High level conclusions

Fuzzers reach 84.51% of cyclomatic complexity.

Fuzzers reach 69.46% of all functions.

Fuzzer block_check_fuzzer is blocked:

The runtime code coverage of block_check_fuzzer covers 23.05% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer network_message_fuzzer is blocked:

The runtime code coverage of network_message_fuzzer covers 26.57% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer ws_frame_fuzzer is blocked:

The runtime code coverage of ws_frame_fuzzer covers 10.72% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer oscore_decrypt_fuzzer is blocked:

The runtime code coverage of oscore_decrypt_fuzzer covers 23.11% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer async_fuzzer is blocked:

The runtime code coverage of async_fuzzer covers 24.22% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer block_fuzzer is blocked:

The runtime code coverage of block_fuzzer covers 27.75% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer observe_fuzzer is blocked:

The runtime code coverage of observe_fuzzer covers 24.55% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer persist_fuzzer is blocked:

The runtime code coverage of persist_fuzzer covers 23.34% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer dtls_define_fuzzer is blocked:

The runtime code coverage of dtls_define_fuzzer covers 23.80% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer uri_extended_fuzzer is blocked:

The runtime code coverage of uri_extended_fuzzer covers 0.0% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Reachability and coverage overview

Functions statically reachable by fuzzers

696 / 1002

Cyclomatic complexity statically reachable by fuzzers

7911 / 9361

Runtime code coverage of functions

491 / 1002

The following table shows data about each function in the project. The functions included in this table correspond to all functions that exist in the executables of the fuzzers. As such, there may be functions that are from third-party libraries.

For further technical details on the meaning of columns in the below table, please see the Glossary .

Func name	Functions filename	Args	Function call depth	Reached by Fuzzers	Runtime reached by Fuzzers	Combined reached by Fuzzers	Fuzzers runtime hit	Func lines hit %	I Count	BB Count	Cyclomatic complexity	Functions reached	Reached by functions	Accumulated cyclomatic complexity	Undiscovered complexity

Fuzzer: get_asn1_tag_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	17	53.1%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	15	46.8%
All colors	32	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
17	9	coap_new_string	call site: 00009	coap_log_impl

Runtime coverage analysis

Covered functions

10

Functions that are reachable but not covered

15

Reachable functions

25

Percentage of reachable functions covered

40.0%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/get_asn1_tag_target.c	1
src/coap_asn1.c	4
src/coap_str.c	3
src/coap_mem.c	2
src/coap_debug.c	4
src/coap_time.c	3

Fuzzer: uri_extended_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	218	100.%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	0	0.0%
All colors	218	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
217	0	EP	call site: 00000	coap_uri_into_optlist

Runtime coverage analysis

Covered functions

0

Functions that are reachable but not covered

82

Reachable functions

82

Percentage of reachable functions covered

0.0%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/uri_extended_target.c	1
src/coap_net.c	2
src/coap_time.c	4
src/coap_prng.c	2
src/coap_mem.c	3
src/coap_openssl.c	5
src/coap_debug.c	7
src/coap_uri.c	26
src/coap_strm_posix.c	1
src/coap_ws.c	2
src/coap_option.c	7
src/coap_encode.c	1
src/coap_pdu.c	1
./include/coap3/coap_uri.h	1

Fuzzer: oscore_conf_parse_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	30	17.2%
gold	[1:9]	23	13.2%
yellow	[10:29]	8	4.59%
greenyellow	[30:49]	8	4.59%
lawngreen	50+	105	60.3%
All colors	174	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
16	41	coap_new_string	call site: 00041	coap_log_impl
4	94	coap_delete_bin_const	call site: 00094	coap_log_impl
4	126	coap_parse_oscore_rcp_conf_mem	call site: 00126	coap_log_impl
2	16	coap_cleanup	call site: 00016	ENGINE_finish
1	11	coap_dtls_startup	call site: 00011	OPENSSL_init_crypto
1	14	LLVMFuzzerTestOneInput	call site: 00014	coap_cleanup
1	20	coap_cleanup	call site: 00020	coap_free_type
1	148	coap_parse_oscore_conf_mem	call site: 00148	__assert_fail

Runtime coverage analysis

Covered functions

40

Functions that are reachable but not covered

22

Reachable functions

61

Percentage of reachable functions covered

63.93%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/oscore_conf_parse_target.c	1
src/coap_net.c	2
src/coap_time.c	4
src/coap_prng.c	2
src/coap_mem.c	3
src/coap_openssl.c	3
src/coap_debug.c	6
src/coap_uri.c	1
src/coap_oscore.c	10
src/coap_str.c	6
src/oscore/oscore_cose.c	4
src/oscore/oscore.c	1

Fuzzer: split_uri_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	22	33.3%
gold	[1:9]	13	19.6%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	6	9.09%
lawngreen	50+	25	37.8%
All colors	66	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
4	28	coap_dtls_is_supported	call site: 00028	coap_log_impl
4	40	coap_tls_is_supported	call site: 00040	coap_log_impl
4	50	coap_wss_is_supported	call site: 00050	coap_log_impl
2	25	coap_dtls_is_supported	call site: 00025	coap_log_impl
2	33	coap_split_uri_sub	call site: 00033	coap_log_impl
2	37	coap_tls_is_supported	call site: 00037	coap_log_impl
2	46	coap_ws_is_supported	call site: 00046	coap_log_impl
1	6	coap_split_uri_sub	call site: 00006	vsnprintf
1	17	coap_log_impl	call site: 00017	snprintf

Runtime coverage analysis

Covered functions

15

Functions that are reachable but not covered

13

Reachable functions

28

Percentage of reachable functions covered

53.57%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/split_uri_target.c	1
src/coap_uri.c	2
src/coap_debug.c	4
src/coap_time.c	3
src/coap_openssl.c	2
src/coap_strm_posix.c	1
src/coap_ws.c	2

Fuzzer: pdu_parse_udp_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	87	19.6%
gold	[1:9]	16	3.61%
yellow	[10:29]	13	2.94%
greenyellow	[30:49]	5	1.13%
lawngreen	50+	321	72.6%
All colors	442	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
19	404	coap_pdu_encode_header	call site: 00404	coap_log_impl
8	248	coap_show_pdu	call site: 00248	coap_log_impl
7	361	coap_show_pdu	call site: 00361	coap_log_impl
4	56	coap_pdu_parse_header	call site: 00056	coap_log_impl
4	102	coap_pdu_parse_opt	call site: 00102	coap_log_impl
4	107	coap_pdu_parse_opt	call site: 00107	coap_log_impl
4	193	coap_dtls_is_supported	call site: 00193	coap_log_impl
4	213	coap_wss_is_supported	call site: 00213	coap_log_impl
3	31	coap_pdu_parse2	call site: 00031	coap_log_impl
3	174	coap_get_uri_path	call site: 00174	coap_new_string
2	50	coap_realloc_type	call site: 00050	coap_log_impl
2	155	coap_new_string	call site: 00155	coap_log_impl

Runtime coverage analysis

Covered functions

81

Functions that are reachable but not covered

18

Reachable functions

98

Percentage of reachable functions covered

81.63%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/pdu_parse_udp_target.c	1
src/coap_net.c	2
src/coap_time.c	4
src/coap_prng.c	2
src/coap_mem.c	4
src/coap_openssl.c	5
src/coap_pdu.c	18
src/coap_debug.c	13
src/coap_option.c	12
src/coap_encode.c	3
src/coap_uri.c	9
src/coap_str.c	3
src/coap_strm_posix.c	1
src/coap_ws.c	2
src/coap_block.c	1

Fuzzer: dtls_define_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	15	25.0%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	45	75.0%
All colors	60	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
15	10	coap_dtls_define_issue	call site: 00010	print_timestamp

Runtime coverage analysis

Covered functions

5

Functions that are reachable but not covered

16

Reachable functions

21

Percentage of reachable functions covered

23.81%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/dtls_define_target.c	1
src/coap_debug.c	5
src/coap_dtls.c	3
src/coap_time.c	3

Fuzzer: pdu_parse_tcp_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	85	19.2%
gold	[1:9]	15	3.39%
yellow	[10:29]	10	2.26%
greenyellow	[30:49]	6	1.35%
lawngreen	50+	326	73.7%
All colors	442	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
8	248	coap_show_pdu	call site: 00248	coap_log_impl
7	361	coap_show_pdu	call site: 00361	coap_log_impl
5	401	LLVMFuzzerTestOneInput	call site: 00401	coap_log_impl
4	102	coap_pdu_parse_opt	call site: 00102	coap_log_impl
4	107	coap_pdu_parse_opt	call site: 00107	coap_log_impl
4	193	coap_dtls_is_supported	call site: 00193	coap_log_impl
4	213	coap_wss_is_supported	call site: 00213	coap_log_impl
4	419	coap_pdu_encode_header	call site: 00419	coap_log_impl
3	31	coap_pdu_parse2	call site: 00031	coap_log_impl
3	53	coap_pdu_parse2	call site: 00053	coap_log_impl
3	57	coap_pdu_parse_header	call site: 00057	coap_log_impl
3	174	coap_get_uri_path	call site: 00174	coap_new_string

Runtime coverage analysis

Covered functions

81

Functions that are reachable but not covered

18

Reachable functions

98

Percentage of reachable functions covered

81.63%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/pdu_parse_tcp_target.c	1
src/coap_net.c	2
src/coap_time.c	4
src/coap_prng.c	2
src/coap_mem.c	4
src/coap_openssl.c	5
src/coap_pdu.c	18
src/coap_debug.c	13
src/coap_option.c	12
src/coap_encode.c	3
src/coap_uri.c	9
src/coap_str.c	3
src/coap_strm_posix.c	1
src/coap_ws.c	2
src/coap_block.c	1

Fuzzer: pdu_parse_ws_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	88	19.9%
gold	[1:9]	15	3.39%
yellow	[10:29]	10	2.26%
greenyellow	[30:49]	6	1.35%
lawngreen	50+	323	73.0%
All colors	442	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
13	410	coap_pdu_encode_header	call site: 00410	coap_log_impl
8	248	coap_show_pdu	call site: 00248	coap_log_impl
7	361	coap_show_pdu	call site: 00361	coap_log_impl
5	401	LLVMFuzzerTestOneInput	call site: 00401	coap_log_impl
4	53	coap_pdu_parse2	call site: 00053	coap_log_impl
4	102	coap_pdu_parse_opt	call site: 00102	coap_log_impl
4	107	coap_pdu_parse_opt	call site: 00107	coap_log_impl
4	193	coap_dtls_is_supported	call site: 00193	coap_log_impl
4	213	coap_wss_is_supported	call site: 00213	coap_log_impl
3	31	coap_pdu_parse2	call site: 00031	coap_log_impl
3	174	coap_get_uri_path	call site: 00174	coap_new_string
2	50	coap_realloc_type	call site: 00050	coap_log_impl

Runtime coverage analysis

Covered functions

81

Functions that are reachable but not covered

18

Reachable functions

98

Percentage of reachable functions covered

81.63%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/pdu_parse_ws_target.c	1
src/coap_net.c	2
src/coap_time.c	4
src/coap_prng.c	2
src/coap_mem.c	4
src/coap_openssl.c	5
src/coap_pdu.c	18
src/coap_debug.c	13
src/coap_option.c	12
src/coap_encode.c	3
src/coap_uri.c	9
src/coap_str.c	3
src/coap_strm_posix.c	1
src/coap_ws.c	2
src/coap_block.c	1

Fuzzer: persist_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4421	88.0%
gold	[1:9]	6	0.11%
yellow	[10:29]	3	0.05%
greenyellow	[30:49]	4	0.07%
lawngreen	50+	587	11.6%
All colors	5021	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
1013	3672	coap_pdu_parse_opt	call site: 03672	coap_handle_event_lkd
495	2249	coap_make_str_const	call site: 02249	coap_session_release_lkd
292	1822	coap_session_connected	call site: 01822	coap_handle_event_lkd
254	3367	coap_session_free	call site: 03367	coap_dtls_handle_timeout
238	1362	coap_send_internal	call site: 01362	coap_oscore_new_pdu_encrypted_lkd
179	2971	coap_get_resource_from_uri_path_lkd	call site: 02971	coap_session_max_pdu_size_lkd
172	1031	coap_pdu_encode_header	call site: 01031	coap_proxy_forward_request_lkd
164	3193	coap_touch_observer	call site: 03193	coap_delete_observer_request
150	2757	coap_cache_derive_key_w_ignore	call site: 02757	coap_cancel_observe_lkd
146	703	coap_show_pdu	call site: 00703	coap_option_next
111	1210	coap_new_bin_const	call site: 01210	coap_send_internal
69	112	coap_dtls_new_context	call site: 00112	coap_session_str

Runtime coverage analysis

Covered functions

201

Functions that are reachable but not covered

627

Reachable functions

818

Percentage of reachable functions covered

23.35%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/persist_target.c	5
src/coap_subscribe.c	15
src/coap_net.c	59
src/coap_time.c	5
src/coap_prng.c	2
src/coap_mem.c	5
src/coap_openssl.c	65
src/coap_debug.c	15
src/coap_io.c	10
src/coap_session.c	54
src/coap_address.c	16
src/coap_netif.c	11
src/coap_strm_posix.c	6
src/coap_ws.c	2
src/coap_dgrm_posix.c	4
src/coap_io_posix.c	4
src/coap_proxy.c	22
src/coap_uri.c	20
src/coap_option.c	21
src/coap_encode.c	6
src/coap_str.c	10
src/coap_pdu.c	35
src/coap_cache.c	5
src/coap_block.c	51
src/coap_resource.c	29
./include/coap3/coap_pdu_internal.h	1
./include/coap3/coap_resource_internal.h	1
src/coap_oscore.c	19
./include/coap3/coap_uri.h	1
src/oscore/oscore_cose.c	19
src/oscore/oscore_context.c	27
src/oscore/oscore.c	8
src/oscore/oscore_cbor.c	13
./include/coap3/coap_block_internal.h	6
src/oscore/oscore_crypto.c	4
/usr/include/openssl/ssl.h	3
src/coap_dtls.c	4
/usr/include/openssl/x509v3.h	3
src/coap_async.c	4

Fuzzer: observe_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4245	86.8%
gold	[1:9]	63	1.28%
yellow	[10:29]	60	1.22%
greenyellow	[30:49]	229	4.68%
lawngreen	50+	289	5.91%
All colors	4886	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
495	2248	coap_make_str_const	call site: 02248	coap_session_release_lkd
317	3738	coap_dispatch	call site: 03738	coap_oscore_decrypt_pdu
292	1821	coap_session_connected	call site: 01821	coap_handle_event_lkd
267	4140	coap_dispatch	call site: 04140	coap_send_ack_lkd
262	1030	coap_pdu_encode_header	call site: 01030	coap_proxy_forward_request_lkd
259	4495	coap_handle_dgram	call site: 04495	coap_handle_event_lkd
245	3366	coap_session_free	call site: 03366	coap_dtls_handle_timeout
238	1361	coap_send_internal	call site: 01361	coap_oscore_new_pdu_encrypted_lkd
153	2990	handle_request	call site: 02990	coap_handle_request_put_block
150	2756	coap_cache_derive_key_w_ignore	call site: 02756	coap_cancel_observe_lkd
146	702	coap_show_pdu	call site: 00702	coap_option_next
75	3281	coap_new_error_response	call site: 03281	coap_resource_release_lkd

Runtime coverage analysis

Covered functions

202

Functions that are reachable but not covered

599

Reachable functions

794

Percentage of reachable functions covered

24.56%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/observe_target.c	3
src/coap_net.c	59
src/coap_time.c	5
src/coap_prng.c	2
src/coap_mem.c	5
src/coap_openssl.c	65
src/coap_debug.c	17
src/coap_io.c	10
src/coap_session.c	54
src/coap_address.c	16
src/coap_netif.c	11
src/coap_strm_posix.c	6
src/coap_ws.c	2
src/coap_dgrm_posix.c	4
src/coap_io_posix.c	4
src/coap_proxy.c	22
src/coap_uri.c	20
src/coap_option.c	21
src/coap_encode.c	6
src/coap_str.c	10
src/coap_pdu.c	35
src/coap_cache.c	5
src/coap_block.c	51
src/coap_resource.c	25
./include/coap3/coap_pdu_internal.h	1
./include/coap3/coap_resource_internal.h	1
src/coap_oscore.c	19
./include/coap3/coap_uri.h	1
src/oscore/oscore_cose.c	19
src/oscore/oscore_context.c	27
src/oscore/oscore.c	8
src/oscore/oscore_cbor.c	11
./include/coap3/coap_block_internal.h	6
src/oscore/oscore_crypto.c	4
/usr/include/openssl/ssl.h	3
src/coap_dtls.c	4
/usr/include/openssl/x509v3.h	3
src/coap_async.c	4
src/coap_subscribe.c	3
src/coap_event.c	1
tests/oss-fuzz/coap_fuzz_helper.c	2

Fuzzer: block_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4135	84.2%
gold	[1:9]	182	3.70%
yellow	[10:29]	45	0.91%
greenyellow	[30:49]	75	1.52%
lawngreen	50+	469	9.55%
All colors	4906	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
622	2248	coap_make_str_const	call site: 02248	coap_session_release_lkd
257	4495	coap_handle_dgram	call site: 04495	coap_handle_event_lkd
245	3366	coap_session_free	call site: 03366	coap_dtls_handle_timeout
245	3738	coap_dispatch	call site: 03738	coap_oscore_decrypt_pdu
238	1361	coap_send_internal	call site: 01361	coap_oscore_new_pdu_encrypted_lkd
172	1030	coap_pdu_encode_header	call site: 01030	coap_proxy_forward_request_lkd
155	702	coap_show_pdu	call site: 00702	coap_session_release_lkd
145	1968	coap_add_data_large_internal	call site: 01968	coap_add_data_large_request_lkd
139	4268	coap_handle_response_get_block	call site: 04268	coap_send_rst_lkd
121	3085	coap_handle_request_send_block	call site: 03085	coap_pdu_duplicate_lkd
102	4164	coap_find_lg_xmit	call site: 04164	coap_pdu_duplicate_lkd
75	3281	coap_new_error_response	call site: 03281	coap_resource_release_lkd

Runtime coverage analysis

Covered functions

234

Functions that are reachable but not covered

578

Reachable functions

800

Percentage of reachable functions covered

27.75%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/block_target.c	3
src/coap_net.c	59
src/coap_time.c	5
src/coap_prng.c	2
src/coap_mem.c	5
src/coap_openssl.c	65
src/coap_debug.c	17
src/coap_io.c	10
src/coap_session.c	55
src/coap_address.c	16
src/coap_netif.c	11
src/coap_strm_posix.c	6
src/coap_ws.c	2
src/coap_dgrm_posix.c	4
src/coap_io_posix.c	4
src/coap_proxy.c	22
src/coap_uri.c	20
src/coap_option.c	21
src/coap_encode.c	6
src/coap_str.c	10
src/coap_pdu.c	35
src/coap_cache.c	5
src/coap_block.c	56
src/coap_resource.c	25
./include/coap3/coap_pdu_internal.h	1
./include/coap3/coap_resource_internal.h	1
src/coap_oscore.c	19
./include/coap3/coap_uri.h	1
src/oscore/oscore_cose.c	19
src/oscore/oscore_context.c	27
src/oscore/oscore.c	8
src/oscore/oscore_cbor.c	11
./include/coap3/coap_block_internal.h	6
src/oscore/oscore_crypto.c	4
/usr/include/openssl/ssl.h	3
src/coap_dtls.c	4
/usr/include/openssl/x509v3.h	3
src/coap_async.c	4
src/coap_subscribe.c	3
src/coap_event.c	1
tests/oss-fuzz/coap_fuzz_helper.c	2

Fuzzer: async_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4334	87.8%
gold	[1:9]	83	1.68%
yellow	[10:29]	93	1.88%
greenyellow	[30:49]	300	6.07%
lawngreen	50+	125	2.53%
All colors	4935	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
665	2248	coap_make_str_const	call site: 02248	coap_session_release_lkd
334	3738	coap_dispatch	call site: 03738	coap_oscore_decrypt_pdu
292	1821	coap_session_connected	call site: 01821	coap_handle_event_lkd
267	4140	coap_dispatch	call site: 04140	coap_send_ack_lkd
262	1030	coap_pdu_encode_header	call site: 01030	coap_proxy_forward_request_lkd
259	4495	coap_handle_dgram	call site: 04495	coap_handle_event_lkd
245	3366	coap_session_free	call site: 03366	coap_dtls_handle_timeout
238	1361	coap_send_internal	call site: 01361	coap_oscore_new_pdu_encrypted_lkd
219	2989	handle_request	call site: 02989	coap_handle_request_put_block
155	702	coap_show_pdu	call site: 00702	coap_session_release_lkd
69	111	coap_dtls_new_context	call site: 00111	coap_session_str
69	259	coap_dtls_free_context	call site: 00259	coap_new_endpoint_lkd

Runtime coverage analysis

Covered functions

202

Functions that are reachable but not covered

610

Reachable functions

805

Percentage of reachable functions covered

24.22%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/async_target.c	3
src/coap_net.c	59
src/coap_time.c	5
src/coap_prng.c	2
src/coap_mem.c	5
src/coap_openssl.c	65
src/coap_debug.c	17
src/coap_io.c	10
src/coap_session.c	55
src/coap_address.c	16
src/coap_netif.c	11
src/coap_strm_posix.c	6
src/coap_ws.c	2
src/coap_dgrm_posix.c	4
src/coap_io_posix.c	4
src/coap_proxy.c	22
src/coap_uri.c	20
src/coap_option.c	21
src/coap_encode.c	6
src/coap_str.c	10
src/coap_pdu.c	35
src/coap_cache.c	5
src/coap_block.c	51
src/coap_resource.c	24
./include/coap3/coap_pdu_internal.h	1
./include/coap3/coap_resource_internal.h	1
src/coap_oscore.c	19
./include/coap3/coap_uri.h	1
src/oscore/oscore_cose.c	19
src/oscore/oscore_context.c	27
src/oscore/oscore.c	8
src/oscore/oscore_cbor.c	11
./include/coap3/coap_block_internal.h	6
src/oscore/oscore_crypto.c	4
/usr/include/openssl/ssl.h	3
src/coap_dtls.c	4
/usr/include/openssl/x509v3.h	3
src/coap_async.c	15
src/coap_subscribe.c	3
src/coap_event.c	1
tests/oss-fuzz/coap_fuzz_helper.c	2

Fuzzer: oscore_decrypt_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4452	89.9%
gold	[1:9]	123	2.48%
yellow	[10:29]	290	5.86%
greenyellow	[30:49]	17	0.34%
lawngreen	50+	65	1.31%
All colors	4947	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
1009	2456	oscore_context_release_recipients	call site: 02456	coap_session_release_lkd
708	4153	coap_oscore_decrypt_pdu	call site: 04153	coap_delete_node_lkd
380	3475	coap_session_free	call site: 03475	coap_dtls_handle_timeout
260	1152	coap_pdu_encode_header	call site: 01152	coap_proxy_forward_request_lkd
248	1941	coap_session_connected	call site: 01941	coap_handle_event_lkd
224	824	coap_show_pdu	call site: 00824	coap_session_release_lkd
84	4067	coap_oscore_decrypt_pdu	call site: 04067	coap_handle_event_lkd
80	567	coap_option_filter_get	call site: 00567	coap_split_proxy_uri
70	85	coap_delete_bin_const	call site: 00085	coap_parse_oscore_rcp_conf_mem
70	1868	coap_send_internal	call site: 01868	coap_io_process_lkd
69	240	coap_dtls_new_context	call site: 00240	coap_session_str
67	388	coap_dtls_free_context	call site: 00388	coap_new_endpoint_lkd

Runtime coverage analysis

Covered functions

191

Functions that are reachable but not covered

612

Reachable functions

796

Percentage of reachable functions covered

23.12%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/oscore_decrypt_target.c	1
src/coap_net.c	59
src/coap_time.c	5
src/coap_prng.c	2
src/coap_mem.c	5
src/coap_openssl.c	65
src/coap_debug.c	17
src/coap_oscore.c	28
src/coap_str.c	10
src/coap_io.c	10
src/coap_session.c	54
src/coap_address.c	16
src/coap_netif.c	11
src/coap_strm_posix.c	6
src/coap_ws.c	2
src/coap_dgrm_posix.c	4
src/coap_io_posix.c	4
src/coap_proxy.c	22
src/coap_uri.c	20
src/coap_option.c	21
src/coap_encode.c	6
src/coap_pdu.c	35
src/coap_cache.c	5
src/coap_block.c	51
src/coap_resource.c	20
./include/coap3/coap_pdu_internal.h	1
./include/coap3/coap_resource_internal.h	1
./include/coap3/coap_uri.h	1
src/oscore/oscore_cose.c	19
src/oscore/oscore_context.c	27
src/oscore/oscore.c	8
src/oscore/oscore_cbor.c	11
./include/coap3/coap_block_internal.h	6
src/oscore/oscore_crypto.c	4
/usr/include/openssl/ssl.h	3
src/coap_dtls.c	4
/usr/include/openssl/x509v3.h	3
src/coap_async.c	4
src/coap_subscribe.c	3

Fuzzer: ws_frame_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4729	94.6%
gold	[1:9]	40	0.80%
yellow	[10:29]	215	4.30%
greenyellow	[30:49]	3	0.06%
lawngreen	50+	7	0.14%
All colors	4994	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
1388	3354	coap_session_free	call site: 03354	coap_dtls_handle_timeout
1146	2198	coap_session_check_connect	call site: 02198	coap_session_release_lkd
641	993	coap_socket_connect_udp	call site: 00993	coap_session_reestablished
380	534	coap_session_free	call site: 00534	coap_delete_proxy_subscriber
292	1809	coap_session_connected	call site: 01809	coap_handle_event_lkd
133	383	coap_handle_event_lkd	call site: 00383	coap_proxy_remove_association
132	1674	coap_session_disconnected_lkd	call site: 01674	coap_delete_node_lkd
69	99	coap_dtls_new_context	call site: 00099	coap_session_str
69	247	coap_dtls_free_context	call site: 00247	coap_new_endpoint_lkd
46	325	coap_socket_dgrm_close	call site: 00325	coap_netif_strm_listen
42	4825	coap_ws_rd_http_header_client	call site: 04825	coap_ws_build_key_hash
39	2150	coap_session_create_client	call site: 02150	coap_netif_strm_connect1

Runtime coverage analysis

Covered functions

92

Functions that are reachable but not covered

716

Reachable functions

802

Percentage of reachable functions covered

10.72%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/ws_frame_target.c	4
src/coap_net.c	59
src/coap_time.c	5
src/coap_prng.c	2
src/coap_mem.c	5
src/coap_openssl.c	67
src/coap_debug.c	15
src/coap_io.c	10
src/coap_session.c	53
src/coap_address.c	16
src/coap_netif.c	11
src/coap_strm_posix.c	6
src/coap_ws.c	15
src/coap_dgrm_posix.c	4
src/coap_io_posix.c	4
src/coap_proxy.c	22
src/coap_uri.c	20
src/coap_option.c	21
src/coap_encode.c	6
src/coap_str.c	10
src/coap_pdu.c	34
src/coap_cache.c	5
src/coap_block.c	51
src/coap_resource.c	20
./include/coap3/coap_pdu_internal.h	1
./include/coap3/coap_resource_internal.h	1
src/coap_oscore.c	19
./include/coap3/coap_uri.h	1
src/oscore/oscore_cose.c	19
src/oscore/oscore_context.c	27
src/oscore/oscore.c	8
src/oscore/oscore_cbor.c	11
./include/coap3/coap_block_internal.h	6
src/oscore/oscore_crypto.c	4
/usr/include/openssl/ssl.h	3
src/coap_dtls.c	4
/usr/include/openssl/x509v3.h	3
src/coap_async.c	4
src/coap_subscribe.c	3
src/coap_event.c	1

Fuzzer: network_message_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4162	84.7%
gold	[1:9]	31	0.63%
yellow	[10:29]	58	1.18%
greenyellow	[30:49]	44	0.89%
lawngreen	50+	618	12.5%
All colors	4913	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
503	2426	setup_pki_ssl	call site: 02426	coap_session_release_lkd
317	3739	coap_dispatch	call site: 03739	coap_oscore_decrypt_pdu
292	1822	coap_session_connected	call site: 01822	coap_handle_event_lkd
267	4141	coap_dispatch	call site: 04141	coap_send_ack_lkd
245	3367	coap_session_free	call site: 03367	coap_dtls_handle_timeout
240	2977	handle_request	call site: 02977	coap_session_max_pdu_size_lkd
217	1040	coap_pdu_encode_header	call site: 01040	coap_proxy_forward_request_lkd
210	2211	coap_session_check_connect	call site: 02211	coap_session_release_lkd
205	1366	coap_send_internal	call site: 01366	coap_oscore_new_pdu_encrypted_lkd
155	704	coap_show_pdu	call site: 00704	coap_session_release_lkd
140	4604	coap_epoll_ctl_mod	call site: 04604	coap_accept_endpoint
75	3282	coap_new_error_response	call site: 03282	coap_resource_release_lkd

Runtime coverage analysis

Covered functions

227

Functions that are reachable but not covered

594

Reachable functions

809

Percentage of reachable functions covered

26.58%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/network_message_target.c	7
src/coap_net.c	74
src/coap_time.c	5
src/coap_prng.c	2
src/coap_mem.c	5
src/coap_openssl.c	67
src/coap_debug.c	17
src/coap_address.c	16
src/coap_io.c	10
src/coap_session.c	54
src/coap_netif.c	11
src/coap_strm_posix.c	6
src/coap_ws.c	2
src/coap_dgrm_posix.c	4
src/coap_io_posix.c	4
src/coap_proxy.c	22
src/coap_uri.c	20
src/coap_option.c	21
src/coap_encode.c	6
src/coap_str.c	10
src/coap_pdu.c	35
src/coap_cache.c	5
src/coap_block.c	51
src/coap_resource.c	20
./include/coap3/coap_pdu_internal.h	1
./include/coap3/coap_resource_internal.h	1
src/coap_oscore.c	19
./include/coap3/coap_uri.h	1
src/oscore/oscore_cose.c	19
src/oscore/oscore_context.c	27
src/oscore/oscore.c	8
src/oscore/oscore_cbor.c	11
./include/coap3/coap_block_internal.h	6
src/oscore/oscore_crypto.c	4
/usr/include/openssl/ssl.h	3
src/coap_dtls.c	4
/usr/include/openssl/x509v3.h	3
src/coap_async.c	4
src/coap_subscribe.c	3

Fuzzer: block_check_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	4409	89.0%
gold	[1:9]	11	0.22%
yellow	[10:29]	377	7.61%
greenyellow	[30:49]	49	0.99%
lawngreen	50+	103	2.08%
All colors	4949	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
1240	3489	coap_io_do_epoll_lkd	call site: 03489	coap_read_endpoint
622	2249	coap_make_str_const	call site: 02249	coap_session_release_lkd
287	1322	coap_pdu_parse_opt_base	call site: 01322	coap_oscore_new_pdu_encrypted_lkd
197	1006	coap_socket_connect_udp	call site: 01006	coap_session_reestablished
163	2971	coap_get_resource_from_uri_path_lkd	call site: 02971	coap_session_max_pdu_size_lkd
159	703	coap_show_pdu	call site: 00703	coap_session_release_lkd
154	3135	coap_add_block_b_data	call site: 03135	coap_send_internal
116	1998	coap_add_block	call site: 01998	coap_send_internal
83	1724	coap_add_option	call site: 01724	coap_send_internal
69	112	coap_dtls_new_context	call site: 00112	coap_session_str
66	456	coap_new_string	call site: 00456	coap_split_proxy_uri
63	3367	coap_session_free	call site: 03367	coap_dtls_handle_timeout

Runtime coverage analysis

Covered functions

187

Functions that are reachable but not covered

614

Reachable functions

798

Percentage of reachable functions covered

23.06%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/block_check_target.c	2
src/coap_net.c	59
src/coap_time.c	5
src/coap_prng.c	2
src/coap_mem.c	5
src/coap_openssl.c	65
src/coap_debug.c	17
src/coap_io.c	10
src/coap_session.c	55
src/coap_address.c	16
src/coap_netif.c	11
src/coap_strm_posix.c	6
src/coap_ws.c	2
src/coap_dgrm_posix.c	4
src/coap_io_posix.c	5
src/coap_proxy.c	22
src/coap_uri.c	20
src/coap_option.c	21
src/coap_encode.c	6
src/coap_str.c	10
src/coap_pdu.c	35
src/coap_cache.c	5
src/coap_block.c	58
src/coap_resource.c	23
./include/coap3/coap_pdu_internal.h	1
./include/coap3/coap_resource_internal.h	1
src/coap_oscore.c	19
./include/coap3/coap_uri.h	1
src/oscore/oscore_cose.c	19
src/oscore/oscore_context.c	27
src/oscore/oscore.c	8
src/oscore/oscore_cbor.c	11
./include/coap3/coap_block_internal.h	6
src/oscore/oscore_crypto.c	4
/usr/include/openssl/ssl.h	3
src/coap_dtls.c	4
/usr/include/openssl/x509v3.h	3
src/coap_async.c	4
src/coap_subscribe.c	3
src/coap_event.c	1

Fuzzer: cache_key_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	3693	76.2%
gold	[1:9]	212	4.37%
yellow	[10:29]	376	7.76%
greenyellow	[30:49]	93	1.92%
lawngreen	50+	468	9.66%
All colors	4842	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
282	2449	coap_dtls_define_issue	call site: 02449	coap_session_release_lkd
157	1033	coap_pdu_encode_header	call site: 01033	coap_proxy_forward_request_lkd
139	4256	coap_handle_response_get_block	call site: 04256	coap_send_rst_lkd
123	3476	coap_io_do_epoll_lkd	call site: 03476	coap_read_endpoint
114	2744	coap_cache_derive_key_w_ignore	call site: 02744	coap_cancel_observe_lkd
103	4152	coap_find_lg_xmit	call site: 04152	coap_pdu_duplicate_lkd
81	4591	coap_epoll_ctl_mod	call site: 04591	coap_accept_endpoint
73	2335	oscore_context_release_recipients	call site: 02335	coap_session_release_lkd
72	1985	coap_add_block	call site: 01985	coap_send_internal
63	3354	coap_session_free	call site: 03354	coap_dtls_handle_timeout
59	1467	dump_cose	call site: 01467	coap_insert_option
58	3277	coap_io_prepare_io_lkd	call site: 03277	coap_retransmit

Runtime coverage analysis

Covered functions

494

Functions that are reachable but not covered

422

Reachable functions

787

Percentage of reachable functions covered

46.38%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
tests/oss-fuzz/cache_key_target.c	1
src/coap_net.c	59
src/coap_time.c	5
src/coap_prng.c	2
src/coap_mem.c	5
src/coap_openssl.c	65
src/coap_debug.c	15
src/coap_io.c	10
src/coap_session.c	54
src/coap_address.c	16
src/coap_netif.c	11
src/coap_strm_posix.c	6
src/coap_ws.c	2
src/coap_dgrm_posix.c	4
src/coap_io_posix.c	4
src/coap_proxy.c	22
src/coap_uri.c	20
src/coap_option.c	21
src/coap_encode.c	6
src/coap_str.c	10
src/coap_pdu.c	35
src/coap_cache.c	11
src/coap_block.c	51
src/coap_resource.c	20
./include/coap3/coap_pdu_internal.h	1
./include/coap3/coap_resource_internal.h	1
src/coap_oscore.c	19
./include/coap3/coap_uri.h	1
src/oscore/oscore_cose.c	19
src/oscore/oscore_context.c	27
src/oscore/oscore.c	8
src/oscore/oscore_cbor.c	11
./include/coap3/coap_block_internal.h	6
src/oscore/oscore_crypto.c	4
/usr/include/openssl/ssl.h	3
src/coap_dtls.c	4
/usr/include/openssl/x509v3.h	3
src/coap_async.c	4
src/coap_subscribe.c	3

Optimal target analysis

Remaining optimal interesting functions

The following table shows a list of functions that are optimal targets. Optimal targets are identified by finding the functions that in combination, yield a high code coverage.

Func name	Functions filename	Arg count	Args	Function depth	hitcount	instr count	bb count	cyclomatic complexity	Reachable functions	Incoming references	total cyclomatic complexity	Unreached complexity
hnd_get_wellknown_lkd	/src/libcoap/src/coap_net.c	5	['N/A', 'N/A', 'N/A', 'N/A', 'N/A']	109	0	304	50	16	685	0	6947	108
coap_netif_dgrm_write	/src/libcoap/src/coap_netif.c	3	['N/A', 'N/A', 'size_t']	8	0	155	30	9	62	0	317	71
coap_tls_engine_configure	/src/libcoap/src/coap_openssl.c	1	['N/A']	6	0	575	124	34	32	0	121	52
coap_op_resource_deleted	/src/libcoap/src/coap_subscribe.c	3	['N/A', 'N/A', 'N/A']	6	0	252	40	16	37	0	129	40
coap_session_set_type_server	/src/libcoap/src/coap_session.c	1	['N/A']	106	0	18	3	2	681	0	6875	36
coap_join_mcast_group_intf	/src/libcoap/src/coap_net.c	3	['N/A', 'N/A', 'N/A']	6	0	24	3	2	37	0	127	36

Implementing fuzzers that target the above functions will improve reachability such that it becomes:

Functions statically reachable by fuzzers

717 / 1002

Cyclomatic complexity statically reachable by fuzzers

8246 / 9361

All functions overview

If you implement fuzzers for these functions, the status of all functions in the project will be:

Func name	Functions filename	Args	Function call depth	Reached by Fuzzers	Runtime reached by Fuzzers	Combined reached by Fuzzers	Fuzzers runtime hit	Func lines hit %	I Count	BB Count	Cyclomatic complexity	Functions reached	Reached by functions	Accumulated cyclomatic complexity	Undiscovered complexity

This sections provides heuristics that can be used as input to a fuzz engine when running a given fuzz target. The current focus is on providing input that is usable by libFuzzer.

tests/oss-fuzz/get_asn1_tag_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['coap_new_string']

tests/oss-fuzz/uri_extended_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

tests/oss-fuzz/oscore_conf_parse_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['coap_new_string', 'coap_delete_bin_const', 'coap_parse_oscore_rcp_conf_mem', 'coap_cleanup', 'coap_dtls_startup', 'LLVMFuzzerTestOneInput', 'coap_parse_oscore_conf_mem']

tests/oss-fuzz/split_uri_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['coap_dtls_is_supported', 'coap_tls_is_supported', 'coap_wss_is_supported', 'coap_split_uri_sub', 'coap_ws_is_supported', 'coap_log_impl']

tests/oss-fuzz/pdu_parse_udp_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['coap_pdu_encode_header', 'coap_show_pdu', 'coap_pdu_parse_header', 'coap_pdu_parse_opt', 'coap_dtls_is_supported', 'coap_wss_is_supported', 'coap_pdu_parse2', 'coap_get_uri_path']

tests/oss-fuzz/dtls_define_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['coap_dtls_define_issue']

tests/oss-fuzz/pdu_parse_tcp_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['coap_show_pdu', 'LLVMFuzzerTestOneInput', 'coap_pdu_parse_opt', 'coap_dtls_is_supported', 'coap_wss_is_supported', 'coap_pdu_encode_header', 'coap_pdu_parse2']

tests/oss-fuzz/pdu_parse_ws_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['coap_pdu_encode_header', 'coap_show_pdu', 'LLVMFuzzerTestOneInput', 'coap_pdu_parse2', 'coap_pdu_parse_opt', 'coap_dtls_is_supported', 'coap_wss_is_supported']

tests/oss-fuzz/persist_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['coap_pdu_parse_opt', 'coap_make_str_const', 'coap_session_connected', 'coap_session_free', 'coap_send_internal', 'coap_get_resource_from_uri_path_lkd', 'coap_pdu_encode_header', 'coap_touch_observer', 'coap_cache_derive_key_w_ignore', 'coap_show_pdu']

tests/oss-fuzz/observe_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['coap_make_str_const', 'coap_dispatch', 'coap_session_connected', 'coap_pdu_encode_header', 'coap_handle_dgram', 'coap_session_free', 'coap_send_internal', 'handle_request', 'coap_cache_derive_key_w_ignore']

tests/oss-fuzz/block_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['coap_make_str_const', 'coap_handle_dgram', 'coap_session_free', 'coap_dispatch', 'coap_send_internal', 'coap_pdu_encode_header', 'coap_show_pdu', 'coap_add_data_large_internal', 'coap_handle_response_get_block', 'coap_handle_request_send_block']

tests/oss-fuzz/async_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['coap_make_str_const', 'coap_dispatch', 'coap_session_connected', 'coap_pdu_encode_header', 'coap_handle_dgram', 'coap_session_free', 'coap_send_internal', 'handle_request', 'coap_show_pdu']

tests/oss-fuzz/oscore_decrypt_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['oscore_context_release_recipients', 'coap_oscore_decrypt_pdu', 'coap_session_free', 'coap_pdu_encode_header', 'coap_session_connected', 'coap_show_pdu', 'coap_option_filter_get', 'coap_delete_bin_const', 'coap_send_internal']

tests/oss-fuzz/ws_frame_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['coap_session_free', 'coap_session_check_connect', 'coap_socket_connect_udp', 'coap_session_connected', 'coap_handle_event_lkd', 'coap_session_disconnected_lkd', 'coap_dtls_new_context', 'coap_dtls_free_context', 'coap_socket_dgrm_close']

tests/oss-fuzz/network_message_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['setup_pki_ssl', 'coap_dispatch', 'coap_session_connected', 'coap_session_free', 'handle_request', 'coap_pdu_encode_header', 'coap_session_check_connect', 'coap_send_internal', 'coap_show_pdu']

tests/oss-fuzz/block_check_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['coap_io_do_epoll_lkd', 'coap_make_str_const', 'coap_pdu_parse_opt_base', 'coap_socket_connect_udp', 'coap_get_resource_from_uri_path_lkd', 'coap_show_pdu', 'coap_add_block_b_data', 'coap_add_block', 'coap_add_option', 'coap_dtls_new_context']

tests/oss-fuzz/cache_key_target.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['coap_dtls_define_issue', 'coap_pdu_encode_header', 'coap_handle_response_get_block', 'coap_io_do_epoll_lkd', 'coap_cache_derive_key_w_ignore', 'coap_find_lg_xmit', 'coap_epoll_ctl_mod', 'oscore_context_release_recipients', 'coap_add_block', 'coap_session_free']

This section shows analysis of runtime coverage data.

For futher technical details on how this section is generated, please see the Glossary .

Complex functions with low coverage

Func name	Function total lines	Lines covered at runtime	percentage covered	Reached by fuzzers
coap_debug_send_packet	42	23	54.76%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer']
coap_socket_bind_udp	75	29	38.66%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_socket_connect_udp	153	56	36.60%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_socket_send	118	20	16.94%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer']
coap_test_cid_tuple_change	31	4	12.90%	['observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer']
coap_new_context	69	37	53.62%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_send_internal	152	62	40.78%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_opt_setheader	47	20	42.55%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'uri_extended_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_pdu_duplicate_lkd	75	31	41.33%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_add_resource_lkd	38	18	47.36%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'block_fuzzer']
coap_add_observer	143	62	43.35%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_delete_observer_internal	40	17	42.5%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_session_connected	60	11	18.33%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_new_endpoint_lkd	97	34	35.05%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_session_create_client	108	59	54.62%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_persist_observe_add_lkd	197	30	15.22%	['cache_key_fuzzer', 'persist_fuzzer']
coap_debug_set_packet_loss	39	13	33.33%	['block_check_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer']
coap_debug_set_packet_fail	39	13	33.33%	['block_check_fuzzer', 'observe_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'oscore_decrypt_fuzzer']
coap_remove_from_queue	36	6	16.66%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_cancel_session_messages	32	5	15.62%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_call_response_handler	43	18	41.86%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_dispatch	390	169	43.33%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_handle_event_lkd	71	25	35.21%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_remove_from_queue_token	45	4	8.888%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
handle_request	495	267	53.93%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
handle_response	75	22	29.33%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_remove_option	78	11	14.10%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_find_lg_xmit	57	10	17.54%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_find_lg_crcv	31	10	32.25%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_handle_request_send_block	259	31	11.96%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_handle_request_put_block	392	193	49.23%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_handle_response_send_block	267	11	4.119%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_handle_response_get_block	556	29	5.215%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
setup_block_b	35	18	51.42%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
update_received_blocks	49	15	30.61%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_delete_proxy_subscriber	39	5	12.82%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_oscore_decrypt_pdu	658	152	23.10%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
oscore_cbor_put_unsigned	47	10	21.27%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
oscore_find_context	105	25	23.80%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
oscore_log_context	39	4	10.25%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_ws_rd_http_header_server	79	10	12.65%	['cache_key_fuzzer', 'ws_frame_fuzzer']
coap_ws_rd_http_header_client	62	11	17.74%	['cache_key_fuzzer', 'ws_frame_fuzzer']
coap_print_addr	40	15	37.5%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_print_ip_addr	49	15	30.61%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'uri_extended_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
prepend_508_ip	90	35	38.88%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
handle_signaling	69	30	43.47%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_dtls_info_callback	62	22	35.48%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_dgram_ctrl	61	31	50.81%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
setup_pki_ssl	310	13	4.193%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_session_delay_pdu	37	17	45.94%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_socket_connect_tcp1	102	36	35.29%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_socket_write	39	20	51.28%	['cache_key_fuzzer', 'network_message_fuzzer']
coap_add_data_blocked_response	101	51	50.49%	['cache_key_fuzzer', 'block_check_fuzzer']
coap_cancel_observe_lkd	72	13	18.05%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_block_check_lg_crcv_timeouts	55	19	34.54%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_block_check_lg_srcv_timeouts	137	19	13.86%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_block_check_q_block1_xmit	47	13	27.65%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_block_check_q_block2_xmit	48	13	27.08%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_io_prepare_io_lkd	341	77	22.58%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_client_delay_first	47	5	10.63%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']
coap_io_do_epoll_lkd	69	10	14.49%	['block_check_fuzzer', 'observe_fuzzer', 'persist_fuzzer', 'async_fuzzer', 'cache_key_fuzzer', 'network_message_fuzzer', 'block_fuzzer', 'ws_frame_fuzzer', 'oscore_decrypt_fuzzer']

This section shows which files and directories are considered in this report. The main reason for showing this is fuzz introspector may include more code in the reasoning than is desired. This section helps identify if too many files/directories are included, e.g. third party code, which may be irrelevant for the threat model. In the event too much is included, fuzz introspector supports a configuration file that can exclude data from the report. See the following link for more information on how to create a config file: link

Files in report

Source file	Reached by	Covered by
	[]	[]
/src/libcoap/./include/coap3/coap_address.h	[]	[]
/src/libcoap/./include/coap3/coap_resource_internal.h	['persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']	[]
/src/libcoap/src/coap_asn1.c	['get_asn1_tag_fuzzer']	['get_asn1_tag_fuzzer']
/src/libcoap/src/coap_option.c	['uri_extended_fuzzer', 'pdu_parse_udp_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']	['pdu_parse_udp_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']
/src/libcoap/src/coap_address.c	['persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']	['persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']
/src/libcoap/tests/oss-fuzz/uri_extended_target.c	['uri_extended_fuzzer']	[]
/src/libcoap/src/oscore/oscore_cbor.c	['persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']	['oscore_decrypt_fuzzer', 'cache_key_fuzzer']
/src/libcoap/src/coap_time.c	['get_asn1_tag_fuzzer', 'uri_extended_fuzzer', 'oscore_conf_parse_fuzzer', 'split_uri_fuzzer', 'pdu_parse_udp_fuzzer', 'dtls_define_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']	['oscore_conf_parse_fuzzer', 'split_uri_fuzzer', 'pdu_parse_udp_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']
/src/libcoap/tests/oss-fuzz/oscore_decrypt_target.c	['oscore_decrypt_fuzzer']	['oscore_decrypt_fuzzer']
/usr/include/openssl/x509v3.h	['persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']	[]
/src/libcoap/src/coap_net.c	['uri_extended_fuzzer', 'oscore_conf_parse_fuzzer', 'pdu_parse_udp_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']	['oscore_conf_parse_fuzzer', 'pdu_parse_udp_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']
/src/libcoap/src/oscore/oscore_cose.c	['oscore_conf_parse_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']	['oscore_conf_parse_fuzzer', 'oscore_decrypt_fuzzer', 'cache_key_fuzzer']
/src/libcoap/src/coap_io_posix.c	['persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']	['persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']
/src/libcoap/tests/oss-fuzz/persist_target.c	['persist_fuzzer']	['persist_fuzzer']
/src/libcoap/tests/oss-fuzz/oscore_conf_parse_target.c	['oscore_conf_parse_fuzzer']	['oscore_conf_parse_fuzzer']
/src/libcoap/tests/oss-fuzz/block_check_target.c	['block_check_fuzzer']	['block_check_fuzzer']
/src/libcoap/tests/oss-fuzz/pdu_parse_ws_target.c	['pdu_parse_ws_fuzzer']	['pdu_parse_ws_fuzzer']
/src/libcoap/src/coap_oscore.c	['oscore_conf_parse_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']	['oscore_conf_parse_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']
/src/libcoap/src/coap_dgrm_posix.c	['persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']	['persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']
/src/libcoap/tests/oss-fuzz/network_message_target.c	['network_message_fuzzer']	['network_message_fuzzer']
/src/libcoap/src/coap_async.c	['persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']	['persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']
/src/libcoap/tests/oss-fuzz/split_uri_target.c	['split_uri_fuzzer']	['split_uri_fuzzer']
/src/libcoap/tests/oss-fuzz/pdu_parse_udp_target.c	['pdu_parse_udp_fuzzer']	['pdu_parse_udp_fuzzer']
/usr/include/openssl/ssl.h	['persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']	[]
/src/libcoap/src/coap_mem.c	['get_asn1_tag_fuzzer', 'uri_extended_fuzzer', 'oscore_conf_parse_fuzzer', 'pdu_parse_udp_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']	['get_asn1_tag_fuzzer', 'oscore_conf_parse_fuzzer', 'pdu_parse_udp_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']
/src/libcoap/src/coap_encode.c	['uri_extended_fuzzer', 'pdu_parse_udp_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']	['pdu_parse_udp_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']
/src/libcoap/tests/oss-fuzz/block_target.c	['block_fuzzer']	['block_fuzzer']
/src/libcoap/src/coap_dtls.c	['dtls_define_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']	['dtls_define_fuzzer', 'network_message_fuzzer', 'cache_key_fuzzer']
/src/libcoap/src/coap_session.c	['persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']	['persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']
/src/libcoap/tests/oss-fuzz/cache_key_target.c	['cache_key_fuzzer']	['cache_key_fuzzer']
/src/libcoap/src/coap_uri.c	['uri_extended_fuzzer', 'oscore_conf_parse_fuzzer', 'split_uri_fuzzer', 'pdu_parse_udp_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']	['oscore_conf_parse_fuzzer', 'split_uri_fuzzer', 'pdu_parse_udp_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']
/src/libcoap/src/coap_subscribe.c	['persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']	['persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']
/src/libcoap/src/coap_openssl.c	['uri_extended_fuzzer', 'oscore_conf_parse_fuzzer', 'split_uri_fuzzer', 'pdu_parse_udp_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']	['oscore_conf_parse_fuzzer', 'split_uri_fuzzer', 'pdu_parse_udp_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']
/src/libcoap/src/coap_resource.c	['persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']	['persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']
/src/libcoap/src/coap_strm_posix.c	['uri_extended_fuzzer', 'split_uri_fuzzer', 'pdu_parse_udp_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']	['split_uri_fuzzer', 'pdu_parse_udp_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'network_message_fuzzer', 'cache_key_fuzzer']
/src/libcoap/src/oscore/oscore.c	['oscore_conf_parse_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']	['oscore_conf_parse_fuzzer', 'oscore_decrypt_fuzzer', 'cache_key_fuzzer']
/src/libcoap/src/coap_io.c	['persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']	['persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']
/src/libcoap/src/coap_debug.c	['get_asn1_tag_fuzzer', 'uri_extended_fuzzer', 'oscore_conf_parse_fuzzer', 'split_uri_fuzzer', 'pdu_parse_udp_fuzzer', 'dtls_define_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']	['oscore_conf_parse_fuzzer', 'split_uri_fuzzer', 'pdu_parse_udp_fuzzer', 'dtls_define_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']
/src/libcoap/src/coap_netif.c	['persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']	['persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']
/src/libcoap/tests/oss-fuzz/get_asn1_tag_target.c	['get_asn1_tag_fuzzer']	['get_asn1_tag_fuzzer']
/src/libcoap/tests/oss-fuzz/coap_fuzz_helper.c	['observe_fuzzer', 'block_fuzzer', 'async_fuzzer']	['observe_fuzzer', 'block_fuzzer', 'async_fuzzer']
/src/libcoap/./include/coap3/coap_uri.h	['uri_extended_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']	[]
/src/libcoap/src/oscore/oscore_crypto.c	['persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']	['oscore_decrypt_fuzzer', 'cache_key_fuzzer']
/src/libcoap/src/oscore/oscore_context.c	['persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']	['persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']
/src/libcoap/tests/oss-fuzz/pdu_parse_tcp_target.c	['pdu_parse_tcp_fuzzer']	['pdu_parse_tcp_fuzzer']
/src/libcoap/src/coap_pdu.c	['uri_extended_fuzzer', 'pdu_parse_udp_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']	['pdu_parse_udp_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']
/src/libcoap/src/coap_block.c	['pdu_parse_udp_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']	['pdu_parse_udp_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']
/src/libcoap/src/coap_proxy.c	['persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']	['persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']
/src/libcoap/tests/oss-fuzz/ws_frame_target.c	['ws_frame_fuzzer']	['ws_frame_fuzzer']
/src/libcoap/./include/coap3/coap_pdu_internal.h	['persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']	[]
/src/libcoap/tests/oss-fuzz/async_target.c	['async_fuzzer']	['async_fuzzer']
/src/libcoap/src/coap_str.c	['get_asn1_tag_fuzzer', 'oscore_conf_parse_fuzzer', 'pdu_parse_udp_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']	['get_asn1_tag_fuzzer', 'oscore_conf_parse_fuzzer', 'pdu_parse_udp_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']
/src/libcoap/./include/coap3/coap_block_internal.h	['persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']	[]
/src/libcoap/tests/oss-fuzz/dtls_define_target.c	['dtls_define_fuzzer']	['dtls_define_fuzzer']
/src/libcoap/src/coap_ws.c	['uri_extended_fuzzer', 'split_uri_fuzzer', 'pdu_parse_udp_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']	['split_uri_fuzzer', 'pdu_parse_udp_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'ws_frame_fuzzer', 'cache_key_fuzzer']
/src/libcoap/tests/oss-fuzz/observe_target.c	['observe_fuzzer']	['observe_fuzzer']
/src/libcoap/src/coap_prng.c	['uri_extended_fuzzer', 'oscore_conf_parse_fuzzer', 'pdu_parse_udp_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']	['oscore_conf_parse_fuzzer', 'pdu_parse_udp_fuzzer', 'pdu_parse_tcp_fuzzer', 'pdu_parse_ws_fuzzer', 'persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']
/src/libcoap/src/coap_cache.c	['persist_fuzzer', 'observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'oscore_decrypt_fuzzer', 'ws_frame_fuzzer', 'network_message_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']	['persist_fuzzer', 'observe_fuzzer', 'block_check_fuzzer', 'cache_key_fuzzer']
/src/libcoap/src/coap_event.c	['observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'ws_frame_fuzzer', 'block_check_fuzzer']	['observe_fuzzer', 'block_fuzzer', 'async_fuzzer', 'ws_frame_fuzzer', 'block_check_fuzzer']

Directories in report

Directory
/src/libcoap/tests/oss-fuzz/
/usr/include/openssl/
/src/libcoap/src/
/src/libcoap/src/oscore/
/src/libcoap/./include/coap3/