Fuzz introspector
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues
Project coverage
Per-fuzzer coverage

Table of contents

Project overview: libcoap
High level conclusions
Reachability and coverage overview
Fuzzers overview
Project functions overview
Fuzzer details
Fuzzer: get_asn1_tag_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: split_uri_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: pdu_parse_tcp_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: pdu_parse_udp_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: oscore_conf_parse_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: pdu_parse_ws_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: persist_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: oscore_decrypt_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: async_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: block_check_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: observe_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: block_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: network_message_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Analyses and suggestions
Optimal target analysis
Remaining optimal interesting functions
All functions overview
Fuzz engine guidance
tests/oss-fuzz/get_asn1_tag_target.c
Dictionary
Fuzzer function priority
tests/oss-fuzz/split_uri_target.c
Dictionary
Fuzzer function priority
tests/oss-fuzz/pdu_parse_tcp_target.c
Dictionary
Fuzzer function priority
tests/oss-fuzz/pdu_parse_udp_target.c
Dictionary
Fuzzer function priority
tests/oss-fuzz/oscore_conf_parse_target.c
Dictionary
Fuzzer function priority
tests/oss-fuzz/pdu_parse_ws_target.c
Dictionary
Fuzzer function priority
tests/oss-fuzz/persist_target.c
Dictionary
Fuzzer function priority
tests/oss-fuzz/oscore_decrypt_target.c
Dictionary
Fuzzer function priority
tests/oss-fuzz/async_target.c
Dictionary
Fuzzer function priority
tests/oss-fuzz/block_check_target.c
Dictionary
Fuzzer function priority
tests/oss-fuzz/observe_target.c
Dictionary
Fuzzer function priority
tests/oss-fuzz/block_target.c
Dictionary
Fuzzer function priority
tests/oss-fuzz/network_message_target.c
Dictionary
Fuzzer function priority
Runtime coverage analysis
Complex functions with low coverage
Files and Directories in report
Files in report
Directories in report
Metadata section
Report generation date: 2026-05-16

Project overview: libcoap

High level conclusions

Reachability and coverage overview

Functions statically reachable by fuzzers
66.0%
652 / 982
Cyclomatic complexity statically reachable by fuzzers
81.0%
7497 / 9244
Runtime code coverage of functions
47.0%
464 / 982

Fuzzers overview

Fuzzer Fuzzer filename Functions Reached Functions unreached Fuzzer depth Files reached Basic blocks reached Cyclomatic complexity Details
get_asn1_tag_fuzzer tests/oss-fuzz/get_asn1_tag_target.c 25 1186 7 6 140 85 get_asn1_tag_target.c
split_uri_fuzzer tests/oss-fuzz/split_uri_target.c 28 1178 5 7 344 152 split_uri_target.c
pdu_parse_tcp_fuzzer tests/oss-fuzz/pdu_parse_tcp_target.c 98 1108 7 15 2054 685 pdu_parse_tcp_target.c
pdu_parse_udp_fuzzer tests/oss-fuzz/pdu_parse_udp_target.c 98 1108 7 15 2054 685 pdu_parse_udp_target.c
oscore_conf_parse_fuzzer tests/oss-fuzz/oscore_conf_parse_target.c 60 1146 8 12 773 317 oscore_conf_parse_target.c
pdu_parse_ws_fuzzer tests/oss-fuzz/pdu_parse_ws_target.c 98 1108 7 15 2054 685 pdu_parse_ws_target.c
persist_fuzzer tests/oss-fuzz/persist_target.c 810 402 51 39 21264 7463 persist_target.c
oscore_decrypt_fuzzer tests/oss-fuzz/oscore_decrypt_target.c 787 419 51 39 21293 7433 oscore_decrypt_target.c
async_fuzzer tests/oss-fuzz/async_target.c 797 416 51 41 21082 7366 async_target.c
block_check_fuzzer tests/oss-fuzz/block_check_target.c 790 420 51 40 21016 7340 block_check_target.c
observe_fuzzer tests/oss-fuzz/observe_target.c 786 427 51 41 20940 7314 observe_target.c
block_fuzzer tests/oss-fuzz/block_target.c 792 421 51 41 21008 7335 block_target.c
network_message_fuzzer tests/oss-fuzz/network_message_target.c 801 411 51 39 21019 7386 network_message_target.c

Project functions overview

The following table shows data about each function in the project. The functions included in this table correspond to all functions that exist in the executables of the fuzzers. As such, there may be functions that are from third-party libraries.

For further technical details on the meaning of columns in the below table, please see the Glossary .

Func name Functions filename Args Function call depth Reached by Fuzzers Runtime reached by Fuzzers Combined reached by Fuzzers Fuzzers runtime hit Func lines hit % I Count BB Count Cyclomatic complexity Functions reached Reached by functions Accumulated cyclomatic complexity Undiscovered complexity

Fuzzer details

Fuzzer: get_asn1_tag_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 17 53.1%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 15 46.8%
All colors 32 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
17 9 coap_new_string call site: 00009 coap_log_impl

Runtime coverage analysis

Covered functions
10
Functions that are reachable but not covered
15
Reachable functions
25
Percentage of reachable functions covered
40.0%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
tests/oss-fuzz/get_asn1_tag_target.c 1
src/coap_asn1.c 4
src/coap_str.c 3
src/coap_mem.c 2
src/coap_debug.c 4
src/coap_time.c 3

Fuzzer: split_uri_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 22 33.3%
gold [1:9] 13 19.6%
yellow [10:29] 0 0.0%
greenyellow [30:49] 6 9.09%
lawngreen 50+ 25 37.8%
All colors 66 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
4 28 coap_dtls_is_supported call site: 00028 coap_log_impl
4 40 coap_tls_is_supported call site: 00040 coap_log_impl
4 50 coap_wss_is_supported call site: 00050 coap_log_impl
2 25 coap_dtls_is_supported call site: 00025 coap_log_impl
2 33 coap_split_uri_sub call site: 00033 coap_log_impl
2 37 coap_tls_is_supported call site: 00037 coap_log_impl
2 46 coap_ws_is_supported call site: 00046 coap_log_impl
1 6 coap_split_uri_sub call site: 00006 vsnprintf
1 17 coap_log_impl call site: 00017 snprintf

Runtime coverage analysis

Covered functions
15
Functions that are reachable but not covered
13
Reachable functions
28
Percentage of reachable functions covered
53.57%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
tests/oss-fuzz/split_uri_target.c 1
src/coap_uri.c 2
src/coap_debug.c 4
src/coap_time.c 3
src/coap_openssl.c 2
src/coap_strm_posix.c 1
src/coap_ws.c 2

Fuzzer: pdu_parse_tcp_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 85 19.2%
gold [1:9] 15 3.39%
yellow [10:29] 10 2.26%
greenyellow [30:49] 6 1.35%
lawngreen 50+ 326 73.7%
All colors 442 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
8 248 coap_show_pdu call site: 00248 coap_log_impl
7 361 coap_show_pdu call site: 00361 coap_log_impl
5 401 LLVMFuzzerTestOneInput call site: 00401 coap_log_impl
4 102 coap_pdu_parse_opt call site: 00102 coap_log_impl
4 107 coap_pdu_parse_opt call site: 00107 coap_log_impl
4 193 coap_dtls_is_supported call site: 00193 coap_log_impl
4 213 coap_wss_is_supported call site: 00213 coap_log_impl
4 419 coap_pdu_encode_header call site: 00419 coap_log_impl
3 31 coap_pdu_parse2 call site: 00031 coap_log_impl
3 53 coap_pdu_parse2 call site: 00053 coap_log_impl
3 57 coap_pdu_parse_header call site: 00057 coap_log_impl
3 174 coap_get_uri_path call site: 00174 coap_new_string

Runtime coverage analysis

Covered functions
81
Functions that are reachable but not covered
18
Reachable functions
98
Percentage of reachable functions covered
81.63%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
tests/oss-fuzz/pdu_parse_tcp_target.c 1
src/coap_net.c 2
src/coap_time.c 4
src/coap_prng.c 2
src/coap_mem.c 4
src/coap_openssl.c 5
src/coap_pdu.c 18
src/coap_debug.c 13
src/coap_option.c 12
src/coap_encode.c 3
src/coap_uri.c 9
src/coap_str.c 3
src/coap_strm_posix.c 1
src/coap_ws.c 2
src/coap_block.c 1

Fuzzer: pdu_parse_udp_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 87 19.6%
gold [1:9] 16 3.61%
yellow [10:29] 13 2.94%
greenyellow [30:49] 6 1.35%
lawngreen 50+ 320 72.3%
All colors 442 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
19 404 coap_pdu_encode_header call site: 00404 coap_log_impl
8 248 coap_show_pdu call site: 00248 coap_log_impl
7 361 coap_show_pdu call site: 00361 coap_log_impl
4 56 coap_pdu_parse_header call site: 00056 coap_log_impl
4 102 coap_pdu_parse_opt call site: 00102 coap_log_impl
4 107 coap_pdu_parse_opt call site: 00107 coap_log_impl
4 193 coap_dtls_is_supported call site: 00193 coap_log_impl
4 213 coap_wss_is_supported call site: 00213 coap_log_impl
3 31 coap_pdu_parse2 call site: 00031 coap_log_impl
3 174 coap_get_uri_path call site: 00174 coap_new_string
2 50 coap_realloc_type call site: 00050 coap_log_impl
2 155 coap_new_string call site: 00155 coap_log_impl

Runtime coverage analysis

Covered functions
81
Functions that are reachable but not covered
18
Reachable functions
98
Percentage of reachable functions covered
81.63%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
tests/oss-fuzz/pdu_parse_udp_target.c 1
src/coap_net.c 2
src/coap_time.c 4
src/coap_prng.c 2
src/coap_mem.c 4
src/coap_openssl.c 5
src/coap_pdu.c 18
src/coap_debug.c 13
src/coap_option.c 12
src/coap_encode.c 3
src/coap_uri.c 9
src/coap_str.c 3
src/coap_strm_posix.c 1
src/coap_ws.c 2
src/coap_block.c 1

Fuzzer: oscore_conf_parse_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 30 17.7%
gold [1:9] 18 10.6%
yellow [10:29] 12 7.10%
greenyellow [30:49] 8 4.73%
lawngreen 50+ 101 59.7%
All colors 169 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
16 41 coap_new_string call site: 00041 coap_log_impl
4 93 coap_delete_bin_const call site: 00093 coap_log_impl
4 121 coap_parse_oscore_rcp_conf_mem call site: 00121 coap_log_impl
2 16 coap_cleanup call site: 00016 ENGINE_finish
1 11 coap_dtls_startup call site: 00011 OPENSSL_init_crypto
1 14 LLVMFuzzerTestOneInput call site: 00014 coap_cleanup
1 20 coap_cleanup call site: 00020 coap_free_type
1 143 coap_parse_oscore_conf_mem call site: 00143 __assert_fail

Runtime coverage analysis

Covered functions
40
Functions that are reachable but not covered
21
Reachable functions
60
Percentage of reachable functions covered
65.0%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
tests/oss-fuzz/oscore_conf_parse_target.c 1
src/coap_net.c 2
src/coap_time.c 4
src/coap_prng.c 2
src/coap_mem.c 3
src/coap_openssl.c 3
src/coap_debug.c 6
src/coap_uri.c 1
src/coap_oscore.c 10
src/coap_str.c 6
src/oscore/oscore_cose.c 4
src/oscore/oscore.c 1

Fuzzer: pdu_parse_ws_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 88 19.9%
gold [1:9] 15 3.39%
yellow [10:29] 12 2.71%
greenyellow [30:49] 5 1.13%
lawngreen 50+ 322 72.8%
All colors 442 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
13 410 coap_pdu_encode_header call site: 00410 coap_log_impl
8 248 coap_show_pdu call site: 00248 coap_log_impl
7 361 coap_show_pdu call site: 00361 coap_log_impl
5 401 LLVMFuzzerTestOneInput call site: 00401 coap_log_impl
4 53 coap_pdu_parse2 call site: 00053 coap_log_impl
4 102 coap_pdu_parse_opt call site: 00102 coap_log_impl
4 107 coap_pdu_parse_opt call site: 00107 coap_log_impl
4 193 coap_dtls_is_supported call site: 00193 coap_log_impl
4 213 coap_wss_is_supported call site: 00213 coap_log_impl
3 31 coap_pdu_parse2 call site: 00031 coap_log_impl
3 174 coap_get_uri_path call site: 00174 coap_new_string
2 50 coap_realloc_type call site: 00050 coap_log_impl

Runtime coverage analysis

Covered functions
81
Functions that are reachable but not covered
18
Reachable functions
98
Percentage of reachable functions covered
81.63%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
tests/oss-fuzz/pdu_parse_ws_target.c 1
src/coap_net.c 2
src/coap_time.c 4
src/coap_prng.c 2
src/coap_mem.c 4
src/coap_openssl.c 5
src/coap_pdu.c 18
src/coap_debug.c 13
src/coap_option.c 12
src/coap_encode.c 3
src/coap_uri.c 9
src/coap_str.c 3
src/coap_strm_posix.c 1
src/coap_ws.c 2
src/coap_block.c 1

Fuzzer: persist_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 4403 88.1%
gold [1:9] 6 0.12%
yellow [10:29] 3 0.06%
greenyellow [30:49] 7 0.14%
lawngreen 50+ 577 11.5%
All colors 4996 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
999 3658 coap_pdu_parse_opt call site: 03658 coap_handle_event_lkd
503 2232 coap_make_str_const call site: 02232 coap_session_release_lkd
291 1806 coap_session_connected call site: 01806 coap_handle_event_lkd
254 3359 coap_session_free call site: 03359 coap_dtls_handle_timeout
220 1360 coap_send_internal call site: 01360 coap_oscore_new_pdu_encrypted_lkd
179 2964 coap_get_resource_from_uri_path_lkd call site: 02964 coap_session_max_pdu_size_lkd
172 1029 coap_pdu_encode_header call site: 01029 coap_proxy_forward_request_lkd
164 3185 coap_touch_observer call site: 03185 coap_delete_observer_request
152 2748 coap_cache_derive_key_w_ignore call site: 02748 coap_cancel_observe_lkd
146 703 coap_show_pdu call site: 00703 coap_option_next
111 1208 coap_new_bin_const call site: 01208 coap_send_internal
71 4658 coap_pdu_parse call site: 04658 coap_handle_event_lkd

Runtime coverage analysis

Covered functions
200
Functions that are reachable but not covered
620
Reachable functions
810
Percentage of reachable functions covered
23.46%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
tests/oss-fuzz/persist_target.c 5
src/coap_subscribe.c 15
src/coap_net.c 59
src/coap_time.c 5
src/coap_prng.c 2
src/coap_mem.c 5
src/coap_openssl.c 65
src/coap_debug.c 15
src/coap_io.c 10
src/coap_session.c 54
src/coap_address.c 16
src/coap_netif.c 11
src/coap_strm_posix.c 6
src/coap_ws.c 2
src/coap_dgrm_posix.c 4
src/coap_io_posix.c 4
src/coap_proxy.c 22
src/coap_uri.c 20
src/coap_option.c 21
src/coap_encode.c 6
src/coap_str.c 10
src/coap_pdu.c 35
src/coap_cache.c 5
src/coap_block.c 51
src/coap_resource.c 29
./include/coap3/coap_pdu_internal.h 1
./include/coap3/coap_resource_internal.h 1
src/coap_oscore.c 16
./include/coap3/coap_uri.h 1
src/oscore/oscore_cose.c 19
src/oscore/oscore_context.c 22
src/oscore/oscore.c 8
src/oscore/oscore_cbor.c 13
./include/coap3/coap_block_internal.h 6
src/oscore/oscore_crypto.c 4
/usr/include/openssl/ssl.h 3
src/coap_dtls.c 4
/usr/include/openssl/x509v3.h 3
src/coap_async.c 4

Fuzzer: oscore_decrypt_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 4435 90.3%
gold [1:9] 108 2.20%
yellow [10:29] 298 6.07%
greenyellow [30:49] 2 0.04%
lawngreen 50+ 64 1.30%
All colors 4907 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
1005 2439 coap_oscore_init call site: 02439 coap_session_release_lkd
711 4111 coap_oscore_decrypt_pdu call site: 04111 coap_delete_node_lkd
376 3454 coap_session_free call site: 03454 coap_dtls_handle_timeout
258 1145 coap_pdu_encode_header call site: 01145 coap_proxy_forward_request_lkd
245 1918 coap_session_connected call site: 01918 coap_handle_event_lkd
224 819 coap_show_pdu call site: 00819 coap_session_release_lkd
91 1824 coap_send_internal call site: 01824 coap_io_process_lkd
83 4026 coap_oscore_decrypt_pdu call site: 04026 coap_handle_event_lkd
80 562 coap_option_filter_get call site: 00562 coap_split_proxy_uri
74 1697 coap_send_internal call site: 01697 coap_session_disconnected_lkd
69 235 coap_dtls_new_context call site: 00235 coap_session_str
67 383 coap_dtls_free_context call site: 00383 coap_new_endpoint_lkd

Runtime coverage analysis

Covered functions
179
Functions that are reachable but not covered
615
Reachable functions
787
Percentage of reachable functions covered
21.86%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
tests/oss-fuzz/oscore_decrypt_target.c 1
src/coap_net.c 59
src/coap_time.c 5
src/coap_prng.c 2
src/coap_mem.c 5
src/coap_openssl.c 65
src/coap_debug.c 17
src/coap_oscore.c 25
src/coap_str.c 10
src/coap_io.c 10
src/coap_session.c 54
src/coap_address.c 16
src/coap_netif.c 11
src/coap_strm_posix.c 6
src/coap_ws.c 2
src/coap_dgrm_posix.c 4
src/coap_io_posix.c 4
src/coap_proxy.c 22
src/coap_uri.c 20
src/coap_option.c 21
src/coap_encode.c 6
src/coap_pdu.c 35
src/coap_cache.c 5
src/coap_block.c 51
src/coap_resource.c 20
./include/coap3/coap_pdu_internal.h 1
./include/coap3/coap_resource_internal.h 1
./include/coap3/coap_uri.h 1
src/oscore/oscore_cose.c 19
src/oscore/oscore_context.c 22
src/oscore/oscore.c 8
src/oscore/oscore_cbor.c 11
./include/coap3/coap_block_internal.h 6
src/oscore/oscore_crypto.c 4
/usr/include/openssl/ssl.h 3
src/coap_dtls.c 4
/usr/include/openssl/x509v3.h 3
src/coap_async.c 4
src/coap_subscribe.c 3

Fuzzer: async_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 4281 87.2%
gold [1:9] 89 1.81%
yellow [10:29] 112 2.28%
greenyellow [30:49] 299 6.09%
lawngreen 50+ 125 2.54%
All colors 4906 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
675 2231 coap_make_str_const call site: 02231 coap_session_release_lkd
347 4110 coap_dispatch call site: 04110 handle_response
300 3726 coap_dispatch call site: 03726 coap_oscore_decrypt_pdu
291 1805 coap_session_connected call site: 01805 coap_handle_event_lkd
261 4465 coap_handle_dgram call site: 04465 coap_handle_event_lkd
245 1028 coap_pdu_encode_header call site: 01028 coap_proxy_forward_request_lkd
245 3358 coap_session_free call site: 03358 coap_dtls_handle_timeout
220 1359 coap_send_internal call site: 01359 coap_oscore_new_pdu_encrypted_lkd
218 2982 handle_request call site: 02982 coap_handle_request_put_block
155 702 coap_show_pdu call site: 00702 coap_session_release_lkd
69 111 coap_dtls_new_context call site: 00111 coap_session_str
69 259 coap_dtls_free_context call site: 00259 coap_new_endpoint_lkd

Runtime coverage analysis

Covered functions
200
Functions that are reachable but not covered
604
Reachable functions
797
Percentage of reachable functions covered
24.22%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
tests/oss-fuzz/async_target.c 3
src/coap_net.c 59
src/coap_time.c 5
src/coap_prng.c 2
src/coap_mem.c 5
src/coap_openssl.c 65
src/coap_debug.c 17
src/coap_io.c 10
src/coap_session.c 55
src/coap_address.c 16
src/coap_netif.c 11
src/coap_strm_posix.c 6
src/coap_ws.c 2
src/coap_dgrm_posix.c 4
src/coap_io_posix.c 4
src/coap_proxy.c 22
src/coap_uri.c 20
src/coap_option.c 21
src/coap_encode.c 6
src/coap_str.c 10
src/coap_pdu.c 35
src/coap_cache.c 5
src/coap_block.c 51
src/coap_resource.c 24
./include/coap3/coap_pdu_internal.h 1
./include/coap3/coap_resource_internal.h 1
src/coap_oscore.c 16
./include/coap3/coap_uri.h 1
src/oscore/oscore_cose.c 19
src/oscore/oscore_context.c 22
src/oscore/oscore.c 8
src/oscore/oscore_cbor.c 11
./include/coap3/coap_block_internal.h 6
src/oscore/oscore_crypto.c 4
/usr/include/openssl/ssl.h 3
src/coap_dtls.c 4
/usr/include/openssl/x509v3.h 3
src/coap_async.c 15
src/coap_subscribe.c 3
src/coap_event.c 1
tests/oss-fuzz/coap_fuzz_helper.c 2

Fuzzer: block_check_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 4378 89.0%
gold [1:9] 11 0.22%
yellow [10:29] 376 7.64%
greenyellow [30:49] 49 0.99%
lawngreen 50+ 104 2.11%
All colors 4918 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
1218 3483 coap_io_do_epoll_lkd call site: 03483 coap_read_endpoint
630 2232 coap_make_str_const call site: 02232 coap_session_release_lkd
269 1320 coap_pdu_parse_opt_base call site: 01320 coap_oscore_new_pdu_encrypted_lkd
197 1004 coap_socket_connect_udp call site: 01004 coap_session_reestablished
163 2964 coap_get_resource_from_uri_path_lkd call site: 02964 coap_session_max_pdu_size_lkd
159 703 coap_show_pdu call site: 00703 coap_session_release_lkd
153 3128 coap_add_block_b_data call site: 03128 coap_send_internal
115 1982 coap_add_block call site: 01982 coap_send_internal
85 1706 coap_add_option call site: 01706 coap_send_internal
69 112 coap_dtls_new_context call site: 00112 coap_session_str
66 456 coap_new_string call site: 00456 coap_split_proxy_uri
63 3359 coap_session_free call site: 03359 coap_dtls_handle_timeout

Runtime coverage analysis

Covered functions
186
Functions that are reachable but not covered
607
Reachable functions
790
Percentage of reachable functions covered
23.16%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
tests/oss-fuzz/block_check_target.c 2
src/coap_net.c 59
src/coap_time.c 5
src/coap_prng.c 2
src/coap_mem.c 5
src/coap_openssl.c 65
src/coap_debug.c 17
src/coap_io.c 10
src/coap_session.c 55
src/coap_address.c 16
src/coap_netif.c 11
src/coap_strm_posix.c 6
src/coap_ws.c 2
src/coap_dgrm_posix.c 4
src/coap_io_posix.c 5
src/coap_proxy.c 22
src/coap_uri.c 20
src/coap_option.c 21
src/coap_encode.c 6
src/coap_str.c 10
src/coap_pdu.c 35
src/coap_cache.c 5
src/coap_block.c 58
src/coap_resource.c 23
./include/coap3/coap_pdu_internal.h 1
./include/coap3/coap_resource_internal.h 1
src/coap_oscore.c 16
./include/coap3/coap_uri.h 1
src/oscore/oscore_cose.c 19
src/oscore/oscore_context.c 22
src/oscore/oscore.c 8
src/oscore/oscore_cbor.c 11
./include/coap3/coap_block_internal.h 6
src/oscore/oscore_crypto.c 4
/usr/include/openssl/ssl.h 3
src/coap_dtls.c 4
/usr/include/openssl/x509v3.h 3
src/coap_async.c 4
src/coap_subscribe.c 3
src/coap_event.c 1

Fuzzer: observe_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 4230 87.0%
gold [1:9] 49 1.00%
yellow [10:29] 65 1.33%
greenyellow [30:49] 225 4.63%
lawngreen 50+ 288 5.92%
All colors 4857 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
503 2231 coap_make_str_const call site: 02231 coap_session_release_lkd
347 4110 coap_dispatch call site: 04110 handle_response
300 3726 coap_dispatch call site: 03726 coap_oscore_decrypt_pdu
291 1805 coap_session_connected call site: 01805 coap_handle_event_lkd
262 1028 coap_pdu_encode_header call site: 01028 coap_proxy_forward_request_lkd
261 4465 coap_handle_dgram call site: 04465 coap_handle_event_lkd
245 3358 coap_session_free call site: 03358 coap_dtls_handle_timeout
220 1359 coap_send_internal call site: 01359 coap_oscore_new_pdu_encrypted_lkd
153 2983 handle_request call site: 02983 coap_handle_request_put_block
152 2747 coap_cache_derive_key_w_ignore call site: 02747 coap_cancel_observe_lkd
146 702 coap_show_pdu call site: 00702 coap_option_next
75 3273 coap_new_error_response call site: 03273 coap_resource_release_lkd

Runtime coverage analysis

Covered functions
197
Functions that are reachable but not covered
596
Reachable functions
786
Percentage of reachable functions covered
24.17%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
tests/oss-fuzz/observe_target.c 3
src/coap_net.c 59
src/coap_time.c 5
src/coap_prng.c 2
src/coap_mem.c 5
src/coap_openssl.c 65
src/coap_debug.c 17
src/coap_io.c 10
src/coap_session.c 54
src/coap_address.c 16
src/coap_netif.c 11
src/coap_strm_posix.c 6
src/coap_ws.c 2
src/coap_dgrm_posix.c 4
src/coap_io_posix.c 4
src/coap_proxy.c 22
src/coap_uri.c 20
src/coap_option.c 21
src/coap_encode.c 6
src/coap_str.c 10
src/coap_pdu.c 35
src/coap_cache.c 5
src/coap_block.c 51
src/coap_resource.c 25
./include/coap3/coap_pdu_internal.h 1
./include/coap3/coap_resource_internal.h 1
src/coap_oscore.c 16
./include/coap3/coap_uri.h 1
src/oscore/oscore_cose.c 19
src/oscore/oscore_context.c 22
src/oscore/oscore.c 8
src/oscore/oscore_cbor.c 11
./include/coap3/coap_block_internal.h 6
src/oscore/oscore_crypto.c 4
/usr/include/openssl/ssl.h 3
src/coap_dtls.c 4
/usr/include/openssl/x509v3.h 3
src/coap_async.c 4
src/coap_subscribe.c 3
src/coap_event.c 1
tests/oss-fuzz/coap_fuzz_helper.c 2

Fuzzer: block_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 4136 84.8%
gold [1:9] 165 3.38%
yellow [10:29] 56 1.14%
greenyellow [30:49] 57 1.16%
lawngreen 50+ 463 9.49%
All colors 4877 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
630 2231 coap_make_str_const call site: 02231 coap_session_release_lkd
317 3726 coap_dispatch call site: 03726 coap_oscore_decrypt_pdu
266 4111 coap_dispatch call site: 04111 coap_send_ack_lkd
259 4465 coap_handle_dgram call site: 04465 coap_handle_event_lkd
245 3358 coap_session_free call site: 03358 coap_dtls_handle_timeout
220 1359 coap_send_internal call site: 01359 coap_oscore_new_pdu_encrypted_lkd
172 1028 coap_pdu_encode_header call site: 01028 coap_proxy_forward_request_lkd
155 702 coap_show_pdu call site: 00702 coap_session_release_lkd
144 1952 coap_add_data_large_internal call site: 01952 coap_add_data_large_request_lkd
120 3078 coap_handle_request_send_block call site: 03078 coap_pdu_duplicate_lkd
75 3273 coap_new_error_response call site: 03273 coap_resource_release_lkd
72 1730 coap_send_internal call site: 01730 coap_io_process_lkd

Runtime coverage analysis

Covered functions
226
Functions that are reachable but not covered
578
Reachable functions
792
Percentage of reachable functions covered
27.02%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
tests/oss-fuzz/block_target.c 3
src/coap_net.c 59
src/coap_time.c 5
src/coap_prng.c 2
src/coap_mem.c 5
src/coap_openssl.c 65
src/coap_debug.c 17
src/coap_io.c 10
src/coap_session.c 55
src/coap_address.c 16
src/coap_netif.c 11
src/coap_strm_posix.c 6
src/coap_ws.c 2
src/coap_dgrm_posix.c 4
src/coap_io_posix.c 4
src/coap_proxy.c 22
src/coap_uri.c 20
src/coap_option.c 21
src/coap_encode.c 6
src/coap_str.c 10
src/coap_pdu.c 35
src/coap_cache.c 5
src/coap_block.c 56
src/coap_resource.c 25
./include/coap3/coap_pdu_internal.h 1
./include/coap3/coap_resource_internal.h 1
src/coap_oscore.c 16
./include/coap3/coap_uri.h 1
src/oscore/oscore_cose.c 19
src/oscore/oscore_context.c 22
src/oscore/oscore.c 8
src/oscore/oscore_cbor.c 11
./include/coap3/coap_block_internal.h 6
src/oscore/oscore_crypto.c 4
/usr/include/openssl/ssl.h 3
src/coap_dtls.c 4
/usr/include/openssl/x509v3.h 3
src/coap_async.c 4
src/coap_subscribe.c 3
src/coap_event.c 1
tests/oss-fuzz/coap_fuzz_helper.c 2

Fuzzer: network_message_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 4128 84.5%
gold [1:9] 36 0.73%
yellow [10:29] 56 1.14%
greenyellow [30:49] 39 0.79%
lawngreen 50+ 625 12.7%
All colors 4884 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
505 2417 setup_pki_ssl call site: 02417 coap_session_release_lkd
300 3727 coap_dispatch call site: 03727 coap_oscore_decrypt_pdu
291 1806 coap_session_connected call site: 01806 coap_handle_event_lkd
266 4112 coap_dispatch call site: 04112 coap_send_ack_lkd
245 3359 coap_session_free call site: 03359 coap_dtls_handle_timeout
239 2970 handle_request call site: 02970 coap_session_max_pdu_size_lkd
218 2194 coap_session_check_connect call site: 02194 coap_session_release_lkd
217 1038 coap_pdu_encode_header call site: 01038 coap_proxy_forward_request_lkd
187 1364 coap_send_internal call site: 01364 coap_oscore_new_pdu_encrypted_lkd
155 704 coap_show_pdu call site: 00704 coap_session_release_lkd
144 4572 coap_epoll_ctl_mod call site: 04572 coap_accept_endpoint
75 3274 coap_new_error_response call site: 03274 coap_resource_release_lkd

Runtime coverage analysis

Covered functions
226
Functions that are reachable but not covered
587
Reachable functions
801
Percentage of reachable functions covered
26.72%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
tests/oss-fuzz/network_message_target.c 7
src/coap_net.c 74
src/coap_time.c 5
src/coap_prng.c 2
src/coap_mem.c 5
src/coap_openssl.c 67
src/coap_debug.c 17
src/coap_address.c 16
src/coap_io.c 10
src/coap_session.c 54
src/coap_netif.c 11
src/coap_strm_posix.c 6
src/coap_ws.c 2
src/coap_dgrm_posix.c 4
src/coap_io_posix.c 4
src/coap_proxy.c 22
src/coap_uri.c 20
src/coap_option.c 21
src/coap_encode.c 6
src/coap_str.c 10
src/coap_pdu.c 35
src/coap_cache.c 5
src/coap_block.c 51
src/coap_resource.c 20
./include/coap3/coap_pdu_internal.h 1
./include/coap3/coap_resource_internal.h 1
src/coap_oscore.c 16
./include/coap3/coap_uri.h 1
src/oscore/oscore_cose.c 19
src/oscore/oscore_context.c 22
src/oscore/oscore.c 8
src/oscore/oscore_cbor.c 11
./include/coap3/coap_block_internal.h 6
src/oscore/oscore_crypto.c 4
/usr/include/openssl/ssl.h 3
src/coap_dtls.c 4
/usr/include/openssl/x509v3.h 3
src/coap_async.c 4
src/coap_subscribe.c 3

Analyses and suggestions

Optimal target analysis

Remaining optimal interesting functions

The following table shows a list of functions that are optimal targets. Optimal targets are identified by finding the functions that in combination, yield a high code coverage.

Func name Functions filename Arg count Args Function depth hitcount instr count bb count cyclomatic complexity Reachable functions Incoming references total cyclomatic complexity Unreached complexity
coap_ws_close /src/libcoap/src/coap_ws.c 1 ['N/A'] 109 0 378 50 17 689 2 6988 216
hnd_get_wellknown_lkd /src/libcoap/src/coap_net.c 5 ['N/A', 'N/A', 'N/A', 'N/A', 'N/A'] 109 0 304 50 16 677 0 6878 108
coap_netif_dgrm_write /src/libcoap/src/coap_netif.c 3 ['N/A', 'N/A', 'size_t'] 8 0 155 30 9 62 0 317 71
coap_tls_engine_configure /src/libcoap/src/coap_openssl.c 1 ['N/A'] 6 0 575 124 34 32 0 121 52
coap_op_resource_deleted /src/libcoap/src/coap_subscribe.c 3 ['N/A', 'N/A', 'N/A'] 6 0 252 40 16 37 0 129 40
coap_session_set_type_server /src/libcoap/src/coap_session.c 1 ['N/A'] 106 0 18 3 2 673 0 6806 36
coap_join_mcast_group_intf /src/libcoap/src/coap_net.c 3 ['N/A', 'N/A', 'N/A'] 6 0 24 3 2 37 0 127 36
coap_split_path /src/libcoap/src/coap_uri.c 4 ['N/A', 'size_t', 'N/A', 'N/A'] 7 0 53 3 2 28 0 132 35

Implementing fuzzers that target the above functions will improve reachability such that it becomes:

Functions statically reachable by fuzzers
71.0%
695 / 982
Cyclomatic complexity statically reachable by fuzzers
87.0%
8079 / 9244

All functions overview

If you implement fuzzers for these functions, the status of all functions in the project will be:

Func name Functions filename Args Function call depth Reached by Fuzzers Runtime reached by Fuzzers Combined reached by Fuzzers Fuzzers runtime hit Func lines hit % I Count BB Count Cyclomatic complexity Functions reached Reached by functions Accumulated cyclomatic complexity Undiscovered complexity

Fuzz engine guidance

This sections provides heuristics that can be used as input to a fuzz engine when running a given fuzz target. The current focus is on providing input that is usable by libFuzzer.

tests/oss-fuzz/get_asn1_tag_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['coap_new_string']

tests/oss-fuzz/split_uri_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['coap_dtls_is_supported', 'coap_tls_is_supported', 'coap_wss_is_supported', 'coap_split_uri_sub', 'coap_ws_is_supported', 'coap_log_impl']

tests/oss-fuzz/pdu_parse_tcp_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['coap_show_pdu', 'LLVMFuzzerTestOneInput', 'coap_pdu_parse_opt', 'coap_dtls_is_supported', 'coap_wss_is_supported', 'coap_pdu_encode_header', 'coap_pdu_parse2']

tests/oss-fuzz/pdu_parse_udp_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['coap_pdu_encode_header', 'coap_show_pdu', 'coap_pdu_parse_header', 'coap_pdu_parse_opt', 'coap_dtls_is_supported', 'coap_wss_is_supported', 'coap_pdu_parse2', 'coap_get_uri_path']

tests/oss-fuzz/oscore_conf_parse_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['coap_new_string', 'coap_delete_bin_const', 'coap_parse_oscore_rcp_conf_mem', 'coap_cleanup', 'coap_dtls_startup', 'LLVMFuzzerTestOneInput', 'coap_parse_oscore_conf_mem']

tests/oss-fuzz/pdu_parse_ws_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['coap_pdu_encode_header', 'coap_show_pdu', 'LLVMFuzzerTestOneInput', 'coap_pdu_parse2', 'coap_pdu_parse_opt', 'coap_dtls_is_supported', 'coap_wss_is_supported']

tests/oss-fuzz/persist_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['coap_pdu_parse_opt', 'coap_make_str_const', 'coap_session_connected', 'coap_session_free', 'coap_send_internal', 'coap_get_resource_from_uri_path_lkd', 'coap_pdu_encode_header', 'coap_touch_observer', 'coap_cache_derive_key_w_ignore', 'coap_show_pdu']

tests/oss-fuzz/oscore_decrypt_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['coap_oscore_init', 'coap_oscore_decrypt_pdu', 'coap_session_free', 'coap_pdu_encode_header', 'coap_session_connected', 'coap_show_pdu', 'coap_send_internal', 'coap_option_filter_get']

tests/oss-fuzz/async_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['coap_make_str_const', 'coap_dispatch', 'coap_session_connected', 'coap_handle_dgram', 'coap_pdu_encode_header', 'coap_session_free', 'coap_send_internal', 'handle_request', 'coap_show_pdu']

tests/oss-fuzz/block_check_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['coap_io_do_epoll_lkd', 'coap_make_str_const', 'coap_pdu_parse_opt_base', 'coap_socket_connect_udp', 'coap_get_resource_from_uri_path_lkd', 'coap_show_pdu', 'coap_add_block_b_data', 'coap_add_block', 'coap_add_option', 'coap_dtls_new_context']

tests/oss-fuzz/observe_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['coap_make_str_const', 'coap_dispatch', 'coap_session_connected', 'coap_pdu_encode_header', 'coap_handle_dgram', 'coap_session_free', 'coap_send_internal', 'handle_request', 'coap_cache_derive_key_w_ignore']

tests/oss-fuzz/block_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['coap_make_str_const', 'coap_dispatch', 'coap_handle_dgram', 'coap_session_free', 'coap_send_internal', 'coap_pdu_encode_header', 'coap_show_pdu', 'coap_add_data_large_internal', 'coap_handle_request_send_block']

tests/oss-fuzz/network_message_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['setup_pki_ssl', 'coap_dispatch', 'coap_session_connected', 'coap_session_free', 'handle_request', 'coap_session_check_connect', 'coap_pdu_encode_header', 'coap_send_internal', 'coap_show_pdu']

Runtime coverage analysis

This section shows analysis of runtime coverage data.

For futher technical details on how this section is generated, please see the Glossary .

Complex functions with low coverage

Func name Function total lines Lines covered at runtime percentage covered Reached by fuzzers
coap_debug_send_packet 42 23 54.76% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer']
coap_socket_bind_udp 75 29 38.66% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
coap_socket_connect_udp 153 68 44.44% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
coap_socket_send 118 20 16.94% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer']
coap_test_cid_tuple_change 31 4 12.90% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer']
coap_new_context 69 37 53.62% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
coap_send_internal 152 62 40.78% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
coap_opt_setheader 47 20 42.55% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
coap_pdu_duplicate_lkd 75 31 41.33% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
coap_add_resource_lkd 38 18 47.36% ['block_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'block_check_fuzzer']
coap_add_observer 143 62 43.35% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
coap_delete_observer_internal 40 17 42.5% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
coap_session_connected 60 11 18.33% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
coap_new_endpoint_lkd 97 34 35.05% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
coap_persist_observe_add_lkd 197 30 15.22% ['persist_fuzzer']
coap_debug_set_packet_loss 39 13 33.33% ['block_fuzzer', 'network_message_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
coap_debug_set_packet_fail 39 13 33.33% ['block_fuzzer', 'network_message_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
coap_oscore_decrypt_pdu 644 152 23.60% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
oscore_cbor_put_unsigned 47 10 21.27% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
oscore_log_context 39 4 10.25% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
coap_remove_from_queue 36 6 16.66% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
coap_cancel_session_messages 32 5 15.62% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
coap_dispatch 390 176 45.12% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
coap_handle_event_lkd 71 23 32.39% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
coap_remove_from_queue_token 45 4 8.888% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
handle_request 495 267 53.93% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
coap_remove_option 78 11 14.10% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
coap_delete_proxy_subscriber 39 5 12.82% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
coap_add_data_blocked_response 101 51 50.49% ['block_check_fuzzer']
coap_cancel_observe_lkd 72 13 18.05% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
coap_block_check_lg_crcv_timeouts 55 19 34.54% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
coap_block_check_lg_srcv_timeouts 137 19 13.86% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
coap_block_check_q_block1_xmit 47 13 27.65% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
coap_block_check_q_block2_xmit 48 13 27.08% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
setup_block_b 35 18 51.42% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
coap_io_prepare_io_lkd 341 77 22.58% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
coap_client_delay_first 47 5 10.63% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
coap_io_do_epoll_lkd 69 10 14.49% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
coap_handle_request_send_block 259 31 11.96% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
coap_handle_request_put_block 392 178 45.40% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
update_received_blocks 49 14 28.57% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
coap_call_response_handler 43 18 41.86% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
handle_response 75 18 24.0% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
coap_print_addr 40 15 37.5% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
coap_print_ip_addr 49 15 30.61% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
coap_dtls_map_key_type_to_define 101 14 13.86% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
prepend_508_ip 90 35 38.88% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
handle_signaling 69 30 43.47% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
coap_dtls_info_callback 62 22 35.48% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
coap_dgram_ctrl 61 31 50.81% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
setup_pki_ssl 310 13 4.193% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
coap_session_delay_pdu 37 17 45.94% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
coap_socket_connect_tcp1 102 36 35.29% ['block_fuzzer', 'network_message_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'block_check_fuzzer']
coap_socket_write 39 20 51.28% ['network_message_fuzzer']

Files and Directories in report

This section shows which files and directories are considered in this report. The main reason for showing this is fuzz introspector may include more code in the reasoning than is desired. This section helps identify if too many files/directories are included, e.g. third party code, which may be irrelevant for the threat model. In the event too much is included, fuzz introspector supports a configuration file that can exclude data from the report. See the following link for more information on how to create a config file: link

Files in report

Source file Reached by Covered by
[] []
/src/libcoap/tests/oss-fuzz/coap_fuzz_helper.c ['async_fuzzer', 'observe_fuzzer', 'block_fuzzer'] ['async_fuzzer', 'observe_fuzzer', 'block_fuzzer']
/src/libcoap/src/coap_str.c ['get_asn1_tag_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_udp_fuzzer', 'oscore_conf_parse_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer'] ['get_asn1_tag_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_udp_fuzzer', 'oscore_conf_parse_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer']
/src/libcoap/src/coap_address.c ['persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer'] ['persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer']
/src/libcoap/src/coap_block.c ['pdu_parse_tcp_fuzzer', 'pdu_parse_udp_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer'] ['pdu_parse_tcp_fuzzer', 'pdu_parse_udp_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer']
/src/libcoap/tests/oss-fuzz/persist_target.c ['persist_fuzzer'] ['persist_fuzzer']
/src/libcoap/src/oscore/oscore_crypto.c ['persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer'] ['oscore_decrypt_fuzzer']
/src/libcoap/src/coap_strm_posix.c ['split_uri_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_udp_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer'] ['split_uri_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_udp_fuzzer', 'pdu_parse_ws_fuzzer', 'network_message_fuzzer']
/src/libcoap/src/coap_openssl.c ['split_uri_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_udp_fuzzer', 'oscore_conf_parse_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer'] ['split_uri_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_udp_fuzzer', 'oscore_conf_parse_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer']
/src/libcoap/tests/oss-fuzz/network_message_target.c ['network_message_fuzzer'] ['network_message_fuzzer']
/src/libcoap/src/coap_io.c ['persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer'] ['persist_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'block_fuzzer', 'network_message_fuzzer']
/src/libcoap/tests/oss-fuzz/pdu_parse_udp_target.c ['pdu_parse_udp_fuzzer'] ['pdu_parse_udp_fuzzer']
/src/libcoap/tests/oss-fuzz/async_target.c ['async_fuzzer'] ['async_fuzzer']
/src/libcoap/src/coap_proxy.c ['persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer'] ['persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer']
/src/libcoap/src/coap_async.c ['persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer'] ['persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer']
/src/libcoap/src/oscore/oscore_cose.c ['oscore_conf_parse_fuzzer', 'persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer'] ['oscore_conf_parse_fuzzer', 'oscore_decrypt_fuzzer']
/src/libcoap/src/coap_event.c ['async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer'] ['async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer']
/src/libcoap/./include/coap3/coap_resource_internal.h ['persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer'] []
/src/libcoap/src/coap_netif.c ['persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer'] ['persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer']
/src/libcoap/src/coap_time.c ['get_asn1_tag_fuzzer', 'split_uri_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_udp_fuzzer', 'oscore_conf_parse_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer'] ['split_uri_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_udp_fuzzer', 'oscore_conf_parse_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer']
/src/libcoap/./include/coap3/coap_pdu_internal.h ['persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer'] []
/src/libcoap/tests/oss-fuzz/block_target.c ['block_fuzzer'] ['block_fuzzer']
/src/libcoap/src/coap_dgrm_posix.c ['persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer'] ['persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer']
/src/libcoap/src/coap_dtls.c ['persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer'] ['network_message_fuzzer']
/usr/include/openssl/x509v3.h ['persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer'] []
/src/libcoap/src/coap_net.c ['pdu_parse_tcp_fuzzer', 'pdu_parse_udp_fuzzer', 'oscore_conf_parse_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer'] ['pdu_parse_tcp_fuzzer', 'pdu_parse_udp_fuzzer', 'oscore_conf_parse_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer']
/src/libcoap/tests/oss-fuzz/pdu_parse_tcp_target.c ['pdu_parse_tcp_fuzzer'] ['pdu_parse_tcp_fuzzer']
/src/libcoap/tests/oss-fuzz/observe_target.c ['observe_fuzzer'] ['observe_fuzzer']
/src/libcoap/src/coap_ws.c ['split_uri_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_udp_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer'] ['split_uri_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_udp_fuzzer', 'pdu_parse_ws_fuzzer']
/src/libcoap/./include/coap3/coap_uri.h ['persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer'] []
/src/libcoap/src/coap_pdu.c ['pdu_parse_tcp_fuzzer', 'pdu_parse_udp_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer'] ['pdu_parse_tcp_fuzzer', 'pdu_parse_udp_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer']
/src/libcoap/src/coap_asn1.c ['get_asn1_tag_fuzzer'] ['get_asn1_tag_fuzzer']
/src/libcoap/./include/coap3/coap_address.h [] []
/src/libcoap/src/coap_subscribe.c ['persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer'] ['persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer']
/src/libcoap/src/coap_io_posix.c ['persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer'] ['persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer']
/src/libcoap/src/coap_session.c ['persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer'] ['persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer']
/usr/include/openssl/ssl.h ['persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer'] []
/src/libcoap/src/coap_mem.c ['get_asn1_tag_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_udp_fuzzer', 'oscore_conf_parse_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer'] ['get_asn1_tag_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_udp_fuzzer', 'oscore_conf_parse_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer']
/src/libcoap/src/coap_encode.c ['pdu_parse_tcp_fuzzer', 'pdu_parse_udp_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer'] ['pdu_parse_tcp_fuzzer', 'pdu_parse_udp_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer']
/src/libcoap/src/coap_prng.c ['pdu_parse_tcp_fuzzer', 'pdu_parse_udp_fuzzer', 'oscore_conf_parse_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer'] ['pdu_parse_tcp_fuzzer', 'pdu_parse_udp_fuzzer', 'oscore_conf_parse_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer']
/src/libcoap/tests/oss-fuzz/pdu_parse_ws_target.c ['pdu_parse_ws_fuzzer'] ['pdu_parse_ws_fuzzer']
/src/libcoap/tests/oss-fuzz/get_asn1_tag_target.c ['get_asn1_tag_fuzzer'] ['get_asn1_tag_fuzzer']
/src/libcoap/tests/oss-fuzz/oscore_decrypt_target.c ['oscore_decrypt_fuzzer'] ['oscore_decrypt_fuzzer']
/src/libcoap/src/oscore/oscore_context.c ['persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer'] ['persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer']
/src/libcoap/src/coap_option.c ['pdu_parse_tcp_fuzzer', 'pdu_parse_udp_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer'] ['pdu_parse_tcp_fuzzer', 'pdu_parse_udp_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer']
/src/libcoap/src/coap_debug.c ['get_asn1_tag_fuzzer', 'split_uri_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_udp_fuzzer', 'oscore_conf_parse_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer'] ['split_uri_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_udp_fuzzer', 'oscore_conf_parse_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer']
/src/libcoap/src/coap_cache.c ['persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer'] ['persist_fuzzer', 'block_check_fuzzer', 'observe_fuzzer']
/src/libcoap/tests/oss-fuzz/oscore_conf_parse_target.c ['oscore_conf_parse_fuzzer'] ['oscore_conf_parse_fuzzer']
/src/libcoap/src/oscore/oscore_cbor.c ['persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer'] ['oscore_decrypt_fuzzer']
/src/libcoap/./include/coap3/coap_block_internal.h ['persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer'] []
/src/libcoap/src/oscore/oscore.c ['oscore_conf_parse_fuzzer', 'persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer'] ['oscore_conf_parse_fuzzer', 'oscore_decrypt_fuzzer']
/src/libcoap/src/coap_oscore.c ['oscore_conf_parse_fuzzer', 'persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer'] ['oscore_conf_parse_fuzzer', 'persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer']
/src/libcoap/src/coap_resource.c ['persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer'] ['persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer']
/src/libcoap/tests/oss-fuzz/split_uri_target.c ['split_uri_fuzzer'] ['split_uri_fuzzer']
/src/libcoap/src/coap_uri.c ['split_uri_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_udp_fuzzer', 'oscore_conf_parse_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer'] ['split_uri_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_udp_fuzzer', 'oscore_conf_parse_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'oscore_decrypt_fuzzer', 'async_fuzzer', 'block_check_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'network_message_fuzzer']
/src/libcoap/tests/oss-fuzz/block_check_target.c ['block_check_fuzzer'] ['block_check_fuzzer']

Directories in report

Directory
/src/libcoap/src/oscore/
/src/libcoap/src/
/src/libcoap/./include/coap3/
/usr/include/openssl/
/src/libcoap/tests/oss-fuzz/

Metadata section

This sections shows the raw data that is used to produce this report. This is mainly used for further processing and developer debugging.

Fuzzer Calltree file Program data file Coverage file
get_asn1_tag_fuzzer fuzzerLogFile-0-X27uDx4cPX.data fuzzerLogFile-0-X27uDx4cPX.data.yaml get_asn1_tag_fuzzer.covreport
split_uri_fuzzer fuzzerLogFile-0-P65jkF4Wm5.data fuzzerLogFile-0-P65jkF4Wm5.data.yaml split_uri_fuzzer.covreport
pdu_parse_tcp_fuzzer fuzzerLogFile-0-lur3DsY2IR.data fuzzerLogFile-0-lur3DsY2IR.data.yaml pdu_parse_tcp_fuzzer.covreport
pdu_parse_udp_fuzzer fuzzerLogFile-0-v5AQv49mOY.data fuzzerLogFile-0-v5AQv49mOY.data.yaml pdu_parse_udp_fuzzer.covreport
oscore_conf_parse_fuzzer fuzzerLogFile-0-uFvuJkeiCm.data fuzzerLogFile-0-uFvuJkeiCm.data.yaml oscore_conf_parse_fuzzer.covreport
pdu_parse_ws_fuzzer fuzzerLogFile-0-zHPKxuOLvm.data fuzzerLogFile-0-zHPKxuOLvm.data.yaml pdu_parse_ws_fuzzer.covreport
persist_fuzzer fuzzerLogFile-0-FRqeDljT5m.data fuzzerLogFile-0-FRqeDljT5m.data.yaml persist_fuzzer.covreport
oscore_decrypt_fuzzer fuzzerLogFile-0-Ss5uxzVCrz.data fuzzerLogFile-0-Ss5uxzVCrz.data.yaml oscore_decrypt_fuzzer.covreport
async_fuzzer fuzzerLogFile-0-7lXdXdadaF.data fuzzerLogFile-0-7lXdXdadaF.data.yaml async_fuzzer.covreport
block_check_fuzzer fuzzerLogFile-0-g6TdLVubGT.data fuzzerLogFile-0-g6TdLVubGT.data.yaml block_check_fuzzer.covreport
observe_fuzzer fuzzerLogFile-0-n7Yxv119F9.data fuzzerLogFile-0-n7Yxv119F9.data.yaml observe_fuzzer.covreport
block_fuzzer fuzzerLogFile-0-CiCyxTGK6N.data fuzzerLogFile-0-CiCyxTGK6N.data.yaml block_fuzzer.covreport
network_message_fuzzer fuzzerLogFile-0-KJjcLNTAeJ.data fuzzerLogFile-0-KJjcLNTAeJ.data.yaml network_message_fuzzer.covreport