Fuzz introspector
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues
Project coverage
Per-fuzzer coverage

Table of contents

Project overview: libdwarf
High level conclusions
Reachability and coverage overview
Fuzzers overview
Project functions overview
Fuzzer details
Fuzzer: fuzz_crc_32
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_init_path
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_debuglink
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_die_cu_e
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_tie
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_init_binary
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_set_frame_all
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_die_cu_print
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_die_cu_offset
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_str_offsets
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_rng
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_macro_dwarf5
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_xuindex
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_gdbindex
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_stack_frame_access
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_die_cu
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_debug_str
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_die_cu_e_print
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_init_b
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_showsectgrp
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_crc
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_dnames
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_simplereader_tu
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_die_cu_attrs
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_die_cu_info1
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_debug_addr_access
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_die_cu_attrs_loclist
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_findfuncbypc
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_gnu_index
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_srcfiles
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_macro_dwarf4
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_aranges
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_globals
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Analyses and suggestions
Optimal target analysis
Remaining optimal interesting functions
All functions overview
Fuzz engine guidance
fuzz/fuzz_crc_32.c
Dictionary
Fuzzer function priority
fuzz/fuzz_init_path.c
Dictionary
Fuzzer function priority
fuzz/fuzz_debuglink.c
Dictionary
Fuzzer function priority
fuzz/fuzz_die_cu_e.c
Dictionary
Fuzzer function priority
fuzz/fuzz_tie.c
Dictionary
Fuzzer function priority
fuzz/fuzz_init_binary.c
Dictionary
Fuzzer function priority
fuzz/fuzz_set_frame_all.c
Dictionary
Fuzzer function priority
fuzz/fuzz_die_cu_print.c
Dictionary
Fuzzer function priority
fuzz/fuzz_die_cu_offset.c
Dictionary
Fuzzer function priority
fuzz/fuzz_str_offsets.c
Dictionary
Fuzzer function priority
fuzz/fuzz_rng.c
Dictionary
Fuzzer function priority
fuzz/fuzz_macro_dwarf5.c
Dictionary
Fuzzer function priority
fuzz/fuzz_xuindex.c
Dictionary
Fuzzer function priority
fuzz/fuzz_gdbindex.c
Dictionary
Fuzzer function priority
fuzz/fuzz_stack_frame_access.c
Dictionary
Fuzzer function priority
fuzz/fuzz_die_cu.c
Dictionary
Fuzzer function priority
fuzz/fuzz_debug_str.c
Dictionary
Fuzzer function priority
fuzz/fuzz_die_cu_e_print.c
Dictionary
Fuzzer function priority
fuzz/fuzz_init_b.c
Dictionary
Fuzzer function priority
fuzz/fuzz_showsectgrp.c
Dictionary
Fuzzer function priority
fuzz/fuzz_crc.c
Dictionary
Fuzzer function priority
fuzz/fuzz_dnames.c
Dictionary
Fuzzer function priority
fuzz/fuzz_simplereader_tu.c
Dictionary
Fuzzer function priority
fuzz/fuzz_die_cu_attrs.c
Dictionary
Fuzzer function priority
fuzz/fuzz_die_cu_info1.c
Dictionary
Fuzzer function priority
fuzz/fuzz_debug_addr_access.c
Dictionary
Fuzzer function priority
fuzz/fuzz_die_cu_attrs_loclist.c
Dictionary
Fuzzer function priority
fuzz/fuzz_findfuncbypc.c
Dictionary
Fuzzer function priority
fuzz/fuzz_gnu_index.c
Dictionary
Fuzzer function priority
fuzz/fuzz_srcfiles.c
Dictionary
Fuzzer function priority
fuzz/fuzz_macro_dwarf4.c
Dictionary
Fuzzer function priority
fuzz/fuzz_aranges.c
Dictionary
Fuzzer function priority
fuzz/fuzz_globals.c
Dictionary
Fuzzer function priority
Runtime coverage analysis
Complex functions with low coverage
Files and Directories in report
Files in report
Directories in report
Metadata section
Report generation date: 2025-07-11

Project overview: libdwarf

High level conclusions

Reachability and coverage overview

Functions statically reachable by fuzzers
80.0%
720 / 900
Cyclomatic complexity statically reachable by fuzzers
83.0%
7654 / 9210
Runtime code coverage of functions
81.0%
729 / 900

Warning: The number of runtime covered functions are larger than the number of reachable functions. This means that Fuzz Introspector found there are more functions covered at runtime than what is considered reachable based on the static analysis. This is a limitation in the analysis as anything covered at runtime is by definition reachable by the fuzzers.
This is likely due to a limitation in the static analysis. In this case, the count of functions covered at runtime is the true value, which means this is what should be considered "achieved" by the fuzzer.

Use the project functions table below to query all functions that were not covered at runtime.

Fuzzers overview

Fuzzer Fuzzer filename Functions Reached Functions unreached Fuzzer depth Files reached Basic blocks reached Cyclomatic complexity Details
fuzz_crc_32 fuzz/fuzz_crc_32.c 204 642 11 28 3654 1453 fuzz_crc_32.c
fuzz_init_path fuzz/fuzz_init_path.c 241 605 11 28 4220 1695 fuzz_init_path.c
fuzz_debuglink fuzz/fuzz_debuglink.c 225 621 11 26 3948 1578 fuzz_debuglink.c
fuzz_die_cu_e fuzz/fuzz_die_cu_e.c 338 508 17 36 7462 3131 fuzz_die_cu_e.c
fuzz_tie fuzz/fuzz_tie.c 203 643 11 26 3638 1445 fuzz_tie.c
fuzz_init_binary fuzz/fuzz_init_binary.c 202 644 11 26 3610 1435 fuzz_init_binary.c
fuzz_set_frame_all fuzz/fuzz_set_frame_all.c 285 574 11 32 5791 2300 fuzz_set_frame_all.c
fuzz_die_cu_print fuzz/fuzz_die_cu_print.c 342 504 17 37 7570 3173 fuzz_die_cu_print.c
fuzz_die_cu_offset fuzz/fuzz_die_cu_offset.c 342 504 17 37 7528 3157 fuzz_die_cu_offset.c
fuzz_str_offsets fuzz/fuzz_str_offsets.c 217 631 11 27 3983 1585 fuzz_str_offsets.c
fuzz_rng fuzz/fuzz_rng.c 213 633 11 27 4074 1607 fuzz_rng.c
fuzz_macro_dwarf5 fuzz/fuzz_macro_dwarf5.c 391 456 17 39 9120 3786 fuzz_macro_dwarf5.c
fuzz_xuindex fuzz/fuzz_xuindex.c 202 644 11 26 3613 1436 fuzz_xuindex.c
fuzz_gdbindex fuzz/fuzz_gdbindex.c 224 643 11 27 3943 1569 fuzz_gdbindex.c
fuzz_stack_frame_access fuzz/fuzz_stack_frame_access.c 353 493 17 38 8082 3351 fuzz_stack_frame_access.c
fuzz_die_cu fuzz/fuzz_die_cu.c 339 507 17 36 7490 3141 fuzz_die_cu.c
fuzz_debug_str fuzz/fuzz_debug_str.c 205 643 11 27 3656 1456 fuzz_debug_str.c
fuzz_die_cu_e_print fuzz/fuzz_die_cu_e_print.c 341 505 17 37 7542 3163 fuzz_die_cu_e_print.c
fuzz_init_b fuzz/fuzz_init_b.c 204 643 11 26 3615 1440 fuzz_init_b.c
fuzz_showsectgrp fuzz/fuzz_showsectgrp.c 245 601 11 28 4277 1720 fuzz_showsectgrp.c
fuzz_crc fuzz/fuzz_crc.c 12 0 1 2 26 30 fuzz_crc.c
fuzz_dnames fuzz/fuzz_dnames.c 228 619 11 28 4374 1736 fuzz_dnames.c
fuzz_simplereader_tu fuzz/fuzz_simplereader_tu.c 213 633 17 27 4775 2115 fuzz_simplereader_tu.c
fuzz_die_cu_attrs fuzz/fuzz_die_cu_attrs.c 372 474 17 37 8479 3563 fuzz_die_cu_attrs.c
fuzz_die_cu_info1 fuzz/fuzz_die_cu_info1.c 339 507 17 36 7487 3140 fuzz_die_cu_info1.c
fuzz_debug_addr_access fuzz/fuzz_debug_addr_access.c 206 643 11 27 3790 1505 fuzz_debug_addr_access.c
fuzz_die_cu_attrs_loclist fuzz/fuzz_die_cu_attrs_loclist.c 388 458 17 38 9725 3972 fuzz_die_cu_attrs_loclist.c
fuzz_findfuncbypc fuzz/fuzz_findfuncbypc.c 445 417 18 41 10617 4332 fuzz_findfuncbypc.c
fuzz_gnu_index fuzz/fuzz_gnu_index.c 228 619 11 27 4384 1735 fuzz_gnu_index.c
fuzz_srcfiles fuzz/fuzz_srcfiles.c 411 450 17 39 9557 3967 fuzz_srcfiles.c
fuzz_macro_dwarf4 fuzz/fuzz_macro_dwarf4.c 212 641 11 28 3868 1532 fuzz_macro_dwarf4.c
fuzz_aranges fuzz/fuzz_aranges.c 224 632 11 27 4304 1703 fuzz_aranges.c
fuzz_globals fuzz/fuzz_globals.c 271 579 11 32 5613 2231 fuzz_globals.c

Project functions overview

The following table shows data about each function in the project. The functions included in this table correspond to all functions that exist in the executables of the fuzzers. As such, there may be functions that are from third-party libraries.

For further technical details on the meaning of columns in the below table, please see the Glossary .

Func name Functions filename Args Function call depth Reached by Fuzzers Runtime reached by Fuzzers Combined reached by Fuzzers Fuzzers runtime hit Func lines hit % I Count BB Count Cyclomatic complexity Functions reached Reached by functions Accumulated cyclomatic complexity Undiscovered complexity

Fuzzer details

Fuzzer: fuzz_crc_32

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 110 17.0%
gold [1:9] 25 3.87%
yellow [10:29] 9 1.39%
greenyellow [30:49] 34 5.27%
lawngreen 50+ 467 72.4%
All colors 645 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
54 54 1 :

['apply_rela_entries']

54 54 elf_relocations_nolibelf call site: 00000 /src/libdwarf/src/lib/libdwarf/dwarf_elfread.c:622
32 32 2 :

['_dwarfstring_append_zeros', '_dwarfstring_append_spaces']

34 70 dwarfstring_append_printf_u call site: 00436 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:867
16 16 1 :

['_dwarfstring_append_spaces']

18 42 dwarfstring_append_printf_s call site: 00414 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:347
5 5 1 :

['_dwarf_remove_from_staticerrlist']

5 52 dwarf_dealloc call site: 00191 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1076
4 18 2 :

['dwarf_set_load_preference', 'strcmp']

4 18 _dwarf_determine_section_allocation_type call site: 00255 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:858
4 6 2 :

['dwarf_errmsg_by_number', 'fflush']

4 68 _dwarf_error_string call site: 00010 /src/libdwarf/src/lib/libdwarf/dwarf_error.c:126
4 4 1 :

['_dwarf_closer']

4 186 dwarf_finish call site: 00174 /src/libdwarf/src/lib/libdwarf/dwarf_generic_init.c:565
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_macho_internals call site: 00583 /src/libdwarf/src/lib/libdwarf/dwarf_machoread.c:278
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_pe_access call site: 00624 /src/libdwarf/src/lib/libdwarf/dwarf_peread.c:441
3 3 1 :

['allocate_ts_entry']

3 3 _tsearch_inner call site: 00014 /src/libdwarf/src/lib/libdwarf/dwarf_tsearchhash.c:481
2 2 1 :

['fclose']

2 458 _dwarf_free_all_of_one_debug call site: 00196 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1281
0 109 1 :

['_dwarf_error']

0 109 dwarf_get_xu_index_header call site: 00499 /src/libdwarf/src/lib/libdwarf/dwarf_xu_index.c:418

Runtime coverage analysis

Covered functions
196
Functions that are reachable but not covered
33
Reachable functions
204
Percentage of reachable functions covered
83.82%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzz/fuzz_crc_32.c 1
src/lib/libdwarf/dwarf_generic_init.c 3
src/lib/libdwarf/dwarf_error.c 5
src/lib/libdwarf/dwarf_alloc.c 19
src/lib/libdwarf/dwarf_tsearchhash.c 12
src/lib/libdwarf/dwarf_string.c 10
src/lib/libdwarf/dwarf_object_detector.c 7
src/lib/libdwarf/dwarf_seekr.c 3
src/lib/libdwarf/dwarf_object_read_common.c 1
src/lib/libdwarf/dwarf_elfread.c 4
src/lib/libdwarf/dwarf_elf_load_headers.c 39
src/lib/libdwarf/dwarf_memcpy_swap.c 1
src/lib/libdwarf/dwarf_secname_ck.c 3
src/lib/libdwarf/dwarf_init_finish.c 13
src/lib/libdwarf/dwarf_harmless.c 2
src/lib/libdwarf/dwarf_xu_index.c 3
src/lib/libdwarf/dwarf_util.c 1
src/lib/libdwarf/dwarf_rnglists.c 2
src/lib/libdwarf/dwarf_loclists.c 2
src/lib/libdwarf/dwarf_groups.c 10
src/lib/libdwarf/dwarf_tied.c 1
src/lib/libdwarf/dwarf_setup_sections.c 4
src/lib/libdwarf/dwarf_debuglink.c 1
src/lib/libdwarf/dwarf_machoread.c 22
src/lib/libdwarf/dwarf_safe_strcpy.c 1
src/lib/libdwarf/dwarf_peread.c 13
src/lib/libdwarf/dwarf_crc32.c 1
src/lib/libdwarf/dwarf_crc.c 1

Fuzzer: fuzz_init_path

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 165 18.8%
gold [1:9] 11 1.25%
yellow [10:29] 20 2.28%
greenyellow [30:49] 11 1.25%
lawngreen 50+ 667 76.3%
All colors 874 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
156 1476 7 :

['match_buildid', 'dwarfstring_append', '_dwarf_get_suppress_debuglink_crc', 'dwarf_gnu_debuglink', 'dwarf_crc32', 'dwarf_finish', 'free']

156 1791 _dwarf_debuglink_finder_newpath call site: 00352 /src/libdwarf/src/lib/libdwarf/dwarf_object_detector.c:746
54 54 1 :

['apply_rela_entries']

54 54 elf_relocations_nolibelf call site: 00000 /src/libdwarf/src/lib/libdwarf/dwarf_elfread.c:622
16 16 1 :

['_dwarfstring_append_spaces']

18 42 dwarfstring_append_printf_s call site: 00673 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:347
5 5 1 :

['_dwarf_remove_from_staticerrlist']

5 52 dwarf_dealloc call site: 00086 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1076
4 18 2 :

['dwarf_set_load_preference', 'strcmp']

4 18 _dwarf_determine_section_allocation_type call site: 00036 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:858
3 3 1 :

['allocate_ts_entry']

3 3 _tsearch_inner call site: 00013 /src/libdwarf/src/lib/libdwarf/dwarf_tsearchhash.c:481
2 2 1 :

['fclose']

2 458 _dwarf_free_all_of_one_debug call site: 00108 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1281
0 171 5 :

['dwarfstring_destructor', 'dwarfstring_string', 'dwarfstring_append_printf_u', '_dwarf_error_string', 'dwarfstring_constructor']

0 171 _dwarf_extract_buildid call site: 00210 /src/libdwarf/src/lib/libdwarf/dwarf_debuglink.c:914
0 109 1 :

['_dwarf_error']

0 109 dwarf_get_xu_index_header call site: 00734 /src/libdwarf/src/lib/libdwarf/dwarf_xu_index.c:418
0 85 2 :

['_dwarf_object_detector_fd_a', '_dwarf_closer']

0 85 dwarf_object_detector_path_dSYM call site: 00048 /src/libdwarf/src/lib/libdwarf/dwarf_object_detector.c:648
0 17 1 :

['dwarfstring_append']

0 33 transform_leading_windowsletter call site: 00256 /src/libdwarf/src/lib/libdwarf/dwarf_debuglink.c:207
0 11 1 :

['_dwarf_tdestroy']

0 11 _dwarf_free_all_of_one_debug call site: 00156 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1340

Runtime coverage analysis

Covered functions
230
Functions that are reachable but not covered
36
Reachable functions
241
Percentage of reachable functions covered
85.06%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzz/fuzz_init_path.c 1
src/lib/libdwarf/dwarf_generic_init.c 6
src/lib/libdwarf/dwarf_error.c 5
src/lib/libdwarf/dwarf_alloc.c 19
src/lib/libdwarf/dwarf_tsearchhash.c 12
src/lib/libdwarf/dwarf_string.c 12
src/lib/libdwarf/dwarf_object_detector.c 17
src/lib/libdwarf/dwarf_seekr.c 4
src/lib/libdwarf/dwarf_object_read_common.c 1
src/lib/libdwarf/dwarf_debuglink.c 20
src/lib/libdwarf/dwarf_init_finish.c 13
src/lib/libdwarf/dwarf_harmless.c 2
src/lib/libdwarf/dwarf_xu_index.c 3
src/lib/libdwarf/dwarf_util.c 2
src/lib/libdwarf/dwarf_rnglists.c 2
src/lib/libdwarf/dwarf_loclists.c 2
src/lib/libdwarf/dwarf_groups.c 10
src/lib/libdwarf/dwarf_tied.c 1
src/lib/libdwarf/dwarf_safe_strcpy.c 1
src/lib/libdwarf/dwarf_crc32.c 1
src/lib/libdwarf/dwarf_crc.c 1
src/lib/libdwarf/dwarf_elfread.c 4
src/lib/libdwarf/dwarf_elf_load_headers.c 39
src/lib/libdwarf/dwarf_memcpy_swap.c 1
src/lib/libdwarf/dwarf_secname_ck.c 3
src/lib/libdwarf/dwarf_setup_sections.c 4
src/lib/libdwarf/dwarf_machoread.c 22
src/lib/libdwarf/dwarf_peread.c 13

Fuzzer: fuzz_debuglink

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 145 18.3%
gold [1:9] 40 5.05%
yellow [10:29] 25 3.16%
greenyellow [30:49] 18 2.27%
lawngreen 50+ 563 71.1%
All colors 791 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
115 132 4 :

['dwarf_dealloc_error', 'dwarf_errmsg', 'dwarf_errno', 'dwarfstring_append']

115 426 dwarf_object_init_b call site: 00513 /src/libdwarf/src/lib/libdwarf/dwarf_init_finish.c:1145
54 54 1 :

['apply_rela_entries']

54 54 elf_relocations_nolibelf call site: 00000 /src/libdwarf/src/lib/libdwarf/dwarf_elfread.c:622
35 35 1 :

['transform_leading_windowsletter']

35 426 _dwarf_construct_linkedto_path call site: 00698 /src/libdwarf/src/lib/libdwarf/dwarf_debuglink.c:654
16 16 1 :

['_dwarfstring_append_spaces']

18 42 dwarfstring_append_printf_s call site: 00413 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:347
13 13 2 :

['_dwarf_remove_from_staticerrlist', '_dwarf_error_destructor']

13 60 dwarf_dealloc call site: 00186 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1055
10 29 5 :

['_dwarf_add_to_static_err_list', '_dwarf_special_no_dbg_error_malloc', 'calloc', 'dwarfstring_append', 'dwarfstring_constructor']

10 91 _dwarf_error_string call site: 00009 /src/libdwarf/src/lib/libdwarf/dwarf_error.c:126
4 18 2 :

['dwarf_set_load_preference', 'strcmp']

4 18 _dwarf_determine_section_allocation_type call site: 00254 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:858
4 4 1 :

['_dwarf_closer']

4 186 dwarf_finish call site: 00173 /src/libdwarf/src/lib/libdwarf/dwarf_generic_init.c:565
4 4 2 :

['strlen', 'strdup']

4 4 dwarf_gnu_debuglink call site: 00635 /src/libdwarf/src/lib/libdwarf/dwarf_debuglink.c:988
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_macho_internals call site: 00582 /src/libdwarf/src/lib/libdwarf/dwarf_machoread.c:278
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_pe_access call site: 00623 /src/libdwarf/src/lib/libdwarf/dwarf_peread.c:441
3 3 1 :

['allocate_ts_entry']

3 3 _tsearch_inner call site: 00013 /src/libdwarf/src/lib/libdwarf/dwarf_tsearchhash.c:481

Runtime coverage analysis

Covered functions
209
Functions that are reachable but not covered
41
Reachable functions
225
Percentage of reachable functions covered
81.78%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzz/fuzz_debuglink.c 1
src/lib/libdwarf/dwarf_generic_init.c 3
src/lib/libdwarf/dwarf_error.c 5
src/lib/libdwarf/dwarf_alloc.c 19
src/lib/libdwarf/dwarf_tsearchhash.c 12
src/lib/libdwarf/dwarf_string.c 12
src/lib/libdwarf/dwarf_object_detector.c 7
src/lib/libdwarf/dwarf_seekr.c 3
src/lib/libdwarf/dwarf_object_read_common.c 1
src/lib/libdwarf/dwarf_elfread.c 4
src/lib/libdwarf/dwarf_elf_load_headers.c 39
src/lib/libdwarf/dwarf_memcpy_swap.c 1
src/lib/libdwarf/dwarf_secname_ck.c 3
src/lib/libdwarf/dwarf_init_finish.c 13
src/lib/libdwarf/dwarf_harmless.c 2
src/lib/libdwarf/dwarf_xu_index.c 3
src/lib/libdwarf/dwarf_util.c 2
src/lib/libdwarf/dwarf_rnglists.c 2
src/lib/libdwarf/dwarf_loclists.c 2
src/lib/libdwarf/dwarf_groups.c 10
src/lib/libdwarf/dwarf_tied.c 1
src/lib/libdwarf/dwarf_setup_sections.c 4
src/lib/libdwarf/dwarf_debuglink.c 20
src/lib/libdwarf/dwarf_machoread.c 22
src/lib/libdwarf/dwarf_safe_strcpy.c 1
src/lib/libdwarf/dwarf_peread.c 13

Fuzzer: fuzz_die_cu_e

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 510 31.3%
gold [1:9] 145 8.90%
yellow [10:29] 92 5.64%
greenyellow [30:49] 78 4.78%
lawngreen 50+ 804 49.3%
All colors 1629 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
1994 1994 1 :

['dwarf_offdie_b']

1994 1994 _dwarf_internal_find_die_given_sig8 call site: 01345 /src/libdwarf/src/lib/libdwarf/dwarf_find_sigref.c:212
326 326 1 :

['_dwarf_get_debugfission_for_offset']

326 433 fill_in_dwp_offsets_if_present call site: 00868 /src/libdwarf/src/lib/libdwarf/dwarf_die_deliv.c:620
258 363 2 :

['_dwarf_read_str_offsets_header', 'dwarf_dealloc_error']

258 363 load_xu_str_offsets_into_cucontext call site: 01618 /src/libdwarf/src/lib/libdwarf/dwarf_fission_to_cu.c:162
127 349 2 :

['dwarf_die_offsets', 'dwarf_dealloc_die']

127 349 find_sig8_target_as_global_offset call site: 01344 /src/libdwarf/src/lib/libdwarf/dwarf_form.c:682
32 32 2 :

['_dwarfstring_append_zeros', '_dwarfstring_append_spaces']

34 70 dwarfstring_append_printf_u call site: 00435 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:867
24 309 7 :

['dwarf_errmsg', 'dwarfstring_destructor', 'dwarfstring_string', 'dwarfstring_append', 'dwarfstring_constructor_fixed', '_dwarf_error_string', 'dwarf_dealloc_error']

24 309 _dwarf_internal_global_formref_b call site: 01343 /src/libdwarf/src/lib/libdwarf/dwarf_form.c:957
16 16 1 :

['_dwarfstring_append_spaces']

18 42 dwarfstring_append_printf_s call site: 00413 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:347
8 8 2 :

['_dwarf_special_no_dbg_error_malloc', '_dwarf_add_to_static_err_list']

10 29 _dwarf_error_string call site: 00009 /src/libdwarf/src/lib/libdwarf/dwarf_error.c:129
5 5 1 :

['_dwarf_remove_from_staticerrlist']

5 52 dwarf_dealloc call site: 00190 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1076
4 18 2 :

['dwarf_set_load_preference', 'strcmp']

4 18 _dwarf_determine_section_allocation_type call site: 00254 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:858
4 4 1 :

['_dwarf_closer']

4 186 dwarf_finish call site: 00173 /src/libdwarf/src/lib/libdwarf/dwarf_generic_init.c:565
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_macho_internals call site: 00582 /src/libdwarf/src/lib/libdwarf/dwarf_machoread.c:278

Runtime coverage analysis

Covered functions
311
Functions that are reachable but not covered
56
Reachable functions
338
Percentage of reachable functions covered
83.43%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzz/fuzz_die_cu_e.c 1
src/lib/libdwarf/dwarf_generic_init.c 3
src/lib/libdwarf/dwarf_error.c 5
src/lib/libdwarf/dwarf_alloc.c 21
src/lib/libdwarf/dwarf_tsearchhash.c 12
src/lib/libdwarf/dwarf_string.c 12
src/lib/libdwarf/dwarf_object_detector.c 7
src/lib/libdwarf/dwarf_seekr.c 3
src/lib/libdwarf/dwarf_object_read_common.c 1
src/lib/libdwarf/dwarf_elfread.c 4
src/lib/libdwarf/dwarf_elf_load_headers.c 39
src/lib/libdwarf/dwarf_memcpy_swap.c 1
src/lib/libdwarf/dwarf_secname_ck.c 3
src/lib/libdwarf/dwarf_init_finish.c 13
src/lib/libdwarf/dwarf_harmless.c 3
src/lib/libdwarf/dwarf_xu_index.c 14
src/lib/libdwarf/dwarf_util.c 18
src/lib/libdwarf/dwarf_rnglists.c 6
src/lib/libdwarf/dwarf_loclists.c 6
src/lib/libdwarf/dwarf_groups.c 10
src/lib/libdwarf/dwarf_tied.c 6
src/lib/libdwarf/dwarf_setup_sections.c 4
src/lib/libdwarf/dwarf_debuglink.c 1
src/lib/libdwarf/dwarf_machoread.c 22
src/lib/libdwarf/dwarf_safe_strcpy.c 1
src/lib/libdwarf/dwarf_peread.c 13
src/lib/libdwarf/dwarf_die_deliv.c 32
src/lib/libdwarf/dwarf_query.c 18
src/lib/libdwarf/dwarf_leb.c 3
src/lib/libdwarf/dwarf_abbrev.c 1
src/lib/libdwarf/dwarf_names.c 2
src/lib/libdwarf/dwarf_fill_in_attr_form.c 2
src/lib/libdwarf/dwarf_form.c 18
src/lib/libdwarf/dwarf_find_sigref.c 2
src/lib/libdwarf/dwarf_str_offsets.c 5
src/lib/libdwarf/dwarf_fission_to_cu.c 5

Fuzzer: fuzz_tie

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 120 18.7%
gold [1:9] 10 1.56%
yellow [10:29] 23 3.59%
greenyellow [30:49] 33 5.16%
lawngreen 50+ 453 70.8%
All colors 639 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
115 132 4 :

['dwarf_dealloc_error', 'dwarf_errmsg', 'dwarf_errno', 'dwarfstring_append']

115 426 dwarf_object_init_b call site: 00513 /src/libdwarf/src/lib/libdwarf/dwarf_init_finish.c:1145
54 54 1 :

['apply_rela_entries']

54 54 elf_relocations_nolibelf call site: 00000 /src/libdwarf/src/lib/libdwarf/dwarf_elfread.c:622
32 32 2 :

['_dwarfstring_append_zeros', '_dwarfstring_append_spaces']

34 70 dwarfstring_append_printf_u call site: 00435 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:867
16 16 1 :

['_dwarfstring_append_spaces']

18 42 dwarfstring_append_printf_s call site: 00413 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:347
13 13 2 :

['_dwarf_remove_from_staticerrlist', '_dwarf_error_destructor']

13 60 dwarf_dealloc call site: 00186 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1055
10 29 5 :

['_dwarf_add_to_static_err_list', '_dwarf_special_no_dbg_error_malloc', 'calloc', 'dwarfstring_append', 'dwarfstring_constructor']

10 91 _dwarf_error_string call site: 00009 /src/libdwarf/src/lib/libdwarf/dwarf_error.c:126
4 18 2 :

['dwarf_set_load_preference', 'strcmp']

4 18 _dwarf_determine_section_allocation_type call site: 00254 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:858
4 4 1 :

['_dwarf_closer']

4 186 dwarf_finish call site: 00173 /src/libdwarf/src/lib/libdwarf/dwarf_generic_init.c:565
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_macho_internals call site: 00582 /src/libdwarf/src/lib/libdwarf/dwarf_machoread.c:278
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_pe_access call site: 00623 /src/libdwarf/src/lib/libdwarf/dwarf_peread.c:441
3 3 1 :

['allocate_ts_entry']

3 3 _tsearch_inner call site: 00013 /src/libdwarf/src/lib/libdwarf/dwarf_tsearchhash.c:481
2 2 1 :

['fclose']

2 458 _dwarf_free_all_of_one_debug call site: 00195 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1281

Runtime coverage analysis

Covered functions
189
Functions that are reachable but not covered
39
Reachable functions
203
Percentage of reachable functions covered
80.79%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzz/fuzz_tie.c 1
src/lib/libdwarf/dwarf_generic_init.c 4
src/lib/libdwarf/dwarf_error.c 5
src/lib/libdwarf/dwarf_alloc.c 19
src/lib/libdwarf/dwarf_tsearchhash.c 12
src/lib/libdwarf/dwarf_string.c 10
src/lib/libdwarf/dwarf_object_detector.c 7
src/lib/libdwarf/dwarf_seekr.c 3
src/lib/libdwarf/dwarf_object_read_common.c 1
src/lib/libdwarf/dwarf_elfread.c 4
src/lib/libdwarf/dwarf_elf_load_headers.c 39
src/lib/libdwarf/dwarf_memcpy_swap.c 1
src/lib/libdwarf/dwarf_secname_ck.c 3
src/lib/libdwarf/dwarf_init_finish.c 13
src/lib/libdwarf/dwarf_harmless.c 2
src/lib/libdwarf/dwarf_xu_index.c 3
src/lib/libdwarf/dwarf_util.c 1
src/lib/libdwarf/dwarf_rnglists.c 2
src/lib/libdwarf/dwarf_loclists.c 2
src/lib/libdwarf/dwarf_groups.c 10
src/lib/libdwarf/dwarf_tied.c 1
src/lib/libdwarf/dwarf_setup_sections.c 4
src/lib/libdwarf/dwarf_debuglink.c 1
src/lib/libdwarf/dwarf_machoread.c 22
src/lib/libdwarf/dwarf_safe_strcpy.c 1
src/lib/libdwarf/dwarf_peread.c 13

Fuzzer: fuzz_init_binary

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 117 18.4%
gold [1:9] 18 2.83%
yellow [10:29] 22 3.47%
greenyellow [30:49] 24 3.78%
lawngreen 50+ 453 71.4%
All colors 634 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
115 132 4 :

['dwarf_dealloc_error', 'dwarf_errmsg', 'dwarf_errno', 'dwarfstring_append']

115 426 dwarf_object_init_b call site: 00513 /src/libdwarf/src/lib/libdwarf/dwarf_init_finish.c:1145
54 54 1 :

['apply_rela_entries']

54 54 elf_relocations_nolibelf call site: 00000 /src/libdwarf/src/lib/libdwarf/dwarf_elfread.c:622
32 32 2 :

['_dwarfstring_append_zeros', '_dwarfstring_append_spaces']

34 70 dwarfstring_append_printf_u call site: 00435 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:867
16 16 1 :

['_dwarfstring_append_spaces']

18 42 dwarfstring_append_printf_s call site: 00413 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:347
13 13 2 :

['_dwarf_remove_from_staticerrlist', '_dwarf_error_destructor']

13 60 dwarf_dealloc call site: 00186 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1055
10 29 5 :

['_dwarf_add_to_static_err_list', '_dwarf_special_no_dbg_error_malloc', 'calloc', 'dwarfstring_append', 'dwarfstring_constructor']

10 91 _dwarf_error_string call site: 00009 /src/libdwarf/src/lib/libdwarf/dwarf_error.c:126
4 18 2 :

['dwarf_set_load_preference', 'strcmp']

4 18 _dwarf_determine_section_allocation_type call site: 00254 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:858
4 4 1 :

['_dwarf_closer']

4 186 dwarf_finish call site: 00173 /src/libdwarf/src/lib/libdwarf/dwarf_generic_init.c:565
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_macho_internals call site: 00582 /src/libdwarf/src/lib/libdwarf/dwarf_machoread.c:278
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_pe_access call site: 00623 /src/libdwarf/src/lib/libdwarf/dwarf_peread.c:441
3 3 1 :

['allocate_ts_entry']

3 3 _tsearch_inner call site: 00013 /src/libdwarf/src/lib/libdwarf/dwarf_tsearchhash.c:481
2 2 1 :

['fclose']

2 458 _dwarf_free_all_of_one_debug call site: 00195 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1281

Runtime coverage analysis

Covered functions
188
Functions that are reachable but not covered
39
Reachable functions
202
Percentage of reachable functions covered
80.69%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzz/fuzz_init_binary.c 1
src/lib/libdwarf/dwarf_generic_init.c 3
src/lib/libdwarf/dwarf_error.c 5
src/lib/libdwarf/dwarf_alloc.c 19
src/lib/libdwarf/dwarf_tsearchhash.c 12
src/lib/libdwarf/dwarf_string.c 10
src/lib/libdwarf/dwarf_object_detector.c 7
src/lib/libdwarf/dwarf_seekr.c 3
src/lib/libdwarf/dwarf_object_read_common.c 1
src/lib/libdwarf/dwarf_elfread.c 4
src/lib/libdwarf/dwarf_elf_load_headers.c 39
src/lib/libdwarf/dwarf_memcpy_swap.c 1
src/lib/libdwarf/dwarf_secname_ck.c 3
src/lib/libdwarf/dwarf_init_finish.c 13
src/lib/libdwarf/dwarf_harmless.c 2
src/lib/libdwarf/dwarf_xu_index.c 3
src/lib/libdwarf/dwarf_util.c 1
src/lib/libdwarf/dwarf_rnglists.c 2
src/lib/libdwarf/dwarf_loclists.c 2
src/lib/libdwarf/dwarf_groups.c 10
src/lib/libdwarf/dwarf_tied.c 1
src/lib/libdwarf/dwarf_setup_sections.c 4
src/lib/libdwarf/dwarf_debuglink.c 1
src/lib/libdwarf/dwarf_machoread.c 22
src/lib/libdwarf/dwarf_safe_strcpy.c 1
src/lib/libdwarf/dwarf_peread.c 13

Fuzzer: fuzz_set_frame_all

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 265 19.6%
gold [1:9] 38 2.81%
yellow [10:29] 58 4.30%
greenyellow [30:49] 18 1.33%
lawngreen 50+ 969 71.8%
All colors 1348 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
16 16 1 :

['_dwarfstring_append_spaces']

18 42 dwarfstring_append_printf_s call site: 00415 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:347
8 115 2 :

['_dwarf_error_string', '_dwarf_skip_leb128']

8 224 _dwarf_get_gcc_eh_augmentation call site: 00729 /src/libdwarf/src/lib/libdwarf/dwarf_frame2.c:1986
5 5 1 :

['_dwarf_remove_from_staticerrlist']

5 52 dwarf_dealloc call site: 00192 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1076
4 18 2 :

['dwarf_set_load_preference', 'strcmp']

4 18 _dwarf_determine_section_allocation_type call site: 00256 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:858
4 6 2 :

['dwarf_errmsg_by_number', 'fflush']

4 68 _dwarf_error_string call site: 00011 /src/libdwarf/src/lib/libdwarf/dwarf_error.c:126
4 4 1 :

['_dwarf_closer']

4 186 dwarf_finish call site: 00175 /src/libdwarf/src/lib/libdwarf/dwarf_generic_init.c:565
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_macho_internals call site: 00584 /src/libdwarf/src/lib/libdwarf/dwarf_machoread.c:278
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_pe_access call site: 00625 /src/libdwarf/src/lib/libdwarf/dwarf_peread.c:441
2 2 1 :

['fclose']

2 458 _dwarf_free_all_of_one_debug call site: 00197 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1281
0 329 6 :

['dwarfstring_append_printf_u', 'dwarfstring_destructor', 'dwarfstring_string', 'dwarf_dealloc', '_dwarf_error_string', 'dwarfstring_constructor']

0 332 _dwarf_exec_frame_instr call site: 01154 /src/libdwarf/src/lib/libdwarf/dwarf_frame.c:1867
0 212 2 :

['dwarf_dealloc', '_dwarf_error']

0 212 _dwarf_create_cie_from_after_start call site: 00766 /src/libdwarf/src/lib/libdwarf/dwarf_frame2.c:1057
0 212 2 :

['dwarf_dealloc', '_dwarf_error']

0 212 _dwarf_create_fde_from_after_start call site: 00832 /src/libdwarf/src/lib/libdwarf/dwarf_frame2.c:1360

Runtime coverage analysis

Covered functions
282
Functions that are reachable but not covered
36
Reachable functions
285
Percentage of reachable functions covered
87.37%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzz/fuzz_set_frame_all.c 11
src/lib/libdwarf/dwarf_generic_init.c 3
src/lib/libdwarf/dwarf_error.c 5
src/lib/libdwarf/dwarf_alloc.c 19
src/lib/libdwarf/dwarf_tsearchhash.c 12
src/lib/libdwarf/dwarf_string.c 10
src/lib/libdwarf/dwarf_object_detector.c 7
src/lib/libdwarf/dwarf_seekr.c 3
src/lib/libdwarf/dwarf_object_read_common.c 1
src/lib/libdwarf/dwarf_elfread.c 4
src/lib/libdwarf/dwarf_elf_load_headers.c 39
src/lib/libdwarf/dwarf_memcpy_swap.c 1
src/lib/libdwarf/dwarf_secname_ck.c 3
src/lib/libdwarf/dwarf_init_finish.c 13
src/lib/libdwarf/dwarf_harmless.c 3
src/lib/libdwarf/dwarf_xu_index.c 3
src/lib/libdwarf/dwarf_util.c 6
src/lib/libdwarf/dwarf_rnglists.c 2
src/lib/libdwarf/dwarf_loclists.c 2
src/lib/libdwarf/dwarf_groups.c 10
src/lib/libdwarf/dwarf_tied.c 1
src/lib/libdwarf/dwarf_setup_sections.c 4
src/lib/libdwarf/dwarf_debuglink.c 1
src/lib/libdwarf/dwarf_machoread.c 22
src/lib/libdwarf/dwarf_safe_strcpy.c 1
src/lib/libdwarf/dwarf_peread.c 13
src/lib/libdwarf/dwarf_frame.c 37
src/lib/libdwarf/dwarf_frame2.c 17
src/lib/libdwarf/dwarf_die_deliv.c 1
src/lib/libdwarf/dwarf_leb.c 3
src/lib/libdwarf/dwarf_safe_arithmetic.c 2
src/lib/libdwarf/dwarf_names.c 1

Fuzzer: fuzz_die_cu_print

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 504 30.3%
gold [1:9] 147 8.83%
yellow [10:29] 103 6.19%
greenyellow [30:49] 58 3.48%
lawngreen 50+ 851 51.1%
All colors 1663 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
1994 1994 1 :

['dwarf_offdie_b']

1994 1994 _dwarf_internal_find_die_given_sig8 call site: 01349 /src/libdwarf/src/lib/libdwarf/dwarf_find_sigref.c:212
326 326 1 :

['_dwarf_get_debugfission_for_offset']

326 433 fill_in_dwp_offsets_if_present call site: 00872 /src/libdwarf/src/lib/libdwarf/dwarf_die_deliv.c:620
258 363 2 :

['_dwarf_read_str_offsets_header', 'dwarf_dealloc_error']

258 363 load_xu_str_offsets_into_cucontext call site: 01622 /src/libdwarf/src/lib/libdwarf/dwarf_fission_to_cu.c:162
186 291 2 :

['dwarf_dealloc_error', '_dwarf_trial_read_dwarf_five_hdr']

186 731 _dwarf_extract_string_offset_via_str_offsets call site: 01440 /src/libdwarf/src/lib/libdwarf/dwarf_form.c:1871
127 349 2 :

['dwarf_die_offsets', 'dwarf_dealloc_die']

127 349 find_sig8_target_as_global_offset call site: 01348 /src/libdwarf/src/lib/libdwarf/dwarf_form.c:682
32 32 2 :

['_dwarfstring_append_zeros', '_dwarfstring_append_spaces']

34 70 dwarfstring_append_printf_u call site: 00435 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:867
24 309 7 :

['dwarf_errmsg', 'dwarfstring_destructor', 'dwarfstring_string', 'dwarfstring_append', 'dwarfstring_constructor_fixed', '_dwarf_error_string', 'dwarf_dealloc_error']

24 309 _dwarf_internal_global_formref_b call site: 01347 /src/libdwarf/src/lib/libdwarf/dwarf_form.c:957
16 16 1 :

['_dwarfstring_append_spaces']

18 42 dwarfstring_append_printf_s call site: 00413 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:347
8 8 2 :

['_dwarf_special_no_dbg_error_malloc', '_dwarf_add_to_static_err_list']

10 29 _dwarf_error_string call site: 00009 /src/libdwarf/src/lib/libdwarf/dwarf_error.c:129
5 5 1 :

['_dwarf_remove_from_staticerrlist']

5 52 dwarf_dealloc call site: 00190 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1076
4 18 2 :

['dwarf_set_load_preference', 'strcmp']

4 18 _dwarf_determine_section_allocation_type call site: 00254 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:858
4 4 1 :

['_dwarf_closer']

4 186 dwarf_finish call site: 00173 /src/libdwarf/src/lib/libdwarf/dwarf_generic_init.c:565

Runtime coverage analysis

Covered functions
315
Functions that are reachable but not covered
56
Reachable functions
342
Percentage of reachable functions covered
83.63%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzz/fuzz_die_cu_print.c 1
src/lib/libdwarf/dwarf_generic_init.c 3
src/lib/libdwarf/dwarf_error.c 5
src/lib/libdwarf/dwarf_alloc.c 21
src/lib/libdwarf/dwarf_tsearchhash.c 12
src/lib/libdwarf/dwarf_string.c 12
src/lib/libdwarf/dwarf_object_detector.c 7
src/lib/libdwarf/dwarf_seekr.c 3
src/lib/libdwarf/dwarf_object_read_common.c 1
src/lib/libdwarf/dwarf_elfread.c 4
src/lib/libdwarf/dwarf_elf_load_headers.c 39
src/lib/libdwarf/dwarf_memcpy_swap.c 1
src/lib/libdwarf/dwarf_secname_ck.c 3
src/lib/libdwarf/dwarf_init_finish.c 13
src/lib/libdwarf/dwarf_harmless.c 3
src/lib/libdwarf/dwarf_xu_index.c 14
src/lib/libdwarf/dwarf_util.c 18
src/lib/libdwarf/dwarf_rnglists.c 6
src/lib/libdwarf/dwarf_loclists.c 6
src/lib/libdwarf/dwarf_groups.c 10
src/lib/libdwarf/dwarf_tied.c 6
src/lib/libdwarf/dwarf_setup_sections.c 4
src/lib/libdwarf/dwarf_debuglink.c 1
src/lib/libdwarf/dwarf_machoread.c 22
src/lib/libdwarf/dwarf_safe_strcpy.c 1
src/lib/libdwarf/dwarf_peread.c 13
src/lib/libdwarf/dwarf_query.c 19
src/lib/libdwarf/dwarf_frame.c 1
src/lib/libdwarf/dwarf_die_deliv.c 34
src/lib/libdwarf/dwarf_leb.c 3
src/lib/libdwarf/dwarf_abbrev.c 1
src/lib/libdwarf/dwarf_names.c 2
src/lib/libdwarf/dwarf_fill_in_attr_form.c 2
src/lib/libdwarf/dwarf_form.c 18
src/lib/libdwarf/dwarf_find_sigref.c 2
src/lib/libdwarf/dwarf_str_offsets.c 5
src/lib/libdwarf/dwarf_fission_to_cu.c 5

Fuzzer: fuzz_die_cu_offset

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 512 31.1%
gold [1:9] 129 7.83%
yellow [10:29] 106 6.43%
greenyellow [30:49] 73 4.43%
lawngreen 50+ 826 50.1%
All colors 1646 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
326 326 1 :

['_dwarf_get_debugfission_for_offset']

326 433 fill_in_dwp_offsets_if_present call site: 00868 /src/libdwarf/src/lib/libdwarf/dwarf_die_deliv.c:620
258 363 2 :

['_dwarf_read_str_offsets_header', 'dwarf_dealloc_error']

258 363 load_xu_str_offsets_into_cucontext call site: 01618 /src/libdwarf/src/lib/libdwarf/dwarf_fission_to_cu.c:162
186 291 2 :

['dwarf_dealloc_error', '_dwarf_trial_read_dwarf_five_hdr']

186 731 _dwarf_extract_string_offset_via_str_offsets call site: 01436 /src/libdwarf/src/lib/libdwarf/dwarf_form.c:1871
127 349 2 :

['dwarf_die_offsets', 'dwarf_dealloc_die']

127 349 find_sig8_target_as_global_offset call site: 01344 /src/libdwarf/src/lib/libdwarf/dwarf_form.c:682
32 32 2 :

['_dwarfstring_append_zeros', '_dwarfstring_append_spaces']

34 70 dwarfstring_append_printf_u call site: 00435 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:867
24 309 7 :

['dwarf_errmsg', 'dwarfstring_destructor', 'dwarfstring_string', 'dwarfstring_append', 'dwarfstring_constructor_fixed', '_dwarf_error_string', 'dwarf_dealloc_error']

24 309 _dwarf_internal_global_formref_b call site: 01343 /src/libdwarf/src/lib/libdwarf/dwarf_form.c:957
16 16 1 :

['_dwarfstring_append_spaces']

18 42 dwarfstring_append_printf_s call site: 00413 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:347
8 8 2 :

['_dwarf_special_no_dbg_error_malloc', '_dwarf_add_to_static_err_list']

10 29 _dwarf_error_string call site: 00009 /src/libdwarf/src/lib/libdwarf/dwarf_error.c:129
5 5 1 :

['_dwarf_remove_from_staticerrlist']

5 52 dwarf_dealloc call site: 00190 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1076
4 1998 2 :

['_dwarf_calculate_next_cu_context_offset', '_dwarf_create_a_new_cu_context_record_on_list']

4 3939 dwarf_offdie_b call site: 01361 /src/libdwarf/src/lib/libdwarf/dwarf_die_deliv.c:3284
4 18 2 :

['dwarf_set_load_preference', 'strcmp']

4 18 _dwarf_determine_section_allocation_type call site: 00254 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:858
4 4 1 :

['_dwarf_closer']

4 186 dwarf_finish call site: 00173 /src/libdwarf/src/lib/libdwarf/dwarf_generic_init.c:565

Runtime coverage analysis

Covered functions
314
Functions that are reachable but not covered
57
Reachable functions
342
Percentage of reachable functions covered
83.33%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzz/fuzz_die_cu_offset.c 1
src/lib/libdwarf/dwarf_generic_init.c 3
src/lib/libdwarf/dwarf_error.c 5
src/lib/libdwarf/dwarf_alloc.c 21
src/lib/libdwarf/dwarf_tsearchhash.c 12
src/lib/libdwarf/dwarf_string.c 12
src/lib/libdwarf/dwarf_object_detector.c 7
src/lib/libdwarf/dwarf_seekr.c 3
src/lib/libdwarf/dwarf_object_read_common.c 1
src/lib/libdwarf/dwarf_elfread.c 4
src/lib/libdwarf/dwarf_elf_load_headers.c 39
src/lib/libdwarf/dwarf_memcpy_swap.c 1
src/lib/libdwarf/dwarf_secname_ck.c 3
src/lib/libdwarf/dwarf_init_finish.c 13
src/lib/libdwarf/dwarf_harmless.c 3
src/lib/libdwarf/dwarf_xu_index.c 14
src/lib/libdwarf/dwarf_util.c 18
src/lib/libdwarf/dwarf_rnglists.c 6
src/lib/libdwarf/dwarf_loclists.c 6
src/lib/libdwarf/dwarf_groups.c 10
src/lib/libdwarf/dwarf_tied.c 6
src/lib/libdwarf/dwarf_setup_sections.c 4
src/lib/libdwarf/dwarf_debuglink.c 1
src/lib/libdwarf/dwarf_machoread.c 22
src/lib/libdwarf/dwarf_safe_strcpy.c 1
src/lib/libdwarf/dwarf_peread.c 13
src/lib/libdwarf/dwarf_die_deliv.c 33
src/lib/libdwarf/dwarf_query.c 19
src/lib/libdwarf/dwarf_leb.c 3
src/lib/libdwarf/dwarf_abbrev.c 1
src/lib/libdwarf/dwarf_names.c 2
src/lib/libdwarf/dwarf_fill_in_attr_form.c 2
src/lib/libdwarf/dwarf_form.c 18
src/lib/libdwarf/dwarf_find_sigref.c 2
src/lib/libdwarf/dwarf_str_offsets.c 5
src/lib/libdwarf/dwarf_fission_to_cu.c 5
src/lib/libdwarf/dwarf_global.c 2

Fuzzer: fuzz_str_offsets

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 134 18.4%
gold [1:9] 29 3.99%
yellow [10:29] 34 4.68%
greenyellow [30:49] 31 4.26%
lawngreen 50+ 498 68.5%
All colors 726 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
64 64 2 :

['_dwarfstring_append_zeros', '_dwarfstring_append_spaces']

66 162 dwarfstring_append_printf_i call site: 00652 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:612
54 54 1 :

['apply_rela_entries']

54 54 elf_relocations_nolibelf call site: 00000 /src/libdwarf/src/lib/libdwarf/dwarf_elfread.c:647
32 32 2 :

['_dwarfstring_append_zeros', '_dwarfstring_append_spaces']

34 70 dwarfstring_append_printf_u call site: 00436 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:867
16 16 1 :

['_dwarfstring_append_spaces']

18 42 dwarfstring_append_printf_s call site: 00414 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:347
5 5 1 :

['_dwarf_remove_from_staticerrlist']

5 52 dwarf_dealloc call site: 00191 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1076
4 18 2 :

['dwarf_set_load_preference', 'strcmp']

4 18 _dwarf_determine_section_allocation_type call site: 00255 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:858
4 6 2 :

['dwarf_errmsg_by_number', 'fflush']

4 68 _dwarf_error_string call site: 00010 /src/libdwarf/src/lib/libdwarf/dwarf_error.c:126
4 4 1 :

['_dwarf_closer']

4 186 dwarf_finish call site: 00174 /src/libdwarf/src/lib/libdwarf/dwarf_generic_init.c:565
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_macho_internals call site: 00583 /src/libdwarf/src/lib/libdwarf/dwarf_machoread.c:278
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_pe_access call site: 00624 /src/libdwarf/src/lib/libdwarf/dwarf_peread.c:441
3 3 1 :

['allocate_ts_entry']

3 3 _tsearch_inner call site: 00014 /src/libdwarf/src/lib/libdwarf/dwarf_tsearchhash.c:481
2 2 1 :

['fclose']

2 458 _dwarf_free_all_of_one_debug call site: 00196 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1281

Runtime coverage analysis

Covered functions
210
Functions that are reachable but not covered
32
Reachable functions
217
Percentage of reachable functions covered
85.25%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzz/fuzz_str_offsets.c 2
src/lib/libdwarf/dwarf_generic_init.c 3
src/lib/libdwarf/dwarf_error.c 5
src/lib/libdwarf/dwarf_alloc.c 19
src/lib/libdwarf/dwarf_tsearchhash.c 12
src/lib/libdwarf/dwarf_string.c 11
src/lib/libdwarf/dwarf_object_detector.c 7
src/lib/libdwarf/dwarf_seekr.c 3
src/lib/libdwarf/dwarf_object_read_common.c 1
src/lib/libdwarf/dwarf_elfread.c 4
src/lib/libdwarf/dwarf_elf_load_headers.c 39
src/lib/libdwarf/dwarf_memcpy_swap.c 1
src/lib/libdwarf/dwarf_secname_ck.c 3
src/lib/libdwarf/dwarf_init_finish.c 13
src/lib/libdwarf/dwarf_harmless.c 2
src/lib/libdwarf/dwarf_xu_index.c 3
src/lib/libdwarf/dwarf_util.c 2
src/lib/libdwarf/dwarf_rnglists.c 2
src/lib/libdwarf/dwarf_loclists.c 2
src/lib/libdwarf/dwarf_groups.c 10
src/lib/libdwarf/dwarf_tied.c 1
src/lib/libdwarf/dwarf_setup_sections.c 4
src/lib/libdwarf/dwarf_debuglink.c 1
src/lib/libdwarf/dwarf_machoread.c 22
src/lib/libdwarf/dwarf_safe_strcpy.c 1
src/lib/libdwarf/dwarf_peread.c 13
src/lib/libdwarf/dwarf_str_offsets.c 11

Fuzzer: fuzz_rng

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 160 20.6%
gold [1:9] 52 6.71%
yellow [10:29] 41 5.29%
greenyellow [30:49] 24 3.10%
lawngreen 50+ 497 64.2%
All colors 774 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
115 132 4 :

['dwarf_dealloc_error', 'dwarf_errmsg', 'dwarf_errno', 'dwarfstring_append']

115 426 dwarf_object_init_b call site: 00513 /src/libdwarf/src/lib/libdwarf/dwarf_init_finish.c:1145
32 32 2 :

['_dwarfstring_append_zeros', '_dwarfstring_append_spaces']

34 70 dwarfstring_append_printf_u call site: 00435 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:867
16 16 1 :

['_dwarfstring_append_spaces']

18 42 dwarfstring_append_printf_s call site: 00413 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:347
13 13 2 :

['_dwarf_remove_from_staticerrlist', '_dwarf_error_destructor']

13 60 dwarf_dealloc call site: 00186 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1055
10 29 5 :

['_dwarf_add_to_static_err_list', '_dwarf_special_no_dbg_error_malloc', 'calloc', 'dwarfstring_append', 'dwarfstring_constructor']

10 91 _dwarf_error_string call site: 00009 /src/libdwarf/src/lib/libdwarf/dwarf_error.c:126
4 18 2 :

['dwarf_set_load_preference', 'strcmp']

4 18 _dwarf_determine_section_allocation_type call site: 00254 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:858
4 4 1 :

['_dwarf_closer']

4 186 dwarf_finish call site: 00173 /src/libdwarf/src/lib/libdwarf/dwarf_generic_init.c:565
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_macho_internals call site: 00582 /src/libdwarf/src/lib/libdwarf/dwarf_machoread.c:278
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_pe_access call site: 00623 /src/libdwarf/src/lib/libdwarf/dwarf_peread.c:441
2 2 1 :

['fclose']

2 458 _dwarf_free_all_of_one_debug call site: 00195 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1281
0 226 5 :

['dwarfstring_append_printf_u', 'dwarfstring_destructor', 'dwarfstring_string', '_dwarf_error_string', 'dwarfstring_constructor']

0 226 dwarf_get_rnglist_rle call site: 00737 /src/libdwarf/src/lib/libdwarf/dwarf_rnglists.c:1023
0 114 3 :

['_dwarf_error_string', 'dwarfstring_string', 'dwarfstring_destructor']

0 114 dwarf_object_init_b call site: 00521 /src/libdwarf/src/lib/libdwarf/dwarf_init_finish.c:1162

Runtime coverage analysis

Covered functions
205
Functions that are reachable but not covered
37
Reachable functions
213
Percentage of reachable functions covered
82.63%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzz/fuzz_rng.c 1
src/lib/libdwarf/dwarf_generic_init.c 3
src/lib/libdwarf/dwarf_error.c 5
src/lib/libdwarf/dwarf_alloc.c 19
src/lib/libdwarf/dwarf_tsearchhash.c 12
src/lib/libdwarf/dwarf_string.c 10
src/lib/libdwarf/dwarf_object_detector.c 7
src/lib/libdwarf/dwarf_seekr.c 3
src/lib/libdwarf/dwarf_object_read_common.c 1
src/lib/libdwarf/dwarf_elfread.c 4
src/lib/libdwarf/dwarf_elf_load_headers.c 39
src/lib/libdwarf/dwarf_memcpy_swap.c 1
src/lib/libdwarf/dwarf_secname_ck.c 3
src/lib/libdwarf/dwarf_init_finish.c 13
src/lib/libdwarf/dwarf_harmless.c 2
src/lib/libdwarf/dwarf_xu_index.c 3
src/lib/libdwarf/dwarf_util.c 3
src/lib/libdwarf/dwarf_rnglists.c 10
src/lib/libdwarf/dwarf_loclists.c 2
src/lib/libdwarf/dwarf_groups.c 10
src/lib/libdwarf/dwarf_tied.c 1
src/lib/libdwarf/dwarf_setup_sections.c 4
src/lib/libdwarf/dwarf_debuglink.c 1
src/lib/libdwarf/dwarf_machoread.c 22
src/lib/libdwarf/dwarf_safe_strcpy.c 1
src/lib/libdwarf/dwarf_peread.c 13
src/lib/libdwarf/dwarf_leb.c 1

Fuzzer: fuzz_macro_dwarf5

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 620 28.9%
gold [1:9] 213 9.93%
yellow [10:29] 96 4.47%
greenyellow [30:49] 76 3.54%
lawngreen 50+ 1140 53.1%
All colors 2145 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
326 326 1 :

['_dwarf_get_debugfission_for_offset']

326 433 fill_in_dwp_offsets_if_present call site: 00868 /src/libdwarf/src/lib/libdwarf/dwarf_die_deliv.c:620
258 363 2 :

['_dwarf_read_str_offsets_header', 'dwarf_dealloc_error']

258 363 load_xu_str_offsets_into_cucontext call site: 01618 /src/libdwarf/src/lib/libdwarf/dwarf_fission_to_cu.c:162
186 291 2 :

['dwarf_dealloc_error', '_dwarf_trial_read_dwarf_five_hdr']

186 731 _dwarf_extract_string_offset_via_str_offsets call site: 01436 /src/libdwarf/src/lib/libdwarf/dwarf_form.c:1871
16 16 1 :

['_dwarfstring_append_spaces']

18 42 dwarfstring_append_printf_s call site: 00413 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:347
8 8 2 :

['_dwarf_special_no_dbg_error_malloc', '_dwarf_add_to_static_err_list']

10 29 _dwarf_error_string call site: 00009 /src/libdwarf/src/lib/libdwarf/dwarf_error.c:129
5 5 1 :

['_dwarf_remove_from_staticerrlist']

5 52 dwarf_dealloc call site: 00190 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1076
4 18 2 :

['dwarf_set_load_preference', 'strcmp']

4 18 _dwarf_determine_section_allocation_type call site: 00254 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:858
4 4 1 :

['_dwarf_closer']

4 186 dwarf_finish call site: 00173 /src/libdwarf/src/lib/libdwarf/dwarf_generic_init.c:565
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_macho_internals call site: 00582 /src/libdwarf/src/lib/libdwarf/dwarf_machoread.c:278
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_pe_access call site: 00623 /src/libdwarf/src/lib/libdwarf/dwarf_peread.c:441
2 2 1 :

['fclose']

2 458 _dwarf_free_all_of_one_debug call site: 00195 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1281
0 1998 2 :

['_dwarf_calculate_next_cu_context_offset', '_dwarf_create_a_new_cu_context_record_on_list']

0 3939 dwarf_offdie_b call site: 01361 /src/libdwarf/src/lib/libdwarf/dwarf_die_deliv.c:3284

Runtime coverage analysis

Covered functions
368
Functions that are reachable but not covered
56
Reachable functions
391
Percentage of reachable functions covered
85.68%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzz/fuzz_macro_dwarf5.c 2
src/lib/libdwarf/dwarf_generic_init.c 3
src/lib/libdwarf/dwarf_error.c 5
src/lib/libdwarf/dwarf_alloc.c 21
src/lib/libdwarf/dwarf_tsearchhash.c 12
src/lib/libdwarf/dwarf_string.c 15
src/lib/libdwarf/dwarf_object_detector.c 7
src/lib/libdwarf/dwarf_seekr.c 3
src/lib/libdwarf/dwarf_object_read_common.c 1
src/lib/libdwarf/dwarf_elfread.c 4
src/lib/libdwarf/dwarf_elf_load_headers.c 39
src/lib/libdwarf/dwarf_memcpy_swap.c 1
src/lib/libdwarf/dwarf_secname_ck.c 3
src/lib/libdwarf/dwarf_init_finish.c 13
src/lib/libdwarf/dwarf_harmless.c 3
src/lib/libdwarf/dwarf_xu_index.c 14
src/lib/libdwarf/dwarf_util.c 20
src/lib/libdwarf/dwarf_rnglists.c 6
src/lib/libdwarf/dwarf_loclists.c 6
src/lib/libdwarf/dwarf_groups.c 10
src/lib/libdwarf/dwarf_tied.c 6
src/lib/libdwarf/dwarf_setup_sections.c 4
src/lib/libdwarf/dwarf_debuglink.c 3
src/lib/libdwarf/dwarf_machoread.c 22
src/lib/libdwarf/dwarf_safe_strcpy.c 1
src/lib/libdwarf/dwarf_peread.c 13
src/lib/libdwarf/dwarf_die_deliv.c 34
src/lib/libdwarf/dwarf_query.c 18
src/lib/libdwarf/dwarf_leb.c 3
src/lib/libdwarf/dwarf_abbrev.c 1
src/lib/libdwarf/dwarf_names.c 3
src/lib/libdwarf/dwarf_fill_in_attr_form.c 2
src/lib/libdwarf/dwarf_form.c 20
src/lib/libdwarf/dwarf_find_sigref.c 2
src/lib/libdwarf/dwarf_str_offsets.c 5
src/lib/libdwarf/dwarf_fission_to_cu.c 5
src/lib/libdwarf/dwarf_macro5.c 21
src/lib/libdwarf/dwarf_line.c 13
src/lib/libdwarf/dwarf_line_table_reader_common.h 4

Fuzzer: fuzz_xuindex

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 117 18.4%
gold [1:9] 22 3.46%
yellow [10:29] 15 2.36%
greenyellow [30:49] 31 4.88%
lawngreen 50+ 450 70.8%
All colors 635 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
115 132 4 :

['dwarf_dealloc_error', 'dwarf_errmsg', 'dwarf_errno', 'dwarfstring_append']

115 426 dwarf_object_init_b call site: 00513 /src/libdwarf/src/lib/libdwarf/dwarf_init_finish.c:1145
54 54 1 :

['apply_rela_entries']

54 54 elf_relocations_nolibelf call site: 00000 /src/libdwarf/src/lib/libdwarf/dwarf_elfread.c:622
32 32 2 :

['_dwarfstring_append_zeros', '_dwarfstring_append_spaces']

34 70 dwarfstring_append_printf_u call site: 00435 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:867
16 16 1 :

['_dwarfstring_append_spaces']

18 42 dwarfstring_append_printf_s call site: 00413 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:347
13 13 2 :

['_dwarf_remove_from_staticerrlist', '_dwarf_error_destructor']

13 60 dwarf_dealloc call site: 00186 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1055
10 29 5 :

['_dwarf_add_to_static_err_list', '_dwarf_special_no_dbg_error_malloc', 'calloc', 'dwarfstring_append', 'dwarfstring_constructor']

10 91 _dwarf_error_string call site: 00009 /src/libdwarf/src/lib/libdwarf/dwarf_error.c:126
4 18 2 :

['dwarf_set_load_preference', 'strcmp']

4 18 _dwarf_determine_section_allocation_type call site: 00254 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:858
4 4 1 :

['_dwarf_closer']

4 186 dwarf_finish call site: 00173 /src/libdwarf/src/lib/libdwarf/dwarf_generic_init.c:565
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_macho_internals call site: 00582 /src/libdwarf/src/lib/libdwarf/dwarf_machoread.c:278
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_pe_access call site: 00623 /src/libdwarf/src/lib/libdwarf/dwarf_peread.c:441
3 3 1 :

['allocate_ts_entry']

3 3 _tsearch_inner call site: 00013 /src/libdwarf/src/lib/libdwarf/dwarf_tsearchhash.c:481
2 2 1 :

['fclose']

2 458 _dwarf_free_all_of_one_debug call site: 00195 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1281

Runtime coverage analysis

Covered functions
189
Functions that are reachable but not covered
38
Reachable functions
202
Percentage of reachable functions covered
81.19%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzz/fuzz_xuindex.c 1
src/lib/libdwarf/dwarf_generic_init.c 3
src/lib/libdwarf/dwarf_error.c 5
src/lib/libdwarf/dwarf_alloc.c 19
src/lib/libdwarf/dwarf_tsearchhash.c 12
src/lib/libdwarf/dwarf_string.c 10
src/lib/libdwarf/dwarf_object_detector.c 7
src/lib/libdwarf/dwarf_seekr.c 3
src/lib/libdwarf/dwarf_object_read_common.c 1
src/lib/libdwarf/dwarf_elfread.c 4
src/lib/libdwarf/dwarf_elf_load_headers.c 39
src/lib/libdwarf/dwarf_memcpy_swap.c 1
src/lib/libdwarf/dwarf_secname_ck.c 3
src/lib/libdwarf/dwarf_init_finish.c 13
src/lib/libdwarf/dwarf_harmless.c 2
src/lib/libdwarf/dwarf_xu_index.c 3
src/lib/libdwarf/dwarf_util.c 1
src/lib/libdwarf/dwarf_rnglists.c 2
src/lib/libdwarf/dwarf_loclists.c 2
src/lib/libdwarf/dwarf_groups.c 10
src/lib/libdwarf/dwarf_tied.c 1
src/lib/libdwarf/dwarf_setup_sections.c 4
src/lib/libdwarf/dwarf_debuglink.c 1
src/lib/libdwarf/dwarf_machoread.c 22
src/lib/libdwarf/dwarf_safe_strcpy.c 1
src/lib/libdwarf/dwarf_peread.c 13

Fuzzer: fuzz_gdbindex

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 126 17.5%
gold [1:9] 23 3.20%
yellow [10:29] 39 5.43%
greenyellow [30:49] 27 3.76%
lawngreen 50+ 503 70.0%
All colors 718 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
54 54 1 :

['apply_rela_entries']

54 54 elf_relocations_nolibelf call site: 00000 /src/libdwarf/src/lib/libdwarf/dwarf_elfread.c:622
16 16 1 :

['_dwarfstring_append_spaces']

18 42 dwarfstring_append_printf_s call site: 00414 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:347
5 5 1 :

['_dwarf_remove_from_staticerrlist']

5 52 dwarf_dealloc call site: 00191 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1076
4 18 2 :

['dwarf_set_load_preference', 'strcmp']

4 18 _dwarf_determine_section_allocation_type call site: 00255 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:858
4 6 2 :

['dwarf_errmsg_by_number', 'fflush']

4 68 _dwarf_error_string call site: 00010 /src/libdwarf/src/lib/libdwarf/dwarf_error.c:126
4 4 1 :

['_dwarf_closer']

4 186 dwarf_finish call site: 00174 /src/libdwarf/src/lib/libdwarf/dwarf_generic_init.c:565
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_macho_internals call site: 00583 /src/libdwarf/src/lib/libdwarf/dwarf_machoread.c:278
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_pe_access call site: 00624 /src/libdwarf/src/lib/libdwarf/dwarf_peread.c:441
3 3 1 :

['allocate_ts_entry']

3 3 _tsearch_inner call site: 00014 /src/libdwarf/src/lib/libdwarf/dwarf_tsearchhash.c:481
2 2 1 :

['fclose']

2 458 _dwarf_free_all_of_one_debug call site: 00196 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1281
0 155 1 :

['emit_one_value_msg']

0 155 dwarf_gdbindex_culist_entry call site: 00673 /src/libdwarf/src/lib/libdwarf/dwarf_gdbindex.c:420
0 155 1 :

['emit_one_value_msg']

0 155 dwarf_gdbindex_types_culist_entry call site: 00679 /src/libdwarf/src/lib/libdwarf/dwarf_gdbindex.c:497

Runtime coverage analysis

Covered functions
218
Functions that are reachable but not covered
31
Reachable functions
224
Percentage of reachable functions covered
86.16%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzz/fuzz_gdbindex.c 4
src/lib/libdwarf/dwarf_generic_init.c 3
src/lib/libdwarf/dwarf_error.c 5
src/lib/libdwarf/dwarf_alloc.c 19
src/lib/libdwarf/dwarf_tsearchhash.c 12
src/lib/libdwarf/dwarf_string.c 10
src/lib/libdwarf/dwarf_object_detector.c 7
src/lib/libdwarf/dwarf_seekr.c 3
src/lib/libdwarf/dwarf_object_read_common.c 1
src/lib/libdwarf/dwarf_elfread.c 4
src/lib/libdwarf/dwarf_elf_load_headers.c 39
src/lib/libdwarf/dwarf_memcpy_swap.c 1
src/lib/libdwarf/dwarf_secname_ck.c 3
src/lib/libdwarf/dwarf_init_finish.c 13
src/lib/libdwarf/dwarf_harmless.c 2
src/lib/libdwarf/dwarf_xu_index.c 3
src/lib/libdwarf/dwarf_util.c 2
src/lib/libdwarf/dwarf_rnglists.c 2
src/lib/libdwarf/dwarf_loclists.c 2
src/lib/libdwarf/dwarf_groups.c 10
src/lib/libdwarf/dwarf_tied.c 1
src/lib/libdwarf/dwarf_setup_sections.c 4
src/lib/libdwarf/dwarf_debuglink.c 1
src/lib/libdwarf/dwarf_machoread.c 22
src/lib/libdwarf/dwarf_safe_strcpy.c 1
src/lib/libdwarf/dwarf_peread.c 13
src/lib/libdwarf/dwarf_gdbindex.c 17

Fuzzer: fuzz_stack_frame_access

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 615 33.8%
gold [1:9] 176 9.68%
yellow [10:29] 123 6.76%
greenyellow [30:49] 57 3.13%
lawngreen 50+ 846 46.5%
All colors 1817 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
1994 1994 1 :

['dwarf_offdie_b']

1994 1994 _dwarf_internal_find_die_given_sig8 call site: 01345 /src/libdwarf/src/lib/libdwarf/dwarf_find_sigref.c:212
346 474 5 :

['dwarfstring_append_printf_u', 'dwarfstring_destructor', 'dwarfstring_string', 'dwarfstring_constructor', '_dwarf_read_encoded_ptr']

346 2943 _dwarf_create_fde_from_after_start call site: 01676 /src/libdwarf/src/lib/libdwarf/dwarf_frame2.c:1115
326 326 1 :

['_dwarf_get_debugfission_for_offset']

326 433 fill_in_dwp_offsets_if_present call site: 00868 /src/libdwarf/src/lib/libdwarf/dwarf_die_deliv.c:620
258 363 2 :

['_dwarf_read_str_offsets_header', 'dwarf_dealloc_error']

258 363 load_xu_str_offsets_into_cucontext call site: 01618 /src/libdwarf/src/lib/libdwarf/dwarf_fission_to_cu.c:162
186 291 2 :

['dwarf_dealloc_error', '_dwarf_trial_read_dwarf_five_hdr']

186 731 _dwarf_extract_string_offset_via_str_offsets call site: 01436 /src/libdwarf/src/lib/libdwarf/dwarf_form.c:1871
127 349 2 :

['dwarf_die_offsets', 'dwarf_dealloc_die']

127 349 find_sig8_target_as_global_offset call site: 01344 /src/libdwarf/src/lib/libdwarf/dwarf_form.c:682
109 109 1 :

['regerror']

109 109 _dwarf_validate_register_numbers call site: 01658 /src/libdwarf/src/lib/libdwarf/dwarf_frame.c:169
24 309 7 :

['dwarf_errmsg', 'dwarfstring_destructor', 'dwarfstring_string', 'dwarfstring_append', 'dwarfstring_constructor_fixed', '_dwarf_error_string', 'dwarf_dealloc_error']

24 309 _dwarf_internal_global_formref_b call site: 01343 /src/libdwarf/src/lib/libdwarf/dwarf_form.c:957
16 16 1 :

['_dwarfstring_append_spaces']

18 42 dwarfstring_append_printf_s call site: 00413 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:347
8 8 2 :

['_dwarf_special_no_dbg_error_malloc', '_dwarf_add_to_static_err_list']

10 29 _dwarf_error_string call site: 00009 /src/libdwarf/src/lib/libdwarf/dwarf_error.c:129
5 5 1 :

['_dwarf_remove_from_staticerrlist']

5 52 dwarf_dealloc call site: 00190 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1076
4 18 2 :

['dwarf_set_load_preference', 'strcmp']

4 18 _dwarf_determine_section_allocation_type call site: 00254 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:858

Runtime coverage analysis

Covered functions
324
Functions that are reachable but not covered
59
Reachable functions
353
Percentage of reachable functions covered
83.29%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzz/fuzz_stack_frame_access.c 1
src/lib/libdwarf/dwarf_generic_init.c 3
src/lib/libdwarf/dwarf_error.c 5
src/lib/libdwarf/dwarf_alloc.c 21
src/lib/libdwarf/dwarf_tsearchhash.c 12
src/lib/libdwarf/dwarf_string.c 12
src/lib/libdwarf/dwarf_object_detector.c 7
src/lib/libdwarf/dwarf_seekr.c 3
src/lib/libdwarf/dwarf_object_read_common.c 1
src/lib/libdwarf/dwarf_elfread.c 4
src/lib/libdwarf/dwarf_elf_load_headers.c 39
src/lib/libdwarf/dwarf_memcpy_swap.c 1
src/lib/libdwarf/dwarf_secname_ck.c 3
src/lib/libdwarf/dwarf_init_finish.c 13
src/lib/libdwarf/dwarf_harmless.c 3
src/lib/libdwarf/dwarf_xu_index.c 14
src/lib/libdwarf/dwarf_util.c 18
src/lib/libdwarf/dwarf_rnglists.c 6
src/lib/libdwarf/dwarf_loclists.c 6
src/lib/libdwarf/dwarf_groups.c 10
src/lib/libdwarf/dwarf_tied.c 6
src/lib/libdwarf/dwarf_setup_sections.c 4
src/lib/libdwarf/dwarf_debuglink.c 1
src/lib/libdwarf/dwarf_machoread.c 22
src/lib/libdwarf/dwarf_safe_strcpy.c 1
src/lib/libdwarf/dwarf_peread.c 13
src/lib/libdwarf/dwarf_die_deliv.c 33
src/lib/libdwarf/dwarf_query.c 19
src/lib/libdwarf/dwarf_leb.c 3
src/lib/libdwarf/dwarf_abbrev.c 1
src/lib/libdwarf/dwarf_names.c 2
src/lib/libdwarf/dwarf_fill_in_attr_form.c 2
src/lib/libdwarf/dwarf_form.c 19
src/lib/libdwarf/dwarf_find_sigref.c 2
src/lib/libdwarf/dwarf_str_offsets.c 5
src/lib/libdwarf/dwarf_fission_to_cu.c 5
src/lib/libdwarf/dwarf_frame.c 4
src/lib/libdwarf/dwarf_frame2.c 8

Fuzzer: fuzz_die_cu

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 551 33.6%
gold [1:9] 128 7.82%
yellow [10:29] 107 6.54%
greenyellow [30:49] 56 3.42%
lawngreen 50+ 794 48.5%
All colors 1636 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
1994 1994 1 :

['dwarf_offdie_b']

1994 1994 _dwarf_internal_find_die_given_sig8 call site: 01345 /src/libdwarf/src/lib/libdwarf/dwarf_find_sigref.c:212
326 326 1 :

['_dwarf_get_debugfission_for_offset']

326 433 fill_in_dwp_offsets_if_present call site: 00868 /src/libdwarf/src/lib/libdwarf/dwarf_die_deliv.c:620
186 291 2 :

['dwarf_dealloc_error', '_dwarf_trial_read_dwarf_five_hdr']

186 731 _dwarf_extract_string_offset_via_str_offsets call site: 01436 /src/libdwarf/src/lib/libdwarf/dwarf_form.c:1871
127 349 2 :

['dwarf_die_offsets', 'dwarf_dealloc_die']

127 349 find_sig8_target_as_global_offset call site: 01344 /src/libdwarf/src/lib/libdwarf/dwarf_form.c:682
32 32 2 :

['_dwarfstring_append_zeros', '_dwarfstring_append_spaces']

34 70 dwarfstring_append_printf_u call site: 00435 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:867
24 309 7 :

['dwarf_errmsg', 'dwarfstring_destructor', 'dwarfstring_string', 'dwarfstring_append', 'dwarfstring_constructor_fixed', '_dwarf_error_string', 'dwarf_dealloc_error']

24 309 _dwarf_internal_global_formref_b call site: 01343 /src/libdwarf/src/lib/libdwarf/dwarf_form.c:957
16 16 1 :

['_dwarfstring_append_spaces']

18 42 dwarfstring_append_printf_s call site: 00413 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:347
8 8 2 :

['_dwarf_special_no_dbg_error_malloc', '_dwarf_add_to_static_err_list']

10 29 _dwarf_error_string call site: 00009 /src/libdwarf/src/lib/libdwarf/dwarf_error.c:129
5 5 1 :

['_dwarf_remove_from_staticerrlist']

5 52 dwarf_dealloc call site: 00190 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1076
4 18 2 :

['dwarf_set_load_preference', 'strcmp']

4 18 _dwarf_determine_section_allocation_type call site: 00254 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:858
4 4 1 :

['_dwarf_closer']

4 186 dwarf_finish call site: 00173 /src/libdwarf/src/lib/libdwarf/dwarf_generic_init.c:565
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_macho_internals call site: 00582 /src/libdwarf/src/lib/libdwarf/dwarf_machoread.c:278

Runtime coverage analysis

Covered functions
305
Functions that are reachable but not covered
63
Reachable functions
339
Percentage of reachable functions covered
81.42%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzz/fuzz_die_cu.c 1
src/lib/libdwarf/dwarf_generic_init.c 3
src/lib/libdwarf/dwarf_error.c 5
src/lib/libdwarf/dwarf_alloc.c 21
src/lib/libdwarf/dwarf_tsearchhash.c 12
src/lib/libdwarf/dwarf_string.c 12
src/lib/libdwarf/dwarf_object_detector.c 7
src/lib/libdwarf/dwarf_seekr.c 3
src/lib/libdwarf/dwarf_object_read_common.c 1
src/lib/libdwarf/dwarf_elfread.c 4
src/lib/libdwarf/dwarf_elf_load_headers.c 39
src/lib/libdwarf/dwarf_memcpy_swap.c 1
src/lib/libdwarf/dwarf_secname_ck.c 3
src/lib/libdwarf/dwarf_init_finish.c 13
src/lib/libdwarf/dwarf_harmless.c 3
src/lib/libdwarf/dwarf_xu_index.c 14
src/lib/libdwarf/dwarf_util.c 18
src/lib/libdwarf/dwarf_rnglists.c 6
src/lib/libdwarf/dwarf_loclists.c 6
src/lib/libdwarf/dwarf_groups.c 10
src/lib/libdwarf/dwarf_tied.c 6
src/lib/libdwarf/dwarf_setup_sections.c 4
src/lib/libdwarf/dwarf_debuglink.c 1
src/lib/libdwarf/dwarf_machoread.c 22
src/lib/libdwarf/dwarf_safe_strcpy.c 1
src/lib/libdwarf/dwarf_peread.c 13
src/lib/libdwarf/dwarf_die_deliv.c 33
src/lib/libdwarf/dwarf_query.c 18
src/lib/libdwarf/dwarf_leb.c 3
src/lib/libdwarf/dwarf_abbrev.c 1
src/lib/libdwarf/dwarf_names.c 2
src/lib/libdwarf/dwarf_fill_in_attr_form.c 2
src/lib/libdwarf/dwarf_form.c 18
src/lib/libdwarf/dwarf_find_sigref.c 2
src/lib/libdwarf/dwarf_str_offsets.c 5
src/lib/libdwarf/dwarf_fission_to_cu.c 5

Fuzzer: fuzz_debug_str

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 106 16.4%
gold [1:9] 21 3.25%
yellow [10:29] 14 2.16%
greenyellow [30:49] 35 5.41%
lawngreen 50+ 470 72.7%
All colors 646 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
54 54 1 :

['apply_rela_entries']

54 54 elf_relocations_nolibelf call site: 00000 /src/libdwarf/src/lib/libdwarf/dwarf_elfread.c:622
32 32 2 :

['_dwarfstring_append_zeros', '_dwarfstring_append_spaces']

34 70 dwarfstring_append_printf_u call site: 00436 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:867
16 16 1 :

['_dwarfstring_append_spaces']

18 42 dwarfstring_append_printf_s call site: 00414 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:347
5 5 1 :

['_dwarf_remove_from_staticerrlist']

5 52 dwarf_dealloc call site: 00191 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1076
4 18 2 :

['dwarf_set_load_preference', 'strcmp']

4 18 _dwarf_determine_section_allocation_type call site: 00255 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:858
4 6 2 :

['dwarf_errmsg_by_number', 'fflush']

4 68 _dwarf_error_string call site: 00010 /src/libdwarf/src/lib/libdwarf/dwarf_error.c:126
4 4 1 :

['_dwarf_closer']

4 186 dwarf_finish call site: 00174 /src/libdwarf/src/lib/libdwarf/dwarf_generic_init.c:565
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_macho_internals call site: 00583 /src/libdwarf/src/lib/libdwarf/dwarf_machoread.c:278
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_pe_access call site: 00624 /src/libdwarf/src/lib/libdwarf/dwarf_peread.c:441
3 3 1 :

['allocate_ts_entry']

3 3 _tsearch_inner call site: 00014 /src/libdwarf/src/lib/libdwarf/dwarf_tsearchhash.c:481
2 2 1 :

['fclose']

2 458 _dwarf_free_all_of_one_debug call site: 00196 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1281
0 109 1 :

['_dwarf_error']

0 109 dwarf_get_xu_index_header call site: 00499 /src/libdwarf/src/lib/libdwarf/dwarf_xu_index.c:418

Runtime coverage analysis

Covered functions
198
Functions that are reachable but not covered
32
Reachable functions
205
Percentage of reachable functions covered
84.39%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzz/fuzz_debug_str.c 1
src/lib/libdwarf/dwarf_generic_init.c 3
src/lib/libdwarf/dwarf_error.c 5
src/lib/libdwarf/dwarf_alloc.c 19
src/lib/libdwarf/dwarf_tsearchhash.c 12
src/lib/libdwarf/dwarf_string.c 10
src/lib/libdwarf/dwarf_object_detector.c 7
src/lib/libdwarf/dwarf_seekr.c 3
src/lib/libdwarf/dwarf_object_read_common.c 1
src/lib/libdwarf/dwarf_elfread.c 4
src/lib/libdwarf/dwarf_elf_load_headers.c 39
src/lib/libdwarf/dwarf_memcpy_swap.c 1
src/lib/libdwarf/dwarf_secname_ck.c 3
src/lib/libdwarf/dwarf_init_finish.c 13
src/lib/libdwarf/dwarf_harmless.c 2
src/lib/libdwarf/dwarf_xu_index.c 3
src/lib/libdwarf/dwarf_util.c 2
src/lib/libdwarf/dwarf_rnglists.c 2
src/lib/libdwarf/dwarf_loclists.c 2
src/lib/libdwarf/dwarf_groups.c 10
src/lib/libdwarf/dwarf_tied.c 1
src/lib/libdwarf/dwarf_setup_sections.c 4
src/lib/libdwarf/dwarf_debuglink.c 1
src/lib/libdwarf/dwarf_machoread.c 22
src/lib/libdwarf/dwarf_safe_strcpy.c 1
src/lib/libdwarf/dwarf_peread.c 13
src/lib/libdwarf/dwarf_stringsection.c 1

Fuzzer: fuzz_die_cu_e_print

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 506 30.5%
gold [1:9] 161 9.71%
yellow [10:29] 116 6.99%
greenyellow [30:49] 28 1.68%
lawngreen 50+ 847 51.0%
All colors 1658 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
1994 1994 1 :

['dwarf_offdie_b']

1994 1994 _dwarf_internal_find_die_given_sig8 call site: 01349 /src/libdwarf/src/lib/libdwarf/dwarf_find_sigref.c:212
326 326 1 :

['_dwarf_get_debugfission_for_offset']

326 433 fill_in_dwp_offsets_if_present call site: 00872 /src/libdwarf/src/lib/libdwarf/dwarf_die_deliv.c:620
258 363 2 :

['_dwarf_read_str_offsets_header', 'dwarf_dealloc_error']

258 363 load_xu_str_offsets_into_cucontext call site: 01622 /src/libdwarf/src/lib/libdwarf/dwarf_fission_to_cu.c:162
186 291 2 :

['dwarf_dealloc_error', '_dwarf_trial_read_dwarf_five_hdr']

186 731 _dwarf_extract_string_offset_via_str_offsets call site: 01440 /src/libdwarf/src/lib/libdwarf/dwarf_form.c:1871
127 349 2 :

['dwarf_die_offsets', 'dwarf_dealloc_die']

127 349 find_sig8_target_as_global_offset call site: 01348 /src/libdwarf/src/lib/libdwarf/dwarf_form.c:682
32 32 2 :

['_dwarfstring_append_zeros', '_dwarfstring_append_spaces']

34 70 dwarfstring_append_printf_u call site: 00435 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:867
24 309 7 :

['dwarf_errmsg', 'dwarfstring_destructor', 'dwarfstring_string', 'dwarfstring_append', 'dwarfstring_constructor_fixed', '_dwarf_error_string', 'dwarf_dealloc_error']

24 309 _dwarf_internal_global_formref_b call site: 01347 /src/libdwarf/src/lib/libdwarf/dwarf_form.c:957
16 16 1 :

['_dwarfstring_append_spaces']

18 42 dwarfstring_append_printf_s call site: 00413 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:347
8 8 2 :

['_dwarf_special_no_dbg_error_malloc', '_dwarf_add_to_static_err_list']

10 29 _dwarf_error_string call site: 00009 /src/libdwarf/src/lib/libdwarf/dwarf_error.c:129
5 5 1 :

['_dwarf_remove_from_staticerrlist']

5 52 dwarf_dealloc call site: 00190 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1076
4 18 2 :

['dwarf_set_load_preference', 'strcmp']

4 18 _dwarf_determine_section_allocation_type call site: 00254 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:858
4 4 1 :

['_dwarf_closer']

4 186 dwarf_finish call site: 00173 /src/libdwarf/src/lib/libdwarf/dwarf_generic_init.c:565

Runtime coverage analysis

Covered functions
314
Functions that are reachable but not covered
56
Reachable functions
341
Percentage of reachable functions covered
83.58%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzz/fuzz_die_cu_e_print.c 1
src/lib/libdwarf/dwarf_generic_init.c 3
src/lib/libdwarf/dwarf_error.c 5
src/lib/libdwarf/dwarf_alloc.c 21
src/lib/libdwarf/dwarf_tsearchhash.c 12
src/lib/libdwarf/dwarf_string.c 12
src/lib/libdwarf/dwarf_object_detector.c 7
src/lib/libdwarf/dwarf_seekr.c 3
src/lib/libdwarf/dwarf_object_read_common.c 1
src/lib/libdwarf/dwarf_elfread.c 4
src/lib/libdwarf/dwarf_elf_load_headers.c 39
src/lib/libdwarf/dwarf_memcpy_swap.c 1
src/lib/libdwarf/dwarf_secname_ck.c 3
src/lib/libdwarf/dwarf_init_finish.c 13
src/lib/libdwarf/dwarf_harmless.c 3
src/lib/libdwarf/dwarf_xu_index.c 14
src/lib/libdwarf/dwarf_util.c 18
src/lib/libdwarf/dwarf_rnglists.c 6
src/lib/libdwarf/dwarf_loclists.c 6
src/lib/libdwarf/dwarf_groups.c 10
src/lib/libdwarf/dwarf_tied.c 6
src/lib/libdwarf/dwarf_setup_sections.c 4
src/lib/libdwarf/dwarf_debuglink.c 1
src/lib/libdwarf/dwarf_machoread.c 22
src/lib/libdwarf/dwarf_safe_strcpy.c 1
src/lib/libdwarf/dwarf_peread.c 13
src/lib/libdwarf/dwarf_query.c 19
src/lib/libdwarf/dwarf_frame.c 1
src/lib/libdwarf/dwarf_die_deliv.c 33
src/lib/libdwarf/dwarf_leb.c 3
src/lib/libdwarf/dwarf_abbrev.c 1
src/lib/libdwarf/dwarf_names.c 2
src/lib/libdwarf/dwarf_fill_in_attr_form.c 2
src/lib/libdwarf/dwarf_form.c 18
src/lib/libdwarf/dwarf_find_sigref.c 2
src/lib/libdwarf/dwarf_str_offsets.c 5
src/lib/libdwarf/dwarf_fission_to_cu.c 5

Fuzzer: fuzz_init_b

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 104 16.2%
gold [1:9] 22 3.43%
yellow [10:29] 12 1.87%
greenyellow [30:49] 30 4.68%
lawngreen 50+ 472 73.7%
All colors 640 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
54 54 1 :

['apply_rela_entries']

54 54 elf_relocations_nolibelf call site: 00000 /src/libdwarf/src/lib/libdwarf/dwarf_elfread.c:622
32 32 2 :

['_dwarfstring_append_zeros', '_dwarfstring_append_spaces']

34 70 dwarfstring_append_printf_u call site: 00437 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:867
16 16 1 :

['_dwarfstring_append_spaces']

18 42 dwarfstring_append_printf_s call site: 00415 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:347
5 5 1 :

['_dwarf_remove_from_staticerrlist']

5 52 dwarf_dealloc call site: 00192 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1076
4 18 2 :

['dwarf_set_load_preference', 'strcmp']

4 18 _dwarf_determine_section_allocation_type call site: 00256 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:858
4 6 2 :

['dwarf_errmsg_by_number', 'fflush']

4 68 _dwarf_error_string call site: 00011 /src/libdwarf/src/lib/libdwarf/dwarf_error.c:126
4 4 1 :

['_dwarf_closer']

4 186 dwarf_finish call site: 00175 /src/libdwarf/src/lib/libdwarf/dwarf_generic_init.c:565
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_macho_internals call site: 00584 /src/libdwarf/src/lib/libdwarf/dwarf_machoread.c:278
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_pe_access call site: 00625 /src/libdwarf/src/lib/libdwarf/dwarf_peread.c:441
3 3 1 :

['allocate_ts_entry']

3 3 _tsearch_inner call site: 00015 /src/libdwarf/src/lib/libdwarf/dwarf_tsearchhash.c:481
2 2 1 :

['fclose']

2 458 _dwarf_free_all_of_one_debug call site: 00197 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1281
0 109 1 :

['_dwarf_error']

0 109 dwarf_get_xu_index_header call site: 00500 /src/libdwarf/src/lib/libdwarf/dwarf_xu_index.c:418

Runtime coverage analysis

Covered functions
195
Functions that are reachable but not covered
34
Reachable functions
204
Percentage of reachable functions covered
83.33%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzz/fuzz_init_b.c 1
src/lib/libdwarf/dwarf_generic_init.c 3
src/lib/libdwarf/dwarf_error.c 5
src/lib/libdwarf/dwarf_alloc.c 19
src/lib/libdwarf/dwarf_tsearchhash.c 12
src/lib/libdwarf/dwarf_string.c 10
src/lib/libdwarf/dwarf_object_detector.c 7
src/lib/libdwarf/dwarf_seekr.c 3
src/lib/libdwarf/dwarf_object_read_common.c 1
src/lib/libdwarf/dwarf_elfread.c 4
src/lib/libdwarf/dwarf_elf_load_headers.c 39
src/lib/libdwarf/dwarf_memcpy_swap.c 1
src/lib/libdwarf/dwarf_secname_ck.c 3
src/lib/libdwarf/dwarf_init_finish.c 13
src/lib/libdwarf/dwarf_harmless.c 2
src/lib/libdwarf/dwarf_xu_index.c 3
src/lib/libdwarf/dwarf_util.c 1
src/lib/libdwarf/dwarf_rnglists.c 2
src/lib/libdwarf/dwarf_loclists.c 2
src/lib/libdwarf/dwarf_groups.c 10
src/lib/libdwarf/dwarf_tied.c 1
src/lib/libdwarf/dwarf_setup_sections.c 4
src/lib/libdwarf/dwarf_debuglink.c 1
src/lib/libdwarf/dwarf_machoread.c 22
src/lib/libdwarf/dwarf_safe_strcpy.c 1
src/lib/libdwarf/dwarf_peread.c 13

Fuzzer: fuzz_showsectgrp

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 350 39.0%
gold [1:9] 20 2.23%
yellow [10:29] 17 1.89%
greenyellow [30:49] 29 3.23%
lawngreen 50+ 480 53.5%
All colors 896 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
109 109 1 :

['dwarf_object_detector_path_dSYM']

109 7178 dwarf_init_path_dl_a call site: 00035 /src/libdwarf/src/lib/libdwarf/dwarf_generic_init.c:311
54 54 1 :

['apply_rela_entries']

54 54 elf_relocations_nolibelf call site: 00000 /src/libdwarf/src/lib/libdwarf/dwarf_elfread.c:622
32 32 2 :

['_dwarfstring_append_zeros', '_dwarfstring_append_spaces']

34 70 dwarfstring_append_printf_u call site: 00196 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:867
16 16 1 :

['_dwarfstring_append_spaces']

18 42 dwarfstring_append_printf_s call site: 00673 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:347
13 13 2 :

['_dwarf_remove_from_staticerrlist', '_dwarf_error_destructor']

13 60 dwarf_dealloc call site: 00082 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1055
10 132 4 :

['dwarf_dealloc_error', 'dwarf_errmsg', 'dwarf_errno', 'dwarfstring_append']

10 426 dwarf_object_init_b call site: 00749 /src/libdwarf/src/lib/libdwarf/dwarf_init_finish.c:1145
10 29 5 :

['_dwarf_add_to_static_err_list', '_dwarf_special_no_dbg_error_malloc', 'calloc', 'dwarfstring_append', 'dwarfstring_constructor']

10 91 _dwarf_error_string call site: 00009 /src/libdwarf/src/lib/libdwarf/dwarf_error.c:126
4 18 2 :

['dwarf_set_load_preference', 'strcmp']

4 18 _dwarf_determine_section_allocation_type call site: 00036 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:858
3 3 1 :

['allocate_ts_entry']

3 3 _tsearch_inner call site: 00013 /src/libdwarf/src/lib/libdwarf/dwarf_tsearchhash.c:481
2 2 1 :

['fclose']

2 458 _dwarf_free_all_of_one_debug call site: 00108 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1281
0 114 3 :

['_dwarf_error_string', 'dwarfstring_string', 'dwarfstring_destructor']

0 114 dwarf_object_init_b call site: 00756 /src/libdwarf/src/lib/libdwarf/dwarf_init_finish.c:1162
0 109 1 :

['_dwarf_error']

0 109 dwarf_sec_group_map call site: 00888 /src/libdwarf/src/lib/libdwarf/dwarf_groups.c:294

Runtime coverage analysis

Covered functions
198
Functions that are reachable but not covered
72
Reachable functions
245
Percentage of reachable functions covered
70.61%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzz/fuzz_showsectgrp.c 1
src/lib/libdwarf/dwarf_generic_init.c 5
src/lib/libdwarf/dwarf_error.c 5
src/lib/libdwarf/dwarf_alloc.c 19
src/lib/libdwarf/dwarf_tsearchhash.c 12
src/lib/libdwarf/dwarf_string.c 12
src/lib/libdwarf/dwarf_object_detector.c 17
src/lib/libdwarf/dwarf_seekr.c 4
src/lib/libdwarf/dwarf_object_read_common.c 1
src/lib/libdwarf/dwarf_debuglink.c 20
src/lib/libdwarf/dwarf_init_finish.c 13
src/lib/libdwarf/dwarf_harmless.c 2
src/lib/libdwarf/dwarf_xu_index.c 3
src/lib/libdwarf/dwarf_util.c 2
src/lib/libdwarf/dwarf_rnglists.c 2
src/lib/libdwarf/dwarf_loclists.c 2
src/lib/libdwarf/dwarf_groups.c 14
src/lib/libdwarf/dwarf_tied.c 1
src/lib/libdwarf/dwarf_safe_strcpy.c 1
src/lib/libdwarf/dwarf_crc32.c 1
src/lib/libdwarf/dwarf_crc.c 1
src/lib/libdwarf/dwarf_elfread.c 4
src/lib/libdwarf/dwarf_elf_load_headers.c 39
src/lib/libdwarf/dwarf_memcpy_swap.c 1
src/lib/libdwarf/dwarf_secname_ck.c 3
src/lib/libdwarf/dwarf_setup_sections.c 4
src/lib/libdwarf/dwarf_machoread.c 22
src/lib/libdwarf/dwarf_peread.c 13

Fuzzer: fuzz_crc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 0 0.0%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 12 100.%
All colors 12 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
0 0 None 0 0 dwarf_basic_crc32 call site: 00009 /src/libdwarf/src/lib/libdwarf/dwarf_crc.c:137

Runtime coverage analysis

Covered functions
2
Functions that are reachable but not covered
10
Reachable functions
12
Percentage of reachable functions covered
16.67%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzz/fuzz_crc.c 1
src/lib/libdwarf/dwarf_crc.c 1

Fuzzer: fuzz_dnames

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 148 18.2%
gold [1:9] 35 4.32%
yellow [10:29] 42 5.18%
greenyellow [30:49] 21 2.59%
lawngreen 50+ 564 69.6%
All colors 810 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
32 32 2 :

['_dwarfstring_append_zeros', '_dwarfstring_append_spaces']

34 70 dwarfstring_append_printf_u call site: 00436 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:867
16 16 1 :

['_dwarfstring_append_spaces']

18 42 dwarfstring_append_printf_s call site: 00414 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:347
5 5 1 :

['_dwarf_remove_from_staticerrlist']

5 52 dwarf_dealloc call site: 00191 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1076
4 18 2 :

['dwarf_set_load_preference', 'strcmp']

4 18 _dwarf_determine_section_allocation_type call site: 00255 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:858
4 6 2 :

['dwarf_errmsg_by_number', 'fflush']

4 68 _dwarf_error_string call site: 00010 /src/libdwarf/src/lib/libdwarf/dwarf_error.c:126
4 4 1 :

['_dwarf_closer']

4 186 dwarf_finish call site: 00174 /src/libdwarf/src/lib/libdwarf/dwarf_generic_init.c:565
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_macho_internals call site: 00583 /src/libdwarf/src/lib/libdwarf/dwarf_machoread.c:278
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_pe_access call site: 00624 /src/libdwarf/src/lib/libdwarf/dwarf_peread.c:441
3 3 1 :

['allocate_ts_entry']

3 3 _tsearch_inner call site: 00014 /src/libdwarf/src/lib/libdwarf/dwarf_tsearchhash.c:481
2 2 1 :

['fclose']

2 458 _dwarf_free_all_of_one_debug call site: 00196 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1281
0 111 1 :

['dwarf_dealloc_dnames']

0 218 dwarf_dnames_header call site: 00727 /src/libdwarf/src/lib/libdwarf/dwarf_debugnames.c:836
0 109 1 :

['_dwarf_error']

0 109 dwarf_get_xu_index_header call site: 00499 /src/libdwarf/src/lib/libdwarf/dwarf_xu_index.c:418

Runtime coverage analysis

Covered functions
226
Functions that are reachable but not covered
32
Reachable functions
228
Percentage of reachable functions covered
85.96%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzz/fuzz_dnames.c 1
src/lib/libdwarf/dwarf_generic_init.c 3
src/lib/libdwarf/dwarf_error.c 5
src/lib/libdwarf/dwarf_alloc.c 19
src/lib/libdwarf/dwarf_tsearchhash.c 12
src/lib/libdwarf/dwarf_string.c 10
src/lib/libdwarf/dwarf_object_detector.c 7
src/lib/libdwarf/dwarf_seekr.c 3
src/lib/libdwarf/dwarf_object_read_common.c 1
src/lib/libdwarf/dwarf_elfread.c 4
src/lib/libdwarf/dwarf_elf_load_headers.c 39
src/lib/libdwarf/dwarf_memcpy_swap.c 1
src/lib/libdwarf/dwarf_secname_ck.c 3
src/lib/libdwarf/dwarf_init_finish.c 13
src/lib/libdwarf/dwarf_harmless.c 3
src/lib/libdwarf/dwarf_xu_index.c 3
src/lib/libdwarf/dwarf_util.c 3
src/lib/libdwarf/dwarf_rnglists.c 2
src/lib/libdwarf/dwarf_loclists.c 2
src/lib/libdwarf/dwarf_groups.c 10
src/lib/libdwarf/dwarf_tied.c 1
src/lib/libdwarf/dwarf_setup_sections.c 4
src/lib/libdwarf/dwarf_debuglink.c 1
src/lib/libdwarf/dwarf_machoread.c 22
src/lib/libdwarf/dwarf_safe_strcpy.c 1
src/lib/libdwarf/dwarf_peread.c 13
src/lib/libdwarf/dwarf_debugnames.c 21
src/lib/libdwarf/dwarf_leb.c 1

Fuzzer: fuzz_simplereader_tu

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 1161 97.9%
gold [1:9] 23 1.94%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 1 0.08%
All colors 1185 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2240 2454 5 :

['dwarf_addr_form_is_indexed', '_dwarf_look_in_local_and_tied', 'generate_form_error', '_dwarf_error_string', '_dwarf_calculate_info_section_end_ptr']

2240 2454 dwarf_formaddr call site: 01017 /src/libdwarf/src/lib/libdwarf/dwarf_form.c:1310
62 62 1 :

['_dwarf_get_alloc']

62 62 _dwarf_error_string call site: 00024 /src/libdwarf/src/lib/libdwarf/dwarf_error.c:193
29 29 5 :

['_dwarf_add_to_static_err_list', '_dwarf_special_no_dbg_error_malloc', 'calloc', 'dwarfstring_append', 'dwarfstring_constructor']

91 91 _dwarf_error_string call site: 00008 /src/libdwarf/src/lib/libdwarf/dwarf_error.c:126
0 0 None 126 126 dwarf_dealloc call site: 00054 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:960
0 0 None 0 323 get_attr_dbg call site: 00740 /src/libdwarf/src/lib/libdwarf/dwarf_form.c:113
0 0 None 0 0 dwarf_errmsg_by_number call site: 00030 /src/libdwarf/src/lib/libdwarf/dwarf_error.c:225

Runtime coverage analysis

Covered functions
11
Functions that are reachable but not covered
202
Reachable functions
213
Percentage of reachable functions covered
5.16%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzz/fuzz_simplereader_tu.c 1
src/lib/libdwarf/dwarf_die_deliv.c 32
src/lib/libdwarf/dwarf_error.c 5
src/lib/libdwarf/dwarf_alloc.c 19
src/lib/libdwarf/dwarf_tsearchhash.c 10
src/lib/libdwarf/dwarf_string.c 12
src/lib/libdwarf/dwarf_util.c 19
src/lib/libdwarf/dwarf_init_finish.c 2
src/lib/libdwarf/dwarf_rnglists.c 6
src/lib/libdwarf/dwarf_loclists.c 6
src/lib/libdwarf/dwarf_xu_index.c 12
src/lib/libdwarf/dwarf_global.c 1
src/lib/libdwarf/dwarf_safe_strcpy.c 1
src/lib/libdwarf/dwarf_harmless.c 2
src/lib/libdwarf/dwarf_query.c 18
src/lib/libdwarf/dwarf_leb.c 3
src/lib/libdwarf/dwarf_abbrev.c 1
src/lib/libdwarf/dwarf_names.c 2
src/lib/libdwarf/dwarf_fill_in_attr_form.c 2
src/lib/libdwarf/dwarf_form.c 18
src/lib/libdwarf/dwarf_find_sigref.c 2
src/lib/libdwarf/dwarf_str_offsets.c 5
src/lib/libdwarf/dwarf_tied.c 6
src/lib/libdwarf/dwarf_fission_to_cu.c 5
src/lib/libdwarf/dwarf_generic_init.c 1
src/lib/libdwarf/dwarf_seekr.c 1
src/lib/libdwarf/dwarf_groups.c 2

Fuzzer: fuzz_die_cu_attrs

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 526 28.5%
gold [1:9] 150 8.13%
yellow [10:29] 99 5.36%
greenyellow [30:49] 43 2.33%
lawngreen 50+ 1027 55.6%
All colors 1845 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
326 326 1 :

['_dwarf_get_debugfission_for_offset']

326 433 fill_in_dwp_offsets_if_present call site: 00868 /src/libdwarf/src/lib/libdwarf/dwarf_die_deliv.c:620
258 363 2 :

['_dwarf_read_str_offsets_header', 'dwarf_dealloc_error']

258 363 load_xu_str_offsets_into_cucontext call site: 01618 /src/libdwarf/src/lib/libdwarf/dwarf_fission_to_cu.c:162
64 64 2 :

['_dwarfstring_append_zeros', '_dwarfstring_append_spaces']

66 162 dwarfstring_append_printf_i call site: 01653 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:612
32 32 2 :

['_dwarfstring_append_zeros', '_dwarfstring_append_spaces']

34 70 dwarfstring_append_printf_u call site: 00435 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:867
24 309 7 :

['dwarf_errmsg', 'dwarfstring_destructor', 'dwarfstring_string', 'dwarfstring_append', 'dwarfstring_constructor_fixed', '_dwarf_error_string', 'dwarf_dealloc_error']

24 309 _dwarf_internal_global_formref_b call site: 01343 /src/libdwarf/src/lib/libdwarf/dwarf_form.c:957
16 16 1 :

['_dwarfstring_append_spaces']

18 42 dwarfstring_append_printf_s call site: 00413 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:347
5 5 1 :

['_dwarf_remove_from_staticerrlist']

5 52 dwarf_dealloc call site: 00190 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1076
4 1998 2 :

['_dwarf_calculate_next_cu_context_offset', '_dwarf_create_a_new_cu_context_record_on_list']

4 3939 dwarf_offdie_b call site: 01361 /src/libdwarf/src/lib/libdwarf/dwarf_die_deliv.c:3284
4 18 2 :

['dwarf_set_load_preference', 'strcmp']

4 18 _dwarf_determine_section_allocation_type call site: 00254 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:858
4 4 1 :

['_dwarf_closer']

4 186 dwarf_finish call site: 00173 /src/libdwarf/src/lib/libdwarf/dwarf_generic_init.c:565
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_macho_internals call site: 00582 /src/libdwarf/src/lib/libdwarf/dwarf_machoread.c:278
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_pe_access call site: 00623 /src/libdwarf/src/lib/libdwarf/dwarf_peread.c:441

Runtime coverage analysis

Covered functions
353
Functions that are reachable but not covered
49
Reachable functions
372
Percentage of reachable functions covered
86.83%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzz/fuzz_die_cu_attrs.c 1
src/lib/libdwarf/dwarf_generic_init.c 4
src/lib/libdwarf/dwarf_error.c 5
src/lib/libdwarf/dwarf_alloc.c 21
src/lib/libdwarf/dwarf_tsearchhash.c 12
src/lib/libdwarf/dwarf_string.c 13
src/lib/libdwarf/dwarf_object_detector.c 7
src/lib/libdwarf/dwarf_seekr.c 3
src/lib/libdwarf/dwarf_object_read_common.c 1
src/lib/libdwarf/dwarf_elfread.c 4
src/lib/libdwarf/dwarf_elf_load_headers.c 39
src/lib/libdwarf/dwarf_memcpy_swap.c 1
src/lib/libdwarf/dwarf_secname_ck.c 3
src/lib/libdwarf/dwarf_init_finish.c 13
src/lib/libdwarf/dwarf_harmless.c 3
src/lib/libdwarf/dwarf_xu_index.c 14
src/lib/libdwarf/dwarf_util.c 19
src/lib/libdwarf/dwarf_rnglists.c 6
src/lib/libdwarf/dwarf_loclists.c 6
src/lib/libdwarf/dwarf_groups.c 10
src/lib/libdwarf/dwarf_tied.c 6
src/lib/libdwarf/dwarf_setup_sections.c 4
src/lib/libdwarf/dwarf_debuglink.c 1
src/lib/libdwarf/dwarf_machoread.c 22
src/lib/libdwarf/dwarf_safe_strcpy.c 1
src/lib/libdwarf/dwarf_peread.c 13
src/lib/libdwarf/dwarf_die_deliv.c 38
src/lib/libdwarf/dwarf_query.c 36
src/lib/libdwarf/dwarf_leb.c 3
src/lib/libdwarf/dwarf_abbrev.c 1
src/lib/libdwarf/dwarf_names.c 3
src/lib/libdwarf/dwarf_fill_in_attr_form.c 2
src/lib/libdwarf/dwarf_form.c 22
src/lib/libdwarf/dwarf_find_sigref.c 2
src/lib/libdwarf/dwarf_str_offsets.c 5
src/lib/libdwarf/dwarf_fission_to_cu.c 5
src/lib/libdwarf/dwarf_dsc.c 2

Fuzzer: fuzz_die_cu_info1

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 478 29.2%
gold [1:9] 122 7.46%
yellow [10:29] 141 8.62%
greenyellow [30:49] 48 2.93%
lawngreen 50+ 845 51.7%
All colors 1634 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
1994 1994 1 :

['dwarf_offdie_b']

1994 1994 _dwarf_internal_find_die_given_sig8 call site: 01345 /src/libdwarf/src/lib/libdwarf/dwarf_find_sigref.c:212
258 363 2 :

['_dwarf_read_str_offsets_header', 'dwarf_dealloc_error']

258 363 load_xu_str_offsets_into_cucontext call site: 01618 /src/libdwarf/src/lib/libdwarf/dwarf_fission_to_cu.c:162
127 349 2 :

['dwarf_die_offsets', 'dwarf_dealloc_die']

127 349 find_sig8_target_as_global_offset call site: 01344 /src/libdwarf/src/lib/libdwarf/dwarf_form.c:682
32 32 2 :

['_dwarfstring_append_zeros', '_dwarfstring_append_spaces']

34 70 dwarfstring_append_printf_u call site: 00435 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:867
24 309 7 :

['dwarf_errmsg', 'dwarfstring_destructor', 'dwarfstring_string', 'dwarfstring_append', 'dwarfstring_constructor_fixed', '_dwarf_error_string', 'dwarf_dealloc_error']

24 309 _dwarf_internal_global_formref_b call site: 01343 /src/libdwarf/src/lib/libdwarf/dwarf_form.c:957
16 16 1 :

['_dwarfstring_append_spaces']

18 42 dwarfstring_append_printf_s call site: 00413 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:347
8 8 2 :

['_dwarf_special_no_dbg_error_malloc', '_dwarf_add_to_static_err_list']

10 29 _dwarf_error_string call site: 00009 /src/libdwarf/src/lib/libdwarf/dwarf_error.c:129
5 5 1 :

['_dwarf_remove_from_staticerrlist']

5 52 dwarf_dealloc call site: 00190 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1076
4 18 2 :

['dwarf_set_load_preference', 'strcmp']

4 18 _dwarf_determine_section_allocation_type call site: 00254 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:858
4 4 1 :

['_dwarf_closer']

4 186 dwarf_finish call site: 00173 /src/libdwarf/src/lib/libdwarf/dwarf_generic_init.c:565
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_macho_internals call site: 00582 /src/libdwarf/src/lib/libdwarf/dwarf_machoread.c:278
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_pe_access call site: 00623 /src/libdwarf/src/lib/libdwarf/dwarf_peread.c:441

Runtime coverage analysis

Covered functions
317
Functions that are reachable but not covered
51
Reachable functions
339
Percentage of reachable functions covered
84.96%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzz/fuzz_die_cu_info1.c 1
src/lib/libdwarf/dwarf_generic_init.c 3
src/lib/libdwarf/dwarf_error.c 5
src/lib/libdwarf/dwarf_alloc.c 21
src/lib/libdwarf/dwarf_tsearchhash.c 12
src/lib/libdwarf/dwarf_string.c 12
src/lib/libdwarf/dwarf_object_detector.c 7
src/lib/libdwarf/dwarf_seekr.c 3
src/lib/libdwarf/dwarf_object_read_common.c 1
src/lib/libdwarf/dwarf_elfread.c 4
src/lib/libdwarf/dwarf_elf_load_headers.c 39
src/lib/libdwarf/dwarf_memcpy_swap.c 1
src/lib/libdwarf/dwarf_secname_ck.c 3
src/lib/libdwarf/dwarf_init_finish.c 13
src/lib/libdwarf/dwarf_harmless.c 3
src/lib/libdwarf/dwarf_xu_index.c 14
src/lib/libdwarf/dwarf_util.c 18
src/lib/libdwarf/dwarf_rnglists.c 6
src/lib/libdwarf/dwarf_loclists.c 6
src/lib/libdwarf/dwarf_groups.c 10
src/lib/libdwarf/dwarf_tied.c 6
src/lib/libdwarf/dwarf_setup_sections.c 4
src/lib/libdwarf/dwarf_debuglink.c 1
src/lib/libdwarf/dwarf_machoread.c 22
src/lib/libdwarf/dwarf_safe_strcpy.c 1
src/lib/libdwarf/dwarf_peread.c 13
src/lib/libdwarf/dwarf_die_deliv.c 33
src/lib/libdwarf/dwarf_query.c 18
src/lib/libdwarf/dwarf_leb.c 3
src/lib/libdwarf/dwarf_abbrev.c 1
src/lib/libdwarf/dwarf_names.c 2
src/lib/libdwarf/dwarf_fill_in_attr_form.c 2
src/lib/libdwarf/dwarf_form.c 18
src/lib/libdwarf/dwarf_find_sigref.c 2
src/lib/libdwarf/dwarf_str_offsets.c 5
src/lib/libdwarf/dwarf_fission_to_cu.c 5

Fuzzer: fuzz_debug_addr_access

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 129 18.5%
gold [1:9] 50 7.18%
yellow [10:29] 20 2.87%
greenyellow [30:49] 33 4.74%
lawngreen 50+ 464 66.6%
All colors 696 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
115 132 4 :

['dwarf_dealloc_error', 'dwarf_errmsg', 'dwarf_errno', 'dwarfstring_append']

115 426 dwarf_object_init_b call site: 00513 /src/libdwarf/src/lib/libdwarf/dwarf_init_finish.c:1145
32 32 2 :

['_dwarfstring_append_zeros', '_dwarfstring_append_spaces']

34 70 dwarfstring_append_printf_u call site: 00435 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:867
16 16 1 :

['_dwarfstring_append_spaces']

18 42 dwarfstring_append_printf_s call site: 00413 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:347
13 13 2 :

['_dwarf_remove_from_staticerrlist', '_dwarf_error_destructor']

13 60 dwarf_dealloc call site: 00186 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1055
10 29 5 :

['_dwarf_add_to_static_err_list', '_dwarf_special_no_dbg_error_malloc', 'calloc', 'dwarfstring_append', 'dwarfstring_constructor']

10 91 _dwarf_error_string call site: 00009 /src/libdwarf/src/lib/libdwarf/dwarf_error.c:126
4 18 2 :

['dwarf_set_load_preference', 'strcmp']

4 18 _dwarf_determine_section_allocation_type call site: 00254 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:858
4 4 1 :

['_dwarf_closer']

4 186 dwarf_finish call site: 00173 /src/libdwarf/src/lib/libdwarf/dwarf_generic_init.c:565
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_macho_internals call site: 00582 /src/libdwarf/src/lib/libdwarf/dwarf_machoread.c:278
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_pe_access call site: 00623 /src/libdwarf/src/lib/libdwarf/dwarf_peread.c:441
3 3 1 :

['allocate_ts_entry']

3 3 _tsearch_inner call site: 00013 /src/libdwarf/src/lib/libdwarf/dwarf_tsearchhash.c:481
2 2 1 :

['fclose']

2 458 _dwarf_free_all_of_one_debug call site: 00195 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1281
0 114 3 :

['_dwarf_error_string', 'dwarfstring_string', 'dwarfstring_destructor']

0 114 dwarf_object_init_b call site: 00521 /src/libdwarf/src/lib/libdwarf/dwarf_init_finish.c:1162

Runtime coverage analysis

Covered functions
196
Functions that are reachable but not covered
39
Reachable functions
206
Percentage of reachable functions covered
81.07%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzz/fuzz_debug_addr_access.c 1
src/lib/libdwarf/dwarf_generic_init.c 3
src/lib/libdwarf/dwarf_error.c 5
src/lib/libdwarf/dwarf_alloc.c 19
src/lib/libdwarf/dwarf_tsearchhash.c 12
src/lib/libdwarf/dwarf_string.c 10
src/lib/libdwarf/dwarf_object_detector.c 7
src/lib/libdwarf/dwarf_seekr.c 3
src/lib/libdwarf/dwarf_object_read_common.c 1
src/lib/libdwarf/dwarf_elfread.c 4
src/lib/libdwarf/dwarf_elf_load_headers.c 39
src/lib/libdwarf/dwarf_memcpy_swap.c 1
src/lib/libdwarf/dwarf_secname_ck.c 3
src/lib/libdwarf/dwarf_init_finish.c 13
src/lib/libdwarf/dwarf_harmless.c 2
src/lib/libdwarf/dwarf_xu_index.c 3
src/lib/libdwarf/dwarf_util.c 2
src/lib/libdwarf/dwarf_rnglists.c 2
src/lib/libdwarf/dwarf_loclists.c 2
src/lib/libdwarf/dwarf_groups.c 10
src/lib/libdwarf/dwarf_tied.c 1
src/lib/libdwarf/dwarf_setup_sections.c 4
src/lib/libdwarf/dwarf_debuglink.c 1
src/lib/libdwarf/dwarf_machoread.c 22
src/lib/libdwarf/dwarf_safe_strcpy.c 1
src/lib/libdwarf/dwarf_peread.c 13
src/lib/libdwarf/dwarf_debugaddr.c 3

Fuzzer: fuzz_die_cu_attrs_loclist

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 821 38.3%
gold [1:9] 189 8.83%
yellow [10:29] 96 4.48%
greenyellow [30:49] 89 4.15%
lawngreen 50+ 945 44.1%
All colors 2140 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2014 2014 1 :

['cook_loclists_contents']

2014 2133 dwarf_get_loclist_c call site: 02016 /src/libdwarf/src/lib/libdwarf/dwarf_loc.c:1793
2008 2008 1 :

['cook_gnu_loclist_contents']

2008 2127 dwarf_get_loclist_c call site: 01948 /src/libdwarf/src/lib/libdwarf/dwarf_loc.c:1768
1994 1994 1 :

['_dwarf_search_for_signature']

2908 3990 _dwarf_loclists_fill_in_lle_head call site: 02017 /src/libdwarf/src/lib/libdwarf/dwarf_loclists.c:1238
1994 1994 1 :

['dwarf_offdie_b']

1994 1994 _dwarf_internal_find_die_given_sig8 call site: 01345 /src/libdwarf/src/lib/libdwarf/dwarf_find_sigref.c:212
914 1033 6 :

['dwarfstring_append_printf_u', 'dwarfstring_destructor', 'build_array_of_lle', 'dwarfstring_string', '_dwarf_which_loclists_context', 'dwarfstring_constructor']

914 1675 _dwarf_loclists_fill_in_lle_head call site: 02020 /src/libdwarf/src/lib/libdwarf/dwarf_loclists.c:1276
326 326 1 :

['_dwarf_get_debugfission_for_offset']

326 433 fill_in_dwp_offsets_if_present call site: 00868 /src/libdwarf/src/lib/libdwarf/dwarf_die_deliv.c:620
202 202 1 :

['_dwarf_get_loclist_lle_count_dwo']

400 1407 _dwarf_original_loclist_build call site: 01669 /src/libdwarf/src/lib/libdwarf/dwarf_loc.c:1065
186 291 2 :

['dwarf_dealloc_error', '_dwarf_trial_read_dwarf_five_hdr']

186 731 _dwarf_extract_string_offset_via_str_offsets call site: 01436 /src/libdwarf/src/lib/libdwarf/dwarf_form.c:1871
127 349 2 :

['dwarf_die_offsets', 'dwarf_dealloc_die']

127 349 find_sig8_target_as_global_offset call site: 01344 /src/libdwarf/src/lib/libdwarf/dwarf_form.c:682
70 203 6 :

['dwarfstring_destructor', 'dwarfstring_string', '_dwarf_lkind_name', 'dwarfstring_append', '_dwarf_error_string', 'dwarfstring_constructor']

70 203 _dwarf_loc_block_sanity_check call site: 01759 /src/libdwarf/src/lib/libdwarf/dwarf_loc.c:458
70 203 6 :

['dwarfstring_destructor', 'dwarfstring_string', '_dwarf_lkind_name', 'dwarfstring_append', '_dwarf_error_string', 'dwarfstring_constructor']

70 203 _dwarf_loc_block_sanity_check call site: 01770 /src/libdwarf/src/lib/libdwarf/dwarf_loc.c:473
66 66 3 :

['strlen', '_dwarfstring_append_zeros', '_dwarfstring_append_spaces']

66 198 dwarfstring_append_printf_i call site: 01893 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:523

Runtime coverage analysis

Covered functions
339
Functions that are reachable but not covered
80
Reachable functions
388
Percentage of reachable functions covered
79.38%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzz/fuzz_die_cu_attrs_loclist.c 1
src/lib/libdwarf/dwarf_generic_init.c 3
src/lib/libdwarf/dwarf_error.c 5
src/lib/libdwarf/dwarf_alloc.c 21
src/lib/libdwarf/dwarf_tsearchhash.c 12
src/lib/libdwarf/dwarf_string.c 13
src/lib/libdwarf/dwarf_object_detector.c 7
src/lib/libdwarf/dwarf_seekr.c 3
src/lib/libdwarf/dwarf_object_read_common.c 1
src/lib/libdwarf/dwarf_elfread.c 4
src/lib/libdwarf/dwarf_elf_load_headers.c 39
src/lib/libdwarf/dwarf_memcpy_swap.c 1
src/lib/libdwarf/dwarf_secname_ck.c 3
src/lib/libdwarf/dwarf_init_finish.c 13
src/lib/libdwarf/dwarf_harmless.c 3
src/lib/libdwarf/dwarf_xu_index.c 14
src/lib/libdwarf/dwarf_util.c 20
src/lib/libdwarf/dwarf_rnglists.c 6
src/lib/libdwarf/dwarf_loclists.c 14
src/lib/libdwarf/dwarf_groups.c 10
src/lib/libdwarf/dwarf_tied.c 6
src/lib/libdwarf/dwarf_setup_sections.c 4
src/lib/libdwarf/dwarf_debuglink.c 1
src/lib/libdwarf/dwarf_machoread.c 22
src/lib/libdwarf/dwarf_safe_strcpy.c 1
src/lib/libdwarf/dwarf_peread.c 13
src/lib/libdwarf/dwarf_die_deliv.c 34
src/lib/libdwarf/dwarf_query.c 26
src/lib/libdwarf/dwarf_leb.c 3
src/lib/libdwarf/dwarf_abbrev.c 1
src/lib/libdwarf/dwarf_names.c 3
src/lib/libdwarf/dwarf_fill_in_attr_form.c 2
src/lib/libdwarf/dwarf_form.c 21
src/lib/libdwarf/dwarf_find_sigref.c 2
src/lib/libdwarf/dwarf_str_offsets.c 5
src/lib/libdwarf/dwarf_fission_to_cu.c 5
src/lib/libdwarf/dwarf_loc.c 24
src/lib/libdwarf/dwarf_locationop_read.c 2

Fuzzer: fuzz_findfuncbypc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 885 33.6%
gold [1:9] 178 6.76%
yellow [10:29] 94 3.57%
greenyellow [30:49] 89 3.38%
lawngreen 50+ 1384 52.6%
All colors 2630 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
326 326 1 :

['_dwarf_get_debugfission_for_offset']

326 433 fill_in_dwp_offsets_if_present call site: 01109 /src/libdwarf/src/lib/libdwarf/dwarf_die_deliv.c:620
109 109 1 :

['dwarf_object_detector_path_dSYM']

109 7178 dwarf_init_path_dl_a call site: 00035 /src/libdwarf/src/lib/libdwarf/dwarf_generic_init.c:311
64 64 2 :

['_dwarfstring_append_zeros', '_dwarfstring_append_spaces']

66 162 dwarfstring_append_printf_i call site: 01916 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:612
32 32 2 :

['_dwarfstring_append_zeros', '_dwarfstring_append_spaces']

34 70 dwarfstring_append_printf_u call site: 00196 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:867
16 16 1 :

['_dwarfstring_append_spaces']

18 42 dwarfstring_append_printf_s call site: 00673 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:347
5 5 1 :

['_dwarf_remove_from_staticerrlist']

5 52 dwarf_dealloc call site: 00086 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1076
4 18 2 :

['dwarf_set_load_preference', 'strcmp']

4 18 _dwarf_determine_section_allocation_type call site: 00036 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:858
4 6 2 :

['dwarf_errmsg_by_number', 'fflush']

4 68 _dwarf_error_string call site: 00009 /src/libdwarf/src/lib/libdwarf/dwarf_error.c:126
2 2 1 :

['fclose']

2 458 _dwarf_free_all_of_one_debug call site: 00108 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1281
0 858 1 :

['_dwarf_siblingof_internal']

0 858 _dwarf_next_cu_header_internal call site: 01031 /src/libdwarf/src/lib/libdwarf/dwarf_die_deliv.c:2123
0 333 3 :

['dwarf_dealloc_die', '_dwarf_error_string', 'local_dealloc_cu_context']

0 333 _dwarf_create_a_new_cu_context_record_on_list call site: 01106 /src/libdwarf/src/lib/libdwarf/dwarf_die_deliv.c:1892
0 330 2 :

['_dwarf_error_string', '_dwarf_check_string_valid']

0 330 _dwarf_decode_line_string_form call site: 02183 /src/libdwarf/src/lib/libdwarf/dwarf_line.c:2390

Runtime coverage analysis

Covered functions
401
Functions that are reachable but not covered
75
Reachable functions
445
Percentage of reachable functions covered
83.15%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzz/fuzz_findfuncbypc.c 11
src/lib/libdwarf/dwarf_generic_init.c 5
src/lib/libdwarf/dwarf_error.c 5
src/lib/libdwarf/dwarf_alloc.c 21
src/lib/libdwarf/dwarf_tsearchhash.c 12
src/lib/libdwarf/dwarf_string.c 15
src/lib/libdwarf/dwarf_object_detector.c 17
src/lib/libdwarf/dwarf_seekr.c 4
src/lib/libdwarf/dwarf_object_read_common.c 1
src/lib/libdwarf/dwarf_debuglink.c 20
src/lib/libdwarf/dwarf_init_finish.c 13
src/lib/libdwarf/dwarf_harmless.c 3
src/lib/libdwarf/dwarf_xu_index.c 14
src/lib/libdwarf/dwarf_util.c 21
src/lib/libdwarf/dwarf_rnglists.c 6
src/lib/libdwarf/dwarf_loclists.c 6
src/lib/libdwarf/dwarf_groups.c 10
src/lib/libdwarf/dwarf_tied.c 6
src/lib/libdwarf/dwarf_safe_strcpy.c 1
src/lib/libdwarf/dwarf_crc32.c 1
src/lib/libdwarf/dwarf_crc.c 1
src/lib/libdwarf/dwarf_elfread.c 4
src/lib/libdwarf/dwarf_elf_load_headers.c 39
src/lib/libdwarf/dwarf_memcpy_swap.c 1
src/lib/libdwarf/dwarf_secname_ck.c 3
src/lib/libdwarf/dwarf_setup_sections.c 4
src/lib/libdwarf/dwarf_machoread.c 22
src/lib/libdwarf/dwarf_peread.c 13
src/lib/libdwarf/dwarf_die_deliv.c 35
src/lib/libdwarf/dwarf_query.c 27
src/lib/libdwarf/dwarf_leb.c 3
src/lib/libdwarf/dwarf_abbrev.c 1
src/lib/libdwarf/dwarf_names.c 3
src/lib/libdwarf/dwarf_fill_in_attr_form.c 2
src/lib/libdwarf/dwarf_form.c 23
src/lib/libdwarf/dwarf_find_sigref.c 2
src/lib/libdwarf/dwarf_str_offsets.c 5
src/lib/libdwarf/dwarf_fission_to_cu.c 5
src/lib/libdwarf/dwarf_ranges.c 4
src/lib/libdwarf/dwarf_line.c 27
src/lib/libdwarf/dwarf_line_table_reader_common.h 6

Fuzzer: fuzz_gnu_index

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 155 18.4%
gold [1:9] 66 7.84%
yellow [10:29] 32 3.80%
greenyellow [30:49] 40 4.75%
lawngreen 50+ 548 65.1%
All colors 841 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
32 32 2 :

['_dwarfstring_append_zeros', '_dwarfstring_append_spaces']

34 70 dwarfstring_append_printf_u call site: 00436 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:867
16 16 1 :

['_dwarfstring_append_spaces']

18 42 dwarfstring_append_printf_s call site: 00414 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:347
5 5 1 :

['_dwarf_remove_from_staticerrlist']

5 52 dwarf_dealloc call site: 00191 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1076
4 18 2 :

['dwarf_set_load_preference', 'strcmp']

4 18 _dwarf_determine_section_allocation_type call site: 00255 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:858
4 6 2 :

['dwarf_errmsg_by_number', 'fflush']

4 68 _dwarf_error_string call site: 00010 /src/libdwarf/src/lib/libdwarf/dwarf_error.c:126
4 4 1 :

['_dwarf_closer']

4 186 dwarf_finish call site: 00174 /src/libdwarf/src/lib/libdwarf/dwarf_generic_init.c:565
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_macho_internals call site: 00583 /src/libdwarf/src/lib/libdwarf/dwarf_machoread.c:278
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_pe_access call site: 00624 /src/libdwarf/src/lib/libdwarf/dwarf_peread.c:441
2 2 1 :

['fclose']

2 458 _dwarf_free_all_of_one_debug call site: 00196 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1281
0 109 1 :

['_dwarf_error']

0 109 dwarf_get_xu_index_header call site: 00499 /src/libdwarf/src/lib/libdwarf/dwarf_xu_index.c:418
0 107 2 :

['free', '_dwarf_error_string']

0 107 _dwarf_internal_read_rnglists_header call site: 00716 /src/libdwarf/src/lib/libdwarf/dwarf_rnglists.c:555
0 11 1 :

['_dwarf_tdestroy']

0 11 _dwarf_free_all_of_one_debug call site: 00244 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1340

Runtime coverage analysis

Covered functions
226
Functions that are reachable but not covered
32
Reachable functions
228
Percentage of reachable functions covered
85.96%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzz/fuzz_gnu_index.c 1
src/lib/libdwarf/dwarf_generic_init.c 3
src/lib/libdwarf/dwarf_error.c 5
src/lib/libdwarf/dwarf_alloc.c 19
src/lib/libdwarf/dwarf_tsearchhash.c 12
src/lib/libdwarf/dwarf_string.c 11
src/lib/libdwarf/dwarf_object_detector.c 7
src/lib/libdwarf/dwarf_seekr.c 3
src/lib/libdwarf/dwarf_object_read_common.c 1
src/lib/libdwarf/dwarf_elfread.c 4
src/lib/libdwarf/dwarf_elf_load_headers.c 39
src/lib/libdwarf/dwarf_memcpy_swap.c 1
src/lib/libdwarf/dwarf_secname_ck.c 3
src/lib/libdwarf/dwarf_init_finish.c 13
src/lib/libdwarf/dwarf_harmless.c 2
src/lib/libdwarf/dwarf_xu_index.c 3
src/lib/libdwarf/dwarf_util.c 4
src/lib/libdwarf/dwarf_rnglists.c 6
src/lib/libdwarf/dwarf_loclists.c 6
src/lib/libdwarf/dwarf_groups.c 10
src/lib/libdwarf/dwarf_tied.c 1
src/lib/libdwarf/dwarf_setup_sections.c 4
src/lib/libdwarf/dwarf_debuglink.c 1
src/lib/libdwarf/dwarf_machoread.c 22
src/lib/libdwarf/dwarf_safe_strcpy.c 1
src/lib/libdwarf/dwarf_peread.c 13
src/lib/libdwarf/dwarf_gnu_index.c 13

Fuzzer: fuzz_srcfiles

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 767 28.6%
gold [1:9] 201 7.49%
yellow [10:29] 122 4.55%
greenyellow [30:49] 64 2.38%
lawngreen 50+ 1527 56.9%
All colors 2681 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
326 326 1 :

['_dwarf_get_debugfission_for_offset']

326 433 fill_in_dwp_offsets_if_present call site: 00868 /src/libdwarf/src/lib/libdwarf/dwarf_die_deliv.c:620
186 291 2 :

['dwarf_dealloc_error', '_dwarf_trial_read_dwarf_five_hdr']

186 731 _dwarf_extract_string_offset_via_str_offsets call site: 01436 /src/libdwarf/src/lib/libdwarf/dwarf_form.c:1871
8 8 2 :

['_dwarf_special_no_dbg_error_malloc', '_dwarf_add_to_static_err_list']

10 29 _dwarf_error_string call site: 00009 /src/libdwarf/src/lib/libdwarf/dwarf_error.c:129
5 5 1 :

['_dwarf_remove_from_staticerrlist']

5 52 dwarf_dealloc call site: 00190 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1076
4 18 2 :

['dwarf_set_load_preference', 'strcmp']

4 18 _dwarf_determine_section_allocation_type call site: 00254 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:858
4 4 1 :

['_dwarf_closer']

4 186 dwarf_finish call site: 00173 /src/libdwarf/src/lib/libdwarf/dwarf_generic_init.c:565
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_macho_internals call site: 00582 /src/libdwarf/src/lib/libdwarf/dwarf_machoread.c:278
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_pe_access call site: 00623 /src/libdwarf/src/lib/libdwarf/dwarf_peread.c:441
2 2 1 :

['fclose']

2 458 _dwarf_free_all_of_one_debug call site: 00195 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1281
0 1998 2 :

['_dwarf_calculate_next_cu_context_offset', '_dwarf_create_a_new_cu_context_record_on_list']

0 3939 dwarf_offdie_b call site: 01361 /src/libdwarf/src/lib/libdwarf/dwarf_die_deliv.c:3284
0 858 1 :

['_dwarf_siblingof_internal']

0 858 _dwarf_next_cu_header_internal call site: 00790 /src/libdwarf/src/lib/libdwarf/dwarf_die_deliv.c:2123
0 440 5 :

['dwarfstring_append_printf_u', 'dwarfstring_destructor', 'dwarfstring_string', '_dwarf_error_string', 'dwarfstring_constructor']

0 440 _dwarf_extract_address_from_debug_addr call site: 01554 /src/libdwarf/src/lib/libdwarf/dwarf_query.c:999

Runtime coverage analysis

Covered functions
387
Functions that are reachable but not covered
55
Reachable functions
411
Percentage of reachable functions covered
86.62%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzz/fuzz_srcfiles.c 3
src/lib/libdwarf/dwarf_generic_init.c 3
src/lib/libdwarf/dwarf_error.c 5
src/lib/libdwarf/dwarf_alloc.c 21
src/lib/libdwarf/dwarf_tsearchhash.c 12
src/lib/libdwarf/dwarf_string.c 15
src/lib/libdwarf/dwarf_object_detector.c 7
src/lib/libdwarf/dwarf_seekr.c 3
src/lib/libdwarf/dwarf_object_read_common.c 1
src/lib/libdwarf/dwarf_elfread.c 4
src/lib/libdwarf/dwarf_elf_load_headers.c 39
src/lib/libdwarf/dwarf_memcpy_swap.c 1
src/lib/libdwarf/dwarf_secname_ck.c 3
src/lib/libdwarf/dwarf_init_finish.c 13
src/lib/libdwarf/dwarf_harmless.c 3
src/lib/libdwarf/dwarf_xu_index.c 14
src/lib/libdwarf/dwarf_util.c 21
src/lib/libdwarf/dwarf_rnglists.c 6
src/lib/libdwarf/dwarf_loclists.c 6
src/lib/libdwarf/dwarf_groups.c 10
src/lib/libdwarf/dwarf_tied.c 6
src/lib/libdwarf/dwarf_setup_sections.c 4
src/lib/libdwarf/dwarf_debuglink.c 3
src/lib/libdwarf/dwarf_machoread.c 22
src/lib/libdwarf/dwarf_safe_strcpy.c 1
src/lib/libdwarf/dwarf_peread.c 13
src/lib/libdwarf/dwarf_die_deliv.c 34
src/lib/libdwarf/dwarf_query.c 18
src/lib/libdwarf/dwarf_leb.c 3
src/lib/libdwarf/dwarf_abbrev.c 1
src/lib/libdwarf/dwarf_names.c 3
src/lib/libdwarf/dwarf_fill_in_attr_form.c 2
src/lib/libdwarf/dwarf_form.c 20
src/lib/libdwarf/dwarf_find_sigref.c 2
src/lib/libdwarf/dwarf_str_offsets.c 5
src/lib/libdwarf/dwarf_fission_to_cu.c 5
src/lib/libdwarf/dwarf_line.c 38
src/lib/libdwarf/dwarf_line_table_reader_common.h 6
src/lib/libdwarf/dwarf_print_lines.c 12

Fuzzer: fuzz_macro_dwarf4

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 122 17.0%
gold [1:9] 44 6.16%
yellow [10:29] 12 1.68%
greenyellow [30:49] 32 4.48%
lawngreen 50+ 504 70.5%
All colors 714 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
32 32 2 :

['_dwarfstring_append_zeros', '_dwarfstring_append_spaces']

34 70 dwarfstring_append_printf_u call site: 00436 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:867
16 16 1 :

['_dwarfstring_append_spaces']

18 42 dwarfstring_append_printf_s call site: 00414 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:347
5 5 1 :

['_dwarf_remove_from_staticerrlist']

5 52 dwarf_dealloc call site: 00191 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1076
4 18 2 :

['dwarf_set_load_preference', 'strcmp']

4 18 _dwarf_determine_section_allocation_type call site: 00255 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:858
4 6 2 :

['dwarf_errmsg_by_number', 'fflush']

4 68 _dwarf_error_string call site: 00010 /src/libdwarf/src/lib/libdwarf/dwarf_error.c:126
4 4 1 :

['_dwarf_closer']

4 186 dwarf_finish call site: 00174 /src/libdwarf/src/lib/libdwarf/dwarf_generic_init.c:565
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_macho_internals call site: 00583 /src/libdwarf/src/lib/libdwarf/dwarf_machoread.c:278
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_pe_access call site: 00624 /src/libdwarf/src/lib/libdwarf/dwarf_peread.c:441
3 3 1 :

['allocate_ts_entry']

3 3 _tsearch_inner call site: 00014 /src/libdwarf/src/lib/libdwarf/dwarf_tsearchhash.c:481
2 2 1 :

['fclose']

2 458 _dwarf_free_all_of_one_debug call site: 00196 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1281
0 109 1 :

['_dwarf_error']

0 109 dwarf_get_xu_index_header call site: 00499 /src/libdwarf/src/lib/libdwarf/dwarf_xu_index.c:418
0 11 1 :

['_dwarf_tdestroy']

0 11 _dwarf_free_all_of_one_debug call site: 00244 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1340

Runtime coverage analysis

Covered functions
210
Functions that are reachable but not covered
31
Reachable functions
212
Percentage of reachable functions covered
85.38%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzz/fuzz_macro_dwarf4.c 1
src/lib/libdwarf/dwarf_generic_init.c 3
src/lib/libdwarf/dwarf_error.c 5
src/lib/libdwarf/dwarf_alloc.c 19
src/lib/libdwarf/dwarf_tsearchhash.c 12
src/lib/libdwarf/dwarf_string.c 10
src/lib/libdwarf/dwarf_object_detector.c 7
src/lib/libdwarf/dwarf_seekr.c 3
src/lib/libdwarf/dwarf_object_read_common.c 1
src/lib/libdwarf/dwarf_elfread.c 4
src/lib/libdwarf/dwarf_elf_load_headers.c 39
src/lib/libdwarf/dwarf_memcpy_swap.c 1
src/lib/libdwarf/dwarf_secname_ck.c 3
src/lib/libdwarf/dwarf_init_finish.c 13
src/lib/libdwarf/dwarf_harmless.c 2
src/lib/libdwarf/dwarf_xu_index.c 3
src/lib/libdwarf/dwarf_util.c 3
src/lib/libdwarf/dwarf_rnglists.c 2
src/lib/libdwarf/dwarf_loclists.c 2
src/lib/libdwarf/dwarf_groups.c 10
src/lib/libdwarf/dwarf_tied.c 1
src/lib/libdwarf/dwarf_setup_sections.c 4
src/lib/libdwarf/dwarf_debuglink.c 1
src/lib/libdwarf/dwarf_machoread.c 22
src/lib/libdwarf/dwarf_safe_strcpy.c 1
src/lib/libdwarf/dwarf_peread.c 13
src/lib/libdwarf/dwarf_macro.c 5
src/lib/libdwarf/dwarf_leb.c 2

Fuzzer: fuzz_aranges

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 147 17.3%
gold [1:9] 78 9.18%
yellow [10:29] 31 3.65%
greenyellow [30:49] 36 4.24%
lawngreen 50+ 557 65.6%
All colors 849 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
32 32 2 :

['_dwarfstring_append_zeros', '_dwarfstring_append_spaces']

34 70 dwarfstring_append_printf_u call site: 00436 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:867
16 16 1 :

['_dwarfstring_append_spaces']

18 42 dwarfstring_append_printf_s call site: 00414 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:347
5 5 1 :

['_dwarf_remove_from_staticerrlist']

5 52 dwarf_dealloc call site: 00191 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1076
4 18 2 :

['dwarf_set_load_preference', 'strcmp']

4 18 _dwarf_determine_section_allocation_type call site: 00255 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:858
4 6 2 :

['dwarf_errmsg_by_number', 'fflush']

4 68 _dwarf_error_string call site: 00010 /src/libdwarf/src/lib/libdwarf/dwarf_error.c:126
4 4 1 :

['_dwarf_closer']

4 186 dwarf_finish call site: 00174 /src/libdwarf/src/lib/libdwarf/dwarf_generic_init.c:565
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_macho_internals call site: 00583 /src/libdwarf/src/lib/libdwarf/dwarf_machoread.c:278
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_pe_access call site: 00624 /src/libdwarf/src/lib/libdwarf/dwarf_peread.c:441
2 2 1 :

['fclose']

2 458 _dwarf_free_all_of_one_debug call site: 00196 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1281
0 218 2 :

['free_aranges_chain', '_dwarf_error']

0 218 dwarf_get_aranges call site: 00827 /src/libdwarf/src/lib/libdwarf/dwarf_arange.c:441
0 218 2 :

['free_aranges_chain', '_dwarf_error']

0 218 _dwarf_get_aranges_list call site: 00821 /src/libdwarf/src/lib/libdwarf/dwarf_arange.c:381
0 109 1 :

['_dwarf_error']

0 109 dwarf_get_arange_info_b call site: 00831 /src/libdwarf/src/lib/libdwarf/dwarf_arange.c:698

Runtime coverage analysis

Covered functions
222
Functions that are reachable but not covered
31
Reachable functions
224
Percentage of reachable functions covered
86.16%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzz/fuzz_aranges.c 3
src/lib/libdwarf/dwarf_generic_init.c 3
src/lib/libdwarf/dwarf_error.c 5
src/lib/libdwarf/dwarf_alloc.c 19
src/lib/libdwarf/dwarf_tsearchhash.c 12
src/lib/libdwarf/dwarf_string.c 10
src/lib/libdwarf/dwarf_object_detector.c 7
src/lib/libdwarf/dwarf_seekr.c 3
src/lib/libdwarf/dwarf_object_read_common.c 1
src/lib/libdwarf/dwarf_elfread.c 4
src/lib/libdwarf/dwarf_elf_load_headers.c 39
src/lib/libdwarf/dwarf_memcpy_swap.c 1
src/lib/libdwarf/dwarf_secname_ck.c 3
src/lib/libdwarf/dwarf_init_finish.c 13
src/lib/libdwarf/dwarf_harmless.c 3
src/lib/libdwarf/dwarf_xu_index.c 3
src/lib/libdwarf/dwarf_util.c 6
src/lib/libdwarf/dwarf_rnglists.c 6
src/lib/libdwarf/dwarf_loclists.c 6
src/lib/libdwarf/dwarf_groups.c 10
src/lib/libdwarf/dwarf_tied.c 1
src/lib/libdwarf/dwarf_setup_sections.c 4
src/lib/libdwarf/dwarf_debuglink.c 1
src/lib/libdwarf/dwarf_machoread.c 22
src/lib/libdwarf/dwarf_safe_strcpy.c 1
src/lib/libdwarf/dwarf_peread.c 13
src/lib/libdwarf/dwarf_arange.c 4

Fuzzer: fuzz_globals

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 262 22.7%
gold [1:9] 55 4.77%
yellow [10:29] 48 4.16%
greenyellow [30:49] 50 4.33%
lawngreen 50+ 738 64.0%
All colors 1153 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
119 119 1 :

['get_hash_value_number']

119 1223 dwarf_dnames_name call site: 00982 /src/libdwarf/src/lib/libdwarf/dwarf_debugnames.c:1506
54 54 1 :

['apply_rela_entries']

54 54 elf_relocations_nolibelf call site: 00000 /src/libdwarf/src/lib/libdwarf/dwarf_elfread.c:647
16 16 1 :

['_dwarfstring_append_spaces']

18 42 dwarfstring_append_printf_s call site: 00414 /src/libdwarf/src/lib/libdwarf/dwarf_string.c:347
5 5 1 :

['_dwarf_remove_from_staticerrlist']

5 52 dwarf_dealloc call site: 00191 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1076
4 18 2 :

['dwarf_set_load_preference', 'strcmp']

4 18 _dwarf_determine_section_allocation_type call site: 00255 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:858
4 6 2 :

['dwarf_errmsg_by_number', 'fflush']

4 68 _dwarf_error_string call site: 00010 /src/libdwarf/src/lib/libdwarf/dwarf_error.c:126
4 4 1 :

['_dwarf_closer']

4 186 dwarf_finish call site: 00174 /src/libdwarf/src/lib/libdwarf/dwarf_generic_init.c:565
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_macho_internals call site: 00583 /src/libdwarf/src/lib/libdwarf/dwarf_machoread.c:278
4 4 1 :

['_dwarf_closer']

4 4 _dwarf_destruct_pe_access call site: 00624 /src/libdwarf/src/lib/libdwarf/dwarf_peread.c:441
2 2 1 :

['fclose']

2 458 _dwarf_free_all_of_one_debug call site: 00196 /src/libdwarf/src/lib/libdwarf/dwarf_alloc.c:1281
0 111 1 :

['dwarf_dealloc_dnames']

0 218 dwarf_dnames_header call site: 00971 /src/libdwarf/src/lib/libdwarf/dwarf_debugnames.c:836
0 109 1 :

['_dwarf_error']

0 109 dwarf_dnames_entrypool call site: 01016 /src/libdwarf/src/lib/libdwarf/dwarf_debugnames.c:1667

Runtime coverage analysis

Covered functions
262
Functions that are reachable but not covered
35
Reachable functions
271
Percentage of reachable functions covered
87.08%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzz/fuzz_globals.c 3
src/lib/libdwarf/dwarf_generic_init.c 3
src/lib/libdwarf/dwarf_error.c 5
src/lib/libdwarf/dwarf_alloc.c 19
src/lib/libdwarf/dwarf_tsearchhash.c 12
src/lib/libdwarf/dwarf_string.c 11
src/lib/libdwarf/dwarf_object_detector.c 7
src/lib/libdwarf/dwarf_seekr.c 3
src/lib/libdwarf/dwarf_object_read_common.c 1
src/lib/libdwarf/dwarf_elfread.c 4
src/lib/libdwarf/dwarf_elf_load_headers.c 39
src/lib/libdwarf/dwarf_memcpy_swap.c 1
src/lib/libdwarf/dwarf_secname_ck.c 3
src/lib/libdwarf/dwarf_init_finish.c 13
src/lib/libdwarf/dwarf_harmless.c 3
src/lib/libdwarf/dwarf_xu_index.c 3
src/lib/libdwarf/dwarf_util.c 7
src/lib/libdwarf/dwarf_rnglists.c 6
src/lib/libdwarf/dwarf_loclists.c 6
src/lib/libdwarf/dwarf_groups.c 10
src/lib/libdwarf/dwarf_tied.c 1
src/lib/libdwarf/dwarf_setup_sections.c 4
src/lib/libdwarf/dwarf_debuglink.c 1
src/lib/libdwarf/dwarf_machoread.c 22
src/lib/libdwarf/dwarf_safe_strcpy.c 1
src/lib/libdwarf/dwarf_peread.c 13
src/lib/libdwarf/dwarf_global.c 20
src/lib/libdwarf/dwarf_debugnames.c 21
src/lib/libdwarf/dwarf_leb.c 2
src/lib/libdwarf/dwarf_form.c 5
src/lib/libdwarf/dwarf_query.c 1
src/lib/libdwarf/dwarf_names.c 1

Analyses and suggestions

Optimal target analysis

Remaining optimal interesting functions

The following table shows a list of functions that are optimal targets. Optimal targets are identified by finding the functions that in combination, yield a high code coverage.

Func name Functions filename Arg count Args Function depth hitcount instr count bb count cyclomatic complexity Reachable functions Incoming references total cyclomatic complexity Unreached complexity
elf_relocations_nolibelf /src/libdwarf/src/lib/libdwarf/dwarf_elfread.c 4 ['N/A', 'size_t', 'N/A', 'N/A'] 3 0 129 17 8 5 0 89 89
dwarf_rnglists_get_rle_head /src/libdwarf/src/lib/libdwarf/dwarf_rnglists.c 7 ['N/A', 'short', 'size_t', 'N/A', 'N/A', 'N/A', 'N/A'] 35 0 428 87 33 189 0 2101 86
dwarf_language_version_string /src/libdwarf/src/lib/libdwarf/dwarf_query.c 3 ['size_t', 'N/A', 'N/A'] 2 0 24 3 2 2 0 56 56

Implementing fuzzers that target the above functions will improve reachability such that it becomes:

Functions statically reachable by fuzzers
81.0%
733 / 900
Cyclomatic complexity statically reachable by fuzzers
86.0%
7885 / 9210

All functions overview

If you implement fuzzers for these functions, the status of all functions in the project will be:

Func name Functions filename Args Function call depth Reached by Fuzzers Runtime reached by Fuzzers Combined reached by Fuzzers Fuzzers runtime hit Func lines hit % I Count BB Count Cyclomatic complexity Functions reached Reached by functions Accumulated cyclomatic complexity Undiscovered complexity

Fuzz engine guidance

This sections provides heuristics that can be used as input to a fuzz engine when running a given fuzz target. The current focus is on providing input that is usable by libFuzzer.

fuzz/fuzz_crc_32.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['dwarf_crc32', 'dwarfstring_append_printf_s', 'dwarf_get_xu_index_header', '_dwarf_load_section', 'dwarfstring_append_printf_u', 'dwarfstring_append_length', '_dwarf_determine_section_allocation_type', 'insert_sht_list_in_group_map']

fuzz/fuzz_init_path.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['_dwarf_debuglink_finder_newpath', 'dwarfstring_append_printf_u', 'dwarf_get_xu_index_header', 'insert_sht_list_in_group_map', 'dwarfstring_append_printf_s', '_dwarf_determine_section_allocation_type', 'dwarf_add_debuglink_global_path']

fuzz/fuzz_debuglink.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['_dwarf_extract_buildid', 'dwarfstring_append_printf_s', 'dwarf_get_xu_index_header', 'dwarf_object_init_b', '_dwarf_load_section', '_dwarf_construct_linkedto_path', '_dwarf_get_alloc', '_dwarf_determine_section_allocation_type', 'dwarfstring_append_printf_u', 'insert_sht_list_in_group_map']

fuzz/fuzz_die_cu_e.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['_dwarf_create_a_new_cu_context_record_on_list', '_dwarf_get_size_of_val', '_dwarf_trial_read_dwarf_five_hdr', '_dwarf_leb128_sword_wrapper', 'dwarf_get_xu_section_offset', '_dwarf_look_in_local_and_tied_by_index', '_dwarf_count_abbrev_entries', 'dwarf_get_debugfission_for_key', 'fill_in_dwp_offsets_if_present']

fuzz/fuzz_tie.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['dwarfstring_append_printf_s', 'dwarf_get_xu_index_header', 'dwarf_object_init_b', '_dwarf_load_section', 'dwarfstring_append_printf_u', '_dwarf_get_alloc', '_dwarf_determine_section_allocation_type', 'insert_sht_list_in_group_map']

fuzz/fuzz_init_binary.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['dwarfstring_append_printf_s', 'dwarf_get_xu_index_header', 'dwarf_object_init_b', '_dwarf_load_section', 'dwarfstring_append_printf_u', '_dwarf_get_alloc', '_dwarf_determine_section_allocation_type', 'insert_sht_list_in_group_map']

fuzz/fuzz_set_frame_all.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['_dwarf_exec_frame_instr', '_dwarf_create_fde_from_after_start', 'dwarfstring_append_printf_s', 'dwarf_get_xu_index_header', '_dwarf_load_section', 'dwarfstring_append_length', '_dwarf_determine_section_allocation_type', 'dwarfstring_append_printf_u', 'print_fde_selected_regs']

fuzz/fuzz_die_cu_print.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['_dwarf_create_a_new_cu_context_record_on_list', '_dwarf_extract_string_offset_via_str_offsets', '_dwarf_next_die_info_ptr', '_dwarf_look_in_local_and_tied_by_index', 'dwarf_get_xu_section_offset', 'dwarf_get_debugfission_for_key', 'fill_in_dwp_offsets_if_present', '_dwarf_count_abbrev_entries']

fuzz/fuzz_die_cu_offset.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['dwarf_offdie_b', '_dwarf_get_size_of_val', '_dwarf_extract_string_offset_via_str_offsets', '_dwarf_leb128_sword_wrapper', '_dwarf_look_in_local_and_tied_by_index', 'dwarf_get_xu_section_offset', '_dwarf_count_abbrev_entries', 'dwarf_get_debugfission_for_key', 'fill_in_dwp_offsets_if_present']

fuzz/fuzz_str_offsets.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['dwarfstring_append_printf_i', 'dwarfstring_append_printf_s', 'dwarf_get_xu_index_header', '_dwarf_load_section', 'dwarfstring_append_printf_u', 'dwarfstring_append_length', '_dwarf_determine_section_allocation_type', 'insert_sht_list_in_group_map']

fuzz/fuzz_rng.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['dwarf_get_rnglist_rle', 'dwarfstring_append_printf_s', 'dwarf_get_xu_index_header', 'dwarf_object_init_b', 'dwarf_get_rnglist_offset_index_value', '_dwarf_load_section', 'dwarfstring_append_printf_u', '_dwarf_get_alloc', '_dwarf_determine_section_allocation_type']

fuzz/fuzz_macro_dwarf5.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['_dwarf_read_line_table_header', '_dwarf_get_size_of_val', '_dwarf_extract_string_offset_via_str_offsets', '_dwarf_leb128_sword_wrapper', '_dwarf_look_in_local_and_tied_by_index', 'read_operands_table', 'dwarf_get_xu_section_offset', '_dwarf_count_abbrev_entries', 'dwarf_get_debugfission_for_key']

fuzz/fuzz_xuindex.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['dwarfstring_append_printf_s', 'dwarf_get_xu_index_header', 'dwarf_object_init_b', '_dwarf_load_section', 'dwarfstring_append_printf_u', '_dwarf_get_alloc', '_dwarf_determine_section_allocation_type', 'insert_sht_list_in_group_map']

fuzz/fuzz_gdbindex.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['dwarfstring_append_printf_s', 'dwarf_get_xu_index_header', '_dwarf_load_section', 'dwarfstring_append_length', '_dwarf_determine_section_allocation_type', 'dwarfstring_append_printf_u', 'insert_sht_list_in_group_map', 'examplewgdbindex']

fuzz/fuzz_stack_frame_access.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['_dwarf_create_a_new_cu_context_record_on_list', '_dwarf_get_size_of_val', 'dwarf_get_fde_for_die', '_dwarf_extract_string_offset_via_str_offsets', '_dwarf_create_cie_from_after_start', '_dwarf_leb128_sword_wrapper', '_dwarf_look_in_local_and_tied_by_index', 'dwarf_get_xu_section_offset', '_dwarf_count_abbrev_entries', 'dwarf_get_debugfission_for_key']

fuzz/fuzz_die_cu.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['_dwarf_create_a_new_cu_context_record_on_list', 'dwarf_get_xu_section_offset', '_dwarf_get_size_of_val', '_dwarf_extract_string_offset_via_str_offsets', '_dwarf_leb128_sword_wrapper', '_dwarf_look_in_local_and_tied_by_index', '_dwarf_find_all_offsets_via_fission', '_dwarf_count_abbrev_entries', 'dwarf_get_debugfission_for_key', 'fill_in_dwp_offsets_if_present']

fuzz/fuzz_debug_str.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['dwarfstring_append_printf_s', 'dwarf_get_xu_index_header', '_dwarf_load_section', 'dwarfstring_append_printf_u', 'dwarfstring_append_length', '_dwarf_determine_section_allocation_type', 'insert_sht_list_in_group_map']

fuzz/fuzz_die_cu_e_print.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['_dwarf_create_a_new_cu_context_record_on_list', '_dwarf_extract_string_offset_via_str_offsets', '_dwarf_next_die_info_ptr', 'dwarf_get_xu_section_offset', '_dwarf_look_in_local_and_tied_by_index', 'dwarf_get_debugfission_for_key', 'fill_in_dwp_offsets_if_present', '_dwarf_make_CU_Context']

fuzz/fuzz_init_b.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['dwarfstring_append_printf_s', 'dwarf_get_xu_index_header', '_dwarf_load_section', 'dwarfstring_append_printf_u', 'dwarfstring_append_length', '_dwarf_determine_section_allocation_type', 'insert_sht_list_in_group_map']

fuzz/fuzz_showsectgrp.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['dwarfstring_append_printf_u', '_dwarf_load_section', '_dwarf_determine_section_allocation_type', 'dwarf_get_xu_index_header', 'insert_sht_list_in_group_map', 'dwarf_object_init_b', '_dwarf_get_alloc', 'dwarf_init_path_dl_a', '_dwarf_free_all_of_one_debug']

fuzz/fuzz_crc.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


fuzz/fuzz_dnames.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['dwarf_dnames_name', 'dwarfstring_append_printf_s', 'dwarf_get_xu_index_header', '_dwarf_load_section', 'dwarfstring_append_printf_u', 'dwarfstring_append_length', '_dwarf_determine_section_allocation_type', 'LLVMFuzzerTestOneInput']

fuzz/fuzz_simplereader_tu.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['dwarf_get_debugfission_for_key', 'get_attr_dbg', '_dwarf_error', 'dwarf_formaddr', 'dwarf_finish', 'dwarf_die_from_hash_signature', '_dwarf_error_string']

fuzz/fuzz_die_cu_attrs.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['_dwarf_next_die_info_ptr', '_dwarf_trial_read_dwarf_five_hdr', '_dwarf_look_in_local_and_tied_by_index', 'dwarf_get_xu_section_offset', 'dwarf_die_CU_offset', 'dwarfstring_append_printf_i', 'dwarf_get_debugfission_for_key', 'dwarf_offdie_b', 'fill_in_dwp_offsets_if_present']

fuzz/fuzz_die_cu_info1.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['_dwarf_create_a_new_cu_context_record_on_list', '_dwarf_get_size_of_val', '_dwarf_leb128_sword_wrapper', '_dwarf_look_in_local_and_tied_by_index', 'dwarf_get_xu_section_offset', '_dwarf_count_abbrev_entries', 'dwarf_get_debugfission_for_key', '_dwarf_make_CU_Context', '_dwarf_get_string_from_tied']

fuzz/fuzz_debug_addr_access.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['dwarfstring_append_printf_s', 'dwarf_get_xu_index_header', 'dwarf_object_init_b', 'dwarf_debug_addr_table', '_dwarf_load_section', 'dwarfstring_append_printf_u', '_dwarf_get_alloc', '_dwarf_determine_section_allocation_type', 'insert_sht_list_in_group_map']

fuzz/fuzz_die_cu_attrs_loclist.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['_dwarf_create_a_new_cu_context_record_on_list', 'dwarf_get_xu_section_offset', '_dwarf_loclists_fill_in_lle_head', '_dwarf_get_fission_addition_die', 'dwarf_highpc_b', '_dwarf_get_size_of_val', '_dwarf_extract_string_offset_via_str_offsets', 'dwarf_get_loclist_c', '_dwarf_leb128_sword_wrapper', '_dwarf_look_in_local_and_tied_by_index']

fuzz/fuzz_findfuncbypc.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['_dwarf_pathjoinl', 'dwarfstring_append_printf_u', 'dwarf_get_xu_section_offset', '_dwarf_next_die_info_ptr', 'dwarf_get_ranges_b', 'read_line_table_program', '_dwarf_look_in_local_and_tied_by_index', '_dwarf_find_all_offsets_via_fission', '_dwarf_read_line_table_header', '_dwarf_filename']

fuzz/fuzz_gnu_index.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['dwarf_get_gnu_index_head', '_dwarf_count_entries_in_block', 'dwarfstring_append_printf_s', 'dwarf_get_xu_index_header', '_dwarf_load_section', 'dwarfstring_append_printf_u', 'dwarfstring_append_length', '_dwarf_determine_section_allocation_type', 'internal_load_rnglists_contexts']

fuzz/fuzz_srcfiles.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['dwarf_get_xu_section_offset', '_dwarf_get_size_of_val', '_dwarf_extract_string_offset_via_str_offsets', 'read_line_table_program', '_dwarf_leb128_sword_wrapper', '_dwarf_look_in_local_and_tied_by_index', '_dwarf_find_all_offsets_via_fission', '_dwarf_filename', '_dwarf_count_abbrev_entries']

fuzz/fuzz_macro_dwarf4.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['dwarfstring_append_printf_s', 'dwarf_get_xu_index_header', '_dwarf_load_section', 'dwarfstring_append_printf_u', 'dwarfstring_append_length', '_dwarf_determine_section_allocation_type', 'dwarf_get_macro_details', 'insert_sht_list_in_group_map']

fuzz/fuzz_aranges.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['_dwarf_get_aranges_list', 'dwarfstring_append_printf_s', 'dwarf_get_xu_index_header', '_dwarf_load_section', 'dwarfstring_append_printf_u', 'dwarfstring_append_length', '_dwarf_determine_section_allocation_type', 'internal_load_rnglists_contexts', '_dwarf_read_unaligned_ck_wrapper']

fuzz/fuzz_globals.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['_dwarf_formudata_internal', 'dwarf_dnames_name', 'dwarfstring_append_printf_s', 'dwarf_get_xu_index_header', '_dwarf_internal_get_debug_names_globals', '_dwarf_load_section', 'dwarf_globals_by_type', '_dwarf_internal_read_rnglists_header', '_dwarf_internal_get_pubnames_like', 'dwarfstring_append_length']

Runtime coverage analysis

This section shows analysis of runtime coverage data.

For futher technical details on how this section is generated, please see the Glossary .

Complex functions with low coverage

Func name Function total lines Lines covered at runtime percentage covered Reached by fuzzers
dwarf_crc32 73 14 19.17% ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_findfuncbypc', 'fuzz_showsectgrp']
elf_load_nolibelf_section_a 94 14 14.89% ['fuzz_set_frame_all', 'fuzz_dnames', 'fuzz_tie', 'fuzz_str_offsets', 'fuzz_srcfiles', 'fuzz_die_cu_attrs_loclist', 'fuzz_xuindex', 'fuzz_die_cu_e_print', 'fuzz_die_cu_e', 'fuzz_macro_dwarf5', 'fuzz_rng', 'fuzz_showsectgrp', 'fuzz_die_cu_info1', 'fuzz_die_cu_print', 'fuzz_gnu_index', 'fuzz_macro_dwarf4', 'fuzz_init_path', 'fuzz_findfuncbypc', 'fuzz_aranges', 'fuzz_crc_32', 'fuzz_die_cu_attrs', 'fuzz_init_binary', 'fuzz_die_cu_offset', 'fuzz_debug_str', 'fuzz_globals', 'fuzz_die_cu', 'fuzz_debuglink', 'fuzz_gdbindex', 'fuzz_debug_addr_access', 'fuzz_stack_frame_access', 'fuzz_init_b']
transform_leading_windowsletter 36 15 41.66% ['fuzz_init_path', 'fuzz_showsectgrp', 'fuzz_findfuncbypc', 'fuzz_debuglink']
dwarf_object_detector_path_dSYM 47 23 48.93% ['fuzz_init_path', 'fuzz_findfuncbypc', 'fuzz_showsectgrp']
_dwarf_debuglink_finder_newpath 86 27 31.39% ['fuzz_init_path', 'fuzz_findfuncbypc', 'fuzz_showsectgrp']
insert_into_cu_context_list 45 20 44.44% ['fuzz_die_cu_e', 'fuzz_die_cu_offset', 'fuzz_macro_dwarf5', 'fuzz_simplereader_tu', 'fuzz_die_cu_info1', 'fuzz_findfuncbypc', 'fuzz_die_cu', 'fuzz_srcfiles', 'fuzz_die_cu_print', 'fuzz_die_cu_attrs_loclist', 'fuzz_die_cu_attrs', 'fuzz_stack_frame_access', 'fuzz_die_cu_e_print']
_dwarf_fill_in_attr_form_abtable 101 48 47.52% ['fuzz_die_cu_e', 'fuzz_die_cu_offset', 'fuzz_macro_dwarf5', 'fuzz_simplereader_tu', 'fuzz_die_cu_info1', 'fuzz_findfuncbypc', 'fuzz_die_cu', 'fuzz_srcfiles', 'fuzz_die_cu_print', 'fuzz_die_cu_attrs_loclist', 'fuzz_die_cu_attrs', 'fuzz_stack_frame_access', 'fuzz_die_cu_e_print']
load_xu_loclists_into_cucontext 51 16 31.37% ['fuzz_die_cu_e', 'fuzz_die_cu_offset', 'fuzz_macro_dwarf5', 'fuzz_simplereader_tu', 'fuzz_die_cu_info1', 'fuzz_findfuncbypc', 'fuzz_die_cu', 'fuzz_srcfiles', 'fuzz_die_cu_print', 'fuzz_die_cu_attrs_loclist', 'fuzz_die_cu_attrs', 'fuzz_stack_frame_access', 'fuzz_die_cu_e_print']
load_xu_str_offsets_into_cucontext 56 11 19.64% ['fuzz_die_cu_e', 'fuzz_die_cu_offset', 'fuzz_macro_dwarf5', 'fuzz_simplereader_tu', 'fuzz_die_cu_info1', 'fuzz_findfuncbypc', 'fuzz_die_cu', 'fuzz_srcfiles', 'fuzz_die_cu_print', 'fuzz_die_cu_attrs_loclist', 'fuzz_die_cu_attrs', 'fuzz_stack_frame_access', 'fuzz_die_cu_e_print']
_dwarf_get_string_from_tied 50 11 22.0% ['fuzz_die_cu_e', 'fuzz_die_cu_offset', 'fuzz_macro_dwarf5', 'fuzz_simplereader_tu', 'fuzz_die_cu_info1', 'fuzz_findfuncbypc', 'fuzz_die_cu', 'fuzz_srcfiles', 'fuzz_die_cu_print', 'fuzz_die_cu_attrs_loclist', 'fuzz_die_cu_attrs', 'fuzz_stack_frame_access', 'fuzz_die_cu_e_print']
dwarf_get_xu_section_names 33 15 45.45% ['fuzz_die_cu_e', 'fuzz_die_cu_offset', 'fuzz_macro_dwarf5', 'fuzz_simplereader_tu', 'fuzz_die_cu_info1', 'fuzz_findfuncbypc', 'fuzz_die_cu', 'fuzz_srcfiles', 'fuzz_die_cu_print', 'fuzz_die_cu_attrs_loclist', 'fuzz_die_cu_attrs', 'fuzz_stack_frame_access', 'fuzz_die_cu_e_print']
_dwarf_search_fission_for_key 71 34 47.88% ['fuzz_die_cu_e', 'fuzz_die_cu_offset', 'fuzz_macro_dwarf5', 'fuzz_simplereader_tu', 'fuzz_die_cu_info1', 'fuzz_findfuncbypc', 'fuzz_die_cu', 'fuzz_srcfiles', 'fuzz_die_cu_print', 'fuzz_die_cu_attrs_loclist', 'fuzz_die_cu_attrs', 'fuzz_stack_frame_access', 'fuzz_die_cu_e_print']
dwarf_set_tied_dbg 34 10 29.41% ['fuzz_die_cu_attrs', 'fuzz_tie']
dwarf_get_rnglist_offset_index_value 74 36 48.64% ['fuzz_rng']
dwarf_get_rnglist_rle 66 29 43.93% ['fuzz_rng']
dwarf_srclines_files_indexes 45 18 40.0% ['fuzz_srcfiles', 'fuzz_findfuncbypc', 'fuzz_macro_dwarf5']
_dwarf_print_header_issue 40 7 17.5% ['fuzz_srcfiles', 'fuzz_findfuncbypc', 'fuzz_macro_dwarf5']
read_operands_table 95 21 22.10% ['fuzz_macro_dwarf5']
_dwarf_skim_forms 123 60 48.78% ['fuzz_macro_dwarf5']
dwarf_dnames_cu_table 67 34 50.74% ['fuzz_dnames', 'fuzz_globals']
dwarf_dnames_abbrevtable 36 8 22.22% ['fuzz_dnames']
_dwarf_fill_in_attr_form 33 12 36.36% ['fuzz_dnames', 'fuzz_globals']
dwarf_die_from_hash_signature 77 4 5.194% ['fuzz_simplereader_tu']
get_dsc_leb_entries 87 39 44.82% ['fuzz_die_cu_attrs']
dwarf_get_TAG_name 366 6 1.639% ['fuzz_die_cu_attrs']
dwarf_debug_addr_by_index 36 16 44.44% ['fuzz_debug_addr_access']
_dwarf_loc_block_sanity_check 48 16 33.33% ['fuzz_die_cu_attrs_loclist']
validate_lle_value 59 12 20.33% ['fuzz_die_cu_attrs_loclist']
cook_original_loclist_contents 40 21 52.5% ['fuzz_die_cu_attrs_loclist']
_dwarf_loclists_fill_in_lle_head 151 36 23.84% ['fuzz_die_cu_attrs_loclist']
dwarf_get_OP_name 588 18 3.061% ['fuzz_die_cu_attrs_loclist']
dwarf_srclines_files_data_b 88 42 47.72% ['fuzz_findfuncbypc']
dwarf_srclines_include_dir_data 37 15 40.54% ['fuzz_findfuncbypc']
_dwarf_filename 117 59 50.42% ['fuzz_srcfiles', 'fuzz_findfuncbypc']
dwarf_srclines_two_level_from_linecontext 40 17 42.5% ['fuzz_srcfiles']

Files and Directories in report

This section shows which files and directories are considered in this report. The main reason for showing this is fuzz introspector may include more code in the reasoning than is desired. This section helps identify if too many files/directories are included, e.g. third party code, which may be irrelevant for the threat model. In the event too much is included, fuzz introspector supports a configuration file that can exclude data from the report. See the following link for more information on how to create a config file: link

Files in report

Source file Reached by Covered by
[] []
/src/libdwarf/fuzz/fuzz_init_binary.c ['fuzz_init_binary'] ['fuzz_init_binary']
/src/libdwarf/fuzz/fuzz_findfuncbypc.c ['fuzz_findfuncbypc'] ['fuzz_findfuncbypc']
/src/libdwarf/fuzz/fuzz_init_path.c ['fuzz_init_path'] ['fuzz_init_path']
/src/libdwarf/src/lib/libdwarf/dwarf_gdbindex.c ['fuzz_gdbindex'] ['fuzz_gdbindex']
/src/libdwarf/fuzz/fuzz_srcfiles.c ['fuzz_srcfiles'] ['fuzz_srcfiles']
/src/libdwarf/src/lib/libdwarf/dwarf_util.c ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_simplereader_tu', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals'] ['fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_dnames', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals']
/src/libdwarf/fuzz/fuzz_globals.c ['fuzz_globals'] ['fuzz_globals']
/src/libdwarf/fuzz/fuzz_showsectgrp.c ['fuzz_showsectgrp'] ['fuzz_showsectgrp']
/src/libdwarf/fuzz/fuzz_die_cu_offset.c ['fuzz_die_cu_offset'] ['fuzz_die_cu_offset']
/src/libdwarf/src/lib/libdwarf/dwarf_abbrev.c ['fuzz_die_cu_e', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_macro_dwarf5', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_die_cu_e_print', 'fuzz_simplereader_tu', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_srcfiles'] ['fuzz_die_cu_e', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_macro_dwarf5', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_die_cu_e_print', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_srcfiles']
/src/libdwarf/fuzz/fuzz_die_cu_attrs_loclist.c ['fuzz_die_cu_attrs_loclist'] ['fuzz_die_cu_attrs_loclist']
/src/libdwarf/src/lib/libdwarf/dwarf_macro.c ['fuzz_macro_dwarf4'] ['fuzz_macro_dwarf4']
/src/libdwarf/src/lib/libdwarf/dwarf_alloc.c ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_simplereader_tu', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals'] ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_simplereader_tu', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals']
/src/libdwarf/src/lib/libdwarf/dwarf_harmless.c ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_simplereader_tu', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals'] ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals']
/src/libdwarf/src/lib/libdwarf/dwarf_generic_init.c ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_simplereader_tu', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals'] ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_simplereader_tu', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals']
/src/libdwarf/src/lib/libdwarf/dwarf_seekr.c ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_simplereader_tu', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals'] ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals']
/src/libdwarf/src/lib/libdwarf/dwarf_secname_ck.c ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals'] ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals']
/src/libdwarf/src/lib/libdwarf/dwarf_macro5.c ['fuzz_macro_dwarf5'] ['fuzz_macro_dwarf5']
/src/libdwarf/src/lib/libdwarf/dwarf_arange.c ['fuzz_aranges'] ['fuzz_aranges']
/src/libdwarf/fuzz/fuzz_init_b.c ['fuzz_init_b'] ['fuzz_init_b']
/src/libdwarf/fuzz/fuzz_debuglink.c ['fuzz_debuglink'] ['fuzz_debuglink']
/src/libdwarf/src/lib/libdwarf/dwarf_elfread.c ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals'] ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals']
/src/libdwarf/src/lib/libdwarf/dwarf_debugnames.c ['fuzz_dnames', 'fuzz_globals'] ['fuzz_dnames', 'fuzz_globals']
/src/libdwarf/src/lib/libdwarf/dwarf_fill_in_attr_form.c ['fuzz_die_cu_e', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_macro_dwarf5', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_die_cu_e_print', 'fuzz_simplereader_tu', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_srcfiles'] ['fuzz_die_cu_e', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_macro_dwarf5', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_die_cu_e_print', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_srcfiles']
/src/libdwarf/src/lib/libdwarf/dwarf_stringsection.c ['fuzz_debug_str'] ['fuzz_debug_str']
/src/libdwarf/fuzz/fuzz_die_cu_e_print.c ['fuzz_die_cu_e_print'] ['fuzz_die_cu_e_print']
/src/libdwarf/src/lib/libdwarf/dwarf_groups.c ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_simplereader_tu', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals'] ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals']
/src/libdwarf/src/lib/libdwarf/dwarf_print_lines.c ['fuzz_srcfiles'] ['fuzz_srcfiles']
/src/libdwarf/fuzz/fuzz_crc_32.c ['fuzz_crc_32'] ['fuzz_crc_32']
/src/libdwarf/src/lib/libdwarf/dwarf_names.c ['fuzz_die_cu_e', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_macro_dwarf5', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_die_cu_e_print', 'fuzz_simplereader_tu', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_srcfiles', 'fuzz_globals'] ['fuzz_die_cu_e', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_macro_dwarf5', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_die_cu_e_print', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_srcfiles', 'fuzz_globals']
/src/libdwarf/src/lib/libdwarf/dwarf_line.c ['fuzz_macro_dwarf5', 'fuzz_findfuncbypc', 'fuzz_srcfiles'] ['fuzz_macro_dwarf5', 'fuzz_findfuncbypc', 'fuzz_srcfiles']
/src/libdwarf/src/lib/libdwarf/dwarf_loc.c ['fuzz_die_cu_attrs_loclist'] ['fuzz_die_cu_attrs_loclist']
/src/libdwarf/src/lib/libdwarf/dwarf_tsearchhash.c ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_simplereader_tu', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals'] ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals']
/src/libdwarf/src/lib/libdwarf/dwarf_form.c ['fuzz_die_cu_e', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_macro_dwarf5', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_die_cu_e_print', 'fuzz_simplereader_tu', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_srcfiles', 'fuzz_globals'] ['fuzz_die_cu_e', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_macro_dwarf5', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_die_cu_e_print', 'fuzz_simplereader_tu', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_srcfiles', 'fuzz_globals']
/src/libdwarf/src/lib/libdwarf/dwarf_error.c ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_simplereader_tu', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals'] ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_simplereader_tu', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals']
/src/libdwarf/src/lib/libdwarf/dwarf_safe_arithmetic.c ['fuzz_set_frame_all'] ['fuzz_set_frame_all']
/src/libdwarf/src/lib/libdwarf/dwarf_find_sigref.c ['fuzz_die_cu_e', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_macro_dwarf5', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_die_cu_e_print', 'fuzz_simplereader_tu', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_srcfiles'] ['fuzz_die_cu_e', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_macro_dwarf5', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_die_cu_e_print', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_srcfiles']
/src/libdwarf/src/lib/libdwarf/dwarf_peread.c ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals'] ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals']
/src/libdwarf/fuzz/fuzz_die_cu_attrs.c ['fuzz_die_cu_attrs'] ['fuzz_die_cu_attrs']
/src/libdwarf/fuzz/fuzz_die_cu.c ['fuzz_die_cu'] ['fuzz_die_cu']
/src/libdwarf/src/lib/libdwarf/dwarf_frame2.c ['fuzz_set_frame_all', 'fuzz_stack_frame_access'] ['fuzz_set_frame_all', 'fuzz_stack_frame_access']
/src/libdwarf/src/lib/libdwarf/dwarf_memcpy_swap.c ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals'] ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals']
/src/libdwarf/src/lib/libdwarf/dwarf_elf_rel_detector.c [] []
/src/libdwarf/src/lib/libdwarf/dwarf_str_offsets.c ['fuzz_die_cu_e', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_macro_dwarf5', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_die_cu_e_print', 'fuzz_simplereader_tu', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_srcfiles'] ['fuzz_die_cu_e', 'fuzz_str_offsets', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_findfuncbypc']
/src/libdwarf/fuzz/fuzz_xuindex.c ['fuzz_xuindex'] ['fuzz_xuindex']
/src/libdwarf/fuzz/fuzz_die_cu_e.c ['fuzz_die_cu_e'] ['fuzz_die_cu_e']
/src/libdwarf/fuzz/fuzz_str_offsets.c ['fuzz_str_offsets'] ['fuzz_str_offsets']
/src/libdwarf/src/lib/libdwarf/dwarf_gnu_index.c ['fuzz_gnu_index'] ['fuzz_gnu_index']
/src/libdwarf/src/lib/libdwarf/dwarf_setup_sections.c ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals'] ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals']
/src/libdwarf/fuzz/fuzz_gdbindex.c ['fuzz_gdbindex'] ['fuzz_gdbindex']
/src/libdwarf/src/lib/libdwarf/dwarf_die_deliv.c ['fuzz_die_cu_e', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_macro_dwarf5', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_die_cu_e_print', 'fuzz_simplereader_tu', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_srcfiles'] ['fuzz_die_cu_e', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_macro_dwarf5', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_die_cu_e_print', 'fuzz_simplereader_tu', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_srcfiles']
/src/libdwarf/fuzz/fuzz_gnu_index.c ['fuzz_gnu_index'] ['fuzz_gnu_index']
/src/libdwarf/fuzz/fuzz_rng.c ['fuzz_rng'] ['fuzz_rng']
/src/libdwarf/fuzz/fuzz_tie.c ['fuzz_tie'] ['fuzz_tie']
/src/libdwarf/src/lib/libdwarf/dwarf_ranges.c ['fuzz_findfuncbypc'] ['fuzz_findfuncbypc']
/src/libdwarf/src/lib/libdwarf/dwarf_xu_index.c ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_simplereader_tu', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals'] ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_simplereader_tu', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals']
/src/libdwarf/src/lib/libdwarf/dwarf_dsc.c ['fuzz_die_cu_attrs'] ['fuzz_die_cu_attrs']
/src/libdwarf/src/lib/libdwarf/dwarf_object_read_common.c ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals'] ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals']
/src/libdwarf/fuzz/fuzz_debug_str.c ['fuzz_debug_str'] ['fuzz_debug_str']
/src/libdwarf/src/lib/libdwarf/dwarf_machoread.c ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals'] ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals']
/src/libdwarf/src/lib/libdwarf/dwarf_debuglink.c ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals'] ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals']
/src/libdwarf/src/lib/libdwarf/dwarf_fission_to_cu.c ['fuzz_die_cu_e', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_macro_dwarf5', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_die_cu_e_print', 'fuzz_simplereader_tu', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_srcfiles'] ['fuzz_die_cu_e', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_macro_dwarf5', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_die_cu_e_print', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_srcfiles']
/src/libdwarf/fuzz/fuzz_die_cu_info1.c ['fuzz_die_cu_info1'] ['fuzz_die_cu_info1']
/src/libdwarf/src/lib/libdwarf/dwarf_safe_strcpy.c ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_simplereader_tu', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals'] ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals']
/src/libdwarf/src/lib/libdwarf/dwarf_global.c ['fuzz_die_cu_offset', 'fuzz_simplereader_tu', 'fuzz_globals'] ['fuzz_die_cu_offset', 'fuzz_globals']
/src/libdwarf/fuzz/fuzz_set_frame_all.c ['fuzz_set_frame_all'] ['fuzz_set_frame_all']
/src/libdwarf/src/lib/libdwarf/dwarf_frame.c ['fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_stack_frame_access', 'fuzz_die_cu_e_print'] ['fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_stack_frame_access', 'fuzz_die_cu_e_print']
/src/libdwarf/src/lib/libdwarf/dwarf_locationop_read.c ['fuzz_die_cu_attrs_loclist'] ['fuzz_die_cu_attrs_loclist']
/src/libdwarf/src/lib/libdwarf/dwarf_debugaddr.c ['fuzz_debug_addr_access'] ['fuzz_debug_addr_access']
/src/libdwarf/fuzz/fuzz_stack_frame_access.c ['fuzz_stack_frame_access'] ['fuzz_stack_frame_access']
/src/libdwarf/src/lib/libdwarf/dwarf_query.c ['fuzz_die_cu_e', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_macro_dwarf5', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_die_cu_e_print', 'fuzz_simplereader_tu', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_srcfiles', 'fuzz_globals'] ['fuzz_die_cu_e', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_macro_dwarf5', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_die_cu_e_print', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_srcfiles']
/src/libdwarf/fuzz/fuzz_crc.c ['fuzz_crc'] ['fuzz_crc']
/src/libdwarf/src/lib/libdwarf/dwarf_string.c ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_simplereader_tu', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals'] ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals']
/src/libdwarf/fuzz/fuzz_die_cu_print.c ['fuzz_die_cu_print'] ['fuzz_die_cu_print']
/src/libdwarf/src/lib/libdwarf/dwarf_leb.c ['fuzz_die_cu_e', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_die_cu_e_print', 'fuzz_dnames', 'fuzz_simplereader_tu', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_globals'] ['fuzz_die_cu_e', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_die_cu_e_print', 'fuzz_dnames', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_globals']
/src/libdwarf/src/lib/libdwarf/dwarf_crc32.c ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_showsectgrp', 'fuzz_findfuncbypc'] ['fuzz_crc_32']
/src/libdwarf/src/lib/libdwarf/dwarf_line_table_reader_common.h ['fuzz_macro_dwarf5', 'fuzz_findfuncbypc', 'fuzz_srcfiles'] ['fuzz_macro_dwarf5', 'fuzz_findfuncbypc', 'fuzz_srcfiles']
/src/libdwarf/src/lib/libdwarf/dwarf_elf_load_headers.c ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals'] ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals']
/src/libdwarf/src/lib/libdwarf/dwarf_crc.c ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_showsectgrp', 'fuzz_crc', 'fuzz_findfuncbypc'] ['fuzz_crc']
/src/libdwarf/fuzz/fuzz_dnames.c ['fuzz_dnames'] ['fuzz_dnames']
/src/libdwarf/src/lib/libdwarf/dwarf_object_detector.c ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals'] ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals']
/src/libdwarf/src/lib/libdwarf/dwarf_rnglists.c ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_simplereader_tu', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals'] ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals']
/src/libdwarf/src/lib/libdwarf/dwarf_init_finish.c ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_simplereader_tu', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals'] ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals']
/src/libdwarf/fuzz/fuzz_simplereader_tu.c ['fuzz_simplereader_tu'] ['fuzz_simplereader_tu']
/src/libdwarf/fuzz/fuzz_macro_dwarf4.c ['fuzz_macro_dwarf4'] ['fuzz_macro_dwarf4']
/src/libdwarf/fuzz/fuzz_aranges.c ['fuzz_aranges'] ['fuzz_aranges']
/src/libdwarf/src/lib/libdwarf/dwarf_loclists.c ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_simplereader_tu', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals'] ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals']
/src/libdwarf/src/lib/libdwarf/dwarf_tied.c ['fuzz_crc_32', 'fuzz_init_path', 'fuzz_debuglink', 'fuzz_die_cu_e', 'fuzz_tie', 'fuzz_init_binary', 'fuzz_set_frame_all', 'fuzz_die_cu_print', 'fuzz_die_cu_offset', 'fuzz_str_offsets', 'fuzz_rng', 'fuzz_macro_dwarf5', 'fuzz_xuindex', 'fuzz_gdbindex', 'fuzz_stack_frame_access', 'fuzz_die_cu', 'fuzz_debug_str', 'fuzz_die_cu_e_print', 'fuzz_init_b', 'fuzz_showsectgrp', 'fuzz_dnames', 'fuzz_simplereader_tu', 'fuzz_die_cu_attrs', 'fuzz_die_cu_info1', 'fuzz_debug_addr_access', 'fuzz_die_cu_attrs_loclist', 'fuzz_findfuncbypc', 'fuzz_gnu_index', 'fuzz_srcfiles', 'fuzz_macro_dwarf4', 'fuzz_aranges', 'fuzz_globals'] []
/src/libdwarf/fuzz/fuzz_debug_addr_access.c ['fuzz_debug_addr_access'] ['fuzz_debug_addr_access']
/src/libdwarf/fuzz/fuzz_macro_dwarf5.c ['fuzz_macro_dwarf5'] ['fuzz_macro_dwarf5']

Directories in report

Directory
/src/libdwarf/fuzz/
/src/libdwarf/src/lib/libdwarf/

Metadata section

This sections shows the raw data that is used to produce this report. This is mainly used for further processing and developer debugging.

Fuzzer Calltree file Program data file Coverage file
fuzz_crc_32 fuzzerLogFile-0-dyrvxAnF9n.data fuzzerLogFile-0-dyrvxAnF9n.data.yaml fuzz_crc_32.covreport
fuzz_init_path fuzzerLogFile-0-wEsbXFhrGI.data fuzzerLogFile-0-wEsbXFhrGI.data.yaml fuzz_init_path.covreport
fuzz_debuglink fuzzerLogFile-0-WCnYqGzJEf.data fuzzerLogFile-0-WCnYqGzJEf.data.yaml fuzz_debuglink.covreport
fuzz_die_cu_e fuzzerLogFile-0-iEu9xLtHC0.data fuzzerLogFile-0-iEu9xLtHC0.data.yaml fuzz_die_cu_e.covreport
fuzz_tie fuzzerLogFile-0-HwtFgybfwJ.data fuzzerLogFile-0-HwtFgybfwJ.data.yaml fuzz_tie.covreport
fuzz_init_binary fuzzerLogFile-0-yIpxKf8Oxf.data fuzzerLogFile-0-yIpxKf8Oxf.data.yaml fuzz_init_binary.covreport
fuzz_set_frame_all fuzzerLogFile-0-U6WUGw4Eyr.data fuzzerLogFile-0-U6WUGw4Eyr.data.yaml fuzz_set_frame_all.covreport
fuzz_die_cu_print fuzzerLogFile-0-UGMv1s1QN2.data fuzzerLogFile-0-UGMv1s1QN2.data.yaml fuzz_die_cu_print.covreport
fuzz_die_cu_offset fuzzerLogFile-0-0kGh1HjaKl.data fuzzerLogFile-0-0kGh1HjaKl.data.yaml fuzz_die_cu_offset.covreport
fuzz_str_offsets fuzzerLogFile-0-kKEUIxYahq.data fuzzerLogFile-0-kKEUIxYahq.data.yaml fuzz_str_offsets.covreport
fuzz_rng fuzzerLogFile-0-gla1LdzBZ5.data fuzzerLogFile-0-gla1LdzBZ5.data.yaml fuzz_rng.covreport
fuzz_macro_dwarf5 fuzzerLogFile-0-rEfonqwJG9.data fuzzerLogFile-0-rEfonqwJG9.data.yaml fuzz_macro_dwarf5.covreport
fuzz_xuindex fuzzerLogFile-0-mK1DD1A14W.data fuzzerLogFile-0-mK1DD1A14W.data.yaml fuzz_xuindex.covreport
fuzz_gdbindex fuzzerLogFile-0-TNUjMkx9ng.data fuzzerLogFile-0-TNUjMkx9ng.data.yaml fuzz_gdbindex.covreport
fuzz_stack_frame_access fuzzerLogFile-0-1NzGYq30io.data fuzzerLogFile-0-1NzGYq30io.data.yaml fuzz_stack_frame_access.covreport
fuzz_die_cu fuzzerLogFile-0-wRKDDbW2Ma.data fuzzerLogFile-0-wRKDDbW2Ma.data.yaml fuzz_die_cu.covreport
fuzz_debug_str fuzzerLogFile-0-B1PRzWwJjn.data fuzzerLogFile-0-B1PRzWwJjn.data.yaml fuzz_debug_str.covreport
fuzz_die_cu_e_print fuzzerLogFile-0-wnUPmLDgK9.data fuzzerLogFile-0-wnUPmLDgK9.data.yaml fuzz_die_cu_e_print.covreport
fuzz_init_b fuzzerLogFile-0-rlHmp92kH6.data fuzzerLogFile-0-rlHmp92kH6.data.yaml fuzz_init_b.covreport
fuzz_showsectgrp fuzzerLogFile-0-c1rgYRq7jZ.data fuzzerLogFile-0-c1rgYRq7jZ.data.yaml fuzz_showsectgrp.covreport
fuzz_crc fuzzerLogFile-0-9aaBRSoyuJ.data fuzzerLogFile-0-9aaBRSoyuJ.data.yaml fuzz_crc.covreport
fuzz_dnames fuzzerLogFile-0-XUuXONYMwT.data fuzzerLogFile-0-XUuXONYMwT.data.yaml fuzz_dnames.covreport
fuzz_simplereader_tu fuzzerLogFile-0-PbtE5nWv7Y.data fuzzerLogFile-0-PbtE5nWv7Y.data.yaml fuzz_simplereader_tu.covreport
fuzz_die_cu_attrs fuzzerLogFile-0-AtRs37hXx3.data fuzzerLogFile-0-AtRs37hXx3.data.yaml fuzz_die_cu_attrs.covreport
fuzz_die_cu_info1 fuzzerLogFile-0-H8yHFT7Rpa.data fuzzerLogFile-0-H8yHFT7Rpa.data.yaml fuzz_die_cu_info1.covreport
fuzz_debug_addr_access fuzzerLogFile-0-IhCVL92Vyo.data fuzzerLogFile-0-IhCVL92Vyo.data.yaml fuzz_debug_addr_access.covreport
fuzz_die_cu_attrs_loclist fuzzerLogFile-0-gH9vHkBTNR.data fuzzerLogFile-0-gH9vHkBTNR.data.yaml fuzz_die_cu_attrs_loclist.covreport
fuzz_findfuncbypc fuzzerLogFile-0-QoBAvVhyaw.data fuzzerLogFile-0-QoBAvVhyaw.data.yaml fuzz_findfuncbypc.covreport
fuzz_gnu_index fuzzerLogFile-0-vSJQAgqQ7T.data fuzzerLogFile-0-vSJQAgqQ7T.data.yaml fuzz_gnu_index.covreport
fuzz_srcfiles fuzzerLogFile-0-e72vdPV6Fz.data fuzzerLogFile-0-e72vdPV6Fz.data.yaml fuzz_srcfiles.covreport
fuzz_macro_dwarf4 fuzzerLogFile-0-35Iuxo0buG.data fuzzerLogFile-0-35Iuxo0buG.data.yaml fuzz_macro_dwarf4.covreport
fuzz_aranges fuzzerLogFile-0-tssRwov6aB.data fuzzerLogFile-0-tssRwov6aB.data.yaml fuzz_aranges.covreport
fuzz_globals fuzzerLogFile-0-F9RaPEpvAQ.data fuzzerLogFile-0-F9RaPEpvAQ.data.yaml fuzz_globals.covreport