High level conclusions

Fuzzers reach 81.09% of cyclomatic complexity.

Fuzzers reach 66.39% of all functions.

Fuzzer block_fuzzer is blocked:

The runtime code coverage of block_fuzzer covers 26.64% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer async_fuzzer is blocked:

The runtime code coverage of async_fuzzer covers 23.58% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer network_message_fuzzer is blocked:

The runtime code coverage of network_message_fuzzer covers 26.71% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer observe_fuzzer is blocked:

The runtime code coverage of observe_fuzzer covers 24.17% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer block_check_fuzzer is blocked:

The runtime code coverage of block_check_fuzzer covers 23.16% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer persist_fuzzer is blocked:

The runtime code coverage of persist_fuzzer covers 23.08% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer oscore_decrypt_fuzzer is blocked:

The runtime code coverage of oscore_decrypt_fuzzer covers 23.12% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Reachability and coverage overview

Functions statically reachable by fuzzers

652 / 982

Cyclomatic complexity statically reachable by fuzzers

7496 / 9243

Runtime code coverage of functions

465 / 982

The following table shows data about each function in the project. The functions included in this table correspond to all functions that exist in the executables of the fuzzers. As such, there may be functions that are from third-party libraries.

For further technical details on the meaning of columns in the below table, please see the Glossary .

Func name	Functions filename	Args	Function call depth	Reached by Fuzzers	Runtime reached by Fuzzers	Combined reached by Fuzzers	Fuzzers runtime hit	Func lines hit %	I Count	BB Count	Cyclomatic complexity	Functions reached	Reached by functions	Accumulated cyclomatic complexity	Undiscovered complexity

Fuzzer: get_asn1_tag_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	17	53.1%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	15	46.8%
All colors	32	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
17	9	coap_new_string	call site: 00009	coap_log_impl

Runtime coverage analysis

Covered functions

10

Functions that are reachable but not covered

15

Reachable functions

25

Percentage of reachable functions covered

40.0%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/get_asn1_tag_target.c	1
src/coap_asn1.c	4
src/coap_str.c	3
src/coap_mem.c	2
src/coap_debug.c	4
src/coap_time.c	3

Fuzzer: pdu_parse_tcp_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	85	19.2%
gold	[1:9]	15	3.39%
yellow	[10:29]	9	2.03%
greenyellow	[30:49]	8	1.80%
lawngreen	50+	325	73.5%
All colors	442	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
8	248	coap_show_pdu	call site: 00248	coap_log_impl
7	361	coap_show_pdu	call site: 00361	coap_log_impl
5	401	LLVMFuzzerTestOneInput	call site: 00401	coap_log_impl
4	102	coap_pdu_parse_opt	call site: 00102	coap_log_impl
4	107	coap_pdu_parse_opt	call site: 00107	coap_log_impl
4	193	coap_dtls_is_supported	call site: 00193	coap_log_impl
4	213	coap_wss_is_supported	call site: 00213	coap_log_impl
4	419	coap_pdu_encode_header	call site: 00419	coap_log_impl
3	31	coap_pdu_parse2	call site: 00031	coap_log_impl
3	53	coap_pdu_parse2	call site: 00053	coap_log_impl
3	57	coap_pdu_parse_header	call site: 00057	coap_log_impl
3	174	coap_get_uri_path	call site: 00174	coap_new_string

Runtime coverage analysis

Covered functions

81

Functions that are reachable but not covered

18

Reachable functions

98

Percentage of reachable functions covered

81.63%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/pdu_parse_tcp_target.c	1
src/coap_net.c	2
src/coap_time.c	4
src/coap_prng.c	2
src/coap_mem.c	4
src/coap_openssl.c	5
src/coap_pdu.c	18
src/coap_debug.c	13
src/coap_option.c	12
src/coap_encode.c	3
src/coap_uri.c	9
src/coap_str.c	3
src/coap_strm_posix.c	1
src/coap_ws.c	2
src/coap_block.c	1

Fuzzer: pdu_parse_ws_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	88	19.9%
gold	[1:9]	13	2.94%
yellow	[10:29]	15	3.39%
greenyellow	[30:49]	5	1.13%
lawngreen	50+	321	72.6%
All colors	442	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
13	410	coap_pdu_encode_header	call site: 00410	coap_log_impl
8	248	coap_show_pdu	call site: 00248	coap_log_impl
7	361	coap_show_pdu	call site: 00361	coap_log_impl
5	401	LLVMFuzzerTestOneInput	call site: 00401	coap_log_impl
4	53	coap_pdu_parse2	call site: 00053	coap_log_impl
4	102	coap_pdu_parse_opt	call site: 00102	coap_log_impl
4	107	coap_pdu_parse_opt	call site: 00107	coap_log_impl
4	193	coap_dtls_is_supported	call site: 00193	coap_log_impl
4	213	coap_wss_is_supported	call site: 00213	coap_log_impl
3	31	coap_pdu_parse2	call site: 00031	coap_log_impl
3	174	coap_get_uri_path	call site: 00174	coap_new_string
2	50	coap_realloc_type	call site: 00050	coap_log_impl

Runtime coverage analysis

Covered functions

81

Functions that are reachable but not covered

18

Reachable functions

98

Percentage of reachable functions covered

81.63%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/pdu_parse_ws_target.c	1
src/coap_net.c	2
src/coap_time.c	4
src/coap_prng.c	2
src/coap_mem.c	4
src/coap_openssl.c	5
src/coap_pdu.c	18
src/coap_debug.c	13
src/coap_option.c	12
src/coap_encode.c	3
src/coap_uri.c	9
src/coap_str.c	3
src/coap_strm_posix.c	1
src/coap_ws.c	2
src/coap_block.c	1

Fuzzer: split_uri_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	22	33.3%
gold	[1:9]	13	19.6%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	4	6.06%
lawngreen	50+	27	40.9%
All colors	66	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
4	28	coap_dtls_is_supported	call site: 00028	coap_log_impl
4	40	coap_tls_is_supported	call site: 00040	coap_log_impl
4	50	coap_wss_is_supported	call site: 00050	coap_log_impl
2	25	coap_dtls_is_supported	call site: 00025	coap_log_impl
2	33	coap_split_uri_sub	call site: 00033	coap_log_impl
2	37	coap_tls_is_supported	call site: 00037	coap_log_impl
2	46	coap_ws_is_supported	call site: 00046	coap_log_impl
1	6	coap_split_uri_sub	call site: 00006	vsnprintf
1	17	coap_log_impl	call site: 00017	snprintf

Runtime coverage analysis

Covered functions

15

Functions that are reachable but not covered

13

Reachable functions

28

Percentage of reachable functions covered

53.57%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/split_uri_target.c	1
src/coap_uri.c	2
src/coap_debug.c	4
src/coap_time.c	3
src/coap_openssl.c	2
src/coap_strm_posix.c	1
src/coap_ws.c	2

Fuzzer: oscore_decrypt_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4404	89.8%
gold	[1:9]	106	2.16%
yellow	[10:29]	55	1.12%
greenyellow	[30:49]	273	5.56%
lawngreen	50+	65	1.32%
All colors	4903	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
1002	2436	coap_oscore_init	call site: 02436	coap_session_release_lkd
713	4105	coap_oscore_decrypt_pdu	call site: 04105	coap_delete_node_lkd
380	3448	coap_session_free	call site: 03448	coap_dtls_handle_timeout
256	1145	coap_pdu_encode_header	call site: 01145	coap_proxy_forward_request_lkd
245	1914	coap_session_connected	call site: 01914	coap_handle_event_lkd
224	819	coap_show_pdu	call site: 00819	coap_session_release_lkd
83	4020	coap_oscore_decrypt_pdu	call site: 04020	coap_handle_event_lkd
80	562	coap_option_filter_get	call site: 00562	coap_split_proxy_uri
73	1838	coap_send_internal	call site: 01838	coap_io_process_lkd
69	235	coap_dtls_new_context	call site: 00235	coap_session_str
67	383	coap_dtls_free_context	call site: 00383	coap_new_endpoint_lkd
66	84	coap_delete_bin_const	call site: 00084	coap_parse_oscore_rcp_conf_mem

Runtime coverage analysis

Covered functions

189

Functions that are reachable but not covered

605

Reachable functions

787

Percentage of reachable functions covered

23.13%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/oscore_decrypt_target.c	1
src/coap_net.c	59
src/coap_time.c	5
src/coap_prng.c	2
src/coap_mem.c	5
src/coap_openssl.c	65
src/coap_debug.c	17
src/coap_oscore.c	25
src/coap_str.c	10
src/coap_io.c	10
src/coap_session.c	54
src/coap_address.c	16
src/coap_netif.c	11
src/coap_strm_posix.c	6
src/coap_ws.c	2
src/coap_dgrm_posix.c	4
src/coap_io_posix.c	4
src/coap_proxy.c	22
src/coap_uri.c	20
src/coap_option.c	21
src/coap_encode.c	6
src/coap_pdu.c	35
src/coap_cache.c	5
src/coap_block.c	51
src/coap_resource.c	20
./include/coap3/coap_pdu_internal.h	1
./include/coap3/coap_resource_internal.h	1
./include/coap3/coap_uri.h	1
src/oscore/oscore_cose.c	19
src/oscore/oscore_context.c	22
src/oscore/oscore.c	8
src/oscore/oscore_cbor.c	11
./include/coap3/coap_block_internal.h	6
src/oscore/oscore_crypto.c	4
/usr/include/openssl/ssl.h	3
src/coap_dtls.c	4
/usr/include/openssl/x509v3.h	3
src/coap_async.c	4
src/coap_subscribe.c	3

Fuzzer: persist_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4412	88.3%
gold	[1:9]	23	0.46%
yellow	[10:29]	5	0.10%
greenyellow	[30:49]	3	0.06%
lawngreen	50+	550	11.0%
All colors	4993	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
997	3656	coap_pdu_parse_opt	call site: 03656	coap_handle_event_lkd
501	2228	coap_make_str_const	call site: 02228	coap_session_release_lkd
291	1802	coap_session_connected	call site: 01802	coap_handle_event_lkd
254	3353	coap_session_free	call site: 03353	coap_dtls_handle_timeout
219	1358	coap_send_internal	call site: 01358	coap_oscore_new_pdu_encrypted_lkd
179	2958	coap_get_resource_from_uri_path_lkd	call site: 02958	coap_session_max_pdu_size_lkd
170	1029	coap_pdu_encode_header	call site: 01029	coap_proxy_forward_request_lkd
164	3179	coap_touch_observer	call site: 03179	coap_delete_observer_request
152	2742	coap_cache_derive_key_w_ignore	call site: 02742	coap_cancel_observe_lkd
146	703	coap_show_pdu	call site: 00703	coap_option_next
111	1206	coap_new_bin_const	call site: 01206	coap_send_internal
71	4654	coap_pdu_parse	call site: 04654	coap_handle_event_lkd

Runtime coverage analysis

Covered functions

197

Functions that are reachable but not covered

623

Reachable functions

810

Percentage of reachable functions covered

23.09%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/persist_target.c	5
src/coap_subscribe.c	15
src/coap_net.c	59
src/coap_time.c	5
src/coap_prng.c	2
src/coap_mem.c	5
src/coap_openssl.c	65
src/coap_debug.c	15
src/coap_io.c	10
src/coap_session.c	54
src/coap_address.c	16
src/coap_netif.c	11
src/coap_strm_posix.c	6
src/coap_ws.c	2
src/coap_dgrm_posix.c	4
src/coap_io_posix.c	4
src/coap_proxy.c	22
src/coap_uri.c	20
src/coap_option.c	21
src/coap_encode.c	6
src/coap_str.c	10
src/coap_pdu.c	35
src/coap_cache.c	5
src/coap_block.c	51
src/coap_resource.c	29
./include/coap3/coap_pdu_internal.h	1
./include/coap3/coap_resource_internal.h	1
src/coap_oscore.c	16
./include/coap3/coap_uri.h	1
src/oscore/oscore_cose.c	19
src/oscore/oscore_context.c	22
src/oscore/oscore.c	8
src/oscore/oscore_cbor.c	13
./include/coap3/coap_block_internal.h	6
src/oscore/oscore_crypto.c	4
/usr/include/openssl/ssl.h	3
src/coap_dtls.c	4
/usr/include/openssl/x509v3.h	3
src/coap_async.c	4

Fuzzer: pdu_parse_udp_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	87	19.6%
gold	[1:9]	18	4.07%
yellow	[10:29]	12	2.71%
greenyellow	[30:49]	5	1.13%
lawngreen	50+	320	72.3%
All colors	442	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
19	404	coap_pdu_encode_header	call site: 00404	coap_log_impl
8	248	coap_show_pdu	call site: 00248	coap_log_impl
7	361	coap_show_pdu	call site: 00361	coap_log_impl
4	56	coap_pdu_parse_header	call site: 00056	coap_log_impl
4	102	coap_pdu_parse_opt	call site: 00102	coap_log_impl
4	107	coap_pdu_parse_opt	call site: 00107	coap_log_impl
4	193	coap_dtls_is_supported	call site: 00193	coap_log_impl
4	213	coap_wss_is_supported	call site: 00213	coap_log_impl
3	31	coap_pdu_parse2	call site: 00031	coap_log_impl
3	174	coap_get_uri_path	call site: 00174	coap_new_string
2	50	coap_realloc_type	call site: 00050	coap_log_impl
2	155	coap_new_string	call site: 00155	coap_log_impl

Runtime coverage analysis

Covered functions

81

Functions that are reachable but not covered

18

Reachable functions

98

Percentage of reachable functions covered

81.63%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/pdu_parse_udp_target.c	1
src/coap_net.c	2
src/coap_time.c	4
src/coap_prng.c	2
src/coap_mem.c	4
src/coap_openssl.c	5
src/coap_pdu.c	18
src/coap_debug.c	13
src/coap_option.c	12
src/coap_encode.c	3
src/coap_uri.c	9
src/coap_str.c	3
src/coap_strm_posix.c	1
src/coap_ws.c	2
src/coap_block.c	1

Fuzzer: oscore_conf_parse_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	30	17.7%
gold	[1:9]	18	10.6%
yellow	[10:29]	12	7.10%
greenyellow	[30:49]	8	4.73%
lawngreen	50+	101	59.7%
All colors	169	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
16	41	coap_new_string	call site: 00041	coap_log_impl
4	93	coap_delete_bin_const	call site: 00093	coap_log_impl
4	121	coap_parse_oscore_rcp_conf_mem	call site: 00121	coap_log_impl
2	16	coap_cleanup	call site: 00016	ENGINE_finish
1	11	coap_dtls_startup	call site: 00011	OPENSSL_init_crypto
1	14	LLVMFuzzerTestOneInput	call site: 00014	coap_cleanup
1	20	coap_cleanup	call site: 00020	coap_free_type
1	143	coap_parse_oscore_conf_mem	call site: 00143	__assert_fail

Runtime coverage analysis

Covered functions

40

Functions that are reachable but not covered

21

Reachable functions

60

Percentage of reachable functions covered

65.0%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/oscore_conf_parse_target.c	1
src/coap_net.c	2
src/coap_time.c	4
src/coap_prng.c	2
src/coap_mem.c	3
src/coap_openssl.c	3
src/coap_debug.c	6
src/coap_uri.c	1
src/coap_oscore.c	10
src/coap_str.c	6
src/oscore/oscore_cose.c	4
src/oscore/oscore.c	1

Fuzzer: block_check_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4374	89.0%
gold	[1:9]	11	0.22%
yellow	[10:29]	376	7.65%
greenyellow	[30:49]	49	0.99%
lawngreen	50+	104	2.11%
All colors	4914	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
1220	3477	coap_io_do_epoll_lkd	call site: 03477	coap_read_endpoint
628	2228	coap_make_str_const	call site: 02228	coap_session_release_lkd
268	1318	coap_pdu_parse_opt_base	call site: 01318	coap_oscore_new_pdu_encrypted_lkd
195	1004	coap_socket_connect_udp	call site: 01004	coap_session_reestablished
163	2958	coap_get_resource_from_uri_path_lkd	call site: 02958	coap_session_max_pdu_size_lkd
159	703	coap_show_pdu	call site: 00703	coap_session_release_lkd
153	3122	coap_add_block_b_data	call site: 03122	coap_send_internal
115	1978	coap_add_block	call site: 01978	coap_send_internal
86	1701	coap_add_option	call site: 01701	coap_send_internal
69	112	coap_dtls_new_context	call site: 00112	coap_session_str
66	456	coap_new_string	call site: 00456	coap_split_proxy_uri
63	3353	coap_session_free	call site: 03353	coap_dtls_handle_timeout

Runtime coverage analysis

Covered functions

186

Functions that are reachable but not covered

607

Reachable functions

790

Percentage of reachable functions covered

23.16%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/block_check_target.c	2
src/coap_net.c	59
src/coap_time.c	5
src/coap_prng.c	2
src/coap_mem.c	5
src/coap_openssl.c	65
src/coap_debug.c	17
src/coap_io.c	10
src/coap_session.c	55
src/coap_address.c	16
src/coap_netif.c	11
src/coap_strm_posix.c	6
src/coap_ws.c	2
src/coap_dgrm_posix.c	4
src/coap_io_posix.c	5
src/coap_proxy.c	22
src/coap_uri.c	20
src/coap_option.c	21
src/coap_encode.c	6
src/coap_str.c	10
src/coap_pdu.c	35
src/coap_cache.c	5
src/coap_block.c	58
src/coap_resource.c	23
./include/coap3/coap_pdu_internal.h	1
./include/coap3/coap_resource_internal.h	1
src/coap_oscore.c	16
./include/coap3/coap_uri.h	1
src/oscore/oscore_cose.c	19
src/oscore/oscore_context.c	22
src/oscore/oscore.c	8
src/oscore/oscore_cbor.c	11
./include/coap3/coap_block_internal.h	6
src/oscore/oscore_crypto.c	4
/usr/include/openssl/ssl.h	3
src/coap_dtls.c	4
/usr/include/openssl/x509v3.h	3
src/coap_async.c	4
src/coap_subscribe.c	3
src/coap_event.c	1

Fuzzer: observe_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4240	87.3%
gold	[1:9]	52	1.07%
yellow	[10:29]	55	1.13%
greenyellow	[30:49]	232	4.78%
lawngreen	50+	274	5.64%
All colors	4853	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
501	2227	coap_make_str_const	call site: 02227	coap_session_release_lkd
347	4104	coap_dispatch	call site: 04104	handle_response
296	3724	coap_dispatch	call site: 03724	coap_oscore_decrypt_pdu
291	1801	coap_session_connected	call site: 01801	coap_handle_event_lkd
263	4459	coap_handle_dgram	call site: 04459	coap_handle_event_lkd
260	1028	coap_pdu_encode_header	call site: 01028	coap_proxy_forward_request_lkd
245	3352	coap_session_free	call site: 03352	coap_dtls_handle_timeout
219	1357	coap_send_internal	call site: 01357	coap_oscore_new_pdu_encrypted_lkd
153	2977	handle_request	call site: 02977	coap_handle_request_put_block
152	2741	coap_cache_derive_key_w_ignore	call site: 02741	coap_cancel_observe_lkd
146	702	coap_show_pdu	call site: 00702	coap_option_next
75	3267	coap_new_error_response	call site: 03267	coap_resource_release_lkd

Runtime coverage analysis

Covered functions

197

Functions that are reachable but not covered

596

Reachable functions

786

Percentage of reachable functions covered

24.17%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/observe_target.c	3
src/coap_net.c	59
src/coap_time.c	5
src/coap_prng.c	2
src/coap_mem.c	5
src/coap_openssl.c	65
src/coap_debug.c	17
src/coap_io.c	10
src/coap_session.c	54
src/coap_address.c	16
src/coap_netif.c	11
src/coap_strm_posix.c	6
src/coap_ws.c	2
src/coap_dgrm_posix.c	4
src/coap_io_posix.c	4
src/coap_proxy.c	22
src/coap_uri.c	20
src/coap_option.c	21
src/coap_encode.c	6
src/coap_str.c	10
src/coap_pdu.c	35
src/coap_cache.c	5
src/coap_block.c	51
src/coap_resource.c	25
./include/coap3/coap_pdu_internal.h	1
./include/coap3/coap_resource_internal.h	1
src/coap_oscore.c	16
./include/coap3/coap_uri.h	1
src/oscore/oscore_cose.c	19
src/oscore/oscore_context.c	22
src/oscore/oscore.c	8
src/oscore/oscore_cbor.c	11
./include/coap3/coap_block_internal.h	6
src/oscore/oscore_crypto.c	4
/usr/include/openssl/ssl.h	3
src/coap_dtls.c	4
/usr/include/openssl/x509v3.h	3
src/coap_async.c	4
src/coap_subscribe.c	3
src/coap_event.c	1
tests/oss-fuzz/coap_fuzz_helper.c	2

Fuzzer: network_message_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4124	84.5%
gold	[1:9]	36	0.73%
yellow	[10:29]	56	1.14%
greenyellow	[30:49]	38	0.77%
lawngreen	50+	626	12.8%
All colors	4880	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
504	2412	setup_pki_ssl	call site: 02412	coap_session_release_lkd
296	3725	coap_dispatch	call site: 03725	coap_oscore_decrypt_pdu
291	1802	coap_session_connected	call site: 01802	coap_handle_event_lkd
266	4106	coap_dispatch	call site: 04106	coap_send_ack_lkd
245	3353	coap_session_free	call site: 03353	coap_dtls_handle_timeout
239	2964	handle_request	call site: 02964	coap_session_max_pdu_size_lkd
217	2190	coap_session_check_connect	call site: 02190	coap_session_release_lkd
215	1038	coap_pdu_encode_header	call site: 01038	coap_proxy_forward_request_lkd
186	1362	coap_send_internal	call site: 01362	coap_oscore_new_pdu_encrypted_lkd
155	704	coap_show_pdu	call site: 00704	coap_session_release_lkd
144	4568	coap_epoll_ctl_mod	call site: 04568	coap_accept_endpoint
75	3268	coap_new_error_response	call site: 03268	coap_resource_release_lkd

Runtime coverage analysis

Covered functions

226

Functions that are reachable but not covered

587

Reachable functions

801

Percentage of reachable functions covered

26.72%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/network_message_target.c	7
src/coap_net.c	74
src/coap_time.c	5
src/coap_prng.c	2
src/coap_mem.c	5
src/coap_openssl.c	67
src/coap_debug.c	17
src/coap_address.c	16
src/coap_io.c	10
src/coap_session.c	54
src/coap_netif.c	11
src/coap_strm_posix.c	6
src/coap_ws.c	2
src/coap_dgrm_posix.c	4
src/coap_io_posix.c	4
src/coap_proxy.c	22
src/coap_uri.c	20
src/coap_option.c	21
src/coap_encode.c	6
src/coap_str.c	10
src/coap_pdu.c	35
src/coap_cache.c	5
src/coap_block.c	51
src/coap_resource.c	20
./include/coap3/coap_pdu_internal.h	1
./include/coap3/coap_resource_internal.h	1
src/coap_oscore.c	16
./include/coap3/coap_uri.h	1
src/oscore/oscore_cose.c	19
src/oscore/oscore_context.c	22
src/oscore/oscore.c	8
src/oscore/oscore_cbor.c	11
./include/coap3/coap_block_internal.h	6
src/oscore/oscore_crypto.c	4
/usr/include/openssl/ssl.h	3
src/coap_dtls.c	4
/usr/include/openssl/x509v3.h	3
src/coap_async.c	4
src/coap_subscribe.c	3

Fuzzer: async_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4303	87.7%
gold	[1:9]	72	1.46%
yellow	[10:29]	108	2.20%
greenyellow	[30:49]	297	6.05%
lawngreen	50+	122	2.48%
All colors	4902	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
673	2227	coap_make_str_const	call site: 02227	coap_session_release_lkd
347	4104	coap_dispatch	call site: 04104	handle_response
327	3724	coap_dispatch	call site: 03724	coap_oscore_decrypt_pdu
291	1801	coap_session_connected	call site: 01801	coap_handle_event_lkd
263	4459	coap_handle_dgram	call site: 04459	coap_handle_event_lkd
260	1028	coap_pdu_encode_header	call site: 01028	coap_proxy_forward_request_lkd
245	3352	coap_session_free	call site: 03352	coap_dtls_handle_timeout
219	1357	coap_send_internal	call site: 01357	coap_oscore_new_pdu_encrypted_lkd
218	2976	handle_request	call site: 02976	coap_handle_request_put_block
155	702	coap_show_pdu	call site: 00702	coap_session_release_lkd
69	111	coap_dtls_new_context	call site: 00111	coap_session_str
69	259	coap_dtls_free_context	call site: 00259	coap_new_endpoint_lkd

Runtime coverage analysis

Covered functions

195

Functions that are reachable but not covered

609

Reachable functions

797

Percentage of reachable functions covered

23.59%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/async_target.c	3
src/coap_net.c	59
src/coap_time.c	5
src/coap_prng.c	2
src/coap_mem.c	5
src/coap_openssl.c	65
src/coap_debug.c	17
src/coap_io.c	10
src/coap_session.c	55
src/coap_address.c	16
src/coap_netif.c	11
src/coap_strm_posix.c	6
src/coap_ws.c	2
src/coap_dgrm_posix.c	4
src/coap_io_posix.c	4
src/coap_proxy.c	22
src/coap_uri.c	20
src/coap_option.c	21
src/coap_encode.c	6
src/coap_str.c	10
src/coap_pdu.c	35
src/coap_cache.c	5
src/coap_block.c	51
src/coap_resource.c	24
./include/coap3/coap_pdu_internal.h	1
./include/coap3/coap_resource_internal.h	1
src/coap_oscore.c	16
./include/coap3/coap_uri.h	1
src/oscore/oscore_cose.c	19
src/oscore/oscore_context.c	22
src/oscore/oscore.c	8
src/oscore/oscore_cbor.c	11
./include/coap3/coap_block_internal.h	6
src/oscore/oscore_crypto.c	4
/usr/include/openssl/ssl.h	3
src/coap_dtls.c	4
/usr/include/openssl/x509v3.h	3
src/coap_async.c	15
src/coap_subscribe.c	3
src/coap_event.c	1
tests/oss-fuzz/coap_fuzz_helper.c	2

Fuzzer: block_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4156	85.2%
gold	[1:9]	153	3.13%
yellow	[10:29]	41	0.84%
greenyellow	[30:49]	61	1.25%
lawngreen	50+	462	9.48%
All colors	4873	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
628	2227	coap_make_str_const	call site: 02227	coap_session_release_lkd
347	4104	coap_dispatch	call site: 04104	handle_response
313	3724	coap_dispatch	call site: 03724	coap_oscore_decrypt_pdu
261	4459	coap_handle_dgram	call site: 04459	coap_handle_event_lkd
245	3352	coap_session_free	call site: 03352	coap_dtls_handle_timeout
219	1357	coap_send_internal	call site: 01357	coap_oscore_new_pdu_encrypted_lkd
170	1028	coap_pdu_encode_header	call site: 01028	coap_proxy_forward_request_lkd
155	702	coap_show_pdu	call site: 00702	coap_session_release_lkd
144	1948	coap_add_data_large_internal	call site: 01948	coap_add_data_large_request_lkd
124	3068	coap_handle_request_send_block	call site: 03068	coap_pdu_duplicate_lkd
75	3267	coap_new_error_response	call site: 03267	coap_resource_release_lkd
73	1725	coap_send_internal	call site: 01725	coap_io_process_lkd

Runtime coverage analysis

Covered functions

223

Functions that are reachable but not covered

581

Reachable functions

792

Percentage of reachable functions covered

26.64%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/block_target.c	3
src/coap_net.c	59
src/coap_time.c	5
src/coap_prng.c	2
src/coap_mem.c	5
src/coap_openssl.c	65
src/coap_debug.c	17
src/coap_io.c	10
src/coap_session.c	55
src/coap_address.c	16
src/coap_netif.c	11
src/coap_strm_posix.c	6
src/coap_ws.c	2
src/coap_dgrm_posix.c	4
src/coap_io_posix.c	4
src/coap_proxy.c	22
src/coap_uri.c	20
src/coap_option.c	21
src/coap_encode.c	6
src/coap_str.c	10
src/coap_pdu.c	35
src/coap_cache.c	5
src/coap_block.c	56
src/coap_resource.c	25
./include/coap3/coap_pdu_internal.h	1
./include/coap3/coap_resource_internal.h	1
src/coap_oscore.c	16
./include/coap3/coap_uri.h	1
src/oscore/oscore_cose.c	19
src/oscore/oscore_context.c	22
src/oscore/oscore.c	8
src/oscore/oscore_cbor.c	11
./include/coap3/coap_block_internal.h	6
src/oscore/oscore_crypto.c	4
/usr/include/openssl/ssl.h	3
src/coap_dtls.c	4
/usr/include/openssl/x509v3.h	3
src/coap_async.c	4
src/coap_subscribe.c	3
src/coap_event.c	1
tests/oss-fuzz/coap_fuzz_helper.c	2

Optimal target analysis

Remaining optimal interesting functions

The following table shows a list of functions that are optimal targets. Optimal targets are identified by finding the functions that in combination, yield a high code coverage.

Func name	Functions filename	Arg count	Args	Function depth	hitcount	instr count	bb count	cyclomatic complexity	Reachable functions	Incoming references	total cyclomatic complexity	Unreached complexity
coap_ws_close	/src/libcoap/src/coap_ws.c	1	['N/A']	109	0	378	50	17	689	2	6987	216
hnd_get_wellknown_lkd	/src/libcoap/src/coap_net.c	5	['N/A', 'N/A', 'N/A', 'N/A', 'N/A']	109	0	304	50	16	677	0	6877	108
coap_netif_dgrm_write	/src/libcoap/src/coap_netif.c	3	['N/A', 'N/A', 'size_t']	8	0	155	30	9	62	0	317	71
coap_tls_engine_configure	/src/libcoap/src/coap_openssl.c	1	['N/A']	6	0	575	124	34	32	0	121	52
coap_op_resource_deleted	/src/libcoap/src/coap_subscribe.c	3	['N/A', 'N/A', 'N/A']	6	0	252	40	16	37	0	129	40
coap_session_set_type_server	/src/libcoap/src/coap_session.c	1	['N/A']	106	0	18	3	2	673	0	6805	36
coap_join_mcast_group_intf	/src/libcoap/src/coap_net.c	3	['N/A', 'N/A', 'N/A']	6	0	24	3	2	37	0	127	36
coap_split_path	/src/libcoap/src/coap_uri.c	4	['N/A', 'size_t', 'N/A', 'N/A']	7	0	53	3	2	28	0	132	35

Implementing fuzzers that target the above functions will improve reachability such that it becomes:

Functions statically reachable by fuzzers

695 / 982

Cyclomatic complexity statically reachable by fuzzers

8078 / 9243

All functions overview

If you implement fuzzers for these functions, the status of all functions in the project will be:

Func name	Functions filename	Args	Function call depth	Reached by Fuzzers	Runtime reached by Fuzzers	Combined reached by Fuzzers	Fuzzers runtime hit	Func lines hit %	I Count	BB Count	Cyclomatic complexity	Functions reached	Reached by functions	Accumulated cyclomatic complexity	Undiscovered complexity

This sections provides heuristics that can be used as input to a fuzz engine when running a given fuzz target. The current focus is on providing input that is usable by libFuzzer.

tests/oss-fuzz/get_asn1_tag_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['coap_new_string']

tests/oss-fuzz/pdu_parse_tcp_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['coap_show_pdu', 'LLVMFuzzerTestOneInput', 'coap_pdu_parse_opt', 'coap_dtls_is_supported', 'coap_wss_is_supported', 'coap_pdu_encode_header', 'coap_pdu_parse2']

tests/oss-fuzz/pdu_parse_ws_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['coap_pdu_encode_header', 'coap_show_pdu', 'LLVMFuzzerTestOneInput', 'coap_pdu_parse2', 'coap_pdu_parse_opt', 'coap_dtls_is_supported', 'coap_wss_is_supported']

tests/oss-fuzz/split_uri_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['coap_dtls_is_supported', 'coap_tls_is_supported', 'coap_wss_is_supported', 'coap_split_uri_sub', 'coap_ws_is_supported', 'coap_log_impl']

tests/oss-fuzz/oscore_decrypt_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['coap_oscore_init', 'coap_oscore_decrypt_pdu', 'coap_session_free', 'coap_pdu_encode_header', 'coap_session_connected', 'coap_show_pdu', 'coap_option_filter_get', 'coap_send_internal', 'coap_dtls_new_context']

tests/oss-fuzz/persist_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['coap_pdu_parse_opt', 'coap_make_str_const', 'coap_session_connected', 'coap_session_free', 'coap_send_internal', 'coap_get_resource_from_uri_path_lkd', 'coap_pdu_encode_header', 'coap_touch_observer', 'coap_cache_derive_key_w_ignore', 'coap_show_pdu']

tests/oss-fuzz/pdu_parse_udp_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['coap_pdu_encode_header', 'coap_show_pdu', 'coap_pdu_parse_header', 'coap_pdu_parse_opt', 'coap_dtls_is_supported', 'coap_wss_is_supported', 'coap_pdu_parse2', 'coap_get_uri_path']

tests/oss-fuzz/oscore_conf_parse_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['coap_new_string', 'coap_delete_bin_const', 'coap_parse_oscore_rcp_conf_mem', 'coap_cleanup', 'coap_dtls_startup', 'LLVMFuzzerTestOneInput', 'coap_parse_oscore_conf_mem']

tests/oss-fuzz/block_check_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['coap_io_do_epoll_lkd', 'coap_make_str_const', 'coap_pdu_parse_opt_base', 'coap_socket_connect_udp', 'coap_get_resource_from_uri_path_lkd', 'coap_show_pdu', 'coap_add_block_b_data', 'coap_add_block', 'coap_add_option', 'coap_dtls_new_context']

tests/oss-fuzz/observe_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['coap_make_str_const', 'coap_dispatch', 'coap_session_connected', 'coap_handle_dgram', 'coap_pdu_encode_header', 'coap_session_free', 'coap_send_internal', 'handle_request', 'coap_cache_derive_key_w_ignore']

tests/oss-fuzz/network_message_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['setup_pki_ssl', 'coap_dispatch', 'coap_session_connected', 'coap_session_free', 'handle_request', 'coap_session_check_connect', 'coap_pdu_encode_header', 'coap_send_internal', 'coap_show_pdu']

tests/oss-fuzz/async_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['coap_make_str_const', 'coap_dispatch', 'coap_session_connected', 'coap_handle_dgram', 'coap_pdu_encode_header', 'coap_session_free', 'coap_send_internal', 'handle_request', 'coap_show_pdu']

tests/oss-fuzz/block_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['coap_make_str_const', 'coap_dispatch', 'coap_handle_dgram', 'coap_session_free', 'coap_send_internal', 'coap_pdu_encode_header', 'coap_show_pdu', 'coap_add_data_large_internal', 'coap_handle_request_send_block']

This section shows analysis of runtime coverage data.

For futher technical details on how this section is generated, please see the Glossary .

Complex functions with low coverage

Func name	Function total lines	Lines covered at runtime	percentage covered	Reached by fuzzers
coap_debug_set_packet_loss	39	13	33.33%	['observe_fuzzer', 'async_fuzzer', 'block_fuzzer', 'block_check_fuzzer', 'oscore_decrypt_fuzzer', 'network_message_fuzzer']
coap_debug_send_packet	42	23	54.76%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'network_message_fuzzer']
coap_debug_set_packet_fail	39	13	33.33%	['observe_fuzzer', 'async_fuzzer', 'block_fuzzer', 'block_check_fuzzer', 'oscore_decrypt_fuzzer', 'network_message_fuzzer']
coap_socket_connect_udp	153	68	44.44%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
coap_socket_send	118	20	16.94%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'network_message_fuzzer']
coap_test_cid_tuple_change	31	4	12.90%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'network_message_fuzzer']
coap_new_context	69	37	53.62%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
coap_send_internal	152	62	40.78%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
coap_cancel_session_messages	32	5	15.62%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
coap_opt_setheader	47	20	42.55%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
coap_oscore_decrypt_pdu	644	179	27.79%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
coap_session_connected	60	11	18.33%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
oscore_cbor_put_unsigned	47	10	21.27%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
oscore_log_context	39	4	10.25%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
coap_socket_bind_udp	75	29	38.66%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
coap_pdu_duplicate_lkd	75	31	41.33%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
coap_add_resource_lkd	38	18	47.36%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'block_check_fuzzer']
coap_add_observer	143	62	43.35%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
coap_delete_observer_internal	40	17	42.5%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
coap_new_endpoint_lkd	97	34	35.05%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
coap_persist_observe_add_lkd	197	30	15.22%	['persist_fuzzer']
coap_add_data_blocked_response	101	51	50.49%	['block_check_fuzzer']
coap_cancel_observe_lkd	72	13	18.05%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
coap_add_data_large_response_lkd	86	37	43.02%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
coap_block_check_lg_crcv_timeouts	55	19	34.54%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
coap_block_check_lg_srcv_timeouts	137	19	13.86%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
coap_block_check_q_block1_xmit	47	13	27.65%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
coap_block_check_q_block2_xmit	48	13	27.08%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
setup_block_b	35	18	51.42%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
coap_io_prepare_io_lkd	341	77	22.58%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
coap_client_delay_first	47	5	10.63%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
coap_io_do_epoll_lkd	69	10	14.49%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
coap_handle_event_lkd	71	23	32.39%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
coap_remove_from_queue	36	6	16.66%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
coap_dispatch	390	176	45.12%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
coap_remove_from_queue_token	45	4	8.888%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
handle_request	495	267	53.93%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
coap_remove_option	78	11	14.10%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
coap_print_addr	40	15	37.5%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
coap_print_ip_addr	49	15	30.61%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
coap_dtls_map_key_type_to_define	101	14	13.86%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
coap_call_response_handler	43	18	41.86%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
prepend_508_ip	90	35	38.88%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
handle_signaling	69	30	43.47%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
handle_response	75	18	24.0%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
coap_dtls_info_callback	62	22	35.48%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
coap_dgram_ctrl	61	31	50.81%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
setup_pki_ssl	310	13	4.193%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
coap_delete_proxy_subscriber	39	5	12.82%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
coap_session_delay_pdu	37	17	45.94%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
coap_socket_connect_tcp1	102	36	35.29%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
coap_socket_write	39	20	51.28%	['network_message_fuzzer']
coap_handle_request_send_block	259	21	8.108%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
coap_handle_request_put_block	392	161	41.07%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']
update_received_blocks	49	15	30.61%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer']

This section shows which files and directories are considered in this report. The main reason for showing this is fuzz introspector may include more code in the reasoning than is desired. This section helps identify if too many files/directories are included, e.g. third party code, which may be irrelevant for the threat model. In the event too much is included, fuzz introspector supports a configuration file that can exclude data from the report. See the following link for more information on how to create a config file: link

Files in report

Source file	Reached by	Covered by
	[]	[]
/src/libcoap/src/coap_address.c	['oscore_decrypt_fuzzer', 'persist_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']	['oscore_decrypt_fuzzer', 'persist_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']
/src/libcoap/src/coap_io_posix.c	['oscore_decrypt_fuzzer', 'persist_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']	['oscore_decrypt_fuzzer', 'persist_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']
/src/libcoap/src/coap_time.c	['get_asn1_tag_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'split_uri_fuzzer', 'oscore_decrypt_fuzzer', 'persist_fuzzer', 'pdu_parse_udp_fuzzer', 'oscore_conf_parse_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']	['pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'split_uri_fuzzer', 'oscore_decrypt_fuzzer', 'persist_fuzzer', 'pdu_parse_udp_fuzzer', 'oscore_conf_parse_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']
/usr/include/openssl/ssl.h	['oscore_decrypt_fuzzer', 'persist_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']	[]
/src/libcoap/src/coap_dgrm_posix.c	['oscore_decrypt_fuzzer', 'persist_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']	['oscore_decrypt_fuzzer', 'persist_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']
/src/libcoap/tests/oss-fuzz/oscore_decrypt_target.c	['oscore_decrypt_fuzzer']	['oscore_decrypt_fuzzer']
/src/libcoap/src/coap_ws.c	['pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'split_uri_fuzzer', 'oscore_decrypt_fuzzer', 'persist_fuzzer', 'pdu_parse_udp_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']	['pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'split_uri_fuzzer', 'pdu_parse_udp_fuzzer']
/src/libcoap/src/coap_net.c	['pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'oscore_decrypt_fuzzer', 'persist_fuzzer', 'pdu_parse_udp_fuzzer', 'oscore_conf_parse_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']	['pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'oscore_decrypt_fuzzer', 'persist_fuzzer', 'pdu_parse_udp_fuzzer', 'oscore_conf_parse_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']
/src/libcoap/tests/oss-fuzz/split_uri_target.c	['split_uri_fuzzer']	['split_uri_fuzzer']
/src/libcoap/src/oscore/oscore_cose.c	['oscore_decrypt_fuzzer', 'persist_fuzzer', 'oscore_conf_parse_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']	['oscore_decrypt_fuzzer', 'oscore_conf_parse_fuzzer']
/src/libcoap/src/coap_mem.c	['get_asn1_tag_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'oscore_decrypt_fuzzer', 'persist_fuzzer', 'pdu_parse_udp_fuzzer', 'oscore_conf_parse_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']	['get_asn1_tag_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'oscore_decrypt_fuzzer', 'persist_fuzzer', 'pdu_parse_udp_fuzzer', 'oscore_conf_parse_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']
/src/libcoap/tests/oss-fuzz/persist_target.c	['persist_fuzzer']	['persist_fuzzer']
/src/libcoap/tests/oss-fuzz/oscore_conf_parse_target.c	['oscore_conf_parse_fuzzer']	['oscore_conf_parse_fuzzer']
/src/libcoap/tests/oss-fuzz/observe_target.c	['observe_fuzzer']	['observe_fuzzer']
/src/libcoap/src/coap_session.c	['oscore_decrypt_fuzzer', 'persist_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']	['oscore_decrypt_fuzzer', 'persist_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']
/src/libcoap/./include/coap3/coap_uri.h	['oscore_decrypt_fuzzer', 'persist_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']	[]
/src/libcoap/src/coap_dtls.c	['oscore_decrypt_fuzzer', 'persist_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']	['network_message_fuzzer']
/src/libcoap/tests/oss-fuzz/coap_fuzz_helper.c	['observe_fuzzer', 'async_fuzzer', 'block_fuzzer']	['observe_fuzzer', 'async_fuzzer', 'block_fuzzer']
/src/libcoap/src/coap_prng.c	['pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'oscore_decrypt_fuzzer', 'persist_fuzzer', 'pdu_parse_udp_fuzzer', 'oscore_conf_parse_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']	['pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'oscore_decrypt_fuzzer', 'persist_fuzzer', 'pdu_parse_udp_fuzzer', 'oscore_conf_parse_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']
/src/libcoap/src/coap_oscore.c	['oscore_decrypt_fuzzer', 'persist_fuzzer', 'oscore_conf_parse_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']	['oscore_decrypt_fuzzer', 'persist_fuzzer', 'oscore_conf_parse_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']
/src/libcoap/src/coap_asn1.c	['get_asn1_tag_fuzzer']	['get_asn1_tag_fuzzer']
/src/libcoap/src/coap_str.c	['get_asn1_tag_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'oscore_decrypt_fuzzer', 'persist_fuzzer', 'pdu_parse_udp_fuzzer', 'oscore_conf_parse_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']	['get_asn1_tag_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'oscore_decrypt_fuzzer', 'persist_fuzzer', 'pdu_parse_udp_fuzzer', 'oscore_conf_parse_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']
/src/libcoap/src/coap_netif.c	['oscore_decrypt_fuzzer', 'persist_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']	['oscore_decrypt_fuzzer', 'persist_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']
/src/libcoap/src/coap_uri.c	['pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'split_uri_fuzzer', 'oscore_decrypt_fuzzer', 'persist_fuzzer', 'pdu_parse_udp_fuzzer', 'oscore_conf_parse_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']	['pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'split_uri_fuzzer', 'oscore_decrypt_fuzzer', 'persist_fuzzer', 'pdu_parse_udp_fuzzer', 'oscore_conf_parse_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']
/src/libcoap/src/coap_option.c	['pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'oscore_decrypt_fuzzer', 'persist_fuzzer', 'pdu_parse_udp_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']	['pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'oscore_decrypt_fuzzer', 'persist_fuzzer', 'pdu_parse_udp_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']
/src/libcoap/src/coap_io.c	['oscore_decrypt_fuzzer', 'persist_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']	['persist_fuzzer', 'block_check_fuzzer', 'network_message_fuzzer', 'async_fuzzer']
/src/libcoap/tests/oss-fuzz/pdu_parse_ws_target.c	['pdu_parse_ws_fuzzer']	['pdu_parse_ws_fuzzer']
/src/libcoap/tests/oss-fuzz/pdu_parse_udp_target.c	['pdu_parse_udp_fuzzer']	['pdu_parse_udp_fuzzer']
/src/libcoap/src/oscore/oscore_crypto.c	['oscore_decrypt_fuzzer', 'persist_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']	['oscore_decrypt_fuzzer']
/src/libcoap/tests/oss-fuzz/async_target.c	['async_fuzzer']	['async_fuzzer']
/src/libcoap/tests/oss-fuzz/pdu_parse_tcp_target.c	['pdu_parse_tcp_fuzzer']	['pdu_parse_tcp_fuzzer']
/src/libcoap/tests/oss-fuzz/network_message_target.c	['network_message_fuzzer']	['network_message_fuzzer']
/src/libcoap/src/coap_resource.c	['oscore_decrypt_fuzzer', 'persist_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']	['oscore_decrypt_fuzzer', 'persist_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']
/src/libcoap/src/coap_cache.c	['oscore_decrypt_fuzzer', 'persist_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']	['persist_fuzzer', 'block_check_fuzzer', 'observe_fuzzer']
/src/libcoap/./include/coap3/coap_block_internal.h	['oscore_decrypt_fuzzer', 'persist_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']	[]
/src/libcoap/src/oscore/oscore_cbor.c	['oscore_decrypt_fuzzer', 'persist_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']	['oscore_decrypt_fuzzer']
/src/libcoap/tests/oss-fuzz/get_asn1_tag_target.c	['get_asn1_tag_fuzzer']	['get_asn1_tag_fuzzer']
/src/libcoap/./include/coap3/coap_pdu_internal.h	['oscore_decrypt_fuzzer', 'persist_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']	[]
/usr/include/openssl/x509v3.h	['oscore_decrypt_fuzzer', 'persist_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']	[]
/src/libcoap/src/coap_proxy.c	['oscore_decrypt_fuzzer', 'persist_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']	['oscore_decrypt_fuzzer', 'persist_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']
/src/libcoap/src/coap_async.c	['oscore_decrypt_fuzzer', 'persist_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']	['oscore_decrypt_fuzzer', 'persist_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']
/src/libcoap/src/coap_debug.c	['get_asn1_tag_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'split_uri_fuzzer', 'oscore_decrypt_fuzzer', 'persist_fuzzer', 'pdu_parse_udp_fuzzer', 'oscore_conf_parse_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']	['pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'split_uri_fuzzer', 'oscore_decrypt_fuzzer', 'persist_fuzzer', 'pdu_parse_udp_fuzzer', 'oscore_conf_parse_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']
/src/libcoap/src/coap_openssl.c	['pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'split_uri_fuzzer', 'oscore_decrypt_fuzzer', 'persist_fuzzer', 'pdu_parse_udp_fuzzer', 'oscore_conf_parse_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']	['pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'split_uri_fuzzer', 'oscore_decrypt_fuzzer', 'persist_fuzzer', 'pdu_parse_udp_fuzzer', 'oscore_conf_parse_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']
/src/libcoap/tests/oss-fuzz/block_target.c	['block_fuzzer']	['block_fuzzer']
/src/libcoap/src/coap_block.c	['pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'oscore_decrypt_fuzzer', 'persist_fuzzer', 'pdu_parse_udp_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']	['pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'pdu_parse_udp_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']
/src/libcoap/./include/coap3/coap_resource_internal.h	['oscore_decrypt_fuzzer', 'persist_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']	[]
/src/libcoap/./include/coap3/coap_address.h	[]	[]
/src/libcoap/src/coap_encode.c	['pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'oscore_decrypt_fuzzer', 'persist_fuzzer', 'pdu_parse_udp_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']	['pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'oscore_decrypt_fuzzer', 'persist_fuzzer', 'pdu_parse_udp_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']
/src/libcoap/tests/oss-fuzz/block_check_target.c	['block_check_fuzzer']	['block_check_fuzzer']
/src/libcoap/src/oscore/oscore.c	['oscore_decrypt_fuzzer', 'persist_fuzzer', 'oscore_conf_parse_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']	['oscore_decrypt_fuzzer', 'oscore_conf_parse_fuzzer']
/src/libcoap/src/oscore/oscore_context.c	['oscore_decrypt_fuzzer', 'persist_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']	['oscore_decrypt_fuzzer', 'persist_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']
/src/libcoap/src/coap_strm_posix.c	['pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'split_uri_fuzzer', 'oscore_decrypt_fuzzer', 'persist_fuzzer', 'pdu_parse_udp_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']	['pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'split_uri_fuzzer', 'pdu_parse_udp_fuzzer', 'network_message_fuzzer']
/src/libcoap/src/coap_subscribe.c	['oscore_decrypt_fuzzer', 'persist_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']	['oscore_decrypt_fuzzer', 'persist_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']
/src/libcoap/src/coap_event.c	['block_check_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'block_fuzzer']	['block_check_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'block_fuzzer']
/src/libcoap/src/coap_pdu.c	['pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'oscore_decrypt_fuzzer', 'persist_fuzzer', 'pdu_parse_udp_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']	['pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'oscore_decrypt_fuzzer', 'persist_fuzzer', 'pdu_parse_udp_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'network_message_fuzzer', 'async_fuzzer', 'block_fuzzer']

Directories in report

Directory
/src/libcoap/src/
/src/libcoap/tests/oss-fuzz/
/src/libcoap/./include/coap3/
/usr/include/openssl/
/src/libcoap/src/oscore/