Fuzz introspector
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues
Project coverage
Per-fuzzer coverage

Table of contents

Project overview: lcms
High level conclusions
Reachability and coverage overview
Fuzzers overview
Project functions overview
Fuzzer details
Fuzzer: cms_md5_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: cms_cie_cam02_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: cms_devicelink_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: cms_profile_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: cms_gdb_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: cms_cgats_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: cms_universal_transform_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: cms_transform_extended_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: cms_transform_all_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: cms_transform_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: cmsIT8_load_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: cms_overwrite_transform_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: cms_virtual_profile_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: cms_dict_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: cms_postscript_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Analyses and suggestions
Optimal target analysis
Remaining optimal interesting functions
All functions overview
Fuzz engine guidance
cms_md5_fuzzer.c
Dictionary
Fuzzer function priority
cms_cie_cam02_fuzzer.c
Dictionary
Fuzzer function priority
cms_devicelink_fuzzer.c
Dictionary
Fuzzer function priority
cms_profile_fuzzer.c
Dictionary
Fuzzer function priority
cms_gdb_fuzzer.c
Dictionary
Fuzzer function priority
cms_cgats_fuzzer.c
Dictionary
Fuzzer function priority
cms_universal_transform_fuzzer.c
Dictionary
Fuzzer function priority
cms_transform_extended_fuzzer.c
Dictionary
Fuzzer function priority
cms_transform_all_fuzzer.c
Dictionary
Fuzzer function priority
cms_transform_fuzzer.c
Dictionary
Fuzzer function priority
cmsIT8_load_fuzzer.c
Dictionary
Fuzzer function priority
cms_overwrite_transform_fuzzer.c
Dictionary
Fuzzer function priority
cms_virtual_profile_fuzzer.c
Dictionary
Fuzzer function priority
cms_dict_fuzzer.c
Dictionary
Fuzzer function priority
cms_postscript_fuzzer.c
Dictionary
Fuzzer function priority
Runtime coverage analysis
Complex functions with low coverage
Files and Directories in report
Files in report
Directories in report
Metadata section
Report generation date: 2026-04-03

Project overview: lcms

High level conclusions

Reachability and coverage overview

Functions statically reachable by fuzzers
45.0%
542 / 1205
Cyclomatic complexity statically reachable by fuzzers
45.0%
3116 / 6862
Runtime code coverage of functions
65.0%
779 / 1205

Warning: The number of runtime covered functions are larger than the number of reachable functions. This means that Fuzz Introspector found there are more functions covered at runtime than what is considered reachable based on the static analysis. This is a limitation in the analysis as anything covered at runtime is by definition reachable by the fuzzers.
This is likely due to a limitation in the static analysis. In this case, the count of functions covered at runtime is the true value, which means this is what should be considered "achieved" by the fuzzer.

Use the project functions table below to query all functions that were not covered at runtime.

Fuzzers overview

Fuzzer Fuzzer filename Functions Reached Functions unreached Fuzzer depth Files reached Basic blocks reached Cyclomatic complexity Details
cms_md5_fuzzer cms_md5_fuzzer.c 72 999 10 8 654 304 cms_md5_fuzzer.c
cms_cie_cam02_fuzzer cms_cie_cam02_fuzzer.c 87 999 9 12 721 322 cms_cie_cam02_fuzzer.c
cms_devicelink_fuzzer cms_devicelink_fuzzer.c 134 932 9 14 1498 673 cms_devicelink_fuzzer.c
cms_profile_fuzzer cms_profile_fuzzer.c 88 981 10 9 922 415 cms_profile_fuzzer.c
cms_gdb_fuzzer cms_gdb_fuzzer.c 35 1046 8 6 250 126 cms_gdb_fuzzer.c
cms_cgats_fuzzer cms_cgats_fuzzer.c 157 1018 9 12 1791 776 cms_cgats_fuzzer.c
cms_universal_transform_fuzzer cms_universal_transform_fuzzer.c 250 816 15 20 3285 1472 cms_universal_transform_fuzzer.c
cms_transform_extended_fuzzer cms_transform_extended_fuzzer.c 336 731 12 20 4169 1857 cms_transform_extended_fuzzer.c
cms_transform_all_fuzzer cms_transform_all_fuzzer.c 251 816 16 20 3290 1475 cms_transform_all_fuzzer.c
cms_transform_fuzzer cms_transform_fuzzer.c 253 813 12 20 3316 1486 cms_transform_fuzzer.c
cmsIT8_load_fuzzer cmsIT8_load_fuzzer.c 92 1084 9 5 1087 485 cmsIT8_load_fuzzer.c
cms_overwrite_transform_fuzzer cms_overwrite_transform_fuzzer.c 250 816 15 20 3285 1472 cms_overwrite_transform_fuzzer.c
cms_virtual_profile_fuzzer cms_virtual_profile_fuzzer.c 274 792 12 20 3652 1631 cms_virtual_profile_fuzzer.c
cms_dict_fuzzer cms_dict_fuzzer.c 90 978 9 12 866 379 cms_dict_fuzzer.c
cms_postscript_fuzzer cms_postscript_fuzzer.c 377 722 16 22 4777 2134 cms_postscript_fuzzer.c

Project functions overview

The following table shows data about each function in the project. The functions included in this table correspond to all functions that exist in the executables of the fuzzers. As such, there may be functions that are from third-party libraries.

For further technical details on the meaning of columns in the below table, please see the Glossary .

Func name Functions filename Args Function call depth Reached by Fuzzers Runtime reached by Fuzzers Combined reached by Fuzzers Fuzzers runtime hit Func lines hit % I Count BB Count Cyclomatic complexity Functions reached Reached by functions Accumulated cyclomatic complexity Undiscovered complexity

Fuzzer details

Fuzzer: cms_md5_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 66 30.2%
gold [1:9] 1 0.45%
yellow [10:29] 1 0.45%
greenyellow [30:49] 2 0.91%
lawngreen 50+ 148 67.8%
All colors 218 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
27 81 cmsOpenProfileFromMemTHR call site: 00081 cmsSaveProfileToFile
12 164 _cmsWriteAlignment call site: 00164 _cmsGetTagTypeHandler
6 10 _cmsContextGetClientChunk call site: 00010 _cmsEnterCriticalSectionPrimitive
4 34 cmsOpenIOhandlerFromMem call site: 00034 _cmsFree
4 183 cmsSaveProfileToIOhandler call site: 00183 _cmsUnlockMutex
3 30 _cmsMalloc call site: 00030 _cmsFree
2 115 cmsOpenIOhandlerFromNULL call site: 00115 _cmsFree
1 1 LLVMFuzzerTestOneInput call site: 00001 cmsOpenProfileFromMemTHR
1 5 _cmsMallocZero call site: 00005 cmsSignalError
1 8 cmsSignalError call site: 00008 __assert_fail
1 21 _cmsCreateMutex call site: 00021 _cmsFree
1 27 cmsOpenIOhandlerFromMem call site: 00027 cmsSignalError

Runtime coverage analysis

Covered functions
70
Functions that are reachable but not covered
22
Reachable functions
72
Percentage of reachable functions covered
69.44%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
cms_md5_fuzzer.c 1
lcmscmsio0.c 24
lcmscmserr.c 10
lcmscmsplugin.c 14
lcms./lcms2_internal.h 2
lcmscmstypes.c 3
lcmscmswtpnt.c 1
lcmscmsmd5.c 5

Fuzzer: cms_cie_cam02_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 71 30.7%
gold [1:9] 7 3.03%
yellow [10:29] 138 59.7%
greenyellow [30:49] 2 0.86%
lawngreen 50+ 13 5.62%
All colors 231 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
16 144 cmsCreateContext call site: 00144 cmsDeleteContext
6 39 RegisterTypesPlugin call site: 00039 _cmsPluginMalloc
5 127 cmsCreateContext call site: 00127 DupPluginOptimizationList
4 6 _cmsMalloc call site: 00006 cmsSignalError
4 27 _cmsFree call site: 00027 cmsDeleteContext
4 96 _cmsAllocCurvesPluginChunk call site: 00096 DupPluginCurvesList
4 103 _cmsAllocFormattersPluginChunk call site: 00103 DupFormatterFactoryList
3 109 cmsCreateContext call site: 00109 DupTagTypeList
3 117 cmsCreateContext call site: 00117 DupTagList
3 122 cmsCreateContext call site: 00122 DupPluginIntentsList
3 134 cmsCreateContext call site: 00134 DupPluginTransformList
2 32 cmsUnregisterPluginsTHR call site: 00032 _cmsContextGetClientChunk

Runtime coverage analysis

Covered functions
69
Functions that are reachable but not covered
21
Reachable functions
87
Percentage of reachable functions covered
75.86%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
cms_cie_cam02_fuzzer.c 1
lcmscmsplugin.c 10
lcmscmserr.c 17
lcms./lcms2_internal.h 2
lcmscmsintrp.c 2
lcmscmstypes.c 9
lcmscmspack.c 3
lcmscmscnvrt.c 3
lcmscmsgamma.c 3
lcmscmsopt.c 3
lcmscmsxform.c 5
lcmscmscam02.c 19

Fuzzer: cms_devicelink_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 190 51.3%
gold [1:9] 3 0.81%
yellow [10:29] 0 0.0%
greenyellow [30:49] 68 18.3%
lawngreen 50+ 109 29.4%
All colors 370 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
80 259 cmsPipelineFree call site: 00259 cmsCloseProfile
22 340 _cmsMalloc call site: 00340 SaveTags
8 123 AllocateToneCurveStruct call site: 00123 cmsFreeToneCurve
7 96 cmsStageAllocToneCurves call site: 00096 cmsEvalToneCurveFloat
6 8 _cmsContextGetClientChunk call site: 00008 _cmsEnterCriticalSectionPrimitive
6 216 _cmsGetTagTypeHandler call site: 00216 cmsSignalError
5 192 _cmsSearchTag call site: 00192 _cmsDeleteTagByPos
4 46 cmsStageAllocCLut16bitGranular call site: 00046 FromFloatTo16
4 64 _cmsSetInterpolationRoutine call site: 00064 _cmsFree
4 209 cmsWriteTag call site: 00209 cmsSignalError
4 241 cmsMLUsetASCII call site: 00241 AddMLUBlock
3 200 _cmsNewTag call site: 00200 _cmsDeleteTagByPos

Runtime coverage analysis

Covered functions
122
Functions that are reachable but not covered
43
Reachable functions
134
Percentage of reachable functions covered
67.91%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
cms_devicelink_fuzzer.c 1
lcmscmsvirt.c 5
lcmscmserr.c 13
lcmscmsplugin.c 12
lcms./lcms2_internal.h 5
lcmscmsio0.c 26
lcmscmslut.c 23
lcmscmspcs.c 2
lcmscmsintrp.c 5
lcmscmsgamma.c 12
lcmscmsnamed.c 12
lcmscmstypes.c 3
lcmscmsio1.c 1
lcmscmswtpnt.c 1

Fuzzer: cms_profile_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 41 14.2%
gold [1:9] 0 0.0%
yellow [10:29] 2 0.69%
greenyellow [30:49] 3 1.04%
lawngreen 50+ 242 84.0%
All colors 288 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
6 15 _cmsContextGetClientChunk call site: 00015 _cmsEnterCriticalSectionPrimitive
6 224 cmsOpenIOhandlerFromMem call site: 00224 _cmsFree
4 32 cmsOpenIOhandlerFromFile call site: 00032 _cmsFree
4 231 cmsOpenIOhandlerFromMem call site: 00231 _cmsFree
3 44 cmsfilelength call site: 00044 _cmsFree
3 48 cmsOpenIOhandlerFromFile call site: 00048 _cmsFree
2 37 cmsOpenIOhandlerFromFile call site: 00037 _cmsFree
2 106 cmsOpenIOhandlerFromNULL call site: 00106 _cmsFree
2 212 cmsReadTag call site: 00212 cmsSignalError
2 274 _cmsDeleteTagByPos call site: 00274 _cmsUnlockMutex
1 6 LLVMFuzzerTestOneInput call site: 00006 cmsOpenProfileFromFileTHR
1 10 _cmsMallocZero call site: 00010 cmsSignalError

Runtime coverage analysis

Covered functions
222
Functions that are reachable but not covered
19
Reachable functions
88
Percentage of reachable functions covered
78.41%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
cms_profile_fuzzer.c 1
lcmscmsio0.c 33
lcmscmserr.c 11
lcmscmsplugin.c 15
lcms./lcms2_internal.h 2
lcmscmstypes.c 4
lcmscmswtpnt.c 1
lcmscmsio1.c 2
lcmscmsnamed.c 3

Fuzzer: cms_gdb_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 12 19.3%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 50 80.6%
All colors 62 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
6 8 _cmsContextGetClientChunk call site: 00008 _cmsEnterCriticalSectionPrimitive
4 3 _cmsMallocZero call site: 00003 cmsSignalError
1 26 ToSpherical call site: 00026 cmsSignalError
1 28 GetPoint call site: 00028 cmsSignalError

Runtime coverage analysis

Covered functions
27
Functions that are reachable but not covered
12
Reachable functions
35
Percentage of reachable functions covered
65.71%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
cms_gdb_fuzzer.c 1
lcmscmssm.c 15
lcmscmserr.c 3
lcmscmsplugin.c 3
lcms./lcms2_internal.h 2
lcmscmsmtrx.c 3

Fuzzer: cms_cgats_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 233 41.2%
gold [1:9] 1 0.17%
yellow [10:29] 0 0.0%
greenyellow [30:49] 3 0.53%
lawngreen 50+ 328 58.0%
All colors 565 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
53 27 _cmsFree call site: 00027 cmsDeleteContext
20 419 InStringSymbol call site: 00419 InSymbol
16 144 cmsCreateContext call site: 00144 cmsDeleteContext
12 395 InSymbol call site: 00395 StringCat
12 480 DataSection call site: 00480 SkipEOLN
10 509 HeaderSection call site: 00509 AddToList
8 493 ParseIT8 call site: 00493 InSymbol
6 386 ReadReal call site: 00386 NextCh
5 127 cmsCreateContext call site: 00127 DupPluginOptimizationList
5 288 WriteHeader call site: 00288 Writef
4 96 _cmsAllocCurvesPluginChunk call site: 00096 DupPluginCurvesList
4 103 _cmsAllocFormattersPluginChunk call site: 00103 DupFormatterFactoryList

Runtime coverage analysis

Covered functions
109
Functions that are reachable but not covered
52
Reachable functions
157
Percentage of reachable functions covered
66.88%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
cms_cgats_fuzzer.c 1
lcmscmsplugin.c 10
lcmscmserr.c 18
lcms./lcms2_internal.h 2
lcmscmsintrp.c 2
lcmscmstypes.c 9
lcmscmspack.c 3
lcmscmscnvrt.c 3
lcmscmsgamma.c 3
lcmscmsopt.c 3
lcmscmsxform.c 5
lcmscmscgats.c 76

Fuzzer: cms_universal_transform_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 377 45.6%
gold [1:9] 7 0.84%
yellow [10:29] 6 0.72%
greenyellow [30:49] 17 2.05%
lawngreen 50+ 419 50.7%
All colors 826 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
41 118 _cmsUnlockMutex call site: 00118 SaveTags
37 594 cmsCreateRGBProfileTHR call site: 00594 _cmsStageAllocIdentityCurves
29 81 cmsOpenProfileFromMemTHR call site: 00081 cmsSaveProfileToFile
28 794 cmsMLUdup call site: 00794 cmsCreateTransformTHR
20 724 cmsCreateExtendedTransform call site: 00724 _cmsCreateGamutCheckPipeline
18 366 OptimizeByResampling call site: 00366 PrelinOpt16alloc
13 779 cmsCreateExtendedTransform call site: 00779 _cmsCompileProfileSequence
10 670 cmsDoTransform call site: 00670 cmsCloseProfile
9 659 cmsStageAllocToneCurves call site: 00659 cmsCreateTransformTHR
8 30 _cmsMalloc call site: 00030 _cmsFree
8 179 _cmsSearchTag call site: 00179 SaveTags
7 427 AllocateToneCurveStruct call site: 00427 _cmsFree

Runtime coverage analysis

Covered functions
349
Functions that are reachable but not covered
60
Reachable functions
250
Percentage of reachable functions covered
76.0%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
cms_universal_transform_fuzzer.c 1
lcmscmsio0.c 43
lcmscmserr.c 13
lcmscmsplugin.c 15
lcms./lcms2_internal.h 5
lcmscmstypes.c 4
lcmscmswtpnt.c 6
lcmscmsxform.c 15
lcmscmslut.c 42
lcmscmspack.c 4
lcmscmsopt.c 19
lcmscmsmtrx.c 5
lcmscmspcs.c 10
lcmscmsgamma.c 20
lcmscmsintrp.c 5
lcmscmsnamed.c 16
lcmscmsgmt.c 3
lcmscmsvirt.c 4
lcmscmscnvrt.c 2
lcmscmsio1.c 3

Fuzzer: cms_transform_extended_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 395 34.2%
gold [1:9] 14 1.21%
yellow [10:29] 9 0.78%
greenyellow [30:49] 10 0.86%
lawngreen 50+ 724 62.8%
All colors 1152 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
54 665 _cmsCreateSubAllocChunk call site: 00665 cmsDeleteContext
41 119 _cmsUnlockMutex call site: 00119 SaveTags
29 82 cmsOpenProfileFromMemTHR call site: 00082 cmsSaveProfileToFile
25 1118 _cmsCompileProfileSequence call site: 01118 cmsCreateTransformTHR
16 783 cmsCreateContext call site: 00783 cmsDeleteContext
10 1007 cmsDoTransform call site: 01007 cmsCloseProfile
8 31 _cmsMalloc call site: 00031 _cmsFree
8 180 _cmsSearchTag call site: 00180 SaveTags
8 364 AllocateToneCurveStruct call site: 00364 cmsFreeToneCurve
8 997 cmsCreateExtendedTransform call site: 00997 cmsDetectRGBProfileGamma
7 585 run_test call site: 00585 cmsCreateBCHSWabstractProfileTHR
6 112 _cmsLockMutex call site: 00112 cmsOpenIOhandlerFromNULL

Runtime coverage analysis

Covered functions
477
Functions that are reachable but not covered
66
Reachable functions
336
Percentage of reachable functions covered
80.36%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
cms_transform_extended_fuzzer.c 2
lcmscmsio0.c 43
lcmscmserr.c 26
lcmscmsplugin.c 22
lcms./lcms2_internal.h 5
lcmscmstypes.c 13
lcmscmswtpnt.c 7
lcmscmsvirt.c 19
lcmscmspcs.c 25
lcmscmsnamed.c 16
lcmscmsmtrx.c 5
lcmscmslut.c 46
lcmscmsgamma.c 23
lcmscmsintrp.c 7
lcmscmspack.c 7
lcmscmscnvrt.c 5
lcmscmsopt.c 22
lcmscmsxform.c 19
lcmscmsgmt.c 3
lcmscmsio1.c 3

Fuzzer: cms_transform_all_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 266 32.1%
gold [1:9] 7 0.84%
yellow [10:29] 8 0.96%
greenyellow [30:49] 15 1.81%
lawngreen 50+ 531 64.2%
All colors 827 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
41 119 _cmsUnlockMutex call site: 00119 SaveTags
29 82 cmsOpenProfileFromMemTHR call site: 00082 cmsSaveProfileToFile
29 595 cmsCreateRGBProfileTHR call site: 00595 cmsCloseProfile
25 798 _cmsCompileProfileSequence call site: 00798 cmsCreateTransformTHR
8 31 _cmsMalloc call site: 00031 _cmsFree
8 180 _cmsSearchTag call site: 00180 SaveTags
7 428 AllocateToneCurveStruct call site: 00428 _cmsFree
6 11 _cmsContextGetClientChunk call site: 00011 _cmsEnterCriticalSectionPrimitive
6 112 _cmsLockMutex call site: 00112 cmsOpenIOhandlerFromNULL
6 161 cmsGetProfileVersion call site: 00161 _cmsGetTagTypeHandler
6 567 cmsWriteTag call site: 00567 cmsSignalError
6 754 cmsIsMatrixShaper call site: 00754 cmsCreateExtendedTransform

Runtime coverage analysis

Covered functions
424
Functions that are reachable but not covered
41
Reachable functions
251
Percentage of reachable functions covered
83.67%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
cms_transform_all_fuzzer.c 2
lcmscmsio0.c 43
lcmscmserr.c 13
lcmscmsplugin.c 15
lcms./lcms2_internal.h 5
lcmscmstypes.c 4
lcmscmswtpnt.c 6
lcmscmsxform.c 15
lcmscmslut.c 42
lcmscmspack.c 4
lcmscmsopt.c 19
lcmscmsmtrx.c 5
lcmscmspcs.c 10
lcmscmsgamma.c 20
lcmscmsintrp.c 5
lcmscmsnamed.c 16
lcmscmsgmt.c 3
lcmscmsvirt.c 4
lcmscmscnvrt.c 2
lcmscmsio1.c 3

Fuzzer: cms_transform_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 373 44.5%
gold [1:9] 2 0.23%
yellow [10:29] 18 2.14%
greenyellow [30:49] 1 0.11%
lawngreen 50+ 444 52.9%
All colors 838 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
41 118 _cmsUnlockMutex call site: 00118 SaveTags
29 81 cmsOpenProfileFromMemTHR call site: 00081 cmsSaveProfileToFile
28 804 cmsMLUdup call site: 00804 cmsCreateTransformTHR
20 734 cmsCreateExtendedTransform call site: 00734 _cmsCreateGamutCheckPipeline
18 522 OptimizeByResampling call site: 00522 PrelinOpt16alloc
15 787 cmsCreateExtendedTransform call site: 00787 _cmsCompileProfileSequence
10 680 cmsDoTransform call site: 00680 cmsCloseProfile
9 561 cmsReverseToneCurveEx call site: 00561 cmsBuildTabulatedToneCurve16
9 632 cmsD50_xyY call site: 00632 cmsCreateRGBProfileTHR
9 669 cmsStageAllocToneCurves call site: 00669 cmsCreateTransformTHR
8 30 _cmsMalloc call site: 00030 _cmsFree
8 179 _cmsSearchTag call site: 00179 SaveTags

Runtime coverage analysis

Covered functions
366
Functions that are reachable but not covered
63
Reachable functions
253
Percentage of reachable functions covered
75.1%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
cms_transform_fuzzer.c 1
lcmscmsio0.c 43
lcmscmserr.c 13
lcmscmsplugin.c 15
lcms./lcms2_internal.h 5
lcmscmstypes.c 4
lcmscmswtpnt.c 6
lcmscmsvirt.c 7
lcmscmsgamma.c 20
lcmscmsintrp.c 5
lcmscmsnamed.c 16
lcmscmspcs.c 10
lcmscmsmtrx.c 5
lcmscmsxform.c 15
lcmscmslut.c 42
lcmscmspack.c 4
lcmscmsopt.c 19
lcmscmsgmt.c 3
lcmscmscnvrt.c 2
lcmscmsio1.c 3

Fuzzer: cmsIT8_load_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 58 16.4%
gold [1:9] 5 1.42%
yellow [10:29] 4 1.13%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 285 80.9%
All colors 352 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
10 265 HeaderSection call site: 00265 AddToList
7 317 WriteHeader call site: 00317 Writef
6 12 _cmsContextGetClientChunk call site: 00012 _cmsEnterCriticalSectionPrimitive
4 253 HeaderSection call site: 00253 InSymbol
3 294 cmsIT8SaveToFile call site: 00294 SynError
2 303 WriteStr call site: 00303 cmsSignalError
2 306 WriteHeader call site: 00306 Writef
2 310 Writef call site: 00310 WriteStr
1 7 _cmsMallocZero call site: 00007 cmsSignalError
1 10 cmsSignalError call site: 00010 __assert_fail
1 23 AllocBigBlock call site: 00023 _cmsFree
1 25 _cmsFree call site: 00025 SynError

Runtime coverage analysis

Covered functions
70
Functions that are reachable but not covered
26
Reachable functions
92
Percentage of reachable functions covered
71.74%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
cmsIT8_load_fuzzer.c 1
lcmscmscgats.c 59
lcmscmserr.c 5
lcmscmsplugin.c 3
lcms./lcms2_internal.h 2

Fuzzer: cms_overwrite_transform_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 377 45.6%
gold [1:9] 8 0.96%
yellow [10:29] 17 2.05%
greenyellow [30:49] 4 0.48%
lawngreen 50+ 420 50.8%
All colors 826 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
41 118 _cmsUnlockMutex call site: 00118 SaveTags
37 594 cmsCreateRGBProfileTHR call site: 00594 _cmsStageAllocIdentityCurves
29 81 cmsOpenProfileFromMemTHR call site: 00081 cmsSaveProfileToFile
28 794 cmsMLUdup call site: 00794 cmsCreateTransformTHR
20 724 cmsCreateExtendedTransform call site: 00724 _cmsCreateGamutCheckPipeline
18 366 OptimizeByResampling call site: 00366 PrelinOpt16alloc
13 779 cmsCreateExtendedTransform call site: 00779 _cmsCompileProfileSequence
10 670 cmsDoTransform call site: 00670 cmsCloseProfile
9 659 cmsStageAllocToneCurves call site: 00659 cmsCreateTransformTHR
8 30 _cmsMalloc call site: 00030 _cmsFree
8 179 _cmsSearchTag call site: 00179 SaveTags
7 427 AllocateToneCurveStruct call site: 00427 _cmsFree

Runtime coverage analysis

Covered functions
349
Functions that are reachable but not covered
60
Reachable functions
250
Percentage of reachable functions covered
76.0%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
cms_overwrite_transform_fuzzer.c 1
lcmscmsio0.c 43
lcmscmserr.c 13
lcmscmsplugin.c 15
lcms./lcms2_internal.h 5
lcmscmstypes.c 4
lcmscmswtpnt.c 6
lcmscmsxform.c 15
lcmscmslut.c 42
lcmscmspack.c 4
lcmscmsopt.c 19
lcmscmsmtrx.c 5
lcmscmspcs.c 10
lcmscmsgamma.c 20
lcmscmsintrp.c 5
lcmscmsnamed.c 16
lcmscmsgmt.c 3
lcmscmsvirt.c 4
lcmscmscnvrt.c 2
lcmscmsio1.c 3

Fuzzer: cms_virtual_profile_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 350 36.0%
gold [1:9] 8 0.82%
yellow [10:29] 25 2.57%
greenyellow [30:49] 4 0.41%
lawngreen 50+ 583 60.1%
All colors 970 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
41 118 _cmsUnlockMutex call site: 00118 SaveTags
29 81 cmsOpenProfileFromMemTHR call site: 00081 cmsSaveProfileToFile
28 804 cmsMLUdup call site: 00804 cmsCreateTransformTHR
20 734 cmsCreateExtendedTransform call site: 00734 _cmsCreateGamutCheckPipeline
12 884 cmsTransform2DeviceLink call site: 00884 IsPCS
10 680 cmsDoTransform call site: 00680 cmsCloseProfile
9 669 cmsStageAllocToneCurves call site: 00669 cmsCreateTransformTHR
9 793 cmsAllocProfileSequenceDescription call site: 00793 GetMLUFromProfile
8 30 _cmsMalloc call site: 00030 _cmsFree
8 179 _cmsSearchTag call site: 00179 SaveTags
8 632 cmsD50_xyY call site: 00632 cmsCreateRGBProfileTHR
7 228 AllocateToneCurveStruct call site: 00228 _cmsFree

Runtime coverage analysis

Covered functions
412
Functions that are reachable but not covered
52
Reachable functions
274
Percentage of reachable functions covered
81.02%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
cms_virtual_profile_fuzzer.c 1
lcmscmsio0.c 43
lcmscmserr.c 13
lcmscmsplugin.c 15
lcms./lcms2_internal.h 5
lcmscmstypes.c 4
lcmscmswtpnt.c 6
lcmscmsvirt.c 16
lcmscmsgamma.c 21
lcmscmsintrp.c 5
lcmscmsnamed.c 19
lcmscmspcs.c 10
lcmscmsmtrx.c 5
lcmscmsxform.c 17
lcmscmslut.c 46
lcmscmspack.c 4
lcmscmsopt.c 19
lcmscmsgmt.c 3
lcmscmscnvrt.c 2
lcmscmsio1.c 4

Fuzzer: cms_dict_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 108 47.3%
gold [1:9] 2 0.87%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 118 51.7%
All colors 228 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
53 27 _cmsFree call site: 00027 cmsDeleteContext
16 144 cmsCreateContext call site: 00144 cmsDeleteContext
5 127 cmsCreateContext call site: 00127 DupPluginOptimizationList
4 6 _cmsMalloc call site: 00006 cmsSignalError
4 96 _cmsAllocCurvesPluginChunk call site: 00096 DupPluginCurvesList
4 103 _cmsAllocFormattersPluginChunk call site: 00103 DupFormatterFactoryList
3 109 cmsCreateContext call site: 00109 DupTagTypeList
3 117 cmsCreateContext call site: 00117 DupTagList
3 122 cmsCreateContext call site: 00122 DupPluginIntentsList
3 134 cmsCreateContext call site: 00134 DupPluginTransformList
2 175 cmsMLUsetWide call site: 00175 GrowMLUtable
1 25 _cmsCreateSubAllocChunk call site: 00025 _cmsFree

Runtime coverage analysis

Covered functions
63
Functions that are reachable but not covered
33
Reachable functions
90
Percentage of reachable functions covered
63.33%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
cms_dict_fuzzer.c 2
lcmscmsplugin.c 10
lcmscmserr.c 20
lcms./lcms2_internal.h 2
lcmscmsintrp.c 2
lcmscmstypes.c 9
lcmscmspack.c 3
lcmscmscnvrt.c 3
lcmscmsgamma.c 3
lcmscmsopt.c 3
lcmscmsxform.c 5
lcmscmsnamed.c 22

Fuzzer: cms_postscript_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 400 27.7%
gold [1:9] 23 1.59%
yellow [10:29] 21 1.45%
greenyellow [30:49] 12 0.83%
lawngreen 50+ 987 68.3%
All colors 1443 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
41 264 _cmsUnlockMutex call site: 00264 SaveTags
29 227 cmsOpenProfileFromMemTHR call site: 00227 cmsSaveProfileToFile
29 432 cmsCreateRGBProfileTHR call site: 00432 cmsCloseProfile
28 947 cmsMLUdup call site: 00947 cmsCreateTransformTHR
16 144 cmsCreateContext call site: 00144 cmsDeleteContext
13 932 cmsCreateExtendedTransform call site: 00932 _cmsCompileProfileSequence
9 605 _MultiplyMatrix call site: 00605 _RemoveElement
8 176 cmsOpenIOhandlerFromMem call site: 00176 _cmsFree
8 325 _cmsSearchTag call site: 00325 SaveTags
8 515 AllocateToneCurveStruct call site: 00515 cmsFreeToneCurve
6 39 RegisterTypesPlugin call site: 00039 _cmsPluginMalloc
6 306 cmsGetProfileVersion call site: 00306 _cmsGetTagTypeHandler

Runtime coverage analysis

Covered functions
467
Functions that are reachable but not covered
63
Reachable functions
377
Percentage of reachable functions covered
83.29%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
cms_postscript_fuzzer.c 1
lcmscmsplugin.c 23
lcmscmserr.c 26
lcms./lcms2_internal.h 5
lcmscmsintrp.c 7
lcmscmstypes.c 13
lcmscmspack.c 8
lcmscmscnvrt.c 5
lcmscmsgamma.c 23
lcmscmsopt.c 22
lcmscmsxform.c 21
lcmscmsio0.c 45
lcmscmswtpnt.c 6
lcmscmsps2.c 31
lcmscmsvirt.c 6
lcmscmspcs.c 14
lcmscmsnamed.c 24
lcmscmsmtrx.c 5
lcmscmslut.c 53
lcmscmsgmt.c 3
lcmscmsio1.c 11
lcmscmssamp.c 5

Analyses and suggestions

Optimal target analysis

Remaining optimal interesting functions

The following table shows a list of functions that are optimal targets. Optimal targets are identified by finding the functions that in combination, yield a high code coverage.

Func name Functions filename Arg count Args Function depth hitcount instr count bb count cyclomatic complexity Reachable functions Incoming references total cyclomatic complexity Unreached complexity
BlackPreservingKPlaneIntents /src/lcms/src/cmscnvrt.c 7 ['N/A', 'int', 'N/A', 'N/A', 'N/A', 'N/A', 'int'] 16 0 427 69 27 319 0 2024 408
Type_Dictionary_Read /src/lcms/src/cmstypes.c 4 ['N/A', 'N/A', 'N/A', 'int'] 10 0 379 67 27 42 0 212 127
Type_LUTB2A_Read /src/lcms/src/cmstypes.c 4 ['N/A', 'N/A', 'N/A', 'int'] 10 0 333 58 25 76 0 415 109
OptimizeMatrixShaper /src/lcms/src/cmsopt.c 5 ['N/A', 'int', 'N/A', 'N/A', 'N/A'] 9 0 354 58 24 87 0 422 108
OptimizeByComputingLinearization /src/lcms/src/cmsopt.c 5 ['N/A', 'int', 'N/A', 'N/A', 'N/A'] 9 0 874 141 51 95 0 646 92
Type_LUTA2B_Write /src/lcms/src/cmstypes.c 4 ['N/A', 'N/A', 'N/A', 'int'] 8 0 488 73 32 33 0 159 82
cmsCreateDeviceLinkFromCubeFile /src/lcms/src/cmscgats.c 1 ['N/A'] 14 0 15 3 2 140 0 680 75
FloatXFORM /src/lcms/src/cmsxform.c 6 ['N/A', 'N/A', 'N/A', 'int', 'int', 'N/A'] 9 0 199 21 7 18 0 101 73
Type_ProfileSequenceId_Write /src/lcms/src/cmstypes.c 4 ['N/A', 'N/A', 'N/A', 'int'] 10 0 70 8 4 30 0 149 73
Eval15InputsFloat /src/lcms/src/cmsintrp.c 3 ['N/A', 'N/A', 'N/A'] 13 0 157 10 4 14 0 72 70

Implementing fuzzers that target the above functions will improve reachability such that it becomes:

Functions statically reachable by fuzzers
56.9%
688 / 1205
Cyclomatic complexity statically reachable by fuzzers
63.0%
4331 / 6862

All functions overview

If you implement fuzzers for these functions, the status of all functions in the project will be:

Func name Functions filename Args Function call depth Reached by Fuzzers Runtime reached by Fuzzers Combined reached by Fuzzers Fuzzers runtime hit Func lines hit % I Count BB Count Cyclomatic complexity Functions reached Reached by functions Accumulated cyclomatic complexity Undiscovered complexity

Fuzz engine guidance

This sections provides heuristics that can be used as input to a fuzz engine when running a given fuzz target. The current focus is on providing input that is usable by libFuzzer.

cms_md5_fuzzer.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['cmsOpenProfileFromMemTHR', '_cmsWriteAlignment', '_cmsContextGetClientChunk', 'cmsOpenIOhandlerFromMem', 'cmsSaveProfileToIOhandler', '_cmsMalloc', 'cmsOpenIOhandlerFromNULL', 'LLVMFuzzerTestOneInput', '_cmsMallocZero', 'cmsSignalError']

cms_cie_cam02_fuzzer.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['cmsCreateContext', 'RegisterTypesPlugin', '_cmsMalloc', '_cmsFree', '_cmsAllocCurvesPluginChunk', '_cmsAllocFormattersPluginChunk']

cms_devicelink_fuzzer.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['cmsPipelineFree', '_cmsMalloc', 'AllocateToneCurveStruct', 'cmsStageAllocToneCurves', '_cmsContextGetClientChunk', '_cmsGetTagTypeHandler', '_cmsSearchTag', 'cmsStageAllocCLut16bitGranular', '_cmsSetInterpolationRoutine', 'cmsWriteTag']

cms_profile_fuzzer.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['_cmsContextGetClientChunk', 'cmsOpenIOhandlerFromMem', 'cmsOpenIOhandlerFromFile', 'cmsfilelength', 'cmsOpenIOhandlerFromNULL', 'cmsReadTag', '_cmsDeleteTagByPos']

cms_gdb_fuzzer.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['_cmsContextGetClientChunk', '_cmsMallocZero', 'ToSpherical', 'GetPoint']

cms_cgats_fuzzer.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['_cmsFree', 'InStringSymbol', 'cmsCreateContext', 'InSymbol', 'DataSection', 'HeaderSection', 'ParseIT8', 'ReadReal', 'WriteHeader']

cms_universal_transform_fuzzer.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['_cmsUnlockMutex', 'cmsCreateRGBProfileTHR', 'cmsOpenProfileFromMemTHR', 'cmsMLUdup', 'cmsCreateExtendedTransform', 'OptimizeByResampling', 'cmsDoTransform', 'cmsStageAllocToneCurves', '_cmsMalloc']

cms_transform_extended_fuzzer.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['_cmsCreateSubAllocChunk', '_cmsUnlockMutex', 'cmsOpenProfileFromMemTHR', '_cmsCompileProfileSequence', 'cmsCreateContext', 'cmsDoTransform', '_cmsMalloc', '_cmsSearchTag', 'AllocateToneCurveStruct', 'cmsCreateExtendedTransform']

cms_transform_all_fuzzer.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['_cmsUnlockMutex', 'cmsOpenProfileFromMemTHR', 'cmsCreateRGBProfileTHR', '_cmsCompileProfileSequence', '_cmsMalloc', '_cmsSearchTag', 'AllocateToneCurveStruct', '_cmsContextGetClientChunk', '_cmsLockMutex', 'cmsGetProfileVersion']

cms_transform_fuzzer.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['_cmsUnlockMutex', 'cmsOpenProfileFromMemTHR', 'cmsMLUdup', 'cmsCreateExtendedTransform', 'OptimizeByResampling', 'cmsDoTransform', 'cmsReverseToneCurveEx', 'cmsD50_xyY', 'cmsStageAllocToneCurves']

cmsIT8_load_fuzzer.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['HeaderSection', 'WriteHeader', '_cmsContextGetClientChunk', 'cmsIT8SaveToFile', 'WriteStr', 'Writef', '_cmsMallocZero', 'cmsSignalError']

cms_overwrite_transform_fuzzer.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['_cmsUnlockMutex', 'cmsCreateRGBProfileTHR', 'cmsOpenProfileFromMemTHR', 'cmsMLUdup', 'cmsCreateExtendedTransform', 'OptimizeByResampling', 'cmsDoTransform', 'cmsStageAllocToneCurves', '_cmsMalloc']

cms_virtual_profile_fuzzer.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['_cmsUnlockMutex', 'cmsOpenProfileFromMemTHR', 'cmsMLUdup', 'cmsCreateExtendedTransform', 'cmsTransform2DeviceLink', 'cmsDoTransform', 'cmsStageAllocToneCurves', 'cmsAllocProfileSequenceDescription', '_cmsMalloc', '_cmsSearchTag']

cms_dict_fuzzer.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['_cmsFree', 'cmsCreateContext', '_cmsMalloc', '_cmsAllocCurvesPluginChunk', '_cmsAllocFormattersPluginChunk']

cms_postscript_fuzzer.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['_cmsUnlockMutex', 'cmsOpenProfileFromMemTHR', 'cmsCreateRGBProfileTHR', 'cmsMLUdup', 'cmsCreateContext', 'cmsCreateExtendedTransform', '_MultiplyMatrix', 'cmsOpenIOhandlerFromMem', '_cmsSearchTag', 'AllocateToneCurveStruct']

Runtime coverage analysis

This section shows analysis of runtime coverage data.

For futher technical details on how this section is generated, please see the Glossary .

Complex functions with low coverage

Func name Function total lines Lines covered at runtime percentage covered Reached by fuzzers
cmsPluginTHR 58 7 12.06% ['cms_postscript_fuzzer', 'cms_transform_extended_fuzzer', 'cms_dict_fuzzer', 'cms_cgats_fuzzer', 'cms_cie_cam02_fuzzer']
cmsWriteTag 71 38 53.52% ['cms_devicelink_fuzzer', 'cms_transform_fuzzer', 'cms_universal_transform_fuzzer', 'cms_postscript_fuzzer', 'cms_transform_extended_fuzzer', 'cms_virtual_profile_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_transform_all_fuzzer']
ParseFloatNumber 49 13 26.53% ['cms_cgats_fuzzer']
HeaderSection 70 38 54.28% ['cms_cgats_fuzzer', 'cmsIT8_load_fuzzer']
_cmsHandleExtraChannels 67 15 22.38% ['cms_transform_all_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_fuzzer', 'cms_postscript_fuzzer', 'cms_transform_extended_fuzzer', 'cms_virtual_profile_fuzzer', 'cms_overwrite_transform_fuzzer']
PrelinEval8 72 34 47.22% ['cms_transform_all_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_universal_transform_fuzzer']
ComputeAbsoluteIntent 38 9 23.68% ['cms_virtual_profile_fuzzer', 'cms_transform_extended_fuzzer', 'cms_transform_all_fuzzer', 'cms_postscript_fuzzer']

Files and Directories in report

This section shows which files and directories are considered in this report. The main reason for showing this is fuzz introspector may include more code in the reasoning than is desired. This section helps identify if too many files/directories are included, e.g. third party code, which may be irrelevant for the threat model. In the event too much is included, fuzz introspector supports a configuration file that can exclude data from the report. See the following link for more information on how to create a config file: link

Files in report

Source file Reached by Covered by
[] []
/src/lcms/src/cmscgats.c ['cms_cgats_fuzzer', 'cmsIT8_load_fuzzer'] ['cms_cgats_fuzzer', 'cmsIT8_load_fuzzer']
/src/cms_universal_transform_fuzzer.c ['cms_universal_transform_fuzzer'] ['cms_universal_transform_fuzzer']
/src/cms_postscript_fuzzer.c ['cms_postscript_fuzzer'] ['cms_postscript_fuzzer']
/src/lcms/src/cmsio1.c ['cms_devicelink_fuzzer', 'cms_profile_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_virtual_profile_fuzzer', 'cms_postscript_fuzzer'] ['cms_devicelink_fuzzer', 'cms_profile_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_virtual_profile_fuzzer', 'cms_postscript_fuzzer']
/src/cms_md5_fuzzer.c ['cms_md5_fuzzer'] ['cms_md5_fuzzer']
/src/cms_cie_cam02_fuzzer.c ['cms_cie_cam02_fuzzer'] ['cms_cie_cam02_fuzzer']
/src/lcms/src/cmsps2.c ['cms_postscript_fuzzer'] ['cms_postscript_fuzzer']
/src/lcms/src/cmsgamma.c ['cms_cie_cam02_fuzzer', 'cms_devicelink_fuzzer', 'cms_cgats_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_virtual_profile_fuzzer', 'cms_dict_fuzzer', 'cms_postscript_fuzzer'] ['cms_cie_cam02_fuzzer', 'cms_devicelink_fuzzer', 'cms_cgats_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_virtual_profile_fuzzer', 'cms_dict_fuzzer', 'cms_postscript_fuzzer']
/src/lcms/src/cmssamp.c ['cms_postscript_fuzzer'] ['cms_postscript_fuzzer']
/src/lcms/src/cmsintrp.c ['cms_cie_cam02_fuzzer', 'cms_devicelink_fuzzer', 'cms_cgats_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_virtual_profile_fuzzer', 'cms_dict_fuzzer', 'cms_postscript_fuzzer'] ['cms_cie_cam02_fuzzer', 'cms_devicelink_fuzzer', 'cms_cgats_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_virtual_profile_fuzzer', 'cms_dict_fuzzer', 'cms_postscript_fuzzer']
/src/cmsIT8_load_fuzzer.c ['cmsIT8_load_fuzzer'] ['cmsIT8_load_fuzzer']
/src/cms_devicelink_fuzzer.c ['cms_devicelink_fuzzer'] ['cms_devicelink_fuzzer']
/src/lcms/src/cmscam02.c ['cms_cie_cam02_fuzzer'] ['cms_cie_cam02_fuzzer']
/src/lcms/src/cmstypes.c ['cms_md5_fuzzer', 'cms_cie_cam02_fuzzer', 'cms_devicelink_fuzzer', 'cms_profile_fuzzer', 'cms_cgats_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_virtual_profile_fuzzer', 'cms_dict_fuzzer', 'cms_postscript_fuzzer'] ['cms_md5_fuzzer', 'cms_cie_cam02_fuzzer', 'cms_devicelink_fuzzer', 'cms_profile_fuzzer', 'cms_cgats_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_virtual_profile_fuzzer', 'cms_dict_fuzzer', 'cms_postscript_fuzzer']
/src/lcms/src/cmsmtrx.c ['cms_gdb_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_virtual_profile_fuzzer', 'cms_postscript_fuzzer'] ['cms_gdb_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_virtual_profile_fuzzer', 'cms_postscript_fuzzer']
/src/cms_gdb_fuzzer.c ['cms_gdb_fuzzer'] ['cms_gdb_fuzzer']
/src/cms_transform_fuzzer.c ['cms_transform_fuzzer'] ['cms_transform_fuzzer']
/src/lcms/src/cmsvirt.c ['cms_devicelink_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_virtual_profile_fuzzer', 'cms_postscript_fuzzer'] ['cms_devicelink_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_virtual_profile_fuzzer', 'cms_postscript_fuzzer']
/src/cms_overwrite_transform_fuzzer.c ['cms_overwrite_transform_fuzzer'] ['cms_overwrite_transform_fuzzer']
/src/lcms/src/./lcms2_internal.h ['cms_md5_fuzzer', 'cms_cie_cam02_fuzzer', 'cms_devicelink_fuzzer', 'cms_profile_fuzzer', 'cms_gdb_fuzzer', 'cms_cgats_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cmsIT8_load_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_virtual_profile_fuzzer', 'cms_dict_fuzzer', 'cms_postscript_fuzzer'] []
/src/lcms/src/cmslut.c ['cms_devicelink_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_virtual_profile_fuzzer', 'cms_postscript_fuzzer'] ['cms_devicelink_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_virtual_profile_fuzzer', 'cms_postscript_fuzzer']
/src/lcms/src/cmsalpha.c [] []
/src/cms_dict_fuzzer.c ['cms_dict_fuzzer'] ['cms_dict_fuzzer']
/src/lcms/src/cmspack.c ['cms_cie_cam02_fuzzer', 'cms_cgats_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_virtual_profile_fuzzer', 'cms_dict_fuzzer', 'cms_postscript_fuzzer'] ['cms_cie_cam02_fuzzer', 'cms_cgats_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_virtual_profile_fuzzer', 'cms_dict_fuzzer', 'cms_postscript_fuzzer']
/src/lcms/src/cmsmd5.c ['cms_md5_fuzzer'] ['cms_md5_fuzzer']
/src/cms_virtual_profile_fuzzer.c ['cms_virtual_profile_fuzzer'] ['cms_virtual_profile_fuzzer']
/src/cms_transform_extended_fuzzer.c ['cms_transform_extended_fuzzer'] ['cms_transform_extended_fuzzer']
/src/lcms/src/cmsopt.c ['cms_cie_cam02_fuzzer', 'cms_cgats_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_virtual_profile_fuzzer', 'cms_dict_fuzzer', 'cms_postscript_fuzzer'] ['cms_cie_cam02_fuzzer', 'cms_cgats_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_virtual_profile_fuzzer', 'cms_dict_fuzzer', 'cms_postscript_fuzzer']
/src/lcms/src/cmserr.c ['cms_md5_fuzzer', 'cms_cie_cam02_fuzzer', 'cms_devicelink_fuzzer', 'cms_profile_fuzzer', 'cms_gdb_fuzzer', 'cms_cgats_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cmsIT8_load_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_virtual_profile_fuzzer', 'cms_dict_fuzzer', 'cms_postscript_fuzzer'] ['cms_md5_fuzzer', 'cms_cie_cam02_fuzzer', 'cms_devicelink_fuzzer', 'cms_profile_fuzzer', 'cms_gdb_fuzzer', 'cms_cgats_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cmsIT8_load_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_virtual_profile_fuzzer', 'cms_dict_fuzzer', 'cms_postscript_fuzzer']
/src/lcms/src/cmsio0.c ['cms_md5_fuzzer', 'cms_devicelink_fuzzer', 'cms_profile_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_virtual_profile_fuzzer', 'cms_postscript_fuzzer'] ['cms_md5_fuzzer', 'cms_devicelink_fuzzer', 'cms_profile_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_virtual_profile_fuzzer', 'cms_postscript_fuzzer']
/src/lcms/src/cmspcs.c ['cms_devicelink_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_virtual_profile_fuzzer', 'cms_postscript_fuzzer'] ['cms_devicelink_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_virtual_profile_fuzzer', 'cms_postscript_fuzzer']
/src/cms_transform_all_fuzzer.c ['cms_transform_all_fuzzer'] ['cms_transform_all_fuzzer']
/src/lcms/src/cmsxform.c ['cms_cie_cam02_fuzzer', 'cms_cgats_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_virtual_profile_fuzzer', 'cms_dict_fuzzer', 'cms_postscript_fuzzer'] ['cms_cie_cam02_fuzzer', 'cms_cgats_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_virtual_profile_fuzzer', 'cms_dict_fuzzer', 'cms_postscript_fuzzer']
/src/lcms/src/cmsplugin.c ['cms_md5_fuzzer', 'cms_cie_cam02_fuzzer', 'cms_devicelink_fuzzer', 'cms_profile_fuzzer', 'cms_gdb_fuzzer', 'cms_cgats_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cmsIT8_load_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_virtual_profile_fuzzer', 'cms_dict_fuzzer', 'cms_postscript_fuzzer'] ['cms_md5_fuzzer', 'cms_cie_cam02_fuzzer', 'cms_devicelink_fuzzer', 'cms_profile_fuzzer', 'cms_gdb_fuzzer', 'cms_cgats_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cmsIT8_load_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_virtual_profile_fuzzer', 'cms_dict_fuzzer', 'cms_postscript_fuzzer']
/src/lcms/src/cmsgmt.c ['cms_universal_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_virtual_profile_fuzzer', 'cms_postscript_fuzzer'] ['cms_transform_extended_fuzzer', 'cms_transform_all_fuzzer', 'cms_postscript_fuzzer']
/src/cms_profile_fuzzer.c ['cms_profile_fuzzer'] ['cms_profile_fuzzer']
/src/lcms/src/cmscnvrt.c ['cms_cie_cam02_fuzzer', 'cms_cgats_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_virtual_profile_fuzzer', 'cms_dict_fuzzer', 'cms_postscript_fuzzer'] ['cms_cie_cam02_fuzzer', 'cms_cgats_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_virtual_profile_fuzzer', 'cms_dict_fuzzer', 'cms_postscript_fuzzer']
/src/cms_cgats_fuzzer.c ['cms_cgats_fuzzer'] ['cms_cgats_fuzzer']
/src/lcms/src/cmsnamed.c ['cms_devicelink_fuzzer', 'cms_profile_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_virtual_profile_fuzzer', 'cms_dict_fuzzer', 'cms_postscript_fuzzer'] ['cms_devicelink_fuzzer', 'cms_profile_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_virtual_profile_fuzzer', 'cms_dict_fuzzer', 'cms_postscript_fuzzer']
/src/lcms/src/cmssm.c ['cms_gdb_fuzzer'] ['cms_gdb_fuzzer']
/src/lcms/src/cmswtpnt.c ['cms_md5_fuzzer', 'cms_devicelink_fuzzer', 'cms_profile_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_virtual_profile_fuzzer', 'cms_postscript_fuzzer'] ['cms_md5_fuzzer', 'cms_profile_fuzzer', 'cms_universal_transform_fuzzer', 'cms_transform_extended_fuzzer', 'cms_transform_all_fuzzer', 'cms_transform_fuzzer', 'cms_overwrite_transform_fuzzer', 'cms_virtual_profile_fuzzer', 'cms_postscript_fuzzer']
/src/lcms/src/cmshalf.c [] []

Directories in report

Directory
/src/lcms/src/
/src/
/src/lcms/src/./

Metadata section

This sections shows the raw data that is used to produce this report. This is mainly used for further processing and developer debugging.

Fuzzer Calltree file Program data file Coverage file
cms_md5_fuzzer fuzzerLogFile-0-9XVRUCZaWJ.data fuzzerLogFile-0-9XVRUCZaWJ.data.yaml cms_md5_fuzzer.covreport
cms_cie_cam02_fuzzer fuzzerLogFile-0-JIxdU7RzQY.data fuzzerLogFile-0-JIxdU7RzQY.data.yaml cms_cie_cam02_fuzzer.covreport
cms_devicelink_fuzzer fuzzerLogFile-0-w3c9fu6IGl.data fuzzerLogFile-0-w3c9fu6IGl.data.yaml cms_devicelink_fuzzer.covreport
cms_profile_fuzzer fuzzerLogFile-0-XnxB6dsLuH.data fuzzerLogFile-0-XnxB6dsLuH.data.yaml cms_profile_fuzzer.covreport
cms_gdb_fuzzer fuzzerLogFile-0-juci0eFFlg.data fuzzerLogFile-0-juci0eFFlg.data.yaml cms_gdb_fuzzer.covreport
cms_cgats_fuzzer fuzzerLogFile-0-vXN4mpEfOJ.data fuzzerLogFile-0-vXN4mpEfOJ.data.yaml cms_cgats_fuzzer.covreport
cms_universal_transform_fuzzer fuzzerLogFile-0-MYVPFNqPYh.data fuzzerLogFile-0-MYVPFNqPYh.data.yaml cms_universal_transform_fuzzer.covreport
cms_transform_extended_fuzzer fuzzerLogFile-0-AnMXe4uSlH.data fuzzerLogFile-0-AnMXe4uSlH.data.yaml cms_transform_extended_fuzzer.covreport
cms_transform_all_fuzzer fuzzerLogFile-0-E32XTNHq08.data fuzzerLogFile-0-E32XTNHq08.data.yaml cms_transform_all_fuzzer.covreport
cms_transform_fuzzer fuzzerLogFile-0-LE6bTIqpY2.data fuzzerLogFile-0-LE6bTIqpY2.data.yaml cms_transform_fuzzer.covreport
cmsIT8_load_fuzzer fuzzerLogFile-0-C3K61ZktyO.data fuzzerLogFile-0-C3K61ZktyO.data.yaml cmsIT8_load_fuzzer.covreport
cms_overwrite_transform_fuzzer fuzzerLogFile-0-wMR1Sfpkjq.data fuzzerLogFile-0-wMR1Sfpkjq.data.yaml cms_overwrite_transform_fuzzer.covreport
cms_virtual_profile_fuzzer fuzzerLogFile-0-XBfQ36rvTz.data fuzzerLogFile-0-XBfQ36rvTz.data.yaml cms_virtual_profile_fuzzer.covreport
cms_dict_fuzzer fuzzerLogFile-0-q3Jwo10JBI.data fuzzerLogFile-0-q3Jwo10JBI.data.yaml cms_dict_fuzzer.covreport
cms_postscript_fuzzer fuzzerLogFile-0-3YBI6v9Maz.data fuzzerLogFile-0-3YBI6v9Maz.data.yaml cms_postscript_fuzzer.covreport