Fuzz introspector
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzzer details

Fuzzer: fuzz_parser

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 4 8.33%
gold [1:9] 1 2.08%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 43 89.5%
All colors 48 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
0 0 None 0 151 http_parser_execute call site: 00017 /src/http-parser/http_parser.c:1765
0 0 None 0 151 http_parser_execute call site: 00017 /src/http-parser/http_parser.c:1765
0 0 None 0 151 http_parser_execute call site: 00017 /src/http-parser/http_parser.c:1765
0 0 None 0 151 http_parser_execute call site: 00019 /src/http-parser/http_parser.c:1848
0 0 None 0 151 http_parser_execute call site: 00020 /src/http-parser/http_parser.c:1892
0 0 None 0 0 http_parser_execute call site: 00002 /src/http-parser/http_parser.c:665
0 0 None 0 0 http_parser_execute call site: 00047 /src/http-parser/http_parser.c:2150

Runtime coverage analysis

Covered functions
5
Functions that are reachable but not covered
1
Reachable functions
6
Percentage of reachable functions covered
83.33%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzers/fuzz_parser.c 1
http_parser.c 4

Fuzzer: fuzz_url

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 1 10.0%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 9 90.0%
All colors 10 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
1 3 http_parser_parse_url call site: 00003 __assert_fail

Runtime coverage analysis

Covered functions
6
Functions that are reachable but not covered
1
Reachable functions
7
Percentage of reachable functions covered
85.71%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzers/fuzz_url.c 1
http_parser.c 5