High level conclusions

Fuzzers reach 77.23% of cyclomatic complexity.

Fuzzers reach 61.10% of all functions.

Fuzzer block_fuzzer is blocked:

The runtime code coverage of block_fuzzer covers 15.51% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer oscore_decrypt_fuzzer is blocked:

The runtime code coverage of oscore_decrypt_fuzzer covers 19.71% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer network_message_fuzzer is blocked:

The runtime code coverage of network_message_fuzzer covers 25.61% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Reachability and coverage overview

Functions statically reachable by fuzzers

575 / 941

Cyclomatic complexity statically reachable by fuzzers

6841 / 8857

Runtime code coverage of functions

297 / 941

The following table shows data about each function in the project. The functions included in this table correspond to all functions that exist in the executables of the fuzzers. As such, there may be functions that are from third-party libraries.

For further technical details on the meaning of columns in the below table, please see the Glossary .

Func name	Functions filename	Args	Function call depth	Reached by Fuzzers	Runtime reached by Fuzzers	Combined reached by Fuzzers	Fuzzers runtime hit	Func lines hit %	I Count	BB Count	Cyclomatic complexity	Functions reached	Reached by functions	Accumulated cyclomatic complexity	Undiscovered complexity

Fuzzer: get_asn1_tag_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	17	54.8%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	14	45.1%
All colors	31	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
17	8	coap_new_string	call site: 00008	coap_log_impl

Runtime coverage analysis

Covered functions

9

Functions that are reachable but not covered

15

Reachable functions

24

Percentage of reachable functions covered

37.5%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/get_asn1_tag_target.c	1
src/coap_asn1.c	3
src/coap_str.c	3
src/coap_mem.c	2
src/coap_debug.c	4
src/coap_time.c	3

Fuzzer: split_uri_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	22	36.6%
gold	[1:9]	13	21.6%
yellow	[10:29]	2	3.33%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	23	38.3%
All colors	60	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
4	28	coap_dtls_is_supported	call site: 00028	coap_log_impl
4	40	coap_tls_is_supported	call site: 00040	coap_log_impl
4	50	coap_wss_is_supported	call site: 00050	coap_log_impl
2	25	coap_dtls_is_supported	call site: 00025	coap_log_impl
2	33	coap_split_uri_sub	call site: 00033	coap_log_impl
2	37	coap_tls_is_supported	call site: 00037	coap_log_impl
2	46	coap_ws_is_supported	call site: 00046	coap_log_impl
1	6	coap_split_uri_sub	call site: 00006	vsnprintf
1	17	coap_log_impl	call site: 00017	snprintf

Runtime coverage analysis

Covered functions

15

Functions that are reachable but not covered

12

Reachable functions

27

Percentage of reachable functions covered

55.56%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/split_uri_target.c	1
src/coap_uri.c	2
src/coap_debug.c	4
src/coap_time.c	3
src/coap_openssl.c	2
src/coap_strm_posix.c	1
src/coap_ws.c	2

Fuzzer: oscore_conf_parse_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	23	21.2%
gold	[1:9]	5	4.62%
yellow	[10:29]	9	8.33%
greenyellow	[30:49]	1	0.92%
lawngreen	50+	70	64.8%
All colors	108	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
16	32	coap_new_string	call site: 00032	coap_log_impl
2	16	coap_cleanup	call site: 00016	ENGINE_finish
2	87	coap_parse_oscore_conf_mem	call site: 00087	coap_log_impl
1	11	coap_dtls_startup	call site: 00011	OPENSSL_init_crypto
1	14	LLVMFuzzerTestOneInput	call site: 00014	coap_cleanup
1	76	coap_parse_oscore_conf_mem	call site: 00076	__assert_fail

Runtime coverage analysis

Covered functions

36

Functions that are reachable but not covered

22

Reachable functions

57

Percentage of reachable functions covered

61.4%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/oscore_conf_parse_target.c	1
src/coap_net.c	2
src/coap_time.c	4
src/coap_prng.c	2
src/coap_mem.c	4
src/coap_openssl.c	3
src/coap_debug.c	6
src/coap_oscore.c	6
src/coap_str.c	6
src/oscore/oscore_cose.c	4
src/oscore/oscore.c	1

Fuzzer: pdu_parse_tcp_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	82	19.9%
gold	[1:9]	9	2.18%
yellow	[10:29]	12	2.91%
greenyellow	[30:49]	2	0.48%
lawngreen	50+	306	74.4%
All colors	411	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
8	228	coap_show_pdu	call site: 00228	coap_log_impl
7	333	coap_show_pdu	call site: 00333	coap_log_impl
5	373	LLVMFuzzerTestOneInput	call site: 00373	coap_log_impl
4	94	coap_pdu_parse_opt	call site: 00094	coap_log_impl
4	143	coap_get_query	call site: 00143	coap_log_impl
4	179	coap_dtls_is_supported	call site: 00179	coap_log_impl
4	199	coap_wss_is_supported	call site: 00199	coap_log_impl
4	391	coap_pdu_encode_header	call site: 00391	coap_log_impl
3	31	coap_pdu_parse2	call site: 00031	coap_log_impl
3	53	coap_pdu_parse2	call site: 00053	coap_log_impl
3	57	coap_pdu_parse_header	call site: 00057	coap_log_impl
2	50	coap_realloc_type	call site: 00050	coap_log_impl

Runtime coverage analysis

Covered functions

78

Functions that are reachable but not covered

17

Reachable functions

94

Percentage of reachable functions covered

81.91%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/pdu_parse_tcp_target.c	1
src/coap_net.c	2
src/coap_time.c	4
src/coap_prng.c	2
src/coap_mem.c	4
src/coap_openssl.c	5
src/coap_pdu.c	18
src/coap_debug.c	13
src/coap_option.c	12
src/coap_encode.c	3
src/coap_uri.c	6
src/coap_str.c	3
src/coap_strm_posix.c	1
src/coap_ws.c	2
src/coap_block.c	1

Fuzzer: pdu_parse_ws_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	85	20.6%
gold	[1:9]	13	3.16%
yellow	[10:29]	10	2.43%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	303	73.7%
All colors	411	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
13	382	coap_pdu_encode_header	call site: 00382	coap_log_impl
8	228	coap_show_pdu	call site: 00228	coap_log_impl
7	333	coap_show_pdu	call site: 00333	coap_log_impl
5	373	LLVMFuzzerTestOneInput	call site: 00373	coap_log_impl
4	53	coap_pdu_parse2	call site: 00053	coap_log_impl
4	94	coap_pdu_parse_opt	call site: 00094	coap_log_impl
4	143	coap_get_query	call site: 00143	coap_log_impl
4	179	coap_dtls_is_supported	call site: 00179	coap_log_impl
4	199	coap_wss_is_supported	call site: 00199	coap_log_impl
3	31	coap_pdu_parse2	call site: 00031	coap_log_impl
2	50	coap_realloc_type	call site: 00050	coap_log_impl
2	58	coap_pdu_parse_header	call site: 00058	coap_log_impl

Runtime coverage analysis

Covered functions

78

Functions that are reachable but not covered

17

Reachable functions

94

Percentage of reachable functions covered

81.91%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/pdu_parse_ws_target.c	1
src/coap_net.c	2
src/coap_time.c	4
src/coap_prng.c	2
src/coap_mem.c	4
src/coap_openssl.c	5
src/coap_pdu.c	18
src/coap_debug.c	13
src/coap_option.c	12
src/coap_encode.c	3
src/coap_uri.c	6
src/coap_str.c	3
src/coap_strm_posix.c	1
src/coap_ws.c	2
src/coap_block.c	1

Fuzzer: pdu_parse_udp_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	84	20.4%
gold	[1:9]	12	2.91%
yellow	[10:29]	13	3.16%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	302	73.4%
All colors	411	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
19	376	coap_pdu_encode_header	call site: 00376	coap_log_impl
8	228	coap_show_pdu	call site: 00228	coap_log_impl
7	333	coap_show_pdu	call site: 00333	coap_log_impl
4	56	coap_pdu_parse_header	call site: 00056	coap_log_impl
4	94	coap_pdu_parse_opt	call site: 00094	coap_log_impl
4	143	coap_get_query	call site: 00143	coap_log_impl
4	179	coap_dtls_is_supported	call site: 00179	coap_log_impl
4	199	coap_wss_is_supported	call site: 00199	coap_log_impl
3	31	coap_pdu_parse2	call site: 00031	coap_log_impl
2	50	coap_realloc_type	call site: 00050	coap_log_impl
2	66	coap_pdu_parse_opt	call site: 00066	coap_log_impl
2	151	coap_new_string	call site: 00151	coap_log_impl

Runtime coverage analysis

Covered functions

78

Functions that are reachable but not covered

17

Reachable functions

94

Percentage of reachable functions covered

81.91%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/pdu_parse_udp_target.c	1
src/coap_net.c	2
src/coap_time.c	4
src/coap_prng.c	2
src/coap_mem.c	4
src/coap_openssl.c	5
src/coap_pdu.c	18
src/coap_debug.c	13
src/coap_option.c	12
src/coap_encode.c	3
src/coap_uri.c	6
src/coap_str.c	3
src/coap_strm_posix.c	1
src/coap_ws.c	2
src/coap_block.c	1

Fuzzer: network_message_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4103	86.8%
gold	[1:9]	88	1.86%
yellow	[10:29]	20	0.42%
greenyellow	[30:49]	4	0.08%
lawngreen	50+	509	10.7%
All colors	4724	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
513	2088	setup_pki_ssl	call site: 02088	coap_session_release_lkd
314	3034	coap_new_error_response	call site: 03034	coap_free_async_lkd
299	3468	coap_dispatch	call site: 03468	coap_oscore_decrypt_pdu
288	1421	coap_send_internal	call site: 01421	coap_pdu_duplicate_lkd
262	3852	coap_dispatch	call site: 03852	coap_send_ack_lkd
255	2706	handle_request	call site: 02706	coap_session_max_pdu_size_lkd
200	1883	coap_session_check_connect	call site: 01883	coap_session_release_lkd
186	4290	coap_epoll_ctl_mod	call site: 04290	coap_free_resource
185	1072	coap_send_internal	call site: 01072	coap_oscore_new_pdu_encrypted_lkd
164	800	coap_pdu_encode_header	call site: 00800	coap_send_internal
135	332	coap_option_filter_op	call site: 00332	handle_request
102	4519	coap_free_context_lkd	call site: 04519	coap_new_endpoint_lkd

Runtime coverage analysis

Covered functions

212

Functions that are reachable but not covered

578

Reachable functions

777

Percentage of reachable functions covered

25.61%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/network_message_target.c	7
src/coap_net.c	73
src/coap_time.c	5
src/coap_prng.c	2
src/coap_mem.c	5
src/coap_openssl.c	67
src/coap_debug.c	16
src/coap_address.c	14
src/coap_io.c	10
src/coap_session.c	54
src/coap_netif.c	11
src/coap_resource.c	19
src/coap_pdu.c	35
src/coap_io_posix.c	4
src/coap_option.c	21
src/coap_encode.c	6
src/coap_block.c	51
src/coap_async.c	4
src/coap_proxy.c	22
src/coap_uri.c	15
src/coap_strm_posix.c	6
src/coap_ws.c	2
src/coap_str.c	10
src/coap_cache.c	5
src/coap_oscore.c	14
./include/coap3/coap_uri.h	1
src/oscore/oscore_cose.c	19
src/oscore/oscore_context.c	21
src/oscore/oscore.c	8
src/oscore/oscore_cbor.c	11
src/coap_dgrm_posix.c	4
src/oscore/oscore_crypto.c	4
/usr/include/openssl/ssl.h	3
src/coap_dtls.c	4
/usr/include/openssl/x509v3.h	3
./include/coap3/coap_pdu_internal.h	1
src/coap_subscribe.c	3

Fuzzer: oscore_decrypt_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4296	91.4%
gold	[1:9]	52	1.10%
yellow	[10:29]	271	5.77%
greenyellow	[30:49]	16	0.34%
lawngreen	50+	61	1.29%
All colors	4696	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
806	2715	coap_session_free	call site: 02715	coap_session_max_pdu_size_lkd
719	3802	coap_oscore_decrypt_pdu	call site: 03802	coap_free_resource
584	2062	oscore_free_context	call site: 02062	coap_session_release_lkd
305	1459	coap_send_internal	call site: 01459	coap_pdu_duplicate_lkd
189	3611	coap_oscore_decrypt_pdu	call site: 03611	build_and_send_error_pdu
136	396	coap_option_filter_op	call site: 00396	handle_request
133	1208	oscore_cbor_put_text	call site: 01208	coap_send_internal
110	847	coap_pdu_encode_header	call site: 00847	coap_send_internal
102	4564	coap_free_context_lkd	call site: 04564	coap_new_endpoint_lkd
92	754	coap_add_option_internal	call site: 00754	coap_add_data_large_request_lkd
88	1346	coap_send_internal	call site: 01346	coap_session_disconnected_lkd
66	1058	coap_add_data_after	call site: 01058	coap_rebuild_pdu_for_proxy

Runtime coverage analysis

Covered functions

157

Functions that are reachable but not covered

611

Reachable functions

761

Percentage of reachable functions covered

19.71%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/oscore_decrypt_target.c	1
src/coap_net.c	58
src/coap_time.c	5
src/coap_prng.c	2
src/coap_mem.c	5
src/coap_openssl.c	65
src/coap_debug.c	16
src/coap_oscore.c	21
src/coap_str.c	10
src/coap_io.c	10
src/coap_session.c	54
src/coap_address.c	14
src/coap_netif.c	11
src/coap_resource.c	19
src/coap_pdu.c	35
src/coap_io_posix.c	4
src/coap_option.c	21
src/coap_encode.c	6
src/coap_block.c	51
src/coap_async.c	4
src/coap_proxy.c	22
src/coap_uri.c	15
src/coap_strm_posix.c	6
src/coap_ws.c	2
src/coap_cache.c	5
./include/coap3/coap_uri.h	1
src/oscore/oscore_cose.c	19
src/oscore/oscore_context.c	21
src/oscore/oscore.c	8
src/oscore/oscore_cbor.c	11
src/coap_dgrm_posix.c	4
src/oscore/oscore_crypto.c	4
/usr/include/openssl/ssl.h	3
src/coap_dtls.c	4
/usr/include/openssl/x509v3.h	3
./include/coap3/coap_pdu_internal.h	1
src/coap_subscribe.c	3

Fuzzer: block_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4370	93.0%
gold	[1:9]	57	1.21%
yellow	[10:29]	199	4.23%
greenyellow	[30:49]	22	0.46%
lawngreen	50+	47	1.00%
All colors	4695	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
966	3393	coap_pdu_parse_opt	call site: 03393	coap_handle_event_lkd
718	1876	coap_session_check_connect	call site: 01876	coap_session_release_lkd
687	2663	coap_session_free	call site: 02663	coap_session_max_pdu_size_lkd
292	994	coap_add_data_after	call site: 00994	coap_oscore_new_pdu_encrypted_lkd
248	1371	coap_delete_str_const	call site: 01371	coap_cancel_session_messages
197	696	coap_update_option	call site: 00696	coap_add_data_large_request_lkd
136	324	coap_option_filter_op	call site: 00324	handle_request
109	4360	coap_pdu_parse	call site: 04360	coap_free_resource
102	4512	coap_free_context_lkd	call site: 04512	coap_new_endpoint_lkd
95	894	coap_address_init	call site: 00894	coap_proxy_remove_association
82	1620	coap_add_block	call site: 01620	coap_send_internal
72	1298	coap_digest_free	call site: 01298	coap_session_disconnected_lkd

Runtime coverage analysis

Covered functions

120

Functions that are reachable but not covered

637

Reachable functions

754

Percentage of reachable functions covered

15.52%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/block_target.c	1
src/coap_net.c	58
src/coap_time.c	5
src/coap_prng.c	2
src/coap_mem.c	5
src/coap_openssl.c	65
src/coap_debug.c	15
src/coap_io.c	10
src/coap_session.c	53
src/coap_address.c	14
src/coap_netif.c	11
src/coap_resource.c	19
src/coap_pdu.c	35
src/coap_io_posix.c	4
src/coap_option.c	21
src/coap_encode.c	6
src/coap_block.c	56
src/coap_async.c	4
src/coap_proxy.c	22
src/coap_uri.c	15
src/coap_strm_posix.c	6
src/coap_ws.c	2
src/coap_str.c	10
src/coap_cache.c	5
src/coap_oscore.c	14
./include/coap3/coap_uri.h	1
src/oscore/oscore_cose.c	19
src/oscore/oscore_context.c	21
src/oscore/oscore.c	8
src/oscore/oscore_cbor.c	11
src/coap_dgrm_posix.c	4
src/oscore/oscore_crypto.c	4
/usr/include/openssl/ssl.h	3
src/coap_dtls.c	4
/usr/include/openssl/x509v3.h	3
./include/coap3/coap_pdu_internal.h	1
src/coap_subscribe.c	3

Optimal target analysis

Remaining optimal interesting functions

The following table shows a list of functions that are optimal targets. Optimal targets are identified by finding the functions that in combination, yield a high code coverage.

Func name	Functions filename	Arg count	Args	Function depth	hitcount	instr count	bb count	cyclomatic complexity	Reachable functions	Incoming references	total cyclomatic complexity	Unreached complexity
coap_ws_close	/src/libcoap/src/coap_ws.c	1	['N/A']	92	0	378	50	17	664	2	6741	218
coap_persist_startup	/src/libcoap/src/coap_subscribe.c	5	['N/A', 'N/A', 'N/A', 'N/A', 'int']	91	0	30	3	2	665	0	6695	170
hnd_get_wellknown_lkd	/src/libcoap/src/coap_net.c	5	['N/A', 'N/A', 'N/A', 'N/A', 'N/A']	92	0	304	50	16	652	0	6630	107
coap_netif_dgrm_write	/src/libcoap/src/coap_netif.c	3	['N/A', 'N/A', 'size_t']	8	0	155	30	9	61	0	302	61
coap_tls_engine_configure	/src/libcoap/src/coap_openssl.c	1	['N/A']	6	0	575	124	34	32	0	121	54
coap_add_resource	/src/libcoap/src/coap_resource.c	2	['N/A', 'N/A']	94	0	18	3	2	651	0	6586	45
coap_op_resource_deleted	/src/libcoap/src/coap_subscribe.c	3	['N/A', 'N/A', 'N/A']	6	0	252	40	16	37	0	129	40
coap_join_mcast_group_intf	/src/libcoap/src/coap_net.c	3	['N/A', 'N/A', 'N/A']	6	0	24	3	2	37	0	126	38
coap_session_set_type_server	/src/libcoap/src/coap_session.c	1	['N/A']	89	0	18	3	2	648	0	6559	36
coap_split_path	/src/libcoap/src/coap_uri.c	4	['N/A', 'size_t', 'N/A', 'N/A']	7	0	53	3	2	28	0	132	35

Implementing fuzzers that target the above functions will improve reachability such that it becomes:

Functions statically reachable by fuzzers

633 / 941

Cyclomatic complexity statically reachable by fuzzers

7615 / 8857

All functions overview

If you implement fuzzers for these functions, the status of all functions in the project will be:

Func name	Functions filename	Args	Function call depth	Reached by Fuzzers	Runtime reached by Fuzzers	Combined reached by Fuzzers	Fuzzers runtime hit	Func lines hit %	I Count	BB Count	Cyclomatic complexity	Functions reached	Reached by functions	Accumulated cyclomatic complexity	Undiscovered complexity

This sections provides heuristics that can be used as input to a fuzz engine when running a given fuzz target. The current focus is on providing input that is usable by libFuzzer.

tests/oss-fuzz/get_asn1_tag_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['coap_new_string']

tests/oss-fuzz/split_uri_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['coap_dtls_is_supported', 'coap_tls_is_supported', 'coap_wss_is_supported', 'coap_split_uri_sub', 'coap_ws_is_supported', 'coap_log_impl']

tests/oss-fuzz/oscore_conf_parse_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['coap_new_string', 'coap_cleanup', 'coap_parse_oscore_conf_mem', 'coap_dtls_startup', 'LLVMFuzzerTestOneInput']

tests/oss-fuzz/pdu_parse_tcp_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['coap_show_pdu', 'LLVMFuzzerTestOneInput', 'coap_pdu_parse_opt', 'coap_get_query', 'coap_dtls_is_supported', 'coap_wss_is_supported', 'coap_pdu_encode_header', 'coap_pdu_parse2']

tests/oss-fuzz/pdu_parse_ws_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['coap_pdu_encode_header', 'coap_show_pdu', 'LLVMFuzzerTestOneInput', 'coap_pdu_parse2', 'coap_pdu_parse_opt', 'coap_get_query', 'coap_dtls_is_supported', 'coap_wss_is_supported']

tests/oss-fuzz/pdu_parse_udp_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['coap_pdu_encode_header', 'coap_show_pdu', 'coap_pdu_parse_header', 'coap_pdu_parse_opt', 'coap_get_query', 'coap_dtls_is_supported', 'coap_wss_is_supported', 'coap_pdu_parse2', 'coap_realloc_type']

tests/oss-fuzz/network_message_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['setup_pki_ssl', 'coap_new_error_response', 'coap_dispatch', 'coap_send_internal', 'handle_request', 'coap_session_check_connect', 'coap_epoll_ctl_mod', 'coap_pdu_encode_header']

tests/oss-fuzz/oscore_decrypt_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['coap_session_free', 'coap_oscore_decrypt_pdu', 'oscore_free_context', 'coap_send_internal', 'coap_option_filter_op', 'oscore_cbor_put_text', 'coap_pdu_encode_header', 'coap_free_context_lkd', 'coap_add_option_internal']

tests/oss-fuzz/block_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['coap_pdu_parse_opt', 'coap_session_check_connect', 'coap_session_free', 'coap_add_data_after', 'coap_delete_str_const', 'coap_update_option', 'coap_option_filter_op', 'coap_pdu_parse', 'coap_free_context_lkd', 'coap_address_init']

This section shows analysis of runtime coverage data.

For futher technical details on how this section is generated, please see the Glossary .

Complex functions with low coverage

Func name	Function total lines	Lines covered at runtime	percentage covered	Reached by fuzzers
coap_get_block_b	40	8	20.0%	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
coap_socket_connect_udp	134	49	36.56%	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
coap_socket_send	109	12	11.00%	['network_message_fuzzer', 'oscore_decrypt_fuzzer']
coap_test_cid_tuple_change	31	4	12.90%	['network_message_fuzzer', 'oscore_decrypt_fuzzer']
coap_dtls_map_key_type_to_define	101	14	13.86%	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
coap_new_context	71	38	53.52%	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
coap_option_check_critical	121	60	49.58%	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
coap_send_internal	212	58	27.35%	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
coap_remove_from_queue	36	6	16.66%	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
coap_cancel_session_messages	32	5	15.62%	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
coap_call_response_handler	43	18	41.86%	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
coap_dispatch	382	125	32.72%	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
coap_handle_event_lkd	71	6	8.450%	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
coap_remove_from_queue_token	45	4	8.888%	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
handle_signaling	68	30	44.11%	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
handle_request	502	105	20.91%	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
no_response	61	14	22.95%	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
handle_response	75	18	24.0%	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
coap_dtls_send	49	17	34.69%	['network_message_fuzzer']
coap_dtls_info_callback	62	22	35.48%	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
coap_dgram_ctrl	61	31	50.81%	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
setup_pki_ssl	310	13	4.193%	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
coap_opt_setheader	47	20	42.55%	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
coap_add_token	49	24	48.97%	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
coap_remove_option	78	11	14.10%	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
coap_option_check_repeatable	40	9	22.5%	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
coap_insert_option	70	10	14.28%	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
coap_delete_proxy_subscriber	39	5	12.82%	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
coap_session_mfree	86	46	53.48%	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
coap_session_delay_pdu	37	17	45.94%	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
coap_session_connected	60	11	18.33%	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
coap_session_create_client	108	59	54.62%	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
coap_socket_connect_tcp1	92	37	40.21%	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
coap_socket_write	39	20	51.28%	['network_message_fuzzer']
coap_oscore_decrypt_pdu	634	91	14.35%	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
oscore_cbor_put_unsigned	37	9	24.32%	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
oscore_find_context	40	16	40.0%	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
oscore_log_context	39	4	10.25%	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
coap_add_data_blocked_response	101	55	54.45%	['block_fuzzer']
setup_block_b	35	17	48.57%	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
coap_update_option	36	9	25.0%	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']

This section shows which files and directories are considered in this report. The main reason for showing this is fuzz introspector may include more code in the reasoning than is desired. This section helps identify if too many files/directories are included, e.g. third party code, which may be irrelevant for the threat model. In the event too much is included, fuzz introspector supports a configuration file that can exclude data from the report. See the following link for more information on how to create a config file: link

Files in report

Source file	Reached by	Covered by
	[]	[]
/src/libcoap/src/coap_mem.c	['get_asn1_tag_fuzzer', 'oscore_conf_parse_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'pdu_parse_udp_fuzzer', 'network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']	['get_asn1_tag_fuzzer', 'oscore_conf_parse_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'pdu_parse_udp_fuzzer', 'network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
/usr/include/openssl/ssl.h	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']	[]
/src/libcoap/tests/oss-fuzz/get_asn1_tag_target.c	['get_asn1_tag_fuzzer']	['get_asn1_tag_fuzzer']
/src/libcoap/src/coap_subscribe.c	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
/src/libcoap/src/coap_prng.c	['oscore_conf_parse_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'pdu_parse_udp_fuzzer', 'network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']	['oscore_conf_parse_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'pdu_parse_udp_fuzzer', 'network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
/src/libcoap/src/coap_net.c	['oscore_conf_parse_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'pdu_parse_udp_fuzzer', 'network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']	['oscore_conf_parse_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'pdu_parse_udp_fuzzer', 'network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
/src/libcoap/src/coap_async.c	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
/src/libcoap/src/coap_cache.c	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']	[]
/src/libcoap/src/oscore/oscore_crypto.c	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']	['oscore_decrypt_fuzzer']
/src/libcoap/src/coap_str.c	['get_asn1_tag_fuzzer', 'oscore_conf_parse_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'pdu_parse_udp_fuzzer', 'network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']	['get_asn1_tag_fuzzer', 'oscore_conf_parse_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'pdu_parse_udp_fuzzer', 'network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
/src/libcoap/tests/oss-fuzz/block_target.c	['block_fuzzer']	['block_fuzzer']
/src/libcoap/src/coap_encode.c	['pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'pdu_parse_udp_fuzzer', 'network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']	['pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'pdu_parse_udp_fuzzer', 'network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
/src/libcoap/src/coap_io_posix.c	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
/src/libcoap/src/coap_pdu.c	['pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'pdu_parse_udp_fuzzer', 'network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']	['pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'pdu_parse_udp_fuzzer', 'network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
/src/libcoap/src/oscore/oscore_context.c	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
/src/libcoap/src/oscore/oscore.c	['oscore_conf_parse_fuzzer', 'network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']	['oscore_conf_parse_fuzzer', 'oscore_decrypt_fuzzer']
/src/libcoap/src/coap_time.c	['get_asn1_tag_fuzzer', 'split_uri_fuzzer', 'oscore_conf_parse_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'pdu_parse_udp_fuzzer', 'network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']	['split_uri_fuzzer', 'oscore_conf_parse_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'pdu_parse_udp_fuzzer', 'network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
/src/libcoap/src/coap_io.c	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']	['network_message_fuzzer']
/src/libcoap/src/coap_option.c	['pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'pdu_parse_udp_fuzzer', 'network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']	['pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'pdu_parse_udp_fuzzer', 'network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
/src/libcoap/src/coap_oscore.c	['oscore_conf_parse_fuzzer', 'network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']	['oscore_conf_parse_fuzzer', 'network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
/src/libcoap/src/oscore/oscore_cbor.c	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']	['oscore_decrypt_fuzzer']
/src/libcoap/tests/oss-fuzz/oscore_conf_parse_target.c	['oscore_conf_parse_fuzzer']	['oscore_conf_parse_fuzzer']
/src/libcoap/src/coap_session.c	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
/src/libcoap/src/coap_proxy.c	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
/src/libcoap/tests/oss-fuzz/pdu_parse_ws_target.c	['pdu_parse_ws_fuzzer']	['pdu_parse_ws_fuzzer']
/src/libcoap/src/coap_asn1.c	['get_asn1_tag_fuzzer']	['get_asn1_tag_fuzzer']
/src/libcoap/src/coap_dtls.c	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']	['network_message_fuzzer']
/src/libcoap/tests/oss-fuzz/oscore_decrypt_target.c	['oscore_decrypt_fuzzer']	['oscore_decrypt_fuzzer']
/src/libcoap/src/coap_strm_posix.c	['split_uri_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'pdu_parse_udp_fuzzer', 'network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']	['split_uri_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'pdu_parse_udp_fuzzer', 'network_message_fuzzer']
/src/libcoap/./include/coap3/coap_uri.h	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']	[]
/src/libcoap/./include/coap3/coap_address.h	[]	[]
/src/libcoap/./include/coap3/coap_pdu_internal.h	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']	[]
/src/libcoap/src/oscore/oscore_cose.c	['oscore_conf_parse_fuzzer', 'network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']	['oscore_conf_parse_fuzzer', 'oscore_decrypt_fuzzer']
/src/libcoap/tests/oss-fuzz/network_message_target.c	['network_message_fuzzer']	['network_message_fuzzer']
/src/libcoap/src/coap_debug.c	['get_asn1_tag_fuzzer', 'split_uri_fuzzer', 'oscore_conf_parse_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'pdu_parse_udp_fuzzer', 'network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']	['split_uri_fuzzer', 'oscore_conf_parse_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'pdu_parse_udp_fuzzer', 'network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
/src/libcoap/src/coap_dgrm_posix.c	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
/src/libcoap/tests/oss-fuzz/pdu_parse_tcp_target.c	['pdu_parse_tcp_fuzzer']	['pdu_parse_tcp_fuzzer']
/src/libcoap/src/coap_ws.c	['split_uri_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'pdu_parse_udp_fuzzer', 'network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']	['split_uri_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'pdu_parse_udp_fuzzer']
/src/libcoap/src/coap_netif.c	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
/usr/include/openssl/x509v3.h	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']	[]
/src/libcoap/src/coap_resource.c	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
/src/libcoap/src/coap_uri.c	['split_uri_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'pdu_parse_udp_fuzzer', 'network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']	['split_uri_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'pdu_parse_udp_fuzzer', 'network_message_fuzzer']
/src/libcoap/src/coap_block.c	['pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'pdu_parse_udp_fuzzer', 'network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']	['pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'pdu_parse_udp_fuzzer', 'network_message_fuzzer', 'block_fuzzer']
/src/libcoap/tests/oss-fuzz/split_uri_target.c	['split_uri_fuzzer']	['split_uri_fuzzer']
/src/libcoap/src/coap_openssl.c	['split_uri_fuzzer', 'oscore_conf_parse_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'pdu_parse_udp_fuzzer', 'network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']	['split_uri_fuzzer', 'oscore_conf_parse_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'pdu_parse_udp_fuzzer', 'network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']
/src/libcoap/tests/oss-fuzz/pdu_parse_udp_target.c	['pdu_parse_udp_fuzzer']	['pdu_parse_udp_fuzzer']
/src/libcoap/src/coap_address.c	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']	['network_message_fuzzer', 'oscore_decrypt_fuzzer', 'block_fuzzer']

Directories in report

Directory
/src/libcoap/tests/oss-fuzz/
/src/libcoap/./include/coap3/
/src/libcoap/src/oscore/
/usr/include/openssl/
/src/libcoap/src/