example.c	[]	[]
/src/h2o/deps/klib/kson.h	[]	[]
/src/h2o/deps/libgkc/gkc.c	[]	[]
/src/h2o/deps/quicly/include/quicly/recvstate.h	[]	[]
/src/h2o/deps/brotli/c/enc/prefix.h	[]	[]
/src/h2o/deps/brotli/research/read_dist.h	[]	[]
/src/h2o/deps/picotls/deps/cifra/src/testsha.h	[]	[]
/src/h2o/deps/picotls/picotlsvs/picotls/wintimeofday.c	[]	[]
/src/h2o/t/00unit/lib/common/time.c	[]	[]
/src/h2o/lib/handler/mruby.c	['fuzz/driver.cc']	[]
/src/h2o/deps/mruby/src/debug.c	['fuzz/driver.cc', 'deps/mruby/oss-fuzz/mruby_fuzzer.c']	[]
/src/h2o/deps/libyrmcds/close.c	['deps/quicly/fuzz/packet.cc', 'fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']	[]
/src/h2o/deps/mruby/include/mruby/hash.h	[]	[]
/src/h2o/deps/hiredis/alloc.c	[]	[]
/src/h2o/deps/picotls/include/picotls.h	['deps/quicly/fuzz/packet.cc', 'fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'deps/picotls/fuzz/fuzz-asn1.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']	['deps/quicly/fuzz/packet.cc', 'fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'deps/picotls/fuzz/fuzz-asn1.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']
/src/h2o/deps/picotls/deps/cifra/src/testsalsa20.c	[]	[]
/src/h2o/lib/http2/casper.c	[]	[]
/src/h2o/deps/mruby/examples/mrbgems/c_extension_example/test/example.c	[]	[]
/src/h2o/examples/libh2o/latency-optimization.c	[]	[]
/src/h2o/deps/picotls/deps/micro-ecc/test/test_compress.c	[]	[]
/src/h2o/deps/brotli/c/enc/ringbuffer.h	[]	[]
/src/h2o/deps/mruby/include/mruby/version.h	[]	[]
/src/h2o/deps/mruby/src/fmt_fp.c	[]	[]
/src/h2o/deps/mruby/include/mruby/numeric.h	['fuzz/driver.cc', 'deps/mruby/oss-fuzz/mruby_fuzzer.c']	[]
/src/h2o/lib/handler/compress/gzip.c	['fuzz/driver.cc']	[]
/src/h2o/deps/quicly/include/quicly/rate.h	[]	[]
/src/h2o/deps/hiredis/async.c	[]	[]
/src/h2o/deps/klib/kbtree.h	[]	[]
/src/h2o/deps/hiredis/adapters/poll_.h	[]	[]
/src/h2o/deps/klib/knhx.c	[]	[]
/src/h2o/deps/mruby/src/readflt.c	['deps/mruby/oss-fuzz/mruby_fuzzer.c']	[]
/src/h2o/deps/brotli/c/enc/histogram.c	[]	[]
/src/h2o/deps/picotls/deps/cifra/src/poly1305.c	[]	[]
/src/h2o/deps/klib/knetfile.h	[]	[]
/src/h2o/deps/picotls/lib/mbedtls_sign.c	[]	[]
/src/h2o/deps/hiredis/async_private.h	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-bin-mirb/tools/mirb/mirb.c	[]	[]
/src/h2o/deps/picotls/deps/cifra/src/gf128.c	[]	[]
/src/h2o/src/httpclient.c	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	[]
/src/h2o/deps/quicly/lib/loss.c	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	[]
/src/h2o/deps/mruby/mrbgems/mruby-catch/src/catch.c	[]	[]
/src/h2o/deps/mruby/src/value_array.h	[]	[]
/src/h2o/include/h2o/linklist.h	['deps/quicly/fuzz/packet.cc', 'fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']	['deps/quicly/fuzz/packet.cc', 'fuzz/driver.cc', 'deps/picotls/fuzz/fuzz-server-hello.c', 'fuzz/driver_h3.cc', 'deps/picotls/fuzz/fuzz-client-hello.c']
/src/h2o/deps/mruby/mrbgems/mruby-kernel-ext/src/kernel.c	[]	[]
/src/h2o/deps/picotls/lib/cifra/aes128.c	[]	[]
/src/h2o/deps/mruby-dir/src/Win/dirent.c	[]	[]
/src/h2o/deps/hiredis/examples/example-push.c	[]	[]
/src/h2o/deps/brotli/research/draw_histogram.cc	[]	[]
/src/h2o/deps/libyrmcds/t/text.c	[]	[]
/src/h2o/lib/handler/h2olog.c	[]	[]
/src/h2o/deps/picotls/deps/cifra/src/arm/ext/cutest.h	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-pack/src/pack.c	[]	[]
/src/h2o/deps/yaml/tests/run-emitter.c	[]	[]
/src/h2o/examples/libh2o/socket-client.c	[]	[]
/src/h2o/deps/picotls/lib/cifra/x25519.c	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-print/src/print.c	[]	[]
/src/h2o/deps/hiredis/sds.c	['deps/hiredis/fuzzing/format_command_fuzzer.c']	[]
/src/h2o/deps/quicly/lib/streambuf.c	['fuzz/driver_h3.cc']	[]
/src/h2o/deps/mruby/src/gc.c	['fuzz/driver.cc', 'deps/mruby/oss-fuzz/mruby_fuzzer.c']	[]
/src/h2o/deps/picotls/deps/cifra/src/arm/unacl/scalarmult.c	[]	[]
/src/h2o/lib/handler/mruby/middleware.c	['fuzz/driver.cc']	['fuzz/driver.cc']
/src/h2o/lib/handler/headers_util.c	[]	[]
/src/h2o/deps/picotls/lib/asn1.c	['deps/picotls/fuzz/fuzz-asn1.c']	[]
/src/h2o/deps/picotls/t/openssl.c	[]	[]
/src/h2o/deps/picotls/deps/cifra/src/cbcmac.c	[]	[]
/src/h2o/t/00unit/lib/http3/server.c	[]	[]
/src/h2o/deps/quicly/t/local_cid.c	[]	[]
/src/h2o/deps/klib/kurl.h	[]	[]
/src/h2o/deps/mruby/mrbgems/mruby-eval/src/eval.c	[]	[]
/src/h2o/t/00unit/lib/http2/cache_digests.c	[]	[]
/src/h2o/lib/common/filecache.c	['fuzz/driver.cc', 'fuzz/driver_h3.cc']	['fuzz/driver.cc', 'fuzz/driver_h3.cc']
/src/h2o/deps/picotls/deps/cifra/src/testsha1.c	[]	[]
/src/h2o/lib/handler/self_trace.c	[]	[]

Directories in report

Directory
/src/h2o/deps/mruby/oss-fuzz/
/src/h2o/deps/picotls/t/
/src/h2o/deps/picotls/deps/cifra/src/arm/ext/
/src/h2o/deps/mruby/mrbgems/mruby-method/src/
/src/h2o/deps/brotli/java/org/brotli/wrapper/common/
/src/h2o/deps/mruby/mrbgems/mruby-numeric-ext/src/
/src/h2o/deps/mruby/mrbgems/mruby-compiler/core/
/src/h2o/deps/mruby/mrbgems/mruby-errno/src/
/src/h2o/deps/mruby/mrbgems/mruby-range-ext/src/
/src/h2o/deps/picotls/fuzz/
/src/h2o/lib/http2/
/src/h2o/t/
/src/h2o/deps/mruby/mrbgems/mruby-error/test/
/src/h2o/deps/mruby-dir/test/
/src/h2o/deps/mruby/mrbgems/mruby-rational/src/
/src/h2o/deps/mruby/mrbgems/mruby-binding-core/src/
/src/h2o/deps/brotli/java/org/brotli/wrapper/enc/
/src/h2o/include/h2o/
/src/h2o/deps/mruby-dir/src/
/src/h2o/deps/mruby/mrbgems/mruby-array-ext/src/
/src/h2o/lib/
/src/h2o/deps/ssl-conservatory/openssl/
/src/h2o/deps/mruby-require/src/
/src/h2o/deps/brotli/python/
/src/h2o/deps/hiredis/
/src/h2o/deps/mruby/mrbgems/mruby-print/src/
/src/h2o/deps/mruby/mrbgems/mruby-eval/src/
/src/h2o/deps/mruby/mrbgems/mruby-os-memsize/src/
/src/h2o/deps/mruby/mrbgems/mruby-bin-mirb/tools/mirb/
/src/h2o/deps/mruby/mrbgems/mruby-random/src/
/src/h2o/deps/mruby/mrbgems/mruby-metaprog/src/
/src/h2o/deps/picotls/picotlsvs/picotlsvs/
/src/h2o/deps/cloexec/
/src/h2o/deps/mruby/include/mruby/presym/
/src/h2o/deps/hiredis/examples/
/src/h2o/deps/hiredis/fuzzing/
/src/h2o/deps/mruby/mrbgems/mruby-bigint/core/
/src/h2o/deps/brotli/c/dec/
/src/h2o/deps/mruby/mrbgems/mruby-proc-binding/test/
/src/h2o/deps/picotls/deps/micro-ecc/
/src/h2o/deps/mruby/mrbgems/mruby-proc-binding/src/
/src/h2o/deps/brotli/c/fuzz/
/src/h2o/deps/mruby/mrbgems/mruby-test/
/src/h2o/deps/picotest/
/src/h2o/deps/brotli/research/
/src/h2o/lib/common/balancer/
/src/h2o/deps/mruby/mrbgems/mruby-socket/src/
/src/h2o/deps/mruby/mrbgems/mruby-io/include/mruby/ext/
/src/h2o/deps/yoml/
/src/h2o/deps/libyrmcds/
/src/h2o/deps/picotls/lib/cifra/
/src/h2o/deps/mruby/mrbgems/mruby-string-ext/src/
/src/h2o/deps/mruby/mrbgems/mruby-proc-ext/test/
/src/h2o/lib/handler/configurator/
/src/h2o/deps/picotls/deps/cifra/extra_vecs/
/src/h2o/deps/picotls/include/
/src/h2o/deps/mruby/examples/mrbgems/c_extension_example/test/
/src/h2o/deps/mruby/mrbgems/mruby-object-ext/src/
/src/h2o/t/00unit/
/src/h2o/deps/quicly/examples/
/src/h2o/deps/picotls/lib/
/src/h2o/deps/quicly/include/quicly/
/src/h2o/examples/libh2o/
/src/h2o/deps/mruby/mrbgems/mruby-math/src/
/src/h2o/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/
/src/h2o/deps/hiredis/adapters/
/src/h2o/deps/mruby/mrbgems/mruby-sleep/src/
/src/h2o/deps/quicly/lib/
/src/h2o/lib/handler/status/
/src/h2o/lib/http3/
/src/h2o/deps/mruby/mrbgems/mruby-cmath/src/
/src/h2o/t/00unit/issues/
/src/h2o/src/
/src/h2o/deps/picotls/include/picotls/
/src/h2o/t/00unit/lib/core/
/src/h2o/deps/mruby/mrbgems/mruby-proc-ext/src/
/src/h2o/deps/mruby-dir/src/Win/
/src/h2o/deps/picotls/deps/cifra/src/arm/
/src/h2o/deps/mruby/include/
/src/h2o/deps/mruby/examples/mrbgems/c_and_ruby_extension_example/src/
/src/h2o/deps/klib/
/src/h2o/deps/klib/test/
/src/h2o/deps/mruby/mrbgems/mruby-io/src/
/src/h2o/deps/mruby/mrbgems/mruby-socket/test/
/src/h2o/deps/mruby/mrbgems/mruby-binding/test/
/src/h2o/deps/brotli/c/include/brotli/
/src/h2o/deps/mruby/mrbgems/mruby-kernel-ext/src/
/src/h2o/deps/mruby/mrbgems/mruby-class-ext/src/
/src/h2o/deps/mruby/mrbgems/mruby-test-inline-struct/test/
/src/h2o/deps/brotli/java/org/brotli/wrapper/dec/
/src/h2o/t/00unit/lib/handler/
/src/h2o/deps/picotls/picotlsvs/picotls-esni/
/src/h2o/deps/mruby-errno/src/
/src/h2o/t/00unit/lib/http2/
/src/h2o/t/00unit/lib/http3/
/src/h2o/deps/mruby/mrbgems/mruby-binding/src/
/src/h2o/deps/picotls/deps/cifra/src/ext/
/src/h2o/deps/brotli/c/tools/
/src/h2o/deps/picotls/deps/micro-ecc/test/
/src/h2o/lib/handler/
/src/h2o/deps/mruby/mrbgems/mruby-sprintf/src/
/src/h2o/deps/libyrmcds/t/
/src/h2o/deps/picotls/picotlsvs/picotls/
/src/h2o/deps/brotli/c/common/
/src/h2o/include/
/src/h2o/lib/handler/compress/
/src/h2o/lib/handler/file/
/src/h2o/fuzz/
/src/h2o/t/00prop/
/src/h2o/deps/yaml/src/
/src/h2o/include/h2o/socket/
/src/h2o/deps/yaml/tests/
/src/h2o/deps/mruby/mrbgems/mruby-bin-mrbc/tools/mrbc/
/src/h2o/deps/mruby/mrbgems/mruby-bin-mruby/tools/mruby/
/src/h2o/deps/mruby/mrbgems/mruby-io/test/
/src/h2o/deps/libyrmcds/example/
/src/h2o/deps/mruby/mrbgems/mruby-bin-strip/tools/mruby-strip/
/src/h2o/deps/mruby-input-stream/src/
/src/h2o/deps/mruby/mrbgems/mruby-catch/src/
/src/h2o/deps/mruby-file-stat/test/
/src/h2o/deps/quicly/t/
/src/h2o/deps/mruby/include/mruby/
/src/h2o/lib/common/socket/
/src/h2o/lib/handler/mruby/
/src/h2o/deps/neverbleed/
/src/h2o/deps/mruby/mrbgems/mruby-complex/src/
/src/h2o/deps/mruby/mrbgems/mruby-symbol-ext/src/
/src/h2o/deps/mruby/examples/mrbgems/c_extension_example/src/
/src/h2o/deps/mruby-env/src/
/src/h2o/deps/mruby/mrbgems/mruby-objectspace/src/
/src/h2o/deps/mruby/mrbgems/mruby-error/src/
/src/h2o/deps/picotls/deps/cifra/shitlisp/
/src/h2o/deps/golombset/
/src/h2o/t/00unit/lib/common/balancer/
/src/h2o/lib/core/
/src/h2o/deps/mruby/mrbgems/mruby-hash-ext/src/
/src/h2o/deps/quicly/fuzz/
/src/h2o/deps/mruby/mrbgems/mruby-fiber/src/
/src/h2o/t/00unit/src/
/src/h2o/deps/picotls/deps/cifra/src/
/src/h2o/deps/mruby/mrbgems/mruby-exit/src/
/src/h2o/deps/picotls/deps/cifra/src/arm/unacl/
/src/h2o/deps/mruby/mrbgems/mruby-time/src/
/src/h2o/deps/mruby-class-new-fiber-safe/src/
/src/h2o/lib/common/
/src/h2o/deps/quicly/include/
/src/h2o/deps/mruby/mrbgems/mruby-struct/src/
/src/h2o/deps/libgkc/
/src/h2o/deps/brotli/c/enc/
/src/h2o/lib/common/socket/evloop/
/src/h2o/deps/mruby/mrbgems/mruby-pack/src/
/src/h2o/deps/mruby-digest/src/
/src/h2o/deps/mruby-onig-regexp/src/
/src/h2o/deps/picohttpparser/
/src/h2o/deps/mruby/src/
/src/h2o/deps/mruby-json/src/
/src/h2o/deps/yaml/include/
/src/h2o/deps/mruby-file-stat/src/
/src/h2o/deps/picotls/picotlsvs/bcrypt-test/
/src/h2o/t/00unit/lib/common/
/src/h2o/deps/quicly/src/

This section shows a list of 3rd party function calls and their relative coverage information. By static analysis of the target project code, all of the 3rd party function call and their caller information, including the source file and line number that initiate the call are captured. The caller source code file and line number are shown in column 2 while column 1 is the function name of the 3rd party function call. Each occurrent of the 3rd party function call will occuply a separate row. Column 3 of each row indicate if the 3rd party call in the source file line is unreachable. Column 4 lists all fuzzers that have covered that particular system call in that specific location (source file and line)during their dynamic fuzzing.

Function in each files in report

Target sink	Callsite location	Reached by fuzzer	Covered by Fuzzers

This section contains multiple tables, each table contains a list of sink functions/methods found in the project for one of the CWE supported by the sink analyser, together with information like which fuzzers statically reach the sink functions/methods and possible call path to that sink functions/methods if it is not statically reached by any fuzzers. Column 1 is the function/method name of the sink functions/methods found in the project. Column 2 lists all fuzzers (or no fuzzers at all) that have covered that particular function method statically. Column 3 shows a list of possible call paths to reach the specific function/method call if none of the fuzzers cover the target function/method calls. Lastly, column 4 shows possible fuzzer blockers that prevent an existing fuzzer from reaching the target sink functions/methods dynamically.

Sink functions/methods found for CWE787

Target sink	Reached by fuzzer	Function call path	Possible branch blockers
memset	['/src/h2o/deps/picotls/fuzz/fuzz-server-hello.c', '/src/h2o/deps/hiredis/fuzzing/format_command_fuzzer.c', '/src/h2o/fuzz/driver.cc', '/src/h2o/deps/picotls/fuzz/fuzz-asn1.c', '/src/h2o/fuzz/driver_h3.cc', '/src/h2o/deps/picotls/fuzz/fuzz-client-hello.c', '/src/h2o/deps/mruby/oss-fuzz/mruby_fuzzer.c', '/src/h2o/deps/brotli/c/fuzz/decode_fuzzer.cc']	N/A	N/A
strndup	[]	Path 1 Path 2	N/A
strdup	['/src/h2o/deps/picotls/fuzz/fuzz-client-hello.c', '/src/h2o/deps/picotls/fuzz/fuzz-server-hello.c']	N/A	Blocker function Arguments type Return type Constants touched test_chunked_at_once in /src/h2o/deps/picohttpparser/test.c:300 ['int', 'int', 'char*', 'char*', 'ssize_t'] void [] test_chunked in /src/h2o/deps/picohttpparser/test.c:405 [] void [] parser_state* mrb_parse_file(mrb_state*mrb,FILE*f,mrbc_context*c) in /src/h2o/deps/mruby/mrbgems/mruby-compiler/core/y.tab.c:13044 [] MRB_API [] mrb_load_detect_file_cxt in /src/h2o/deps/mruby/mrbgems/mruby-compiler/core/y.tab.c:13154 ['mrb_state*', 'FILE*', 'mrbc_context*'] MRB_API [] parser_state* mrb_parse_nstring(mrb_state*mrb,constchar*s,size_tlen,mrbc_context*c) in /src/h2o/deps/mruby/mrbgems/mruby-compiler/core/y.tab.c:13051 [] MRB_API [] on_config_listen in /src/h2o/src/main.c:3285 ['h2o_configurator_command_t*', 'h2o_configurator_context_t*', 'yoml_t*'] int [] ech_setup_configs in /src/h2o/deps/picotls/t/util.h:362 ['char*'] void [] test_full_handshake in /src/h2o/deps/picotls/t/picotls.c:1274 [] void [] test_full_handshake_with_client_authentication in /src/h2o/deps/picotls/t/picotls.c:1280 [] void [] test_async_sign_certificate in /src/h2o/deps/picotls/t/picotls.c:1414 [] void [] test_key_update in /src/h2o/deps/picotls/t/picotls.c:1286 [] void [] test_hrr_handshake in /src/h2o/deps/picotls/t/picotls.c:1292 [] void [] test_hrr_stateless_handshake in /src/h2o/deps/picotls/t/picotls.c:1299 [] void [] test_resumption_impl in /src/h2o/deps/picotls/t/picotls.c:1328 ['int', 'int', 'int', 'int'] void [] test_hrr in /src/h2o/deps/picotls/t/minicrypto.c:64 [] void [] run_client in /src/h2o/deps/picotls/t/cli.c:339 ['struct sockaddr*', 'socklen_t', 'ptls_context_t*', 'char*', 'char*', 'ptls_handshake_properties_t*', 'int', 'int'] int [] run_server in /src/h2o/deps/picotls/t/cli.c:307 ['struct sockaddr*', 'socklen_t', 'ptls_context_t*', 'char*', 'ptls_handshake_properties_t*', 'int'] int [] test_enforce_retry_stateful in /src/h2o/deps/picotls/t/picotls.c:1502 [] void [] test_enforce_retry_stateless in /src/h2o/deps/picotls/t/picotls.c:1507 [] void [] test_stateless_hrr_aad_change in /src/h2o/deps/picotls/t/picotls.c:1535 [] void [] test_ech_config_mismatch in /src/h2o/deps/picotls/t/picotls.c:1571 [] void [] do_test_pre_shared_key in /src/h2o/deps/picotls/t/picotls.c:1628 ['int'] void [] test_handshake_api in /src/h2o/deps/picotls/t/picotls.c:1833 [] void [] test_legacy_ch in /src/h2o/deps/picotls/t/picotls.c:2298 [] void [] many_handshakes in /src/h2o/deps/picotls/t/openssl.c:417 [] void [] ptls_memory_loopback_test in /src/h2o/deps/picotls/picotlsvs/picotlsvs/picotlsvs.c:484 ['int', 'int', 'char*', 'char*'] int [] on_async_proceed_handshake in /src/h2o/lib/common/socket.c:1710 ['h2o_socket_t*', 'char*'] void [] on_async_job_complete in /src/h2o/lib/common/socket.c:1722 ['void*'] void [] on_connect in /src/h2o/examples/libh2o/socket-client.c:77 ['h2o_socket_t*', 'char*'] void [] on_read_proxy_line in /src/h2o/lib/core/util.c:477 ['h2o_socket_t*', 'char*'] void [] on_accept in /src/h2o/examples/libh2o/websocket.c:127 ['h2o_socket_t*', 'char*'] void [] memcached_resumption_on_get in /src/h2o/lib/core/util.c:138 ['h2o_iovec_t', 'void*'] void [] redis_resumption_on_get in /src/h2o/lib/core/util.c:226 ['redisReply*', 'void*', 'char*'] void [] on_redis_resumption_get_failed in /src/h2o/lib/core/util.c:244 ['h2o_timer_t*'] void [] setup_ptlslog in /src/h2o/deps/picotls/t/cli.c:70 ['char*'] void [] on_config_acme in /src/h2o/src/main.c:461 ['h2o_configurator_command_t*', 'h2o_configurator_context_t*', 'yoml_t*'] int [] resolve_tag in /src/h2o/src/main.c:3845 ['char*', 'yoml_t*', 'void*'] yoml_t [] test_serialize_tickets in /src/h2o/t/00unit/src/ssl.c:135 [] void [] test_memcached_ticket_update in /src/h2o/t/00unit/src/ssl.c:175 [] void [] ticket_memcached_updater in /src/h2o/src/ssl.c:731 ['void*'] H2O_NORETURN [] ticket_redis_updater in /src/h2o/src/ssl.c:800 ['void*'] H2O_NORETURN [] test_load_tickets_file in /src/h2o/t/00unit/src/ssl.c:72 [] void [] ticket_file_updater in /src/h2o/src/ssl.c:862 ['void*'] H2O_NORETURN [] parse in /src/h2o/deps/yoml/test-yoml.c:28 ['char*', 'char*'] yoml_t [] example_argv_command in /src/h2o/deps/hiredis/examples/example.c:10 ['redisContext*', 'size_t'] void [] kopen in /src/h2o/deps/klib/kopen.c:236 ['char*', 'int*'] void [] kn_parse in /src/h2o/deps/klib/knhx.c:44 ['char*', 'int*', 'int*'] knhx1_t [] knet_open in /src/h2o/deps/klib/knetfile.c:451 ['char*', 'char*'] knetFile [] ht_init_data in /src/h2o/deps/klib/test/kbtree_test.c:18 [] void [] yaml_parser_load in /src/h2o/deps/yaml/src/loader.c:87 ['yaml_parser_t*', 'yaml_document_t*'] void [] yaml_emitter_dump in /src/h2o/deps/yaml/src/dumper.c:112 ['yaml_emitter_t*', 'yaml_document_t*'] void [] copy_event in /src/h2o/deps/yaml/tests/run-emitter.c:15 ['yaml_event_t*', 'yaml_event_t*'] int [] copy_document in /src/h2o/deps/yaml/tests/run-dumper.c:15 ['yaml_document_t*', 'yaml_document_t*'] int []
memcpy	['/src/h2o/deps/picotls/fuzz/fuzz-server-hello.c', '/src/h2o/deps/hiredis/fuzzing/format_command_fuzzer.c', '/src/h2o/fuzz/driver.cc', '/src/h2o/deps/picotls/fuzz/fuzz-asn1.c', '/src/h2o/fuzz/driver_h3.cc', '/src/h2o/deps/picotls/fuzz/fuzz-client-hello.c', '/src/h2o/deps/mruby/oss-fuzz/mruby_fuzzer.c', '/src/h2o/deps/brotli/c/fuzz/decode_fuzzer.cc']	N/A	N/A
memmove	['/src/h2o/deps/picotls/fuzz/fuzz-client-hello.c', '/src/h2o/deps/picotls/fuzz/fuzz-server-hello.c', '/src/h2o/fuzz/driver.cc', '/src/h2o/fuzz/driver_h3.cc']	N/A	N/A

Sink functions/methods found for CWE22

Target sink	Reached by fuzzer	Function call path	Possible branch blockers
opendir	[]	Path 1 Path 2	N/A
readdir	[]	Path 1 Path 2	N/A