Fuzz introspector: libjpeg_turbo_fuzzer_2_0_x
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2 2 1 :

['out_of_memory']

2 2 alloc_large call site: 00037 /src/libjpeg-turbo.main/jmemmgr.c:394
0 0 None 24 24 init_simd call site: 00203 /src/libjpeg-turbo.main/simd/x86_64/jsimd.c:56
0 0 None 6 10 alloc_large call site: 00033 /src/libjpeg-turbo.main/jmemmgr.c:375
0 0 None 4 6 alloc_large call site: 00035 /src/libjpeg-turbo.main/jmemmgr.c:383
0 0 None 2 1413 tjDecompress2 call site: 00157 /src/libjpeg-turbo.2.1.x/turbojpeg.c:1379
0 0 None 2 4 alloc_large call site: 00036 /src/libjpeg-turbo.main/jmemmgr.c:388
0 0 None 0 210 jinit_upsampler call site: 00300 /src/libjpeg-turbo.2.1.x/jdsample.c:421
0 0 None 0 210 jinit_upsampler call site: 00302 /src/libjpeg-turbo.2.1.x/jdsample.c:432
0 0 None 0 210 jinit_upsampler call site: 00305 /src/libjpeg-turbo.2.1.x/jdsample.c:467
0 0 None 0 210 jinit_upsampler call site: 00308 /src/libjpeg-turbo.2.1.x/jdsample.c:472
0 0 None 0 210 jinit_upsampler call site: 00315 /src/libjpeg-turbo.2.1.x/jdsample.c:492
0 0 None 0 2 decompress_onepass call site: 00441 /src/libjpeg-turbo.2.1.x/jdcoefct.c:105

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 tjInitDecompress [function] [call site] 00001
2 snprintf [call site] 00002
2 snprintf [call site] 00003
2 _tjInitDecompress [function] [call site] 00004
3 jpeg_std_error [function] [call site] 00005
4 error_exit [function] [call site] 00006
5 jpeg_destroy [function] [call site] 00007
5 exit [call site] 00008
4 emit_message [function] [call site] 00009
4 output_message [function] [call site] 00010
5 fprintf [call site] 00011
4 format_message [function] [call site] 00012
5 sprintf [call site] 00013
5 sprintf [call site] 00014
4 reset_error_mgr [function] [call site] 00015
3 my_error_exit [function] [call site] 00016
4 longjmp [call site] 00017
3 my_output_message [function] [call site] 00018
3 my_emit_message [function] [call site] 00019
4 longjmp [call site] 00020
3 _setjmp [call site] 00021
3 jpeg_CreateDecompress [function] [call site] 00022
4 jinit_memory_mgr [function] [call site] 00023
5 jpeg_mem_init [function] [call site] 00024
5 jpeg_get_small [function] [call site] 00025
5 jpeg_mem_term [function] [call site] 00026
5 alloc_small [function] [call site] 00027
6 out_of_memory [function] [call site] 00028
6 round_up_pow2 [function] [call site] 00029
6 out_of_memory [function] [call site] 00030
6 jpeg_get_small [function] [call site] 00031
6 out_of_memory [function] [call site] 00032
5 alloc_large [function] [call site] 00033
6 out_of_memory [function] [call site] 00034
6 round_up_pow2 [function] [call site] 00035
6 out_of_memory [function] [call site] 00036
6 jpeg_get_large [function] [call site] 00037
6 out_of_memory [function] [call site] 00038
5 alloc_sarray [function] [call site] 00039
6 out_of_memory [function] [call site] 00040
6 round_up_pow2 [function] [call site] 00041
6 alloc_small [function] [call site] 00042
6 alloc_large [function] [call site] 00043
5 alloc_barray [function] [call site] 00044
6 alloc_small [function] [call site] 00045
6 alloc_large [function] [call site] 00046
5 request_virt_sarray [function] [call site] 00047
6 alloc_small [function] [call site] 00048
5 request_virt_barray [function] [call site] 00049
6 alloc_small [function] [call site] 00050
5 realize_virt_arrays [function] [call site] 00051
6 out_of_memory [function] [call site] 00052
6 out_of_memory [function] [call site] 00053
6 jpeg_mem_available [function] [call site] 00054
6 jpeg_open_backing_store [function] [call site] 00055
6 alloc_sarray [function] [call site] 00056
6 jpeg_open_backing_store [function] [call site] 00057
6 alloc_barray [function] [call site] 00058
5 access_virt_sarray [function] [call site] 00059
6 do_sarray_io [function] [call site] 00060
6 do_sarray_io [function] [call site] 00061
6 jzero_far [function] [call site] 00062
5 access_virt_barray [function] [call site] 00063
6 do_barray_io [function] [call site] 00064
6 do_barray_io [function] [call site] 00065
6 jzero_far [function] [call site] 00066
5 free_pool [function] [call site] 00067
6 jpeg_free_large [function] [call site] 00068
6 jpeg_free_small [function] [call site] 00069
5 self_destruct [function] [call site] 00070
6 free_pool [function] [call site] 00071
6 jpeg_free_small [function] [call site] 00072
6 jpeg_mem_term [function] [call site] 00073
5 getenv [call site] 00074
5 __isoc99_sscanf [call site] 00075
4 jinit_marker_reader [function] [call site] 00076
5 reset_marker_reader [function] [call site] 00077
5 read_markers [function] [call site] 00078
6 first_marker [function] [call site] 00079
6 next_marker [function] [call site] 00080
6 get_dht [function] [call site] 00088
7 jpeg_alloc_huff_table [function] [call site] 00089
6 get_dqt [function] [call site] 00090
7 jpeg_alloc_quant_table [function] [call site] 00091
6 skip_variable [function] [call site] 00093
5 read_restart_marker [function] [call site] 00094
6 next_marker [function] [call site] 00095
5 skip_variable [function] [call site] 00096
5 skip_variable [function] [call site] 00097
5 get_interesting_appn [function] [call site] 00098
6 examine_app0 [function] [call site] 00099
6 examine_app14 [function] [call site] 00100
5 get_interesting_appn [function] [call site] 00101
5 reset_marker_reader [function] [call site] 00102
4 jinit_input_controller [function] [call site] 00103
5 consume_markers [function] [call site] 00104
6 initial_setup [function] [call site] 00105
7 jdiv_round_up [function] [call site] 00106
7 jdiv_round_up [function] [call site] 00107
7 jdiv_round_up [function] [call site] 00108
7 jdiv_round_up [function] [call site] 00109
7 jdiv_round_up [function] [call site] 00110
6 start_input_pass [function] [call site] 00111
7 per_scan_setup [function] [call site] 00112
8 jdiv_round_up [function] [call site] 00113
8 jdiv_round_up [function] [call site] 00114
7 latch_quant_tables [function] [call site] 00115
5 reset_input_controller [function] [call site] 00116
6 consume_markers [function] [call site] 00117
5 start_input_pass [function] [call site] 00118
5 finish_input_pass [function] [call site] 00119
6 consume_markers [function] [call site] 00120
3 jpeg_mem_src_tj [function] [call site] 00121
4 init_mem_source [function] [call site] 00122
4 fill_mem_input_buffer [function] [call site] 00123
4 skip_input_data [function] [call site] 00124
4 term_source [function] [call site] 00125
1 tjDecompressHeader3 [function] [call site] 00126
2 snprintf [call site] 00127
2 snprintf [call site] 00128
2 snprintf [call site] 00129
2 _setjmp [call site] 00130
2 jpeg_mem_src_tj [function] [call site] 00131
2 jpeg_read_header [function] [call site] 00132
3 jpeg_consume_input [function] [call site] 00133
4 default_decompress_parms [function] [call site] 00134
3 jpeg_abort [function] [call site] 00135
2 getSubsamp [function] [call site] 00136
2 jpeg_abort_decompress [function] [call site] 00137
3 jpeg_abort [function] [call site] 00138
2 snprintf [call site] 00139
2 snprintf [call site] 00140
2 snprintf [call site] 00141
1 tjDecompress2 [function] [call site] 00142
2 snprintf [call site] 00143
2 snprintf [call site] 00144
2 snprintf [call site] 00145
2 putenv [call site] 00146
2 putenv [call site] 00147
2 putenv [call site] 00148
2 my_progress_monitor [function] [call site] 00149
3 snprintf [call site] 00150
3 snprintf [call site] 00151
3 longjmp [call site] 00152
2 _setjmp [call site] 00153
2 jpeg_mem_src_tj [function] [call site] 00154
2 jpeg_read_header [function] [call site] 00155
2 snprintf [call site] 00156
2 jpeg_start_decompress [function] [call site] 00157
3 jinit_master_decompress [function] [call site] 00158
4 prepare_for_output_pass [function] [call site] 00159
4 finish_output_pass [function] [call site] 00160
4 master_selection [function] [call site] 00161
5 jpeg_calc_output_dimensions [function] [call site] 00162
6 jpeg_core_output_dimensions [function] [call site] 00163
7 jdiv_round_up [function] [call site] 00164
7 jdiv_round_up [function] [call site] 00165
7 jdiv_round_up [function] [call site] 00166
7 jdiv_round_up [function] [call site] 00167
7 jdiv_round_up [function] [call site] 00168
7 jdiv_round_up [function] [call site] 00169
7 jdiv_round_up [function] [call site] 00170
7 jdiv_round_up [function] [call site] 00171
7 jdiv_round_up [function] [call site] 00172
7 jdiv_round_up [function] [call site] 00173
7 jdiv_round_up [function] [call site] 00174
7 jdiv_round_up [function] [call site] 00175
7 jdiv_round_up [function] [call site] 00176
7 jdiv_round_up [function] [call site] 00177
7 jdiv_round_up [function] [call site] 00178
7 jdiv_round_up [function] [call site] 00179
7 jdiv_round_up [function] [call site] 00180
7 jdiv_round_up [function] [call site] 00181
7 jdiv_round_up [function] [call site] 00182
7 jdiv_round_up [function] [call site] 00183
7 jdiv_round_up [function] [call site] 00184
7 jdiv_round_up [function] [call site] 00185
7 jdiv_round_up [function] [call site] 00186
7 jdiv_round_up [function] [call site] 00187
7 jdiv_round_up [function] [call site] 00188
7 jdiv_round_up [function] [call site] 00189
7 jdiv_round_up [function] [call site] 00190
7 jdiv_round_up [function] [call site] 00191
7 jdiv_round_up [function] [call site] 00192
7 jdiv_round_up [function] [call site] 00193
7 jdiv_round_up [function] [call site] 00194
7 jdiv_round_up [function] [call site] 00195
6 jdiv_round_up [function] [call site] 00196
6 jdiv_round_up [function] [call site] 00197
6 use_merged_upsample [function] [call site] 00198
7 jsimd_can_h2v2_merged_upsample [function] [call site] 00199
8 init_simd [function] [call site] 00200
9 jpeg_simd_cpu_support [call site] 00201
9 getenv [call site] 00202
9 strcmp [call site] 00203
9 getenv [call site] 00204
9 strcmp [call site] 00205
9 getenv [call site] 00206
9 strcmp [call site] 00207
9 getenv [call site] 00208
9 strcmp [call site] 00209
7 jsimd_can_ycc_rgb [function] [call site] 00210
8 init_simd [function] [call site] 00211
5 prepare_range_limit_table [function] [call site] 00212
5 use_merged_upsample [function] [call site] 00213
5 jinit_1pass_quantizer [function] [call site] 00214
6 start_pass_1_quant [function] [call site] 00215
7 color_quantize3 [function] [call site] 00216
7 color_quantize [function] [call site] 00217
7 quantize3_ord_dither [function] [call site] 00218
7 quantize_ord_dither [function] [call site] 00219
8 jzero_far [function] [call site] 00220
7 create_colorindex [function] [call site] 00221
8 largest_input_value [function] [call site] 00222
8 largest_input_value [function] [call site] 00223
7 create_odither_tables [function] [call site] 00224
8 make_odither_array [function] [call site] 00225
7 quantize_fs_dither [function] [call site] 00226
8 jzero_far [function] [call site] 00227
7 alloc_fs_workspace [function] [call site] 00228
7 jzero_far [function] [call site] 00229
6 finish_pass_1_quant [function] [call site] 00230
6 new_color_map_1_quant [function] [call site] 00231
6 create_colormap [function] [call site] 00232
7 select_ncolors [function] [call site] 00233
7 output_value [function] [call site] 00234
6 create_colorindex [function] [call site] 00235
6 alloc_fs_workspace [function] [call site] 00236
5 jinit_2pass_quantizer [function] [call site] 00237
6 start_pass_2_quant [function] [call site] 00238
7 prescan_quantize [function] [call site] 00239
7 finish_pass1 [function] [call site] 00240
8 select_colors [function] [call site] 00241
9 update_box [function] [call site] 00242
9 median_cut [function] [call site] 00243
10 find_biggest_color_pop [function] [call site] 00244
10 find_biggest_volume [function] [call site] 00245
10 update_box [function] [call site] 00246
10 update_box [function] [call site] 00247
9 compute_color [function] [call site] 00248
7 pass2_fs_dither [function] [call site] 00249
8 fill_inverse_cmap [function] [call site] 00250
9 find_nearby_colors [function] [call site] 00251
9 find_best_colors [function] [call site] 00252
7 pass2_no_dither [function] [call site] 00253
8 fill_inverse_cmap [function] [call site] 00254
7 finish_pass2 [function] [call site] 00255
7 jzero_far [function] [call site] 00256
7 init_error_limit [function] [call site] 00257
7 jzero_far [function] [call site] 00258
6 new_color_map_2_quant [function] [call site] 00259
6 init_error_limit [function] [call site] 00260
5 jinit_merged_upsampler [function] [call site] 00261
6 start_pass_merged_upsample [function] [call site] 00262
6 merged_2v_upsample [function] [call site] 00263
6 jsimd_can_h2v2_merged_upsample [function] [call site] 00264
6 h2v2_merged_upsample [function] [call site] 00265
6 h2v2_merged_upsample_565D [function] [call site] 00266
6 h2v2_merged_upsample_565 [function] [call site] 00267
6 merged_1v_upsample [function] [call site] 00268
6 jsimd_can_h2v1_merged_upsample [function] [call site] 00269
7 init_simd [function] [call site] 00270
6 h2v1_merged_upsample [function] [call site] 00271
6 h2v1_merged_upsample_565D [function] [call site] 00272
6 h2v1_merged_upsample_565 [function] [call site] 00273
6 build_ycc_rgb_table [function] [call site] 00274
5 jinit_color_deconverter [function] [call site] 00275
6 start_pass_dcolor [function] [call site] 00276
6 grayscale_convert [function] [call site] 00277
7 jcopy_sample_rows [function] [call site] 00278
6 rgb_gray_convert [function] [call site] 00279
6 build_rgb_y_table [function] [call site] 00280
6 jsimd_can_ycc_rgb [function] [call site] 00281
6 ycc_rgb_convert [function] [call site] 00282
6 build_ycc_rgb_table [function] [call site] 00283
6 gray_rgb_convert [function] [call site] 00284
6 null_convert [function] [call site] 00285
6 rgb_rgb_convert [function] [call site] 00286
6 jsimd_can_ycc_rgb565 [function] [call site] 00287
6 ycc_rgb565_convert [function] [call site] 00288
6 build_ycc_rgb_table [function] [call site] 00289
6 gray_rgb565_convert [function] [call site] 00290
6 rgb_rgb565_convert [function] [call site] 00291
6 ycc_rgb565D_convert [function] [call site] 00292
6 build_ycc_rgb_table [function] [call site] 00293
6 gray_rgb565D_convert [function] [call site] 00294
6 rgb_rgb565D_convert [function] [call site] 00295
6 ycck_cmyk_convert [function] [call site] 00296
6 build_ycc_rgb_table [function] [call site] 00297
6 null_convert [function] [call site] 00298
6 null_convert [function] [call site] 00299
5 jinit_upsampler [function] [call site] 00300
6 start_pass_upsample [function] [call site] 00301
6 sep_upsample [function] [call site] 00302
6 noop_upsample [function] [call site] 00303
6 fullsize_upsample [function] [call site] 00304
6 jsimd_can_h2v1_fancy_upsample [function] [call site] 00305
7 init_simd [function] [call site] 00306
6 h2v1_fancy_upsample [function] [call site] 00307
6 jsimd_can_h2v1_upsample [function] [call site] 00308
7 init_simd [function] [call site] 00309
6 h2v1_upsample [function] [call site] 00310
6 h1v2_fancy_upsample [function] [call site] 00311
6 jsimd_can_h2v2_fancy_upsample [function] [call site] 00312
7 init_simd [function] [call site] 00313
6 h2v2_fancy_upsample [function] [call site] 00314
6 jsimd_can_h2v2_upsample [function] [call site] 00315
7 init_simd [function] [call site] 00316
6 h2v2_upsample [function] [call site] 00317
7 jcopy_sample_rows [function] [call site] 00318
6 int_upsample [function] [call site] 00319
7 jcopy_sample_rows [function] [call site] 00320
6 jround_up [function] [call site] 00321
5 jinit_d_post_controller [function] [call site] 00322
6 start_pass_dpost [function] [call site] 00323
7 post_process_1pass [function] [call site] 00324
7 post_process_prepass [function] [call site] 00325
7 post_process_2pass [function] [call site] 00326
6 jround_up [function] [call site] 00327
5 jinit_inverse_dct [function] [call site] 00328
6 start_pass [function] [call site] 00329
7 jsimd_can_idct_2x2 [function] [call site] 00330
8 init_simd [function] [call site] 00331
7 jsimd_can_idct_4x4 [function] [call site] 00332
8 init_simd [function] [call site] 00333
7 jsimd_can_idct_islow [function] [call site] 00334
8 init_simd [function] [call site] 00335
7 jsimd_can_idct_ifast [function] [call site] 00336
8 init_simd [function] [call site] 00337
7 jsimd_can_idct_float [function] [call site] 00338
8 init_simd [function] [call site] 00339
5 jinit_arith_decoder [function] [call site] 00340
6 start_pass [function] [call site] 00341
7 decode_mcu_DC_first [function] [call site] 00342
8 process_restart [function] [call site] 00343
8 arith_decode [function] [call site] 00344
8 arith_decode [function] [call site] 00347
8 arith_decode [function] [call site] 00348
8 arith_decode [function] [call site] 00349
8 arith_decode [function] [call site] 00350
7 decode_mcu_AC_first [function] [call site] 00351
8 process_restart [function] [call site] 00352
8 arith_decode [function] [call site] 00353
8 arith_decode [function] [call site] 00354
8 arith_decode [function] [call site] 00355
8 arith_decode [function] [call site] 00356
8 arith_decode [function] [call site] 00357
8 arith_decode [function] [call site] 00358
8 arith_decode [function] [call site] 00359
7 decode_mcu_DC_refine [function] [call site] 00360
8 process_restart [function] [call site] 00361
8 arith_decode [function] [call site] 00362
7 decode_mcu_AC_refine [function] [call site] 00363
8 process_restart [function] [call site] 00364
8 arith_decode [function] [call site] 00365
8 arith_decode [function] [call site] 00366
8 arith_decode [function] [call site] 00367
8 arith_decode [function] [call site] 00368
7 decode_mcu [function] [call site] 00369
8 process_restart [function] [call site] 00370
8 arith_decode [function] [call site] 00371
8 arith_decode [function] [call site] 00372
8 arith_decode [function] [call site] 00373
8 arith_decode [function] [call site] 00374
8 arith_decode [function] [call site] 00375
8 arith_decode [function] [call site] 00376
8 arith_decode [function] [call site] 00377
8 arith_decode [function] [call site] 00378
8 arith_decode [function] [call site] 00379
8 arith_decode [function] [call site] 00380
8 arith_decode [function] [call site] 00381
8 arith_decode [function] [call site] 00382
5 jinit_phuff_decoder [function] [call site] 00383
6 start_pass_phuff_decoder [function] [call site] 00384
7 decode_mcu_DC_first [function] [call site] 00385
8 process_restart [function] [call site] 00386
8 jpeg_fill_bit_buffer [function] [call site] 00387
8 jpeg_fill_bit_buffer [function] [call site] 00388
7 decode_mcu_AC_first [function] [call site] 00389
8 process_restart [function] [call site] 00390
8 jpeg_fill_bit_buffer [function] [call site] 00391
8 jpeg_fill_bit_buffer [function] [call site] 00392
8 jpeg_fill_bit_buffer [function] [call site] 00393
7 decode_mcu_DC_refine [function] [call site] 00394
8 process_restart [function] [call site] 00395
8 jpeg_fill_bit_buffer [function] [call site] 00396
7 decode_mcu_AC_refine [function] [call site] 00397
8 process_restart [function] [call site] 00398
8 jpeg_fill_bit_buffer [function] [call site] 00399
8 jpeg_fill_bit_buffer [function] [call site] 00400
8 jpeg_fill_bit_buffer [function] [call site] 00401
8 jpeg_fill_bit_buffer [function] [call site] 00402
8 jpeg_fill_bit_buffer [function] [call site] 00403
7 jpeg_make_d_derived_tbl [function] [call site] 00404
7 jpeg_make_d_derived_tbl [function] [call site] 00405
5 jinit_huff_decoder [function] [call site] 00406
6 std_huff_tables [function] [call site] 00407
7 add_huff_table [function] [call site] 00408
8 jpeg_alloc_huff_table [function] [call site] 00409
7 add_huff_table [function] [call site] 00410
7 add_huff_table [function] [call site] 00411
7 add_huff_table [function] [call site] 00412
6 start_pass_huff_decoder [function] [call site] 00413
7 jpeg_make_d_derived_tbl [function] [call site] 00414
7 jpeg_make_d_derived_tbl [function] [call site] 00415
6 decode_mcu [function] [call site] 00416
7 process_restart [function] [call site] 00417
7 decode_mcu_fast [function] [call site] 00418
7 decode_mcu_slow [function] [call site] 00419
8 jpeg_fill_bit_buffer [function] [call site] 00420
8 jpeg_fill_bit_buffer [function] [call site] 00421
8 jpeg_fill_bit_buffer [function] [call site] 00422
8 jpeg_fill_bit_buffer [function] [call site] 00423
8 jpeg_fill_bit_buffer [function] [call site] 00424
8 jpeg_fill_bit_buffer [function] [call site] 00425
5 jinit_d_coef_controller [function] [call site] 00426
6 start_input_pass [function] [call site] 00427
7 start_iMCU_row [function] [call site] 00428
6 start_output_pass [function] [call site] 00429
7 smoothing_ok [function] [call site] 00430
7 decompress_smooth_data [function] [call site] 00431
8 jcopy_block_row [function] [call site] 00432
7 decompress_data [function] [call site] 00433
6 jround_up [function] [call site] 00434
6 jround_up [function] [call site] 00435
6 consume_data [function] [call site] 00436
7 start_iMCU_row [function] [call site] 00437
6 decompress_data [function] [call site] 00438
6 dummy_consume_data [function] [call site] 00439
6 decompress_onepass [function] [call site] 00440
7 jzero_far [function] [call site] 00441
7 start_iMCU_row [function] [call site] 00442
5 jinit_d_main_controller [function] [call site] 00443
6 start_pass_main [function] [call site] 00444
7 process_data_context_main [function] [call site] 00445
8 set_bottom_pointers [function] [call site] 00446
8 set_wraparound_pointers [function] [call site] 00447
7 make_funny_pointers [function] [call site] 00448
7 process_data_simple_main [function] [call site] 00449
7 process_data_crank_post [function] [call site] 00450
6 alloc_funny_pointers [function] [call site] 00451
3 output_pass_setup [function] [call site] 00452
2 snprintf [call site] 00453
2 _setjmp [call site] 00454
2 jpeg_read_scanlines [function] [call site] 00455
2 jpeg_finish_decompress [function] [call site] 00456
3 jpeg_abort [function] [call site] 00457
2 jpeg_abort_decompress [function] [call site] 00458
1 tjDestroy [function] [call site] 00459
2 snprintf [call site] 00460
2 _setjmp [call site] 00461
2 jpeg_destroy_compress [function] [call site] 00462
3 jpeg_destroy [function] [call site] 00463
2 jpeg_destroy_decompress [function] [call site] 00464
3 jpeg_destroy [function] [call site] 00465