High level conclusions

Fuzzers reach 40.92% of cyclomatic complexity.

Fuzzers reach 40.16% of all functions.

Reachability and coverage overview

Functions statically reachable by fuzzers

439/1093

Cyclomatic complexity statically reachable by fuzzers

2518/6153

Runtime code coverage of functions

592 / 1093

The following table shows data about each function in the project. The functions included in this table correspond to all functions that exist in the executables of the fuzzers. As such, there may be functions that are from third-party libraries.

For further technical details on the meaning of columns in the below table, please see the Glossary .

Func name	Functions filename	Args	Function call depth	Reached by Fuzzers	Fuzzers runtime hit	Func lines hit %	I Count	BB Count	Cyclomatic complexity	Functions reached	Reached by functions	Accumulated cyclomatic complexity	Undiscovered complexity

Fuzzer: cms_overwrite_transform_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	449	49.7%
gold	[1:9]	25	2.77%
yellow	[10:29]	21	2.32%
greenyellow	[30:49]	13	1.44%
lawngreen	50+	394	43.6%
All colors	902	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1731	5607	9 : View List ['cmsLab2XYZ', 'cmsGetColorSpace', 'cmsDoTransform', 'cmsDetectBlackPoint', 'cmsIsCLUT', 'CreateRoundtripXForm', 'RootOfLeastSquaresFitQuadraticCurve', 'cmsXYZ2Lab', 'cmsDeleteTransform']	1731	5607	cmsDetectDestinationBlackPoint	call site: 00000	/src/lcms/src/cmssamp.c:386
1725	1725	1 : View List ['BlackPointUsingPerceptualBlack']	1725	1725	cmsDetectBlackPoint	call site: 00000	/src/lcms/src/cmssamp.c:267
1719	1719	1 : View List ['_cmsCreateGamutCheckPipeline']	1891	2370	cmsCreateExtendedTransform	call site: 00798	/src/lcms/src/cmsxform.c:1197
566	566	1 : View List ['BuildGrayOutputPipeline']	566	566	_cmsReadOutputLUT	call site: 00000	/src/lcms/src/cmsio1.c:649
536	536	1 : View List ['BuildGrayInputMatrixPipeline']	536	536	_cmsReadInputLUT	call site: 00000	/src/lcms/src/cmsio1.c:392
535	535	3 : View List ['_cmsReadCHAD', 'ComputeAbsoluteIntent', '_cmsReadMediaWhitePoint']	535	535	ComputeConversion	call site: 00000	/src/lcms/src/cmscnvrt.c:368
370	417	4 : View List ['cmsEvalToneCurve16', 'cmsReverseToneCurve', '_cmsStageGetPtrToCurveSet', 'cmsFreeToneCurve']	370	458	FixWhiteMisalignment	call site: 00502	/src/lcms/src/cmsopt.c:608
201	201	1 : View List ['cmsSaveProfileToFile']	201	294	cmsCloseProfile	call site: 00090	/src/lcms/src/cmsio0.c:1586
142	142	1 : View List ['_cmsCompileProfileSequence']	172	172	cmsCreateExtendedTransform	call site: 00799	/src/lcms/src/cmsxform.c:1231
114	114	1 : View List ['cmsLinkTag']	114	692	cmsCreateRGBProfileTHR	call site: 00715	/src/lcms/src/cmsvirt.c:180
67	274	5 : View List ['cmsPipelineFree', '_cmsStageAllocNamedColor', 'cmsPipelineInsertStage', '_cmsStageAllocLabV2ToV4', 'cmsPipelineAlloc']	67	274	_cmsReadInputLUT	call site: 00000	/src/lcms/src/cmsio1.c:322
67	134	2 : View List ['cmsPipelineAlloc', '_cmsStageAllocNamedColor']	67	367	_cmsReadDevicelinkLUT	call site: 00000	/src/lcms/src/cmsio1.c:721

Runtime coverage analysis

Covered functions

337

Functions that are reachable but not covered

121

Reachable functions

325

Percentage of reachable functions covered

62.77%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
cms_overwrite_transform_fuzzer.c	1
lcmscmsio0.c	57
lcmscmserr.c	13
lcmscmsplugin.c	15
lcms./lcms2_internal.h	6
lcmscmstypes.c	3
lcmscmswtpnt.c	4
lcmscmsxform.c	25
lcmscmslut.c	35
lcmscmspack.c	4
lcmscmsalpha.c	7
lcmscmsopt.c	18
lcmscmsmtrx.c	5
lcmscmspcs.c	10
lcmscmsgamma.c	20
lcmscmsintrp.c	41
lcmscmsnamed.c	15
lcmscmsgmt.c	3
lcmscmsvirt.c	4
lcmscmscnvrt.c	2
lcmscmsio1.c	3

Fuzzer: cms_transform_extended_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	454	41.0%
gold	[1:9]	24	2.16%
yellow	[10:29]	21	1.89%
greenyellow	[30:49]	7	0.63%
lawngreen	50+	600	54.2%
All colors	1106	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1719	1719	1 : View List ['_cmsCreateGamutCheckPipeline']	1749	2370	cmsCreateExtendedTransform	call site: 01020	/src/lcms/src/cmsxform.c:1197
201	201	1 : View List ['cmsSaveProfileToFile']	201	294	cmsCloseProfile	call site: 00091	/src/lcms/src/cmsio0.c:1586
104	104	2 : View List ['ComputeComponentIncrements', '_cmsGetFormatterAlpha']	104	104	_cmsHandleExtraChannels	call site: 00749	/src/lcms/src/cmsalpha.c:565
97	136	6 : View List ['Temp2CHAD', 'CHAD2Temp', '_cmsMAT3per', '_cmsMAT3isIdentity', '_cmsMAT3identity', '_cmsMAT3inverse']	97	142	ComputeAbsoluteIntent	call site: 00000	/src/lcms/src/cmscnvrt.c:263
82	3106	27 : View List ['cmsPipelineEvalFloat', 'cmsPipelineInsertStage', 'FixWhiteMisalignment', 'cmsBuildTabulatedToneCurve16', 'cmsIsToneCurveMonotonic', 'IsDegenerated', '_cmsPipelineSetOptimizationParameters', '_cmsStageGetPtrToCurveSet', 'cmsStageAllocCLut16bit', '_cmsFormatterIs8bit', 'cmsIsToneCurveLinear', 'cmsPipelineFree', 'cmsReverseToneCurveEx', '_cmsICCcolorSpace', 'cmsFreeToneCurve', 'SlopeLimiting', 'cmsPipelineAlloc', 'PrelinOpt8alloc', 'cmsStageType', '_cmsReasonableGridpointsByColorspace', 'cmsStageData', 'cmsStageAllocToneCurves', 'cmsPipelineGetPtrToLastStage', 'PrelinOpt16alloc', 'cmsPipelineDup', '_cmsQuickSaturateWord.1217', 'cmsStageSampleCLut16bit']	82	3106	OptimizeByComputingLinearization	call site: 00000	/src/lcms/src/cmsopt.c:1054
67	274	5 : View List ['cmsPipelineFree', '_cmsStageAllocNamedColor', 'cmsPipelineInsertStage', '_cmsStageAllocLabV2ToV4', 'cmsPipelineAlloc']	67	274	_cmsReadInputLUT	call site: 00000	/src/lcms/src/cmsio1.c:322
67	134	2 : View List ['cmsPipelineAlloc', '_cmsStageAllocNamedColor']	67	367	_cmsReadDevicelinkLUT	call site: 00000	/src/lcms/src/cmsio1.c:721
54	54	1 : View List ['DupPluginIntentsList']	54	54	_cmsAllocIntentsPluginChunk	call site: 00693	/src/lcms/src/cmscnvrt.c:137
54	54	1 : View List ['DupPluginCurvesList']	54	54	_cmsAllocCurvesPluginChunk	call site: 00667	/src/lcms/src/cmsgamma.c:111
54	54	1 : View List ['DupPluginOptimizationList']	54	54	_cmsAllocOptimizationPluginChunk	call site: 00698	/src/lcms/src/cmsopt.c:1854
54	54	1 : View List ['DupFormatterFactoryList']	54	54	_cmsAllocFormattersPluginChunk	call site: 00674	/src/lcms/src/cmspack.c:3762
54	54	1 : View List ['DupTagTypeList']	54	54	_cmsAllocTagTypePluginChunk	call site: 00680	/src/lcms/src/cmstypes.c:5559

Runtime coverage analysis

Covered functions

448

Functions that are reachable but not covered

107

Reachable functions

387

Percentage of reachable functions covered

72.35%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
cms_transform_extended_fuzzer.c	2
lcmscmsio0.c	58
lcmscmserr.c	29
lcmscmsplugin.c	22
lcms./lcms2_internal.h	6
lcmscmstypes.c	12
lcmscmswtpnt.c	4
lcmscmsvirt.c	13
lcmscmspcs.c	10
lcmscmsnamed.c	16
lcmscmsmtrx.c	5
lcmscmslut.c	36
lcmscmsgamma.c	23
lcmscmsintrp.c	43
lcmscmspack.c	7
lcmscmscnvrt.c	5
lcmscmsopt.c	21
lcmscmsxform.c	29
lcmscmsalpha.c	7
lcmscmsgmt.c	3
lcmscmsio1.c	3

Fuzzer: cms_profile_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	33	11.4%
gold	[1:9]	0	0.0%
yellow	[10:29]	2	0.69%
greenyellow	[30:49]	3	1.04%
lawngreen	50+	249	86.7%
All colors	287	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
33	33	1 : View List ['GrowMLUtable']	33	72	AddMLUBlock	call site: 00000	/src/lcms/src/cmsnamed.c:150
14	14	3 : View List ['_cmsEnterCriticalSectionPrimitive', '_cmsLeaveCriticalSectionPrimitive', 'InitContextMutex']	14	14	_cmsGetContext	call site: 00014	/src/lcms/src/cmsplugin.c:737
2	60	3 : View List ['fclose', '_cmsFree', 'cmsSignalError']	2	60	cmsOpenIOhandlerFromFile	call site: 00039	/src/lcms/src/cmsio0.c:429
0	66	3 : View List ['cmsSignalError', '_cmsTagSignature2String', 'freeOneTag']	0	95	cmsReadTag	call site: 00228	/src/lcms/src/cmsio0.c:1738
0	58	2 : View List ['cmsSignalError', '_cmsFree']	0	58	cmsOpenIOhandlerFromFile	call site: 00047	/src/lcms/src/cmsio0.c:441
0	32	1 : View List ['cmsStageFree']	0	32	cmsStageAllocCLut16bitGranular	call site: 00000	/src/lcms/src/cmslut.c:596
0	29	1 : View List ['cmsSignalError']	0	29	cmsBuildParametricToneCurve	call site: 00000	/src/lcms/src/cmsgamma.c:879
0	29	1 : View List ['cmsSignalError']	0	29	AllocateToneCurveStruct	call site: 00000	/src/lcms/src/cmsgamma.c:226
0	29	1 : View List ['cmsSignalError']	0	29	MemorySeek	call site: 00000	/src/lcms/src/cmsio0.c:174
0	29	1 : View List ['cmsSignalError']	0	29	FileSeek	call site: 00056	/src/lcms/src/cmsio0.c:331
0	29	1 : View List ['cmsSignalError']	0	29	FileTell	call site: 00062	/src/lcms/src/cmsio0.c:345
0	29	1 : View List ['cmsSignalError']	0	29	_cmsNewTag	call site: 00270	/src/lcms/src/cmsio0.c:689

Runtime coverage analysis

Covered functions

220

Functions that are reachable but not covered

22

Reachable functions

102

Percentage of reachable functions covered

78.43%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
cms_profile_fuzzer.c	1
lcmscmsio0.c	41
lcmscmserr.c	11
lcmscmsplugin.c	15
lcms./lcms2_internal.h	2
lcmscmstypes.c	3
lcmscmswtpnt.c	1
lcmscmsio1.c	2
lcmscmsnamed.c	3

Fuzzer: cms_universal_transform_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	442	49.0%
gold	[1:9]	27	2.99%
yellow	[10:29]	21	2.32%
greenyellow	[30:49]	2	0.22%
lawngreen	50+	410	45.4%
All colors	902	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1731	5607	9 : View List ['cmsLab2XYZ', 'cmsGetColorSpace', 'cmsDoTransform', 'cmsDetectBlackPoint', 'cmsIsCLUT', 'CreateRoundtripXForm', 'RootOfLeastSquaresFitQuadraticCurve', 'cmsXYZ2Lab', 'cmsDeleteTransform']	1731	5607	cmsDetectDestinationBlackPoint	call site: 00000	/src/lcms/src/cmssamp.c:386
1725	1725	1 : View List ['BlackPointUsingPerceptualBlack']	1725	1725	cmsDetectBlackPoint	call site: 00000	/src/lcms/src/cmssamp.c:267
1719	1719	1 : View List ['_cmsCreateGamutCheckPipeline']	1891	2370	cmsCreateExtendedTransform	call site: 00798	/src/lcms/src/cmsxform.c:1197
566	566	1 : View List ['BuildGrayOutputPipeline']	566	566	_cmsReadOutputLUT	call site: 00000	/src/lcms/src/cmsio1.c:649
536	536	1 : View List ['BuildGrayInputMatrixPipeline']	536	536	_cmsReadInputLUT	call site: 00000	/src/lcms/src/cmsio1.c:392
535	535	3 : View List ['_cmsReadCHAD', 'ComputeAbsoluteIntent', '_cmsReadMediaWhitePoint']	535	535	ComputeConversion	call site: 00000	/src/lcms/src/cmscnvrt.c:368
370	417	4 : View List ['cmsEvalToneCurve16', 'cmsReverseToneCurve', '_cmsStageGetPtrToCurveSet', 'cmsFreeToneCurve']	370	458	FixWhiteMisalignment	call site: 00502	/src/lcms/src/cmsopt.c:608
201	201	1 : View List ['cmsSaveProfileToFile']	201	294	cmsCloseProfile	call site: 00090	/src/lcms/src/cmsio0.c:1586
142	142	1 : View List ['_cmsCompileProfileSequence']	172	172	cmsCreateExtendedTransform	call site: 00799	/src/lcms/src/cmsxform.c:1231
114	114	1 : View List ['cmsLinkTag']	114	692	cmsCreateRGBProfileTHR	call site: 00715	/src/lcms/src/cmsvirt.c:180
67	274	5 : View List ['cmsPipelineFree', '_cmsStageAllocNamedColor', 'cmsPipelineInsertStage', '_cmsStageAllocLabV2ToV4', 'cmsPipelineAlloc']	67	274	_cmsReadInputLUT	call site: 00000	/src/lcms/src/cmsio1.c:322
67	134	2 : View List ['cmsPipelineAlloc', '_cmsStageAllocNamedColor']	67	367	_cmsReadDevicelinkLUT	call site: 00000	/src/lcms/src/cmsio1.c:721

Runtime coverage analysis

Covered functions

338

Functions that are reachable but not covered

120

Reachable functions

325

Percentage of reachable functions covered

63.08%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
cms_universal_transform_fuzzer.c	1
lcmscmsio0.c	57
lcmscmserr.c	13
lcmscmsplugin.c	15
lcms./lcms2_internal.h	6
lcmscmstypes.c	3
lcmscmswtpnt.c	4
lcmscmsxform.c	25
lcmscmslut.c	35
lcmscmspack.c	4
lcmscmsalpha.c	7
lcmscmsopt.c	18
lcmscmsmtrx.c	5
lcmscmspcs.c	10
lcmscmsgamma.c	20
lcmscmsintrp.c	41
lcmscmsnamed.c	15
lcmscmsgmt.c	3
lcmscmsvirt.c	4
lcmscmscnvrt.c	2
lcmscmsio1.c	3

Fuzzer: cms_transform_all_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	328	36.3%
gold	[1:9]	25	2.77%
yellow	[10:29]	20	2.21%
greenyellow	[30:49]	9	0.99%
lawngreen	50+	520	57.6%
All colors	902	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1719	1719	1 : View List ['_cmsCreateGamutCheckPipeline']	1749	2370	cmsCreateExtendedTransform	call site: 00799	/src/lcms/src/cmsxform.c:1197
396	408	2 : View List ['cmsJoinToneCurve', 'cmsIsToneCurveMonotonic']	396	531	_cmsBuildKToneCurve	call site: 00000	/src/lcms/src/cmsgmt.c:169
201	201	1 : View List ['cmsSaveProfileToFile']	201	294	cmsCloseProfile	call site: 00091	/src/lcms/src/cmsio0.c:1586
114	114	1 : View List ['cmsLinkTag']	114	692	cmsCreateRGBProfileTHR	call site: 00716	/src/lcms/src/cmsvirt.c:180
104	104	2 : View List ['ComputeComponentIncrements', '_cmsGetFormatterAlpha']	104	104	_cmsHandleExtraChannels	call site: 00246	/src/lcms/src/cmsalpha.c:565
97	136	6 : View List ['Temp2CHAD', 'CHAD2Temp', '_cmsMAT3per', '_cmsMAT3isIdentity', '_cmsMAT3identity', '_cmsMAT3inverse']	97	142	ComputeAbsoluteIntent	call site: 00000	/src/lcms/src/cmscnvrt.c:263
33	33	1 : View List ['GrowMLUtable']	33	72	AddMLUBlock	call site: 00658	/src/lcms/src/cmsnamed.c:150
30	30	1 : View List ['TransformOnePixelWithGamutCheck']	30	30	cmsCreateExtendedTransform	call site: 00800	/src/lcms/src/cmsxform.c:1242
14	14	3 : View List ['_cmsEnterCriticalSectionPrimitive', '_cmsLeaveCriticalSectionPrimitive', 'InitContextMutex']	14	14	_cmsGetContext	call site: 00011	/src/lcms/src/cmsplugin.c:737
2	2	1 : View List ['cmsGetHeaderRenderingIntent']	2	2	cmsIsCLUT	call site: 00000	/src/lcms/src/cmsio1.c:835
0	5442	9 : View List ['cmsPipelineInsertStage', 'cmsCreateTransformTHR', '_cmsReadDevicelinkLUT', 'cmsCloseProfile', 'cmsStageAllocCLut16bit', 'cmsCreateLab4ProfileTHR', '_cmsReasonableGridpointsByColorspace', 'cmsStageSampleCLut16bit', 'cmsPipelineCat']	0	5679	BlackPreservingKPlaneIntents	call site: 00000	/src/lcms/src/cmscnvrt.c:1025
0	1030	6 : View List ['cmsPipelineInsertStage', '_cmsReadDevicelinkLUT', 'cmsStageAllocCLut16bit', '_cmsReasonableGridpointsByColorspace', 'cmsStageSampleCLut16bit', 'cmsPipelineCat']	0	1223	BlackPreservingKOnlyIntents	call site: 00000	/src/lcms/src/cmscnvrt.c:793

Runtime coverage analysis

Covered functions

412

Functions that are reachable but not covered

95

Reachable functions

326

Percentage of reachable functions covered

70.86%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
cms_transform_all_fuzzer.c	2
lcmscmsio0.c	57
lcmscmserr.c	13
lcmscmsplugin.c	15
lcms./lcms2_internal.h	6
lcmscmstypes.c	3
lcmscmswtpnt.c	4
lcmscmsxform.c	25
lcmscmslut.c	35
lcmscmspack.c	4
lcmscmsalpha.c	7
lcmscmsopt.c	18
lcmscmsmtrx.c	5
lcmscmspcs.c	10
lcmscmsgamma.c	20
lcmscmsintrp.c	41
lcmscmsnamed.c	15
lcmscmsgmt.c	3
lcmscmsvirt.c	4
lcmscmscnvrt.c	2
lcmscmsio1.c	3

Fuzzer: cms_transform_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	424	46.3%
gold	[1:9]	17	1.85%
yellow	[10:29]	10	1.09%
greenyellow	[30:49]	14	1.53%
lawngreen	50+	450	49.1%
All colors	915	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
1731	5607	9 : View List ['cmsLab2XYZ', 'cmsGetColorSpace', 'cmsDoTransform', 'cmsDetectBlackPoint', 'cmsIsCLUT', 'CreateRoundtripXForm', 'RootOfLeastSquaresFitQuadraticCurve', 'cmsXYZ2Lab', 'cmsDeleteTransform']	1731	5607	cmsDetectDestinationBlackPoint	call site: 00000	/src/lcms/src/cmssamp.c:386
1725	1725	1 : View List ['BlackPointUsingPerceptualBlack']	1725	1725	cmsDetectBlackPoint	call site: 00000	/src/lcms/src/cmssamp.c:267
1719	1719	1 : View List ['_cmsCreateGamutCheckPipeline']	1891	2370	cmsCreateExtendedTransform	call site: 00809	/src/lcms/src/cmsxform.c:1197
566	566	1 : View List ['BuildGrayOutputPipeline']	566	566	_cmsReadOutputLUT	call site: 00000	/src/lcms/src/cmsio1.c:649
535	535	3 : View List ['_cmsReadCHAD', 'ComputeAbsoluteIntent', '_cmsReadMediaWhitePoint']	535	535	ComputeConversion	call site: 00000	/src/lcms/src/cmscnvrt.c:368
221	221	1 : View List ['_cmsReadFloatOutputTag']	221	221	_cmsReadOutputLUT	call site: 00000	/src/lcms/src/cmsio1.c:595
201	201	1 : View List ['cmsSaveProfileToFile']	201	294	cmsCloseProfile	call site: 00090	/src/lcms/src/cmsio0.c:1586
146	3106	27 : View List ['cmsPipelineEvalFloat', 'cmsPipelineInsertStage', 'FixWhiteMisalignment', 'cmsBuildTabulatedToneCurve16', 'cmsIsToneCurveMonotonic', 'IsDegenerated', '_cmsPipelineSetOptimizationParameters', '_cmsStageGetPtrToCurveSet', 'cmsStageAllocCLut16bit', '_cmsFormatterIs8bit', 'cmsIsToneCurveLinear', 'cmsPipelineFree', 'cmsReverseToneCurveEx', '_cmsICCcolorSpace', 'cmsFreeToneCurve', 'SlopeLimiting', 'cmsPipelineAlloc', 'PrelinOpt8alloc', 'cmsStageType', '_cmsReasonableGridpointsByColorspace', 'cmsStageData', 'cmsStageAllocToneCurves', 'cmsPipelineGetPtrToLastStage', 'PrelinOpt16alloc', 'cmsPipelineDup', '_cmsQuickSaturateWord.1217', 'cmsStageSampleCLut16bit']	146	3106	OptimizeByComputingLinearization	call site: 00000	/src/lcms/src/cmsopt.c:1054
142	142	1 : View List ['_cmsCompileProfileSequence']	172	172	cmsCreateExtendedTransform	call site: 00810	/src/lcms/src/cmsxform.c:1231
76	123	5 : View List ['AllCurvesAreLinear', 'cmsStageType', 'cmsPipelineGetPtrToLastStage', 'cmsPipelineUnlinkStage', 'cmsStageDup']	120	843	OptimizeByResampling	call site: 00591	/src/lcms/src/cmsopt.c:717
44	44	1 : View List ['PrelinOpt16alloc']	44	498	OptimizeByResampling	call site: 00613	/src/lcms/src/cmsopt.c:773
41	41	1 : View List ['cmsFreeProfileSequenceDescription']	41	70	cmsDeleteTransform	call site: 00675	/src/lcms/src/cmsxform.c:165

Runtime coverage analysis

Covered functions

365

Functions that are reachable but not covered

106

Reachable functions

328

Percentage of reachable functions covered

67.68%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
cms_transform_fuzzer.c	1
lcmscmsio0.c	57
lcmscmserr.c	13
lcmscmsplugin.c	15
lcms./lcms2_internal.h	6
lcmscmstypes.c	3
lcmscmswtpnt.c	4
lcmscmsvirt.c	7
lcmscmsgamma.c	20
lcmscmsintrp.c	41
lcmscmsnamed.c	16
lcmscmspcs.c	10
lcmscmsmtrx.c	5
lcmscmsxform.c	25
lcmscmslut.c	35
lcmscmspack.c	4
lcmscmsalpha.c	7
lcmscmsopt.c	18
lcmscmsgmt.c	3
lcmscmscnvrt.c	2
lcmscmsio1.c	3

Fuzzer: cmsIT8_load_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	137	44.7%
gold	[1:9]	7	2.28%
yellow	[10:29]	3	0.98%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	159	51.9%
All colors	306	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
14	14	3 : View List ['_cmsEnterCriticalSectionPrimitive', '_cmsLeaveCriticalSectionPrimitive', 'InitContextMutex']	14	14	_cmsGetContext	call site: 00012	/src/lcms/src/cmsplugin.c:737
2	2	1 : View List ['strncpy']	2	2	BuildAbsolutePath	call site: 00000	/src/lcms/src/cmscgats.c:499
2	2	1 : View List ['fclose']	2	2	NextCh	call site: 00068	/src/lcms/src/cmscgats.c:557
0	32	2 : View List ['AllocTable', 'SynError']	0	32	cmsIT8SetTable	call site: 00254	/src/lcms/src/cmscgats.c:1354
0	30	1 : View List ['SynError']	0	30	GetTable	call site: 00032	/src/lcms/src/cmscgats.c:1098
0	30	1 : View List ['SynError']	0	30	AddToList	call site: 00045	/src/lcms/src/cmscgats.c:1274
0	29	1 : View List ['_cmsFree']	0	29	AllocBigBlock	call site: 00023	/src/lcms/src/cmscgats.c:1149
0	29	1 : View List ['cmsSignalError']	0	29	WriteStr	call site: 00261	/src/lcms/src/cmscgats.c:1720
0	29	1 : View List ['cmsSignalError']	0	29	_cmsContextGetClientChunk	call site: 00007	/src/lcms/src/cmsplugin.c:769
0	6	1 : View List ['cmsstrcasecmp']	0	6	IsAvailableOnList	call site: 00041	/src/lcms/src/cmscgats.c:1234
0	0	None	62	247	WriteDataFormat	call site: 00284	/src/lcms/src/cmscgats.c:1847
0	0	None	14	564	WriteHeader	call site: 00264	/src/lcms/src/cmscgats.c:1773

Runtime coverage analysis

Covered functions

59

Functions that are reachable but not covered

37

Reachable functions

92

Percentage of reachable functions covered

59.78%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
cmsIT8_load_fuzzer.c	1
lcmscmscgats.c	54
lcmscmserr.c	5
lcmscmsplugin.c	3
lcms./lcms2_internal.h	2

Optimal target analysis

Remaining optimal interesting functions

The following table shows a list of functions that are optimal targets. Optimal targets are identified by finding the functions that in combination, yield a high code coverage.

Func name	Functions filename	Arg count	Args	Function depth	hitcount	instr count	bb count	cyclomatic complexity	Reachable functions	Incoming references	total cyclomatic complexity	Unreached complexity
BlackPreservingKPlaneIntents	/src/lcms/src/cmscnvrt.c	7	['struct._cmsContext_struct *', 'int ', 'int *', 'char **', 'int *', 'N/A', 'int ']	12	0	458	72	28	387	0	2297	577
Type_Dictionary_Read	/src/lcms/src/cmstypes.c	4	['struct._cms_typehandler_struct *', 'struct._cms_io_handler *', 'int *', 'int ']	4	0	399	67	27	42	0	211	142
Type_LUTB2A_Read	/src/lcms/src/cmstypes.c	4	['struct._cms_typehandler_struct *', 'struct._cms_io_handler *', 'int *', 'int ']	15	0	348	58	25	116	0	616	109
OptimizeMatrixShaper	/src/lcms/src/cmsopt.c	5	['struct._cmsPipeline_struct **', 'int ', 'int *', 'int *', 'int *']	15	0	363	53	22	129	0	627	106
Type_LUTA2B_Write	/src/lcms/src/cmstypes.c	4	['struct._cms_typehandler_struct *', 'struct._cms_io_handler *', 'char *', 'int ']	4	0	509	73	32	33	0	159	97
cmsTransform2DeviceLink	/src/lcms/src/cmsvirt.c	3	['char *', 'N/A', 'int ']	8	0	583	93	37	253	0	1382	96
OptimizeByComputingLinearization	/src/lcms/src/cmsopt.c	5	['struct._cmsPipeline_struct **', 'int ', 'int *', 'int *', 'int *']	14	0	888	138	50	135	0	847	89
Type_ProfileSequenceId_Write	/src/lcms/src/cmstypes.c	4	['struct._cms_typehandler_struct *', 'struct._cms_io_handler *', 'char *', 'int ']	5	0	78	8	4	30	0	149	73
Type_MPEcurve_Read	/src/lcms/src/cmstypes.c	4	['struct._cms_typehandler_struct *', 'struct._cms_io_handler *', 'int *', 'int ']	9	0	183	22	9	87	0	475	68
Type_LUT16_Write	/src/lcms/src/cmstypes.c	4	['struct._cms_typehandler_struct *', 'struct._cms_io_handler *', 'char *', 'int ']	4	0	700	125	52	21	0	112	63

Implementing fuzzers that target the above functions will improve reachability such that it becomes:

Functions statically reachable by fuzzers

611/1093

Cyclomatic complexity statically reachable by fuzzers

3936 / 6153

All functions overview

If you implement fuzzers for these functions, the status of all functions in the project will be:

Func name	Functions filename	Args	Function call depth	Reached by Fuzzers	Fuzzers runtime hit	Func lines hit %	I Count	BB Count	Cyclomatic complexity	Functions reached	Reached by functions	Accumulated cyclomatic complexity	Undiscovered complexity

This section shows analysis of runtime coverage data.

For futher technical details on how this section is generated, please see the Glossary .

Complex functions with low coverage

Func name	Function total lines	Lines covered at runtime	percentage covered	Reached by fuzzers
_cmsHandleExtraChannels	65	16	24.61%	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer']
PrelinEval8	72	34	47.22%	[]
ComputeAbsoluteIntent	38	9	23.68%	[]
cmsPluginTHR	58	7	12.06%	['cms_transform_extended_fuzzer']
WriteHeader	47	23	48.93%	['cmsIT8_load_fuzzer']
ParseIT8	48	16	33.33%	['cmsIT8_load_fuzzer']
HeaderSection	70	38	54.28%	['cmsIT8_load_fuzzer']
CookPointers	43	13	30.23%	['cmsIT8_load_fuzzer']

This section shows which files and directories are considered in this report. The main reason for showing this is fuzz introspector may include more code in the reasoning than is desired. This section helps identify if too many files/directories are included, e.g. third party code, which may be irrelevant for the threat model. In the event too much is included, fuzz introspector supports a configuration file that can exclude data from the report. See the following link for more information on how to create a config file: link

Files in report

Source file	Reached by	Covered by
	[]	[]
/src/lcms/src/cmsgamma.c	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer']	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer']
/src/lcms/src/cmsalpha.c	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer']	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer']
/src/cms_transform_extended_fuzzer.c	['cms_transform_extended_fuzzer']	['cms_transform_extended_fuzzer']
/src/lcms/src/cmslut.c	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer']	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer']
/src/lcms/src/cmserr.c	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_profile_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cmsIT8_load_fuzzer']	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_profile_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cmsIT8_load_fuzzer']
/src/lcms/src/cmsnamed.c	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_profile_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer']	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_profile_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer']
/src/lcms/src/cmstypes.c	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_profile_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer']	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_profile_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer']
/src/lcms/src/cmsplugin.c	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_profile_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cmsIT8_load_fuzzer']	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_profile_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cmsIT8_load_fuzzer']
/src/lcms/src/cmsopt.c	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer']	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer']
/src/lcms/src/cmspcs.c	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer']	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer']
/src/lcms/src/cmspack.c	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer']	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer']
/src/lcms/src/cmsvirt.c	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer']	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer']
/src/lcms/src/cmscgats.c	['cmsIT8_load_fuzzer']	['cmsIT8_load_fuzzer']
/src/lcms/src/cmshalf.c	[]	[]
/src/cms_profile_fuzzer.c	['cms_profile_fuzzer']	['cms_profile_fuzzer']
/src/lcms/src/./lcms2_internal.h	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_profile_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cmsIT8_load_fuzzer']	[]
/src/lcms/src/cmswtpnt.c	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_profile_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer']	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_profile_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer']
/src/lcms/src/cmsio0.c	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_profile_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer']	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_profile_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer']
/src/lcms/src/cmssamp.c	[]	[]
/src/cms_overwrite_transform_fuzzer.c	['cms_overwrite_transform_fuzzer']	['cms_overwrite_transform_fuzzer']
/src/cmsIT8_load_fuzzer.c	['cmsIT8_load_fuzzer']	['cmsIT8_load_fuzzer']
/src/lcms/src/cmsmtrx.c	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer']	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer']
/src/lcms/src/cmsio1.c	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_profile_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer']	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_profile_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer']
/src/lcms/src/cmscnvrt.c	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer']	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer']
/src/cms_transform_all_fuzzer.c	['cms_transform_all_fuzzer']	['cms_transform_all_fuzzer']
/src/lcms/src/cmsintrp.c	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer']	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer']
/src/cms_transform_fuzzer.c	['cms_transform_fuzzer']	['cms_transform_fuzzer']
/src/lcms/src/cmsgmt.c	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer']	['cms_transform_all_fuzzer']
/src/cms_universal_transform_fuzzer.c	['cms_universal_transform_fuzzer']	['cms_universal_transform_fuzzer']
/src/lcms/src/cmsxform.c	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer']	['cms_overwrite_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer']

Directories in report

Directory
/src/
/src/lcms/src/
/src/lcms/src/./

This section shows a chosen list of functions / methods calls and their relative coverage information. By static analysis of the target project code, all of these function call and their caller information, including the source file or class and line number that initiate the call are captured. Column 1 is the function name of that selected functions or methods. Column 2 of each row indicate if the target function covered by any fuzzer calltree information. Column 3 lists all fuzzers (or no fuzzers at all) that have coered that particular function call dynamically. Column 4 shows list of parent function for the specific function call, while column 5 shows possible blocker functions that make the fuzzers fail to reach the specific functions. Both column 4 and 5 will only show information if none of the fuzzers cover the target function calls.

Function in each files in report

Target sink	Callsite location	Reached by fuzzer	Function call path	Covered by fuzzer	Possible branch blockers