Fuzz introspector
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues
Project coverage
Per-fuzzer coverage

Table of contents

Project overview: lcms
High level conclusions
Reachability and coverage overview
Fuzzers overview
Project functions overview
Fuzzer details
Fuzzer: cms_universal_transform_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: cms_transform_all_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: cms_overwrite_transform_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: cms_transform_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: cms_profile_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: cms_transform_extended_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: cmsIT8_load_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Analyses and suggestions
Optimal target analysis
Remaining optimal interesting functions
All functions overview
Runtime coverage analysis
Complex functions with low coverage
Files and Directories in report
Files in report
Directories in report
Metadata section
Function call coverage
Function in each files in report
Report generation date: 2023-06-07

Project overview: lcms

High level conclusions

Reachability and coverage overview

Functions statically reachable by fuzzers
40.0%
439 / 1103
Cyclomatic complexity statically reachable by fuzzers
40.0%
2506 / 6215
Runtime code coverage of functions
54.0%
593 / 1103

Warning: The number of runtime covered functions are larger than the number of reachable functions. This means that Fuzz Introspector found there are more functions covered at runtime than what is considered reachable based on the static analysis. This is a limitation in the analysis as anything covered at runtime is by definition reachable by the fuzzers.
This is likely due to a limitation in the static analysis. In this case, the count of functions covered at runtime is the true value, which means this is what should be considered "achieved" by the fuzzer.

Use the project functions table below to query all functions that were not covered at runtime.

Fuzzers overview

Fuzzer Fuzzer filename Functions Reached Functions unreached Fuzzer depth Files reached Basic blocks reached Cyclomatic complexity Details
cms_universal_transform_fuzzer cms_universal_transform_fuzzer.c 325 714 15 21 4099 1800 cms_universal_transform_fuzzer.c
cms_transform_all_fuzzer cms_transform_all_fuzzer.c 326 714 16 21 4104 1803 cms_transform_all_fuzzer.c
cms_overwrite_transform_fuzzer cms_overwrite_transform_fuzzer.c 325 714 15 21 4099 1800 cms_overwrite_transform_fuzzer.c
cms_transform_fuzzer cms_transform_fuzzer.c 328 711 12 21 4130 1814 cms_transform_fuzzer.c
cms_profile_fuzzer cms_profile_fuzzer.c 102 940 10 9 963 452 cms_profile_fuzzer.c
cms_transform_extended_fuzzer cms_transform_extended_fuzzer.c 387 653 15 21 4803 2093 cms_transform_extended_fuzzer.c
cmsIT8_load_fuzzer cmsIT8_load_fuzzer.c 92 1053 9 5 1027 460 cmsIT8_load_fuzzer.c

Project functions overview

The following table shows data about each function in the project. The functions included in this table correspond to all functions that exist in the executables of the fuzzers. As such, there may be functions that are from third-party libraries.

For further technical details on the meaning of columns in the below table, please see the Glossary .

Func name Functions filename Args Function call depth Reached by Fuzzers Fuzzers runtime hit Func lines hit % I Count BB Count Cyclomatic complexity Functions reached Reached by functions Accumulated cyclomatic complexity Undiscovered complexity

Fuzzer details

Fuzzer: cms_universal_transform_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 446 49.6%
gold [1:9] 26 2.89%
yellow [10:29] 20 2.22%
greenyellow [30:49] 1 0.11%
lawngreen 50+ 406 45.1%
All colors 899 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
1734 5616 9 :

['cmsGetColorSpace', 'cmsDoTransform', 'cmsDeleteTransform', 'cmsXYZ2Lab', 'CreateRoundtripXForm', 'cmsLab2XYZ', 'cmsIsCLUT', 'cmsDetectBlackPoint', 'RootOfLeastSquaresFitQuadraticCurve']

1734 5616 cmsDetectDestinationBlackPoint call site: 00000 /src/lcms/src/cmssamp.c:386
1728 1728 1 :

['BlackPointUsingPerceptualBlack']

1728 1728 cmsDetectBlackPoint call site: 00000 /src/lcms/src/cmssamp.c:267
1722 1722 1 :

['_cmsCreateGamutCheckPipeline']

1894 2373 cmsCreateExtendedTransform call site: 00795 /src/lcms/src/cmsxform.c:1210
566 566 1 :

['BuildGrayOutputPipeline']

566 566 _cmsReadOutputLUT call site: 00000 /src/lcms/src/cmsio1.c:649
536 536 1 :

['BuildGrayInputMatrixPipeline']

536 536 _cmsReadInputLUT call site: 00000 /src/lcms/src/cmsio1.c:392
535 535 3 :

['_cmsReadCHAD', '_cmsReadMediaWhitePoint', 'ComputeAbsoluteIntent']

535 535 ComputeConversion call site: 00000 /src/lcms/src/cmscnvrt.c:368
370 417 4 :

['cmsReverseToneCurve', '_cmsStageGetPtrToCurveSet', 'cmsFreeToneCurve', 'cmsEvalToneCurve16']

370 458 FixWhiteMisalignment call site: 00498 /src/lcms/src/cmsopt.c:608
201 201 1 :

['cmsSaveProfileToFile']

201 294 cmsCloseProfile call site: 00090 /src/lcms/src/cmsio0.c:1586
142 142 1 :

['_cmsCompileProfileSequence']

172 172 cmsCreateExtendedTransform call site: 00796 /src/lcms/src/cmsxform.c:1244
114 114 1 :

['cmsLinkTag']

114 692 cmsCreateRGBProfileTHR call site: 00713 /src/lcms/src/cmsvirt.c:180
67 274 5 :

['cmsPipelineFree', 'cmsPipelineInsertStage', '_cmsStageAllocLabV2ToV4', 'cmsPipelineAlloc', '_cmsStageAllocNamedColor']

67 274 _cmsReadInputLUT call site: 00000 /src/lcms/src/cmsio1.c:322
67 134 2 :

['cmsPipelineAlloc', '_cmsStageAllocNamedColor']

67 367 _cmsReadDevicelinkLUT call site: 00000 /src/lcms/src/cmsio1.c:721

Runtime coverage analysis

Covered functions
338
Functions that are reachable but not covered
120
Reachable functions
325
Percentage of reachable functions covered
63.08%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
cms_universal_transform_fuzzer.c 1
lcmscmsio0.c 57
lcmscmserr.c 13
lcmscmsplugin.c 15
lcms./lcms2_internal.h 6
lcmscmstypes.c 3
lcmscmswtpnt.c 4
lcmscmsxform.c 25
lcmscmslut.c 34
lcmscmspack.c 4
lcmscmsalpha.c 7
lcmscmsopt.c 18
lcmscmsmtrx.c 5
lcmscmspcs.c 10
lcmscmsgamma.c 20
lcmscmsintrp.c 41
lcmscmsnamed.c 15
lcmscmsgmt.c 3
lcmscmsvirt.c 4
lcmscmscnvrt.c 2
lcmscmsio1.c 3

Fuzzer: cms_transform_all_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 330 36.7%
gold [1:9] 22 2.44%
yellow [10:29] 22 2.44%
greenyellow [30:49] 15 1.66%
lawngreen 50+ 510 56.7%
All colors 899 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
1722 1722 1 :

['_cmsCreateGamutCheckPipeline']

1752 2373 cmsCreateExtendedTransform call site: 00796 /src/lcms/src/cmsxform.c:1210
396 408 2 :

['cmsIsToneCurveMonotonic', 'cmsJoinToneCurve']

396 531 _cmsBuildKToneCurve call site: 00000 /src/lcms/src/cmsgmt.c:169
201 201 1 :

['cmsSaveProfileToFile']

201 294 cmsCloseProfile call site: 00091 /src/lcms/src/cmsio0.c:1586
114 114 1 :

['cmsLinkTag']

114 692 cmsCreateRGBProfileTHR call site: 00714 /src/lcms/src/cmsvirt.c:180
104 104 2 :

['ComputeComponentIncrements', '_cmsGetFormatterAlpha']

104 104 _cmsHandleExtraChannels call site: 00246 /src/lcms/src/cmsalpha.c:565
97 136 6 :

['_cmsMAT3identity', '_cmsMAT3per', '_cmsMAT3isIdentity', '_cmsMAT3inverse', 'Temp2CHAD', 'CHAD2Temp']

97 142 ComputeAbsoluteIntent call site: 00000 /src/lcms/src/cmscnvrt.c:263
33 33 1 :

['GrowMLUtable']

33 72 AddMLUBlock call site: 00656 /src/lcms/src/cmsnamed.c:150
30 30 1 :

['TransformOnePixelWithGamutCheck']

30 30 cmsCreateExtendedTransform call site: 00797 /src/lcms/src/cmsxform.c:1255
14 14 3 :

['_cmsLeaveCriticalSectionPrimitive', 'InitContextMutex', '_cmsEnterCriticalSectionPrimitive']

14 14 _cmsGetContext call site: 00011 /src/lcms/src/cmsplugin.c:720
2 2 1 :

['cmsGetHeaderRenderingIntent']

2 2 cmsIsCLUT call site: 00000 /src/lcms/src/cmsio1.c:835
0 5450 9 :

['cmsCreateLab4ProfileTHR', 'cmsPipelineInsertStage', '_cmsReasonableGridpointsByColorspace', 'cmsCreateTransformTHR', 'cmsStageSampleCLut16bit', 'cmsCloseProfile', '_cmsReadDevicelinkLUT', 'cmsPipelineCat', 'cmsStageAllocCLut16bit']

0 5687 BlackPreservingKPlaneIntents call site: 00000 /src/lcms/src/cmscnvrt.c:1038
0 1032 6 :

['_cmsReasonableGridpointsByColorspace', 'cmsPipelineInsertStage', 'cmsStageSampleCLut16bit', '_cmsReadDevicelinkLUT', 'cmsPipelineCat', 'cmsStageAllocCLut16bit']

0 1225 BlackPreservingKOnlyIntents call site: 00000 /src/lcms/src/cmscnvrt.c:805

Runtime coverage analysis

Covered functions
419
Functions that are reachable but not covered
89
Reachable functions
326
Percentage of reachable functions covered
72.7%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
cms_transform_all_fuzzer.c 2
lcmscmsio0.c 57
lcmscmserr.c 13
lcmscmsplugin.c 15
lcms./lcms2_internal.h 6
lcmscmstypes.c 3
lcmscmswtpnt.c 4
lcmscmsxform.c 25
lcmscmslut.c 34
lcmscmspack.c 4
lcmscmsalpha.c 7
lcmscmsopt.c 18
lcmscmsmtrx.c 5
lcmscmspcs.c 10
lcmscmsgamma.c 20
lcmscmsintrp.c 41
lcmscmsnamed.c 15
lcmscmsgmt.c 3
lcmscmsvirt.c 4
lcmscmscnvrt.c 2
lcmscmsio1.c 3

Fuzzer: cms_overwrite_transform_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 446 49.6%
gold [1:9] 23 2.55%
yellow [10:29] 23 2.55%
greenyellow [30:49] 10 1.11%
lawngreen 50+ 397 44.1%
All colors 899 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
1734 5616 9 :

['cmsGetColorSpace', 'cmsDoTransform', 'cmsDeleteTransform', 'cmsXYZ2Lab', 'CreateRoundtripXForm', 'cmsLab2XYZ', 'cmsIsCLUT', 'cmsDetectBlackPoint', 'RootOfLeastSquaresFitQuadraticCurve']

1734 5616 cmsDetectDestinationBlackPoint call site: 00000 /src/lcms/src/cmssamp.c:386
1728 1728 1 :

['BlackPointUsingPerceptualBlack']

1728 1728 cmsDetectBlackPoint call site: 00000 /src/lcms/src/cmssamp.c:267
1722 1722 1 :

['_cmsCreateGamutCheckPipeline']

1894 2373 cmsCreateExtendedTransform call site: 00795 /src/lcms/src/cmsxform.c:1210
566 566 1 :

['BuildGrayOutputPipeline']

566 566 _cmsReadOutputLUT call site: 00000 /src/lcms/src/cmsio1.c:649
536 536 1 :

['BuildGrayInputMatrixPipeline']

536 536 _cmsReadInputLUT call site: 00000 /src/lcms/src/cmsio1.c:392
535 535 3 :

['_cmsReadCHAD', '_cmsReadMediaWhitePoint', 'ComputeAbsoluteIntent']

535 535 ComputeConversion call site: 00000 /src/lcms/src/cmscnvrt.c:368
370 417 4 :

['cmsReverseToneCurve', '_cmsStageGetPtrToCurveSet', 'cmsFreeToneCurve', 'cmsEvalToneCurve16']

370 458 FixWhiteMisalignment call site: 00498 /src/lcms/src/cmsopt.c:608
201 201 1 :

['cmsSaveProfileToFile']

201 294 cmsCloseProfile call site: 00090 /src/lcms/src/cmsio0.c:1586
142 142 1 :

['_cmsCompileProfileSequence']

172 172 cmsCreateExtendedTransform call site: 00796 /src/lcms/src/cmsxform.c:1244
114 114 1 :

['cmsLinkTag']

114 692 cmsCreateRGBProfileTHR call site: 00713 /src/lcms/src/cmsvirt.c:180
67 274 5 :

['cmsPipelineFree', 'cmsPipelineInsertStage', '_cmsStageAllocLabV2ToV4', 'cmsPipelineAlloc', '_cmsStageAllocNamedColor']

67 274 _cmsReadInputLUT call site: 00000 /src/lcms/src/cmsio1.c:322
67 134 2 :

['cmsPipelineAlloc', '_cmsStageAllocNamedColor']

67 367 _cmsReadDevicelinkLUT call site: 00000 /src/lcms/src/cmsio1.c:721

Runtime coverage analysis

Covered functions
344
Functions that are reachable but not covered
114
Reachable functions
325
Percentage of reachable functions covered
64.92%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
cms_overwrite_transform_fuzzer.c 1
lcmscmsio0.c 57
lcmscmserr.c 13
lcmscmsplugin.c 15
lcms./lcms2_internal.h 6
lcmscmstypes.c 3
lcmscmswtpnt.c 4
lcmscmsxform.c 25
lcmscmslut.c 34
lcmscmspack.c 4
lcmscmsalpha.c 7
lcmscmsopt.c 18
lcmscmsmtrx.c 5
lcmscmspcs.c 10
lcmscmsgamma.c 20
lcmscmsintrp.c 41
lcmscmsnamed.c 15
lcmscmsgmt.c 3
lcmscmsvirt.c 4
lcmscmscnvrt.c 2
lcmscmsio1.c 3

Fuzzer: cms_transform_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 428 46.9%
gold [1:9] 17 1.86%
yellow [10:29] 8 0.87%
greenyellow [30:49] 14 1.53%
lawngreen 50+ 445 48.7%
All colors 912 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
1734 5616 9 :

['cmsGetColorSpace', 'cmsDoTransform', 'cmsDeleteTransform', 'cmsXYZ2Lab', 'CreateRoundtripXForm', 'cmsLab2XYZ', 'cmsIsCLUT', 'cmsDetectBlackPoint', 'RootOfLeastSquaresFitQuadraticCurve']

1734 5616 cmsDetectDestinationBlackPoint call site: 00000 /src/lcms/src/cmssamp.c:386
1728 1728 1 :

['BlackPointUsingPerceptualBlack']

1728 1728 cmsDetectBlackPoint call site: 00000 /src/lcms/src/cmssamp.c:267
1722 1722 1 :

['_cmsCreateGamutCheckPipeline']

1894 2373 cmsCreateExtendedTransform call site: 00806 /src/lcms/src/cmsxform.c:1210
566 566 1 :

['BuildGrayOutputPipeline']

566 566 _cmsReadOutputLUT call site: 00000 /src/lcms/src/cmsio1.c:649
535 535 3 :

['_cmsReadCHAD', '_cmsReadMediaWhitePoint', 'ComputeAbsoluteIntent']

535 535 ComputeConversion call site: 00000 /src/lcms/src/cmscnvrt.c:368
221 221 1 :

['_cmsReadFloatOutputTag']

221 221 _cmsReadOutputLUT call site: 00000 /src/lcms/src/cmsio1.c:595
201 201 1 :

['cmsSaveProfileToFile']

201 294 cmsCloseProfile call site: 00090 /src/lcms/src/cmsio0.c:1586
146 3108 27 :

['_cmsPipelineSetOptimizationParameters', 'cmsStageAllocToneCurves', 'cmsPipelineInsertStage', 'cmsPipelineDup', 'cmsPipelineAlloc', 'cmsIsToneCurveLinear', '_cmsQuickSaturateWord.1218', 'cmsPipelineFree', 'cmsStageSampleCLut16bit', '_cmsICCcolorSpace', 'IsDegenerated', 'cmsStageAllocCLut16bit', 'cmsReverseToneCurveEx', 'PrelinOpt8alloc', 'cmsBuildTabulatedToneCurve16', 'FixWhiteMisalignment', 'cmsPipelineEvalFloat', '_cmsReasonableGridpointsByColorspace', 'PrelinOpt16alloc', 'cmsPipelineGetPtrToLastStage', '_cmsFormatterIs8bit', 'SlopeLimiting', 'cmsIsToneCurveMonotonic', '_cmsStageGetPtrToCurveSet', 'cmsStageType', 'cmsFreeToneCurve', 'cmsStageData']

146 3108 OptimizeByComputingLinearization call site: 00000 /src/lcms/src/cmsopt.c:1054
142 142 1 :

['_cmsCompileProfileSequence']

172 172 cmsCreateExtendedTransform call site: 00807 /src/lcms/src/cmsxform.c:1244
76 123 5 :

['cmsPipelineUnlinkStage', 'AllCurvesAreLinear', 'cmsPipelineGetPtrToLastStage', 'cmsStageType', 'cmsStageDup']

120 844 OptimizeByResampling call site: 00590 /src/lcms/src/cmsopt.c:717
44 44 1 :

['PrelinOpt16alloc']

44 498 OptimizeByResampling call site: 00612 /src/lcms/src/cmsopt.c:773
41 41 1 :

['cmsFreeProfileSequenceDescription']

41 70 cmsDeleteTransform call site: 00671 /src/lcms/src/cmsxform.c:165

Runtime coverage analysis

Covered functions
365
Functions that are reachable but not covered
106
Reachable functions
328
Percentage of reachable functions covered
67.68%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
cms_transform_fuzzer.c 1
lcmscmsio0.c 57
lcmscmserr.c 13
lcmscmsplugin.c 15
lcms./lcms2_internal.h 6
lcmscmstypes.c 3
lcmscmswtpnt.c 4
lcmscmsvirt.c 7
lcmscmsgamma.c 20
lcmscmsintrp.c 41
lcmscmsnamed.c 16
lcmscmspcs.c 10
lcmscmsmtrx.c 5
lcmscmsxform.c 25
lcmscmslut.c 34
lcmscmspack.c 4
lcmscmsalpha.c 7
lcmscmsopt.c 18
lcmscmsgmt.c 3
lcmscmscnvrt.c 2
lcmscmsio1.c 3

Fuzzer: cms_profile_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 33 11.4%
gold [1:9] 0 0.0%
yellow [10:29] 2 0.69%
greenyellow [30:49] 1 0.34%
lawngreen 50+ 251 87.4%
All colors 287 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
33 33 1 :

['GrowMLUtable']

33 72 AddMLUBlock call site: 00000 /src/lcms/src/cmsnamed.c:150
14 14 3 :

['_cmsLeaveCriticalSectionPrimitive', 'InitContextMutex', '_cmsEnterCriticalSectionPrimitive']

14 14 _cmsGetContext call site: 00014 /src/lcms/src/cmsplugin.c:720
2 60 3 :

['_cmsFree', 'cmsSignalError', 'fclose']

2 60 cmsOpenIOhandlerFromFile call site: 00039 /src/lcms/src/cmsio0.c:429
0 66 3 :

['freeOneTag', 'cmsSignalError', '_cmsTagSignature2String']

0 95 cmsReadTag call site: 00228 /src/lcms/src/cmsio0.c:1738
0 58 2 :

['_cmsFree', 'cmsSignalError']

0 58 cmsOpenIOhandlerFromFile call site: 00047 /src/lcms/src/cmsio0.c:441
0 32 1 :

['cmsStageFree']

0 32 cmsStageAllocCLut16bitGranular call site: 00000 /src/lcms/src/cmslut.c:599
0 29 1 :

['cmsSignalError']

0 29 cmsBuildParametricToneCurve call site: 00000 /src/lcms/src/cmsgamma.c:879
0 29 1 :

['cmsSignalError']

0 29 AllocateToneCurveStruct call site: 00000 /src/lcms/src/cmsgamma.c:226
0 29 1 :

['cmsSignalError']

0 29 MemorySeek call site: 00000 /src/lcms/src/cmsio0.c:174
0 29 1 :

['cmsSignalError']

0 29 FileSeek call site: 00056 /src/lcms/src/cmsio0.c:331
0 29 1 :

['cmsSignalError']

0 29 FileTell call site: 00062 /src/lcms/src/cmsio0.c:345
0 29 1 :

['cmsSignalError']

0 29 _cmsNewTag call site: 00270 /src/lcms/src/cmsio0.c:689

Runtime coverage analysis

Covered functions
220
Functions that are reachable but not covered
22
Reachable functions
102
Percentage of reachable functions covered
78.43%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
cms_profile_fuzzer.c 1
lcmscmsio0.c 41
lcmscmserr.c 11
lcmscmsplugin.c 15
lcms./lcms2_internal.h 2
lcmscmstypes.c 3
lcmscmswtpnt.c 1
lcmscmsio1.c 2
lcmscmsnamed.c 3

Fuzzer: cms_transform_extended_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 454 41.2%
gold [1:9] 24 2.18%
yellow [10:29] 23 2.09%
greenyellow [30:49] 7 0.63%
lawngreen 50+ 592 53.8%
All colors 1100 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
1722 1722 1 :

['_cmsCreateGamutCheckPipeline']

1752 2373 cmsCreateExtendedTransform call site: 01015 /src/lcms/src/cmsxform.c:1210
201 201 1 :

['cmsSaveProfileToFile']

201 294 cmsCloseProfile call site: 00091 /src/lcms/src/cmsio0.c:1586
104 104 2 :

['ComputeComponentIncrements', '_cmsGetFormatterAlpha']

104 104 _cmsHandleExtraChannels call site: 00746 /src/lcms/src/cmsalpha.c:565
97 136 6 :

['_cmsMAT3identity', '_cmsMAT3per', '_cmsMAT3isIdentity', '_cmsMAT3inverse', 'Temp2CHAD', 'CHAD2Temp']

97 142 ComputeAbsoluteIntent call site: 00000 /src/lcms/src/cmscnvrt.c:263
82 3108 27 :

['_cmsPipelineSetOptimizationParameters', 'cmsStageAllocToneCurves', 'cmsPipelineInsertStage', 'cmsPipelineDup', 'cmsPipelineAlloc', 'cmsIsToneCurveLinear', '_cmsQuickSaturateWord.1218', 'cmsPipelineFree', 'cmsStageSampleCLut16bit', '_cmsICCcolorSpace', 'IsDegenerated', 'cmsStageAllocCLut16bit', 'cmsReverseToneCurveEx', 'PrelinOpt8alloc', 'cmsBuildTabulatedToneCurve16', 'FixWhiteMisalignment', 'cmsPipelineEvalFloat', '_cmsReasonableGridpointsByColorspace', 'PrelinOpt16alloc', 'cmsPipelineGetPtrToLastStage', '_cmsFormatterIs8bit', 'SlopeLimiting', 'cmsIsToneCurveMonotonic', '_cmsStageGetPtrToCurveSet', 'cmsStageType', 'cmsFreeToneCurve', 'cmsStageData']

82 3108 OptimizeByComputingLinearization call site: 00000 /src/lcms/src/cmsopt.c:1054
67 274 5 :

['cmsPipelineFree', 'cmsPipelineInsertStage', '_cmsStageAllocLabV2ToV4', 'cmsPipelineAlloc', '_cmsStageAllocNamedColor']

67 274 _cmsReadInputLUT call site: 00000 /src/lcms/src/cmsio1.c:322
67 134 2 :

['cmsPipelineAlloc', '_cmsStageAllocNamedColor']

67 367 _cmsReadDevicelinkLUT call site: 00000 /src/lcms/src/cmsio1.c:721
54 54 1 :

['DupPluginIntentsList']

54 54 _cmsAllocIntentsPluginChunk call site: 00691 /src/lcms/src/cmscnvrt.c:137
54 54 1 :

['DupPluginCurvesList']

54 54 _cmsAllocCurvesPluginChunk call site: 00665 /src/lcms/src/cmsgamma.c:111
54 54 1 :

['DupPluginOptimizationList']

54 54 _cmsAllocOptimizationPluginChunk call site: 00696 /src/lcms/src/cmsopt.c:1854
54 54 1 :

['DupFormatterFactoryList']

54 54 _cmsAllocFormattersPluginChunk call site: 00672 /src/lcms/src/cmspack.c:3762
54 54 1 :

['DupTagTypeList']

54 54 _cmsAllocTagTypePluginChunk call site: 00678 /src/lcms/src/cmstypes.c:5768

Runtime coverage analysis

Covered functions
449
Functions that are reachable but not covered
107
Reachable functions
387
Percentage of reachable functions covered
72.35%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
cms_transform_extended_fuzzer.c 2
lcmscmsio0.c 58
lcmscmserr.c 29
lcmscmsplugin.c 22
lcms./lcms2_internal.h 6
lcmscmstypes.c 12
lcmscmswtpnt.c 4
lcmscmsvirt.c 13
lcmscmspcs.c 10
lcmscmsnamed.c 16
lcmscmsmtrx.c 5
lcmscmslut.c 35
lcmscmsgamma.c 23
lcmscmsintrp.c 43
lcmscmspack.c 7
lcmscmscnvrt.c 5
lcmscmsopt.c 21
lcmscmsxform.c 29
lcmscmsalpha.c 7
lcmscmsgmt.c 3
lcmscmsio1.c 3

Fuzzer: cmsIT8_load_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 123 39.8%
gold [1:9] 7 2.26%
yellow [10:29] 3 0.97%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 176 56.9%
All colors 309 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
14 14 3 :

['_cmsLeaveCriticalSectionPrimitive', 'InitContextMutex', '_cmsEnterCriticalSectionPrimitive']

14 14 _cmsGetContext call site: 00012 /src/lcms/src/cmsplugin.c:720
2 2 1 :

['strncpy']

2 2 BuildAbsolutePath call site: 00000 /src/lcms/src/cmscgats.c:499
2 2 1 :

['fclose']

2 2 NextCh call site: 00071 /src/lcms/src/cmscgats.c:557
0 32 2 :

['AllocTable', 'SynError']

0 32 cmsIT8SetTable call site: 00257 /src/lcms/src/cmscgats.c:1359
0 30 1 :

['SynError']

0 30 GetTable call site: 00032 /src/lcms/src/cmscgats.c:1098
0 30 1 :

['SynError']

0 30 AddToList call site: 00045 /src/lcms/src/cmscgats.c:1266
0 30 1 :

['SynError']

0 30 AddToList call site: 00048 /src/lcms/src/cmscgats.c:1279
0 29 1 :

['_cmsFree']

0 29 AllocBigBlock call site: 00023 /src/lcms/src/cmscgats.c:1149
0 29 1 :

['cmsSignalError']

0 29 WriteStr call site: 00264 /src/lcms/src/cmscgats.c:1725
0 29 1 :

['cmsSignalError']

0 29 _cmsContextGetClientChunk call site: 00007 /src/lcms/src/cmsplugin.c:752
0 6 1 :

['cmsstrcasecmp']

0 6 IsAvailableOnList call site: 00041 /src/lcms/src/cmscgats.c:1234
0 0 None 64 397 WriteData call site: 00295 /src/lcms/src/cmscgats.c:1878

Runtime coverage analysis

Covered functions
59
Functions that are reachable but not covered
37
Reachable functions
92
Percentage of reachable functions covered
59.78%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
cmsIT8_load_fuzzer.c 1
lcmscmscgats.c 54
lcmscmserr.c 5
lcmscmsplugin.c 3
lcms./lcms2_internal.h 2

Analyses and suggestions

Optimal target analysis

Remaining optimal interesting functions

The following table shows a list of functions that are optimal targets. Optimal targets are identified by finding the functions that in combination, yield a high code coverage.

Func name Functions filename Arg count Args Function depth hitcount instr count bb count cyclomatic complexity Reachable functions Incoming references total cyclomatic complexity Unreached complexity
BlackPreservingKPlaneIntents /src/lcms/src/cmscnvrt.c 7 ['struct._cmsContext_struct *', 'int ', 'int *', 'char **', 'int *', 'N/A', 'int '] 12 0 448 69 27 388 0 2303 580
Type_Dictionary_Read /src/lcms/src/cmstypes.c 4 ['struct._cms_typehandler_struct *', 'struct._cms_io_handler *', 'int *', 'int '] 3 0 399 67 27 42 0 211 142
Type_LUTB2A_Read /src/lcms/src/cmstypes.c 4 ['struct._cms_typehandler_struct *', 'struct._cms_io_handler *', 'int *', 'int '] 15 0 348 58 25 116 0 617 109
OptimizeMatrixShaper /src/lcms/src/cmsopt.c 5 ['struct._cmsPipeline_struct **', 'int ', 'int *', 'int *', 'int *'] 15 0 363 53 22 129 0 627 106
Type_LUTA2B_Write /src/lcms/src/cmstypes.c 4 ['struct._cms_typehandler_struct *', 'struct._cms_io_handler *', 'char *', 'int '] 3 0 509 73 32 33 0 159 97
cmsTransform2DeviceLink /src/lcms/src/cmsvirt.c 3 ['char *', 'N/A', 'int '] 8 0 583 93 37 253 0 1383 96
OptimizeByComputingLinearization /src/lcms/src/cmsopt.c 5 ['struct._cmsPipeline_struct **', 'int ', 'int *', 'int *', 'int *'] 14 0 888 138 50 135 0 848 89
Type_ProfileSequenceId_Write /src/lcms/src/cmstypes.c 4 ['struct._cms_typehandler_struct *', 'struct._cms_io_handler *', 'char *', 'int '] 4 0 78 8 4 30 0 149 73
Type_MPEcurve_Read /src/lcms/src/cmstypes.c 4 ['struct._cms_typehandler_struct *', 'struct._cms_io_handler *', 'int *', 'int '] 14 0 183 22 9 87 0 475 68
Type_LUT16_Write /src/lcms/src/cmstypes.c 4 ['struct._cms_typehandler_struct *', 'struct._cms_io_handler *', 'char *', 'int '] 3 0 700 125 52 21 0 112 63

Implementing fuzzers that target the above functions will improve reachability such that it becomes:

Functions statically reachable by fuzzers
55.0%
612 / 1103
Cyclomatic complexity statically reachable by fuzzers
63.0%
3927 / 6215

All functions overview

If you implement fuzzers for these functions, the status of all functions in the project will be:

Func name Functions filename Args Function call depth Reached by Fuzzers Fuzzers runtime hit Func lines hit % I Count BB Count Cyclomatic complexity Functions reached Reached by functions Accumulated cyclomatic complexity Undiscovered complexity

Runtime coverage analysis

This section shows analysis of runtime coverage data.

For futher technical details on how this section is generated, please see the Glossary .

Complex functions with low coverage

Func name Function total lines Lines covered at runtime percentage covered Reached by fuzzers
_cmsHandleExtraChannels 65 15 23.07% ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_transform_extended_fuzzer']
PrelinEval8 72 34 47.22% []
ComputeAbsoluteIntent 38 9 23.68% []
cmsPluginTHR 58 7 12.06% ['cms_transform_extended_fuzzer']
WriteHeader 47 23 48.93% ['cmsIT8_load_fuzzer']
ParseIT8 48 16 33.33% ['cmsIT8_load_fuzzer']
HeaderSection 70 38 54.28% ['cmsIT8_load_fuzzer']
CookPointers 43 13 30.23% ['cmsIT8_load_fuzzer']

Files and Directories in report

This section shows which files and directories are considered in this report. The main reason for showing this is fuzz introspector may include more code in the reasoning than is desired. This section helps identify if too many files/directories are included, e.g. third party code, which may be irrelevant for the threat model. In the event too much is included, fuzz introspector supports a configuration file that can exclude data from the report. See the following link for more information on how to create a config file: link

Files in report

Source file Reached by Covered by
[] []
/src/lcms/src/./lcms2_internal.h ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_profile_fuzzer', 'cms_transform_extended_fuzzer', 'cmsIT8_load_fuzzer'] []
/src/cms_profile_fuzzer.c ['cms_profile_fuzzer'] ['cms_profile_fuzzer']
/src/lcms/src/cmsnamed.c ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_profile_fuzzer', 'cms_transform_extended_fuzzer'] ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_profile_fuzzer', 'cms_transform_extended_fuzzer']
/src/lcms/src/cmscgats.c ['cmsIT8_load_fuzzer'] ['cmsIT8_load_fuzzer']
/src/lcms/src/cmsio0.c ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_profile_fuzzer', 'cms_transform_extended_fuzzer'] ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_profile_fuzzer', 'cms_transform_extended_fuzzer']
/src/lcms/src/cmsopt.c ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_transform_extended_fuzzer'] ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_transform_extended_fuzzer']
/src/cmsIT8_load_fuzzer.c ['cmsIT8_load_fuzzer'] ['cmsIT8_load_fuzzer']
/src/lcms/src/cmsvirt.c ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_transform_extended_fuzzer'] ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_transform_extended_fuzzer']
/src/cms_universal_transform_fuzzer.c ['cms_universal_transform_fuzzer'] ['cms_universal_transform_fuzzer']
/src/lcms/src/cmspcs.c ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_transform_extended_fuzzer'] ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_transform_extended_fuzzer']
/src/lcms/src/cmssamp.c [] []
/src/cms_transform_all_fuzzer.c ['cms_transform_all_fuzzer'] ['cms_transform_all_fuzzer']
/src/lcms/src/cmshalf.c [] []
/src/lcms/src/cmslut.c ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_transform_extended_fuzzer'] ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_transform_extended_fuzzer']
/src/lcms/src/cmsio1.c ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_profile_fuzzer', 'cms_transform_extended_fuzzer'] ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_profile_fuzzer', 'cms_transform_extended_fuzzer']
/src/lcms/src/cmsplugin.c ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_profile_fuzzer', 'cms_transform_extended_fuzzer', 'cmsIT8_load_fuzzer'] ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_profile_fuzzer', 'cms_transform_extended_fuzzer', 'cmsIT8_load_fuzzer']
/src/lcms/src/cmsintrp.c ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_transform_extended_fuzzer'] ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_transform_extended_fuzzer']
/src/lcms/src/cmswtpnt.c ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_profile_fuzzer', 'cms_transform_extended_fuzzer'] ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_profile_fuzzer', 'cms_transform_extended_fuzzer']
/src/lcms/src/cmsmtrx.c ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_transform_extended_fuzzer'] ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_transform_extended_fuzzer']
/src/lcms/src/cmsgamma.c ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_transform_extended_fuzzer'] ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_transform_extended_fuzzer']
/src/lcms/src/cmscnvrt.c ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_transform_extended_fuzzer'] ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_transform_extended_fuzzer']
/src/lcms/src/cmstypes.c ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_profile_fuzzer', 'cms_transform_extended_fuzzer'] ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_profile_fuzzer', 'cms_transform_extended_fuzzer']
/src/lcms/src/cmserr.c ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_profile_fuzzer', 'cms_transform_extended_fuzzer', 'cmsIT8_load_fuzzer'] ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_profile_fuzzer', 'cms_transform_extended_fuzzer', 'cmsIT8_load_fuzzer']
/src/cms_transform_extended_fuzzer.c ['cms_transform_extended_fuzzer'] ['cms_transform_extended_fuzzer']
/src/lcms/src/cmsalpha.c ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_transform_extended_fuzzer'] ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_transform_extended_fuzzer']
/src/lcms/src/cmsxform.c ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_transform_extended_fuzzer'] ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_transform_extended_fuzzer']
/src/lcms/src/cmspack.c ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_transform_extended_fuzzer'] ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_transform_extended_fuzzer']
/src/cms_transform_fuzzer.c ['cms_transform_fuzzer'] ['cms_transform_fuzzer']
/src/cms_overwrite_transform_fuzzer.c ['cms_overwrite_transform_fuzzer'] ['cms_overwrite_transform_fuzzer']
/src/lcms/src/cmsgmt.c ['cms_universal_transform_fuzzer', 'cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_fuzzer', 'cms_transform_extended_fuzzer'] ['cms_transform_all_fuzzer']

Directories in report

Directory
/src/lcms/src/./
/src/lcms/src/
/src/

Metadata section

This sections shows the raw data that is used to produce this report. This is mainly used for further processing and developer debugging.

Fuzzer Calltree file Program data file Coverage file
cms_universal_transform_fuzzer fuzzerLogFile-0-LE5XT3nzbU.data fuzzerLogFile-0-LE5XT3nzbU.data.yaml cms_universal_transform_fuzzer.covreport
cms_transform_all_fuzzer fuzzerLogFile-0-jb0UdrIPBU.data fuzzerLogFile-0-jb0UdrIPBU.data.yaml cms_transform_all_fuzzer.covreport
cms_overwrite_transform_fuzzer fuzzerLogFile-0-ILUsYDoz32.data fuzzerLogFile-0-ILUsYDoz32.data.yaml cms_overwrite_transform_fuzzer.covreport
cms_transform_fuzzer fuzzerLogFile-0-3XVwsRrsoE.data fuzzerLogFile-0-3XVwsRrsoE.data.yaml cms_transform_fuzzer.covreport
cms_profile_fuzzer fuzzerLogFile-0-Osb6cAk1Ar.data fuzzerLogFile-0-Osb6cAk1Ar.data.yaml cms_profile_fuzzer.covreport
cms_transform_extended_fuzzer fuzzerLogFile-0-KOTJWg9v0u.data fuzzerLogFile-0-KOTJWg9v0u.data.yaml cms_transform_extended_fuzzer.covreport
cmsIT8_load_fuzzer fuzzerLogFile-0-duF51m0iEa.data fuzzerLogFile-0-duF51m0iEa.data.yaml cmsIT8_load_fuzzer.covreport