Project overview: libjpeg-turbo

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color Runtime hitcount Callsite count Percentage

red 0 736 88.5%

gold [1:9] 0 0.0%

yellow [10:29] 0 0.0%

greenyellow [30:49] 7 0.84%

lawngreen 50+ 88 10.5%

All colors 831 100

Color	Runtime hitcount	Callsite count	Percentage
red	0	736	88.5%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	7	0.84%
lawngreen	50+	88	10.5%
All colors	831	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
21	372	5 : View List ['keymatch', '__isoc99_sscanf', 'jpeg_set_colorspace', 'exit', 'jpeg_enable_lossless']	374	725	parse_switches(jpeg_compress_struct,int,char*,int,int)	call site: 00000	/src/libjpeg-turbo.main/fuzz/../cjpeg.c:321
18	18	6 : View List ['ftell', 'malloc', 'fopen', 'fseek', 'exit', 'fread']	1956	2229	cjpeg_main	call site: 00282	/src/libjpeg-turbo.main/fuzz/../cjpeg.c:721
6	6	1 : View List ['usage()']	1974	2247	cjpeg_main	call site: 00272	/src/libjpeg-turbo.main/fuzz/../cjpeg.c:693
2	4	2 : View List ['jpeg_get_small', 'out_of_memory']	2	4	alloc_small	call site: 00024	/src/libjpeg-turbo.main/jmemmgr.c:318
2	2	1 : View List ['read_stdin']	1964	2237	cjpeg_main	call site: 00274	/src/libjpeg-turbo.main/fuzz/../cjpeg.c:700
0	2	1 : View List ['jpeg_mem_term']	14	16	jinit_memory_mgr	call site: 00018	/src/libjpeg-turbo.main/jmemmgr.c:1227
0	0	None	1974	2776	cjpeg_main	call site: 00003	/src/libjpeg-turbo.main/fuzz/../cjpeg.c:642
0	0	None	1974	2247	cjpeg_main	call site: 00095	/src/libjpeg-turbo.main/fuzz/../cjpeg.c:670
0	0	None	1960	2233	cjpeg_main	call site: 00278	/src/libjpeg-turbo.main/fuzz/../cjpeg.c:711
0	0	None	374	725	parse_switches(jpeg_compress_struct,int,char*,int,int)	call site: 00000	/src/libjpeg-turbo.main/fuzz/../cjpeg.c:339
0	0	None	374	725	parse_switches(jpeg_compress_struct,int,char*,int,int)	call site: 00000	/src/libjpeg-turbo.main/fuzz/../cjpeg.c:345
0	0	None	374	725	parse_switches(jpeg_compress_struct,int,char*,int,int)	call site: 00000	/src/libjpeg-turbo.main/fuzz/../cjpeg.c:347

Runtime coverage analysis

275

307

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

10.42%

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
libjpeg-turbo.main/fuzz/cjpeg.cc	1
libjpeg-turbo.main/fuzz/../cjpeg.c	7
libjpeg-turbo.main/jerror.c	6
libjpeg-turbo.main/jcomapi.c	4
libjpeg-turbo.main/jcapimin.c	7
libjpeg-turbo.main/jmemmgr.c	16
libjpeg-turbo.main/jmemnobs.c	8
libjpeg-turbo.main/jutils.c	4
libjpeg-turbo.main/jcparam.c	12
libjpeg-turbo.main/jstdhuff.c	2
libjpeg-turbo.main/cdjpeg.c	6
libjpeg-turbo.main/rdswitch.c	9
libjpeg-turbo.main/jdatadst.c	8
libjpeg-turbo.main/jcapistd.c	4
libjpeg-turbo.main/jcinit.c	1
libjpeg-turbo.main/jcmaster.c	8
libjpeg-turbo.main/jccolor.c	11
libjpeg-turbo.main/jcsample.c	12
libjpeg-turbo.main/jcprepct.c	8
libjpeg-turbo.main/simd/x86_64/jsimd.c	24
libjpeg-turbo.main/jclossls.c	15
libjpeg-turbo.main/jclhuff.c	9
libjpeg-turbo.main/jchuff.c	14
libjpeg-turbo.main/jcdiffct.c	8
libjpeg-turbo.main/jcdctmgr.c	9
libjpeg-turbo.main/jfdctint.c	1
libjpeg-turbo.main/jfdctfst.c	1
libjpeg-turbo.main/jfdctflt.c	1
libjpeg-turbo.main/jcarith.c	11
libjpeg-turbo.main/jcphuff.c	17
libjpeg-turbo.main/jccoefct.c	7
libjpeg-turbo.main/jcmainct.c	5
libjpeg-turbo.main/jcmarker.c	19
libjpeg-turbo.main/jcicc.c	1

Fuzzer: libjpeg_turbo_fuzzer_2_1_x

Call tree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color Runtime hitcount Callsite count Percentage

red 0 167 36.5%

gold [1:9] 8 1.75%

yellow [10:29] 4 0.87%

greenyellow [30:49] 3 0.65%

lawngreen 50+ 275 60.1%

All colors 457 100

Color	Runtime hitcount	Callsite count	Percentage
red	0	167	36.5%
gold	[1:9]	8	1.75%
yellow	[10:29]	4	0.87%
greenyellow	[30:49]	3	0.65%
lawngreen	50+	275	60.1%
All colors	457	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
218	218	2 : View List ['jinit_2pass_quantizer', 'jinit_1pass_quantizer']	218	1530	master_selection	call site: 00197	/src/libjpeg-turbo.2.1.x/jdmaster.c:479
2	2	1 : View List ['jsimd_h2v2_upsample_sse2']	2	2	jsimd_h2v2_upsample	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:424
2	2	1 : View List ['jsimd_h2v1_upsample_sse2']	2	2	jsimd_h2v1_upsample	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:439
2	2	1 : View List ['jsimd_h2v2_fancy_upsample_sse2']	2	2	jsimd_h2v2_fancy_upsample	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:496
2	2	1 : View List ['jsimd_h2v1_fancy_upsample_sse2']	2	2	jsimd_h2v1_fancy_upsample	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:513
2	2	1 : View List ['jsimd_idct_islow_sse2']	2	2	jsimd_idct_islow	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:1011
0	47	1 : View List ['init_simd']	4	51	jsimd_h2v2_upsample	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:421
0	47	1 : View List ['init_simd']	4	51	jsimd_h2v1_upsample	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:436
0	47	1 : View List ['init_simd']	4	51	jsimd_h2v2_fancy_upsample	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:493
0	47	1 : View List ['init_simd']	4	51	jsimd_h2v1_fancy_upsample	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:510
0	47	1 : View List ['init_simd']	4	51	jsimd_idct_islow	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:1008
0	47	1 : View List ['init_simd']	0	47	jsimd_ycc_rgb_convert	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:252

Runtime coverage analysis

178

242

65.7%

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
libjpeg-turbo.2.1.x/fuzz/decompress.cc	1
libjpeg-turbo.2.1.x/turbojpeg.c	10
libjpeg-turbo.2.1.x/jerror.c	6
libjpeg-turbo.2.1.x/jcomapi.c	4
libjpeg-turbo.2.1.x/jdapimin.c	7
libjpeg-turbo.2.1.x/jmemmgr.c	16
libjpeg-turbo.2.1.x/jmemnobs.c	8
libjpeg-turbo.2.1.x/jutils.c	5
libjpeg-turbo.2.1.x/jdmarker.c	17
libjpeg-turbo.2.1.x/jdinput.c	8
libjpeg-turbo.2.1.x/jdatasrc-tj.c	5
libjpeg-turbo.2.1.x/jdapistd.c	3
libjpeg-turbo.2.1.x/jdmaster.c	8
libjpeg-turbo.2.1.x/jquant1.c	17
libjpeg-turbo.2.1.x/jquant2.c	18
libjpeg-turbo.2.1.x/jdmerge.c	11
libjpeg-turbo.2.1.x/simd/x86_64/jsimd.c	14
libjpeg-turbo.2.1.x/jdcolor.c	17
libjpeg-turbo.2.1.x/jdsample.c	11
libjpeg-turbo.2.1.x/jdpostct.c	5
libjpeg-turbo.2.1.x/jddctmgr.c	2
libjpeg-turbo.2.1.x/jdarith.c	10
libjpeg-turbo.2.1.x/jdphuff.c	7
libjpeg-turbo.2.1.x/jdhuff.c	8
libjpeg-turbo.2.1.x/jstdhuff.c	2
libjpeg-turbo.2.1.x/jdcoefct.c	9
libjpeg-turbo.2.1.x/jdcoefct.h	1
libjpeg-turbo.2.1.x/jdmainct.c	8
libjpeg-turbo.2.1.x/jdmainct.h	1
libjpeg-turbo.2.1.x/jcapimin.c	1

Fuzzer: compress_yuv_fuzzer

Call tree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color Runtime hitcount Callsite count Percentage

red 0 385 42.4%

gold [1:9] 5 0.55%

yellow [10:29] 0 0.0%

greenyellow [30:49] 0 0.0%

lawngreen 50+ 516 56.9%

All colors 906 100

Color	Runtime hitcount	Callsite count	Percentage
red	0	385	42.4%
gold	[1:9]	5	0.55%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	516	56.9%
All colors	906	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
451	451	7 : View List ['j12init_lossless_compressor', 'jinit_c_diff_controller', 'j12init_c_diff_controller', 'j16init_lossless_compressor', 'jinit_lhuff_encoder', 'j16init_c_diff_controller', 'jinit_lossless_compressor']	487	613	jinit_compress_master	call site: 00508	/src/libjpeg-turbo.main/jcinit.c:64
394	394	1 : View List ['encode_one_block']	394	394	encode_mcu_huff	call site: 00756	/src/libjpeg-turbo.main/jchuff.c:724
55	55	1 : View List ['j12init_forward_dct']	143	1324	jinit_compress_master	call site: 00566	/src/libjpeg-turbo.main/jcinit.c:97
52	52	1 : View List ['j12init_c_coef_controller']	88	214	jinit_compress_master	call site: 00746	/src/libjpeg-turbo.main/jcinit.c:120
18	18	1 : View List ['j16init_c_main_controller']	18	126	jinit_compress_master	call site: 00788	/src/libjpeg-turbo.main/jcinit.c:128
18	18	1 : View List ['j12init_c_main_controller']	18	126	jinit_compress_master	call site: 00789	/src/libjpeg-turbo.main/jcinit.c:134
16	16	1 : View List ['do_barray_io']	16	18	access_virt_barray	call site: 00071	/src/libjpeg-turbo.main/jmemmgr.c:1024
8	8	2 : View List ['__errno_location', 'strerror']	10	25	tj3LoadImage8	call site: 00210	/src/libjpeg-turbo.main/turbojpeg-mp.c:321
8	8	1 : View List ['fill_scans']	8	20	jpeg_simple_progression	call site: 00372	/src/libjpeg-turbo.main/jcparam.c:516
2	4	2 : View List ['jpeg_get_small', 'out_of_memory']	2	4	alloc_small	call site: 00034	/src/libjpeg-turbo.main/jmemmgr.c:318
2	2	1 : View List ['out_of_memory']	2	109	alloc_sarray	call site: 00043	/src/libjpeg-turbo.main/jmemmgr.c:461
2	2	1 : View List ['fill_scans']	2	2	fill_dc_scans	call site: 00373	/src/libjpeg-turbo.main/jcparam.c:449

Runtime coverage analysis

194

170

357

52.38%

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
libjpeg-turbo.main/fuzz/compress_yuv.cc	1
libjpeg-turbo.main/turbojpeg.c	20
libjpeg-turbo.main/jerror.c	6
libjpeg-turbo.main/jcomapi.c	4
libjpeg-turbo.main/jcapimin.c	5
libjpeg-turbo.main/jmemmgr.c	16
libjpeg-turbo.main/jmemnobs.c	8
libjpeg-turbo.main/jutils.c	5
libjpeg-turbo.main/jdatadst-tj.c	4
libjpeg-turbo.main/jdapimin.c	2
libjpeg-turbo.main/jdmarker.c	17
libjpeg-turbo.main/jdinput.c	8
libjpeg-turbo.main/jdatasrc-tj.c	5
libjpeg-turbo.main/turbojpeg-mp.c	1
libjpeg-turbo.main/rdbmp.c	9
libjpeg-turbo.main/rdppm.c	21
libjpeg-turbo.main/jcparam.c	12
libjpeg-turbo.main/jstdhuff.c	2
libjpeg-turbo.main/jcmaster.c	8
libjpeg-turbo.main/jccolor.c	11
libjpeg-turbo.main/simd/x86_64/jsimd.c	24
libjpeg-turbo.main/jcsample.c	12
libjpeg-turbo.main/jcapistd.c	2
libjpeg-turbo.main/jcinit.c	1
libjpeg-turbo.main/jcprepct.c	8
libjpeg-turbo.main/jclossls.c	15
libjpeg-turbo.main/jclhuff.c	9
libjpeg-turbo.main/jchuff.c	14
libjpeg-turbo.main/jcdiffct.c	8
libjpeg-turbo.main/jcdctmgr.c	9
libjpeg-turbo.main/jfdctint.c	1
libjpeg-turbo.main/jfdctfst.c	1
libjpeg-turbo.main/jfdctflt.c	1
libjpeg-turbo.main/jcarith.c	11
libjpeg-turbo.main/jcphuff.c	17
libjpeg-turbo.main/jccoefct.c	7
libjpeg-turbo.main/jcmainct.c	5
libjpeg-turbo.main/jcmarker.c	19

Fuzzer: compress12_lossless_fuzzer

Call tree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color Runtime hitcount Callsite count Percentage

red 0 375 44.2%

gold [1:9] 9 1.06%

yellow [10:29] 3 0.35%

greenyellow [30:49] 0 0.0%

lawngreen 50+ 461 54.3%

All colors 848 100

Color	Runtime hitcount	Callsite count	Percentage
red	0	375	44.2%
gold	[1:9]	9	1.06%
yellow	[10:29]	3	0.35%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	461	54.3%
All colors	848	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
451	451	7 : View List ['j12init_lossless_compressor', 'jinit_c_diff_controller', 'j12init_c_diff_controller', 'j16init_lossless_compressor', 'jinit_lhuff_encoder', 'j16init_c_diff_controller', 'jinit_lossless_compressor']	487	613	jinit_compress_master	call site: 00453	/src/libjpeg-turbo.main/jcinit.c:64
394	394	1 : View List ['encode_one_block']	394	394	encode_mcu_huff	call site: 00701	/src/libjpeg-turbo.main/jchuff.c:724
321	321	3 : View List ['jinit_c_prep_controller', 'jinit_downsampler', 'jinit_color_converter']	1037	2273	jinit_compress_master	call site: 00425	/src/libjpeg-turbo.main/jcinit.c:52
203	203	3 : View List ['j16init_color_converter', 'j16init_c_prep_controller', 'j16init_downsampler']	919	2155	jinit_compress_master	call site: 00374	/src/libjpeg-turbo.main/jcinit.c:43
18	18	1 : View List ['j16init_c_main_controller']	18	126	jinit_compress_master	call site: 00733	/src/libjpeg-turbo.main/jcinit.c:128
16	16	1 : View List ['do_barray_io']	16	18	access_virt_barray	call site: 00071	/src/libjpeg-turbo.main/jmemmgr.c:1024
8	8	2 : View List ['__errno_location', 'strerror']	10	25	tj3LoadImage12	call site: 00209	/src/libjpeg-turbo.main/turbojpeg-mp.c:321
8	8	1 : View List ['fill_scans']	8	20	jpeg_simple_progression	call site: 00351	/src/libjpeg-turbo.main/jcparam.c:516
7	7	1 : View List ['jpeg_abort_compress']	7	7	tj3Compress12	call site: 00839	/src/libjpeg-turbo.main/turbojpeg-mp.c:128
4	4	1 : View List ['create_context_buffer']	4	4	j12init_c_prep_controller	call site: 00437	/src/libjpeg-turbo.main/jcprepct.c:343
2	4	2 : View List ['jpeg_get_small', 'out_of_memory']	2	4	alloc_small	call site: 00034	/src/libjpeg-turbo.main/jmemmgr.c:318
2	2	1 : View List ['out_of_memory']	2	109	alloc_sarray	call site: 00043	/src/libjpeg-turbo.main/jmemmgr.c:461

Runtime coverage analysis

191

169

51.71%

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
libjpeg-turbo.main/fuzz/compress12.cc	1
libjpeg-turbo.main/turbojpeg.c	12
libjpeg-turbo.main/jerror.c	6
libjpeg-turbo.main/jcomapi.c	4
libjpeg-turbo.main/jcapimin.c	5
libjpeg-turbo.main/jmemmgr.c	16
libjpeg-turbo.main/jmemnobs.c	8
libjpeg-turbo.main/jutils.c	4
libjpeg-turbo.main/jdatadst-tj.c	4
libjpeg-turbo.main/jdapimin.c	2
libjpeg-turbo.main/jdmarker.c	17
libjpeg-turbo.main/jdinput.c	8
libjpeg-turbo.main/jdatasrc-tj.c	5
libjpeg-turbo.main/turbojpeg-mp.c	2
libjpeg-turbo.main/rdbmp.c	9
libjpeg-turbo.main/rdppm.c	21
libjpeg-turbo.main/jcparam.c	12
libjpeg-turbo.main/jstdhuff.c	2
libjpeg-turbo.main/jcapistd.c	2
libjpeg-turbo.main/jcinit.c	1
libjpeg-turbo.main/jcmaster.c	8
libjpeg-turbo.main/jccolor.c	11
libjpeg-turbo.main/jcsample.c	12
libjpeg-turbo.main/jcprepct.c	8
libjpeg-turbo.main/simd/x86_64/jsimd.c	24
libjpeg-turbo.main/jclossls.c	15
libjpeg-turbo.main/jclhuff.c	9
libjpeg-turbo.main/jchuff.c	14
libjpeg-turbo.main/jcdiffct.c	8
libjpeg-turbo.main/jcdctmgr.c	9
libjpeg-turbo.main/jfdctint.c	1
libjpeg-turbo.main/jfdctfst.c	1
libjpeg-turbo.main/jfdctflt.c	1
libjpeg-turbo.main/jcarith.c	11
libjpeg-turbo.main/jcphuff.c	17
libjpeg-turbo.main/jccoefct.c	7
libjpeg-turbo.main/jcmainct.c	5
libjpeg-turbo.main/jcmarker.c	19

Fuzzer: compress12_fuzzer

Call tree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color Runtime hitcount Callsite count Percentage

red 0 375 44.2%

gold [1:9] 9 1.06%

yellow [10:29] 0 0.0%

greenyellow [30:49] 3 0.35%

lawngreen 50+ 461 54.3%

All colors 848 100

Color	Runtime hitcount	Callsite count	Percentage
red	0	375	44.2%
gold	[1:9]	9	1.06%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	3	0.35%
lawngreen	50+	461	54.3%
All colors	848	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
451	451	7 : View List ['j12init_lossless_compressor', 'jinit_c_diff_controller', 'j12init_c_diff_controller', 'j16init_lossless_compressor', 'jinit_lhuff_encoder', 'j16init_c_diff_controller', 'jinit_lossless_compressor']	487	613	jinit_compress_master	call site: 00453	/src/libjpeg-turbo.main/jcinit.c:64
394	394	1 : View List ['encode_one_block']	394	394	encode_mcu_huff	call site: 00701	/src/libjpeg-turbo.main/jchuff.c:724
321	321	3 : View List ['jinit_c_prep_controller', 'jinit_downsampler', 'jinit_color_converter']	1037	2273	jinit_compress_master	call site: 00425	/src/libjpeg-turbo.main/jcinit.c:52
203	203	3 : View List ['j16init_color_converter', 'j16init_c_prep_controller', 'j16init_downsampler']	919	2155	jinit_compress_master	call site: 00374	/src/libjpeg-turbo.main/jcinit.c:43
18	18	1 : View List ['j16init_c_main_controller']	18	126	jinit_compress_master	call site: 00733	/src/libjpeg-turbo.main/jcinit.c:128
16	16	1 : View List ['do_barray_io']	16	18	access_virt_barray	call site: 00071	/src/libjpeg-turbo.main/jmemmgr.c:1024
8	8	2 : View List ['__errno_location', 'strerror']	10	25	tj3LoadImage12	call site: 00209	/src/libjpeg-turbo.main/turbojpeg-mp.c:321
8	8	1 : View List ['fill_scans']	8	20	jpeg_simple_progression	call site: 00351	/src/libjpeg-turbo.main/jcparam.c:516
7	7	1 : View List ['jpeg_abort_compress']	7	7	tj3Compress12	call site: 00839	/src/libjpeg-turbo.main/turbojpeg-mp.c:128
4	4	1 : View List ['create_context_buffer']	4	4	j12init_c_prep_controller	call site: 00437	/src/libjpeg-turbo.main/jcprepct.c:343
2	4	2 : View List ['jpeg_get_small', 'out_of_memory']	2	4	alloc_small	call site: 00034	/src/libjpeg-turbo.main/jmemmgr.c:318
2	2	1 : View List ['out_of_memory']	2	109	alloc_sarray	call site: 00043	/src/libjpeg-turbo.main/jmemmgr.c:461

Runtime coverage analysis

191

169

51.71%

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
libjpeg-turbo.main/fuzz/compress12.cc	1
libjpeg-turbo.main/turbojpeg.c	12
libjpeg-turbo.main/jerror.c	6
libjpeg-turbo.main/jcomapi.c	4
libjpeg-turbo.main/jcapimin.c	5
libjpeg-turbo.main/jmemmgr.c	16
libjpeg-turbo.main/jmemnobs.c	8
libjpeg-turbo.main/jutils.c	4
libjpeg-turbo.main/jdatadst-tj.c	4
libjpeg-turbo.main/jdapimin.c	2
libjpeg-turbo.main/jdmarker.c	17
libjpeg-turbo.main/jdinput.c	8
libjpeg-turbo.main/jdatasrc-tj.c	5
libjpeg-turbo.main/turbojpeg-mp.c	2
libjpeg-turbo.main/rdbmp.c	9
libjpeg-turbo.main/rdppm.c	21
libjpeg-turbo.main/jcparam.c	12
libjpeg-turbo.main/jstdhuff.c	2
libjpeg-turbo.main/jcapistd.c	2
libjpeg-turbo.main/jcinit.c	1
libjpeg-turbo.main/jcmaster.c	8
libjpeg-turbo.main/jccolor.c	11
libjpeg-turbo.main/jcsample.c	12
libjpeg-turbo.main/jcprepct.c	8
libjpeg-turbo.main/simd/x86_64/jsimd.c	24
libjpeg-turbo.main/jclossls.c	15
libjpeg-turbo.main/jclhuff.c	9
libjpeg-turbo.main/jchuff.c	14
libjpeg-turbo.main/jcdiffct.c	8
libjpeg-turbo.main/jcdctmgr.c	9
libjpeg-turbo.main/jfdctint.c	1
libjpeg-turbo.main/jfdctfst.c	1
libjpeg-turbo.main/jfdctflt.c	1
libjpeg-turbo.main/jcarith.c	11
libjpeg-turbo.main/jcphuff.c	17
libjpeg-turbo.main/jccoefct.c	7
libjpeg-turbo.main/jcmainct.c	5
libjpeg-turbo.main/jcmarker.c	19

Fuzzer: transform_fuzzer

Call tree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color Runtime hitcount Callsite count Percentage

red 0 253 33.4%

gold [1:9] 9 1.18%

yellow [10:29] 2 0.26%

greenyellow [30:49] 2 0.26%

lawngreen 50+ 491 64.8%

All colors 757 100

Color	Runtime hitcount	Callsite count	Percentage
red	0	253	33.4%
gold	[1:9]	9	1.18%
yellow	[10:29]	2	0.26%
greenyellow	[30:49]	2	0.26%
lawngreen	50+	491	64.8%
All colors	757	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
394	394	1 : View List ['encode_one_block']	394	394	encode_mcu_huff	call site: 00586	/src/libjpeg-turbo.main/jchuff.c:724
50	50	3 : View List ['do_crop_ext_zero', 'do_crop_ext_flat', 'do_crop_ext_reflect']	50	50	jtransform_execute_transform	call site: 00712	/src/libjpeg-turbo.2.1.x/transupp.c:2169
38	38	1 : View List ['adjust_exif_parameters']	38	38	jtransform_adjust_parameters	call site: 00390	/src/libjpeg-turbo.2.1.x/transupp.c:2132
16	16	1 : View List ['do_barray_io']	16	18	access_virt_barray	call site: 00069	/src/libjpeg-turbo.main/jmemmgr.c:1024
8	8	1 : View List ['jtransform_perfect_transform']	20	40	jtransform_request_workspace	call site: 00242	/src/libjpeg-turbo.2.1.x/transupp.c:1523
2	4	2 : View List ['jpeg_get_small', 'out_of_memory']	2	4	alloc_small	call site: 00032	/src/libjpeg-turbo.main/jmemmgr.c:318
2	2	1 : View List ['out_of_memory']	2	2	alloc_large	call site: 00038	/src/libjpeg-turbo.main/jmemmgr.c:394
0	7	1 : View List ['jpeg_default_colorspace']	0	55	jpeg_simple_progression	call site: 00396	/src/libjpeg-turbo.main/jcparam.c:482
0	7	1 : View List ['jpeg_default_colorspace']	0	30	jinit_c_master_control	call site: 00430	/src/libjpeg-turbo.main/jcmaster.c:630
0	2	1 : View List ['jpeg_mem_term']	14	16	jinit_memory_mgr	call site: 00026	/src/libjpeg-turbo.main/jmemmgr.c:1227
0	2	1 : View List ['fill_scans']	0	2	fill_dc_scans	call site: 00398	/src/libjpeg-turbo.main/jcparam.c:449
0	0	1 : View List ['emit_restart.1442']	394	409	encode_mcu_huff	call site: 00585	/src/libjpeg-turbo.main/jchuff.c:716

Runtime coverage analysis

207

268

75.37%

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
libjpeg-turbo.main/fuzz/transform.cc	1
libjpeg-turbo.main/turbojpeg.c	15
libjpeg-turbo.main/jerror.c	6
libjpeg-turbo.main/jcomapi.c	4
libjpeg-turbo.main/jcapimin.c	6
libjpeg-turbo.main/jmemmgr.c	16
libjpeg-turbo.main/jmemnobs.c	8
libjpeg-turbo.main/jutils.c	4
libjpeg-turbo.main/jdatadst-tj.c	4
libjpeg-turbo.main/jdapimin.c	7
libjpeg-turbo.main/jdmarker.c	19
libjpeg-turbo.main/jdinput.c	8
libjpeg-turbo.main/jdatasrc-tj.c	5
libjpeg-turbo.main/transupp.c	30
libjpeg-turbo.main/jdtrans.c	2
libjpeg-turbo.main/jdarith.c	10
libjpeg-turbo.main/jdphuff.c	7
libjpeg-turbo.main/jdhuff.c	8
libjpeg-turbo.main/jstdhuff.c	2
libjpeg-turbo.main/jdcoefct.c	10
libjpeg-turbo.main/jdcoefct.h	1
libjpeg-turbo.main/jctrans.c	8
libjpeg-turbo.main/jcparam.c	11
libjpeg-turbo.main/jcmaster.c	8
libjpeg-turbo.main/jcarith.c	11
libjpeg-turbo.main/jcphuff.c	17
libjpeg-turbo.main/simd/x86_64/jsimd.c	7
libjpeg-turbo.main/jchuff.c	14
libjpeg-turbo.main/jcmarker.c	19

Fuzzer: cjpeg_fuzzer_2_0_x

Call tree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color Runtime hitcount Callsite count Percentage

red 0 406 48.8%

gold [1:9] 6 0.72%

yellow [10:29] 1 0.12%

greenyellow [30:49] 2 0.24%

lawngreen 50+ 416 50.0%

All colors 831 100

Color	Runtime hitcount	Callsite count	Percentage
red	0	406	48.8%
gold	[1:9]	6	0.72%
yellow	[10:29]	1	0.12%
greenyellow	[30:49]	2	0.24%
lawngreen	50+	416	50.0%
All colors	831	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
21	372	5 : View List ['keymatch', '__isoc99_sscanf', 'jpeg_set_colorspace', 'exit', 'jpeg_enable_lossless']	327	725	parse_switches(jpeg_compress_struct,int,char*,int,int)	call site: 00000	/src/libjpeg-turbo.main/fuzz/../cjpeg.c:321
2	2	1 : View List ['out_of_memory']	2	2	alloc_large	call site: 00030	/src/libjpeg-turbo.main/jmemmgr.c:394
0	0	None	327	725	parse_switches(jpeg_compress_struct,int,char*,int,int)	call site: 00000	/src/libjpeg-turbo.main/fuzz/../cjpeg.c:419
0	0	None	327	725	parse_switches(jpeg_compress_struct,int,char*,int,int)	call site: 00000	/src/libjpeg-turbo.main/fuzz/../cjpeg.c:445
0	0	None	327	725	parse_switches(jpeg_compress_struct,int,char*,int,int)	call site: 00000	/src/libjpeg-turbo.main/fuzz/../cjpeg.c:447
0	0	None	327	725	parse_switches(jpeg_compress_struct,int,char*,int,int)	call site: 00000	/src/libjpeg-turbo.main/fuzz/../cjpeg.c:490
0	0	None	53	106	jinit_color_converter	call site: 00421	/src/libjpeg-turbo.main/jccolor.c:568
0	0	None	53	106	jinit_color_converter	call site: 00421	/src/libjpeg-turbo.main/jccolor.c:594
0	0	None	51	102	jinit_downsampler	call site: 00456	/src/libjpeg-turbo.main/jcsample.c:511
0	0	None	24	24	start_pass_fdctmgr	call site: 00477	/src/libjpeg-turbo.main/jcdctmgr.c:248
0	0	None	24	24	init_simd	call site: 00426	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:56
0	0	None	6	10	alloc_large	call site: 00026	/src/libjpeg-turbo.main/jmemmgr.c:375

Runtime coverage analysis

174

125

299

58.19%

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
libjpeg-turbo.2.0.x/fuzz/cjpeg.cc	1
libjpeg-turbo.2.0.x/fuzz/../cjpeg.c	6
libjpeg-turbo.2.0.x/jerror.c	6
libjpeg-turbo.2.0.x/jcomapi.c	4
libjpeg-turbo.2.0.x/jcapimin.c	7
libjpeg-turbo.2.0.x/jmemmgr.c	16
libjpeg-turbo.2.0.x/jmemnobs.c	8
libjpeg-turbo.2.0.x/jutils.c	4
libjpeg-turbo.2.0.x/jcparam.c	11
libjpeg-turbo.2.0.x/jstdhuff.c	2
libjpeg-turbo.2.0.x/cdjpeg.c	3
libjpeg-turbo.2.0.x/rdswitch.c	9
libjpeg-turbo.2.0.x/rdtarga.c	13
libjpeg-turbo.2.0.x/rdbmp.c	9
libjpeg-turbo.2.0.x/rdppm.c	18
libjpeg-turbo.2.0.x/jdatadst.c	8
libjpeg-turbo.2.0.x/jcapistd.c	2
libjpeg-turbo.2.0.x/jcinit.c	1
libjpeg-turbo.2.0.x/jcmaster.c	8
libjpeg-turbo.2.0.x/jccolor.c	9
libjpeg-turbo.2.0.x/simd/x86_64/jsimd.c	25
libjpeg-turbo.2.0.x/jcsample.c	10
libjpeg-turbo.2.0.x/jcprepct.c	6
libjpeg-turbo.2.0.x/jcdctmgr.c	10
libjpeg-turbo.2.0.x/jfdctint.c	1
libjpeg-turbo.2.0.x/jfdctfst.c	1
libjpeg-turbo.2.0.x/jfdctflt.c	1
libjpeg-turbo.2.0.x/jcarith.c	11
libjpeg-turbo.2.0.x/jcphuff.c	17
libjpeg-turbo.2.0.x/jchuff.c	14
libjpeg-turbo.2.0.x/jccoefct.c	6
libjpeg-turbo.2.0.x/jcmainct.c	2
libjpeg-turbo.2.0.x/jcmarker.c	19
libjpeg-turbo.2.0.x/jcicc.c	1

Fuzzer: cjpeg_fuzzer_2_1_x

Call tree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color Runtime hitcount Callsite count Percentage

red 0 417 47.4%

gold [1:9] 5 0.56%

yellow [10:29] 2 0.22%

greenyellow [30:49] 5 0.56%

lawngreen 50+ 449 51.1%

All colors 878 100

Color	Runtime hitcount	Callsite count	Percentage
red	0	417	47.4%
gold	[1:9]	5	0.56%
yellow	[10:29]	2	0.22%
greenyellow	[30:49]	5	0.56%
lawngreen	50+	449	51.1%
All colors	878	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
2	2	1 : View List ['fread']	2	2	get_8bit_row	call site: 00302	/src/libjpeg-turbo.2.1.x/rdbmp.c:156
2	2	1 : View List ['fread']	2	2	get_32bit_row	call site: 00338	/src/libjpeg-turbo.2.1.x/rdbmp.c:294
2	2	1 : View List ['jsimd_h2v1_downsample_sse2']	2	2	jsimd_h2v1_downsample	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:367
0	47	1 : View List ['init_simd']	4	51	jsimd_h2v1_downsample	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:364
0	47	1 : View List ['init_simd']	0	47	jsimd_rgb_ycc_convert	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:148
0	0	None	327	725	parse_switches(jpeg_compress_struct,int,char*,int,int)	call site: 00000	/src/libjpeg-turbo.main/fuzz/../cjpeg.c:343
0	0	None	327	725	parse_switches(jpeg_compress_struct,int,char*,int,int)	call site: 00000	/src/libjpeg-turbo.main/fuzz/../cjpeg.c:381
0	0	None	327	725	parse_switches(jpeg_compress_struct,int,char*,int,int)	call site: 00000	/src/libjpeg-turbo.main/fuzz/../cjpeg.c:445
0	0	None	327	725	parse_switches(jpeg_compress_struct,int,char*,int,int)	call site: 00000	/src/libjpeg-turbo.main/fuzz/../cjpeg.c:480
0	0	None	327	725	parse_switches(jpeg_compress_struct,int,char*,int,int)	call site: 00000	/src/libjpeg-turbo.main/fuzz/../cjpeg.c:488
0	0	None	327	725	parse_switches(jpeg_compress_struct,int,char*,int,int)	call site: 00000	/src/libjpeg-turbo.main/fuzz/../cjpeg.c:507
0	0	None	327	725	parse_switches(jpeg_compress_struct,int,char*,int,int)	call site: 00000	/src/libjpeg-turbo.main/fuzz/../cjpeg.c:519

Runtime coverage analysis

190

130

319

59.25%

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
libjpeg-turbo.2.1.x/fuzz/cjpeg.cc	1
libjpeg-turbo.2.1.x/fuzz/../cjpeg.c	7
libjpeg-turbo.2.1.x/jerror.c	6
libjpeg-turbo.2.1.x/jcomapi.c	4
libjpeg-turbo.2.1.x/jcapimin.c	7
libjpeg-turbo.2.1.x/jmemmgr.c	16
libjpeg-turbo.2.1.x/jmemnobs.c	8
libjpeg-turbo.2.1.x/jutils.c	4
libjpeg-turbo.2.1.x/jcparam.c	11
libjpeg-turbo.2.1.x/jstdhuff.c	2
libjpeg-turbo.2.1.x/cdjpeg.c	6
libjpeg-turbo.2.1.x/rdswitch.c	9
libjpeg-turbo.2.1.x/rdtarga.c	13
libjpeg-turbo.2.1.x/rdbmp.c	9
libjpeg-turbo.2.1.x/rdgif.c	15
libjpeg-turbo.2.1.x/rdppm.c	18
libjpeg-turbo.2.1.x/jdatadst.c	8
libjpeg-turbo.2.1.x/jcapistd.c	2
libjpeg-turbo.2.1.x/jcinit.c	1
libjpeg-turbo.2.1.x/jcmaster.c	8
libjpeg-turbo.2.1.x/jccolor.c	9
libjpeg-turbo.2.1.x/simd/x86_64/jsimd.c	25
libjpeg-turbo.2.1.x/jcsample.c	10
libjpeg-turbo.2.1.x/jcprepct.c	6
libjpeg-turbo.2.1.x/jcdctmgr.c	10
libjpeg-turbo.2.1.x/jfdctint.c	1
libjpeg-turbo.2.1.x/jfdctfst.c	1
libjpeg-turbo.2.1.x/jfdctflt.c	1
libjpeg-turbo.2.1.x/jcarith.c	11
libjpeg-turbo.2.1.x/jcphuff.c	17
libjpeg-turbo.2.1.x/jchuff.c	14
libjpeg-turbo.2.1.x/jccoefct.c	6
libjpeg-turbo.2.1.x/jcmainct.c	2
libjpeg-turbo.2.1.x/jcmarker.c	19
libjpeg-turbo.2.1.x/jcicc.c	1

Fuzzer: compress_fuzzer_2_0_x

Call tree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color Runtime hitcount Callsite count Percentage

red 0 242 36.3%

gold [1:9] 9 1.35%

yellow [10:29] 0 0.0%

greenyellow [30:49] 0 0.0%

lawngreen 50+ 415 62.3%

All colors 666 100

Color	Runtime hitcount	Callsite count	Percentage
red	0	242	36.3%
gold	[1:9]	9	1.35%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	415	62.3%
All colors	666	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
2	2	1 : View List ['out_of_memory']	2	2	alloc_large	call site: 00039	/src/libjpeg-turbo.main/jmemmgr.c:394
0	0	None	24	24	init_simd	call site: 00278	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:56
0	0	None	6	10	alloc_large	call site: 00035	/src/libjpeg-turbo.main/jmemmgr.c:375
0	0	None	4	6	alloc_large	call site: 00037	/src/libjpeg-turbo.main/jmemmgr.c:383
0	0	None	2	4	alloc_large	call site: 00038	/src/libjpeg-turbo.main/jmemmgr.c:388
0	0	None	0	106	jinit_color_converter	call site: 00272	/src/libjpeg-turbo.main/jccolor.c:568
0	0	None	0	102	jinit_downsampler	call site: 00310	/src/libjpeg-turbo.main/jcsample.c:511
0	0	None	0	24	start_pass_fdctmgr	call site: 00331	/src/libjpeg-turbo.main/jcdctmgr.c:248
0	0	None	0	0	jinit_color_converter	call site: 00290	/src/libjpeg-turbo.main/jccolor.c:662
0	0	None	0	0	compute_reciprocal	call site: 00332	/src/libjpeg-turbo.main/jcdctmgr.c:179
0	0	None	0	0	flss	call site: 00333	/src/libjpeg-turbo.main/jcdctmgr.c:89
0	0	None	0	0	validate_script	call site: 00270	/src/libjpeg-turbo.main/jcmaster.c:224

Runtime coverage analysis

188

100

282

64.54%

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
libjpeg-turbo.2.0.x/fuzz/compress.cc	1
libjpeg-turbo.2.0.x/turbojpeg.c	11
libjpeg-turbo.2.0.x/jerror.c	6
libjpeg-turbo.2.0.x/jcomapi.c	4
libjpeg-turbo.2.0.x/jcapimin.c	5
libjpeg-turbo.2.0.x/jmemmgr.c	16
libjpeg-turbo.2.0.x/jmemnobs.c	8
libjpeg-turbo.2.0.x/jutils.c	4
libjpeg-turbo.2.0.x/jdatadst-tj.c	4
libjpeg-turbo.2.0.x/rdbmp.c	9
libjpeg-turbo.2.0.x/rdppm.c	18
libjpeg-turbo.2.0.x/jdapimin.c	1
libjpeg-turbo.2.0.x/jcparam.c	11
libjpeg-turbo.2.0.x/jstdhuff.c	2
libjpeg-turbo.2.0.x/jcapistd.c	2
libjpeg-turbo.2.0.x/jcinit.c	1
libjpeg-turbo.2.0.x/jcmaster.c	8
libjpeg-turbo.2.0.x/jccolor.c	9
libjpeg-turbo.2.0.x/simd/x86_64/jsimd.c	25
libjpeg-turbo.2.0.x/jcsample.c	10
libjpeg-turbo.2.0.x/jcprepct.c	6
libjpeg-turbo.2.0.x/jcdctmgr.c	10
libjpeg-turbo.2.0.x/jfdctint.c	1
libjpeg-turbo.2.0.x/jfdctfst.c	1
libjpeg-turbo.2.0.x/jfdctflt.c	1
libjpeg-turbo.2.0.x/jcarith.c	11
libjpeg-turbo.2.0.x/jcphuff.c	17
libjpeg-turbo.2.0.x/jchuff.c	14
libjpeg-turbo.2.0.x/jccoefct.c	6
libjpeg-turbo.2.0.x/jcmainct.c	2
libjpeg-turbo.2.0.x/jcmarker.c	19

Fuzzer: transform_fuzzer_2_0_x

Call tree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color Runtime hitcount Callsite count Percentage

red 0 239 35.3%

gold [1:9] 12 1.77%

yellow [10:29] 2 0.29%

greenyellow [30:49] 2 0.29%

lawngreen 50+ 421 62.2%

All colors 676 100

Color	Runtime hitcount	Callsite count	Percentage
red	0	239	35.3%
gold	[1:9]	12	1.77%
yellow	[10:29]	2	0.29%
greenyellow	[30:49]	2	0.29%
lawngreen	50+	421	62.2%
All colors	676	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
169	169	1 : View List ['jinit_arith_encoder']	169	324	transencode_master_selection	call site: 00350	/src/libjpeg-turbo.2.1.x/jctrans.c:178
2	2	1 : View List ['out_of_memory']	2	2	alloc_large	call site: 00037	/src/libjpeg-turbo.main/jmemmgr.c:394
0	0	None	24	24	init_simd	call site: 00481	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:56
0	0	None	6	10	alloc_large	call site: 00033	/src/libjpeg-turbo.main/jmemmgr.c:375
0	0	None	4	6	alloc_large	call site: 00035	/src/libjpeg-turbo.main/jmemmgr.c:383
0	0	None	2	4	alloc_large	call site: 00036	/src/libjpeg-turbo.main/jmemmgr.c:388
0	0	None	0	1723	tjTransform	call site: 00645	/src/libjpeg-turbo.2.1.x/turbojpeg.c:2056
0	0	None	0	53	jpeg_copy_critical_parameters	call site: 00307	/src/libjpeg-turbo.2.1.x/jctrans.c:76
0	0	None	0	2	get_dqt	call site: 00103	/src/libjpeg-turbo.2.1.x/jdmarker.c:542
0	0	None	0	0	validate_script	call site: 00368	/src/libjpeg-turbo.main/jcmaster.c:224
0	0	None	0	0	jpeg_abort	call site: 00147	/src/libjpeg-turbo.main/jcomapi.c:37
0	0	None	0	0	jpeg_add_quant_table	call site: 00313	/src/libjpeg-turbo.main/jcparam.c:58

Runtime coverage analysis

193

251

75.7%

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
libjpeg-turbo.2.0.x/fuzz/transform.cc	1
libjpeg-turbo.2.0.x/turbojpeg.c	12
libjpeg-turbo.2.0.x/jerror.c	6
libjpeg-turbo.2.0.x/jcomapi.c	4
libjpeg-turbo.2.0.x/jcapimin.c	6
libjpeg-turbo.2.0.x/jmemmgr.c	16
libjpeg-turbo.2.0.x/jmemnobs.c	8
libjpeg-turbo.2.0.x/jutils.c	4
libjpeg-turbo.2.0.x/jdatadst-tj.c	4
libjpeg-turbo.2.0.x/jdapimin.c	7
libjpeg-turbo.2.0.x/jdmarker.c	19
libjpeg-turbo.2.0.x/jdinput.c	8
libjpeg-turbo.2.0.x/jdatasrc-tj.c	5
libjpeg-turbo.2.0.x/transupp.c	19
libjpeg-turbo.2.0.x/jdtrans.c	2
libjpeg-turbo.2.0.x/jdarith.c	10
libjpeg-turbo.2.0.x/jdphuff.c	7
libjpeg-turbo.2.0.x/jdhuff.c	8
libjpeg-turbo.2.0.x/jstdhuff.c	2
libjpeg-turbo.2.0.x/jdcoefct.c	9
libjpeg-turbo.2.0.x/jdcoefct.h	1
libjpeg-turbo.2.0.x/jctrans.c	7
libjpeg-turbo.2.0.x/jcparam.c	11
libjpeg-turbo.2.0.x/jcmaster.c	8
libjpeg-turbo.2.0.x/jcarith.c	11
libjpeg-turbo.2.0.x/jcphuff.c	17
libjpeg-turbo.2.0.x/simd/x86_64/jsimd.c	7
libjpeg-turbo.2.0.x/jchuff.c	14
libjpeg-turbo.2.0.x/jcmarker.c	19

Fuzzer: compress_yuv_fuzzer_2_0_x

Call tree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color Runtime hitcount Callsite count Percentage

red 0 210 29.0%

gold [1:9] 9 1.24%

yellow [10:29] 0 0.0%

greenyellow [30:49] 0 0.0%

lawngreen 50+ 503 69.6%

All colors 722 100

Color	Runtime hitcount	Callsite count	Percentage
red	0	210	29.0%
gold	[1:9]	9	1.24%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	503	69.6%
All colors	722	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
2	2	1 : View List ['out_of_memory']	2	2	alloc_large	call site: 00041	/src/libjpeg-turbo.main/jmemmgr.c:394
0	10	1 : View List ['emit_jfif_app0']	16	26	write_file_header	call site: 00616	/src/libjpeg-turbo.main/jcmarker.c:484
0	0	None	24	24	init_simd	call site: 00295	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:56
0	0	None	6	10	alloc_large	call site: 00037	/src/libjpeg-turbo.main/jmemmgr.c:375
0	0	None	4	6	alloc_large	call site: 00039	/src/libjpeg-turbo.main/jmemmgr.c:383
0	0	None	2	4	alloc_large	call site: 00040	/src/libjpeg-turbo.main/jmemmgr.c:388
0	0	None	0	494	encode_mcu	call site: 00505	/src/libjpeg-turbo.main/jcarith.c:753
0	0	1 : View List ['emit_restart.644']	0	312	encode_mcu_AC_first	call site: 00469	/src/libjpeg-turbo.main/jcarith.c:468
0	0	1 : View List ['emit_restart.644']	0	234	encode_mcu_AC_refine	call site: 00486	/src/libjpeg-turbo.main/jcarith.c:602
0	0	1 : View List ['emit_restart.644']	0	208	encode_mcu_DC_first	call site: 00435	/src/libjpeg-turbo.main/jcarith.c:378
0	0	None	0	208	encode_mcu_DC_first	call site: 00467	/src/libjpeg-turbo.main/jcarith.c:438
0	0	None	0	106	jinit_color_converter	call site: 00289	/src/libjpeg-turbo.main/jccolor.c:568

Runtime coverage analysis

187

107

288

62.85%

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
libjpeg-turbo.2.0.x/fuzz/compress_yuv.cc	1
libjpeg-turbo.2.0.x/turbojpeg.c	17
libjpeg-turbo.2.0.x/jerror.c	6
libjpeg-turbo.2.0.x/jcomapi.c	4
libjpeg-turbo.2.0.x/jcapimin.c	5
libjpeg-turbo.2.0.x/jmemmgr.c	16
libjpeg-turbo.2.0.x/jmemnobs.c	8
libjpeg-turbo.2.0.x/jutils.c	4
libjpeg-turbo.2.0.x/jdatadst-tj.c	4
libjpeg-turbo.2.0.x/rdbmp.c	9
libjpeg-turbo.2.0.x/rdppm.c	18
libjpeg-turbo.2.0.x/jdapimin.c	1
libjpeg-turbo.2.0.x/jcparam.c	11
libjpeg-turbo.2.0.x/jstdhuff.c	2
libjpeg-turbo.2.0.x/jcmaster.c	8
libjpeg-turbo.2.0.x/jccolor.c	9
libjpeg-turbo.2.0.x/simd/x86_64/jsimd.c	25
libjpeg-turbo.2.0.x/jcsample.c	10
libjpeg-turbo.2.0.x/jcapistd.c	2
libjpeg-turbo.2.0.x/jcinit.c	1
libjpeg-turbo.2.0.x/jcprepct.c	6
libjpeg-turbo.2.0.x/jcdctmgr.c	10
libjpeg-turbo.2.0.x/jfdctint.c	1
libjpeg-turbo.2.0.x/jfdctfst.c	1
libjpeg-turbo.2.0.x/jfdctflt.c	1
libjpeg-turbo.2.0.x/jcarith.c	11
libjpeg-turbo.2.0.x/jcphuff.c	17
libjpeg-turbo.2.0.x/jchuff.c	14
libjpeg-turbo.2.0.x/jccoefct.c	6
libjpeg-turbo.2.0.x/jcmainct.c	2
libjpeg-turbo.2.0.x/jcmarker.c	19

Fuzzer: decompress_yuv_fuzzer_2_1_x

Call tree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color Runtime hitcount Callsite count Percentage

red 0 180 34.5%

gold [1:9] 8 1.53%

yellow [10:29] 6 1.15%

greenyellow [30:49] 4 0.76%

lawngreen 50+ 323 61.9%

All colors 521 100

Color	Runtime hitcount	Callsite count	Percentage
red	0	180	34.5%
gold	[1:9]	8	1.53%
yellow	[10:29]	6	1.15%
greenyellow	[30:49]	4	0.76%
lawngreen	50+	323	61.9%
All colors	521	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
218	218	2 : View List ['jinit_2pass_quantizer', 'jinit_1pass_quantizer']	218	1530	master_selection	call site: 00232	/src/libjpeg-turbo.2.1.x/jdmaster.c:479
3	3	1 : View List ['alloc_funny_pointers']	3	3	jinit_d_main_controller	call site: 00471	/src/libjpeg-turbo.2.1.x/jdmainct.c:442
2	2	1 : View List ['jsimd_h2v2_upsample_sse2']	2	2	jsimd_h2v2_upsample	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:424
2	2	1 : View List ['jsimd_h2v1_upsample_sse2']	2	2	jsimd_h2v1_upsample	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:439
2	2	1 : View List ['jsimd_idct_islow_sse2']	2	2	jsimd_idct_islow	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:1011
0	47	1 : View List ['init_simd']	4	51	jsimd_h2v2_upsample	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:421
0	47	1 : View List ['init_simd']	4	51	jsimd_h2v1_upsample	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:436
0	47	1 : View List ['init_simd']	4	51	jsimd_idct_islow	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:1008
0	47	1 : View List ['init_simd']	0	47	jsimd_ycc_rgb_convert	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:252
0	47	1 : View List ['init_simd']	0	47	jsimd_h2v2_merged_upsample	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:572
0	47	1 : View List ['init_simd']	0	47	jsimd_h2v1_merged_upsample	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:623
0	2	1 : View List ['jcopy_sample_rows']	0	2	merged_2v_upsample	call site: 00282	/src/libjpeg-turbo.2.1.x/jdmerge.c:232

Runtime coverage analysis

174

251

62.15%

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
libjpeg-turbo.2.1.x/fuzz/decompress_yuv.cc	1
libjpeg-turbo.2.1.x/turbojpeg.c	19
libjpeg-turbo.2.1.x/jerror.c	6
libjpeg-turbo.2.1.x/jcomapi.c	4
libjpeg-turbo.2.1.x/jdapimin.c	7
libjpeg-turbo.2.1.x/jmemmgr.c	16
libjpeg-turbo.2.1.x/jmemnobs.c	8
libjpeg-turbo.2.1.x/jutils.c	5
libjpeg-turbo.2.1.x/jdmarker.c	17
libjpeg-turbo.2.1.x/jdinput.c	8
libjpeg-turbo.2.1.x/jdatasrc-tj.c	5
libjpeg-turbo.2.1.x/jdmaster.c	8
libjpeg-turbo.2.1.x/jdapistd.c	3
libjpeg-turbo.2.1.x/jquant1.c	17
libjpeg-turbo.2.1.x/jquant2.c	18
libjpeg-turbo.2.1.x/jdmerge.c	11
libjpeg-turbo.2.1.x/simd/x86_64/jsimd.c	14
libjpeg-turbo.2.1.x/jdcolor.c	17
libjpeg-turbo.2.1.x/jdsample.c	11
libjpeg-turbo.2.1.x/jdpostct.c	5
libjpeg-turbo.2.1.x/jddctmgr.c	2
libjpeg-turbo.2.1.x/jdarith.c	10
libjpeg-turbo.2.1.x/jdphuff.c	7
libjpeg-turbo.2.1.x/jdhuff.c	8
libjpeg-turbo.2.1.x/jstdhuff.c	2
libjpeg-turbo.2.1.x/jdcoefct.c	9
libjpeg-turbo.2.1.x/jdcoefct.h	1
libjpeg-turbo.2.1.x/jdmainct.c	8
libjpeg-turbo.2.1.x/jdmainct.h	1
libjpeg-turbo.2.1.x/jcapimin.c	1

Fuzzer: compress_fuzzer_2_1_x

Call tree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color Runtime hitcount Callsite count Percentage

red 0 241 36.5%

gold [1:9] 5 0.75%

yellow [10:29] 0 0.0%

greenyellow [30:49] 0 0.0%

lawngreen 50+ 413 62.6%

All colors 659 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
7	7	1 : View List ['jpeg_abort_compress']	7	7	tjCompress2	call site: 00650	/src/libjpeg-turbo.2.1.x/turbojpeg.c:760
4	4	2 : View List ['__errno_location', 'strerror']	6	23	tjLoadImage	call site: 00088	/src/libjpeg-turbo.2.1.x/turbojpeg.c:2152
2	2	1 : View List ['jsimd_h2v2_downsample_sse2']	2	2	jsimd_h2v2_downsample	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:348
2	2	1 : View List ['jsimd_h2v1_downsample_sse2']	2	2	jsimd_h2v1_downsample	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:367
2	2	1 : View List ['jsimd_convsamp_sse2']	2	2	jsimd_convsamp	call site: 00352	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:718
2	2	1 : View List ['jsimd_fdct_islow_sse2']	2	2	jsimd_fdct_islow	call site: 00333	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:790
2	2	1 : View List ['jsimd_quantize_sse2']	2	2	jsimd_quantize	call site: 00359	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:854
0	47	1 : View List ['init_simd']	4	51	jsimd_h2v2_downsample	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:345
0	47	1 : View List ['init_simd']	4	51	jsimd_h2v1_downsample	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:364
0	47	1 : View List ['init_simd']	4	51	jsimd_convsamp	call site: 00351	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:715
0	47	1 : View List ['init_simd']	4	51	jsimd_fdct_islow	call site: 00332	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:787
0	47	1 : View List ['init_simd']	4	51	jsimd_quantize	call site: 00358	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:851

Runtime coverage analysis

189

100

282

64.54%

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
libjpeg-turbo.2.1.x/fuzz/compress.cc	1
libjpeg-turbo.2.1.x/turbojpeg.c	11
libjpeg-turbo.2.1.x/jerror.c	6
libjpeg-turbo.2.1.x/jcomapi.c	4
libjpeg-turbo.2.1.x/jcapimin.c	5
libjpeg-turbo.2.1.x/jmemmgr.c	16
libjpeg-turbo.2.1.x/jmemnobs.c	8
libjpeg-turbo.2.1.x/jutils.c	4
libjpeg-turbo.2.1.x/jdatadst-tj.c	4
libjpeg-turbo.2.1.x/rdbmp.c	9
libjpeg-turbo.2.1.x/rdppm.c	18
libjpeg-turbo.2.1.x/jdapimin.c	1
libjpeg-turbo.2.1.x/jcparam.c	11
libjpeg-turbo.2.1.x/jstdhuff.c	2
libjpeg-turbo.2.1.x/jcapistd.c	2
libjpeg-turbo.2.1.x/jcinit.c	1
libjpeg-turbo.2.1.x/jcmaster.c	8
libjpeg-turbo.2.1.x/jccolor.c	9
libjpeg-turbo.2.1.x/simd/x86_64/jsimd.c	25
libjpeg-turbo.2.1.x/jcsample.c	10
libjpeg-turbo.2.1.x/jcprepct.c	6
libjpeg-turbo.2.1.x/jcdctmgr.c	10
libjpeg-turbo.2.1.x/jfdctint.c	1
libjpeg-turbo.2.1.x/jfdctfst.c	1
libjpeg-turbo.2.1.x/jfdctflt.c	1
libjpeg-turbo.2.1.x/jcarith.c	11
libjpeg-turbo.2.1.x/jcphuff.c	17
libjpeg-turbo.2.1.x/jchuff.c	14
libjpeg-turbo.2.1.x/jccoefct.c	6
libjpeg-turbo.2.1.x/jcmainct.c	2
libjpeg-turbo.2.1.x/jcmarker.c	19

Fuzzer: transform_fuzzer_2_1_x

Call tree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color Runtime hitcount Callsite count Percentage

red 0 257 38.2%

gold [1:9] 10 1.48%

yellow [10:29] 2 0.29%

greenyellow [30:49] 0 0.0%

lawngreen 50+ 403 59.9%

All colors 672 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
169	169	1 : View List ['jinit_arith_encoder']	169	324	transencode_master_selection	call site: 00339	/src/libjpeg-turbo.2.1.x/jctrans.c:178
50	50	3 : View List ['do_crop_ext_zero', 'do_crop_ext_flat', 'do_crop_ext_reflect']	50	50	jtransform_execute_transform	call site: 00629	/src/libjpeg-turbo.2.1.x/transupp.c:2169
38	38	1 : View List ['adjust_exif_parameters']	38	38	jtransform_adjust_parameters	call site: 00330	/src/libjpeg-turbo.2.1.x/transupp.c:2132
8	8	1 : View List ['jtransform_perfect_transform']	20	40	jtransform_request_workspace	call site: 00185	/src/libjpeg-turbo.2.1.x/transupp.c:1523
0	0	None	12	32	jtransform_request_workspace	call site: 00187	/src/libjpeg-turbo.2.1.x/transupp.c:1583
0	0	None	12	32	jtransform_request_workspace	call site: 00187	/src/libjpeg-turbo.2.1.x/transupp.c:1585
0	0	None	12	32	jtransform_request_workspace	call site: 00187	/src/libjpeg-turbo.2.1.x/transupp.c:1587
0	0	None	12	32	jtransform_request_workspace	call site: 00187	/src/libjpeg-turbo.2.1.x/transupp.c:1606
0	0	None	12	32	jtransform_request_workspace	call site: 00187	/src/libjpeg-turbo.2.1.x/transupp.c:1628
0	0	None	12	32	jtransform_request_workspace	call site: 00187	/src/libjpeg-turbo.2.1.x/transupp.c:1634
0	0	None	12	28	jtransform_request_workspace	call site: 00189	/src/libjpeg-turbo.2.1.x/transupp.c:1697
0	0	None	12	28	jtransform_request_workspace	call site: 00189	/src/libjpeg-turbo.2.1.x/transupp.c:1703

Runtime coverage analysis

194

264

71.97%

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
libjpeg-turbo.2.1.x/fuzz/transform.cc	1
libjpeg-turbo.2.1.x/turbojpeg.c	12
libjpeg-turbo.2.1.x/jerror.c	6
libjpeg-turbo.2.1.x/jcomapi.c	4
libjpeg-turbo.2.1.x/jcapimin.c	6
libjpeg-turbo.2.1.x/jmemmgr.c	16
libjpeg-turbo.2.1.x/jmemnobs.c	8
libjpeg-turbo.2.1.x/jutils.c	4
libjpeg-turbo.2.1.x/jdatadst-tj.c	4
libjpeg-turbo.2.1.x/jdapimin.c	7
libjpeg-turbo.2.1.x/jdmarker.c	19
libjpeg-turbo.2.1.x/jdinput.c	8
libjpeg-turbo.2.1.x/jdatasrc-tj.c	5
libjpeg-turbo.2.1.x/transupp.c	30
libjpeg-turbo.2.1.x/jdtrans.c	2
libjpeg-turbo.2.1.x/jdarith.c	10
libjpeg-turbo.2.1.x/jdphuff.c	7
libjpeg-turbo.2.1.x/jdhuff.c	8
libjpeg-turbo.2.1.x/jstdhuff.c	2
libjpeg-turbo.2.1.x/jdcoefct.c	9
libjpeg-turbo.2.1.x/jdcoefct.h	1
libjpeg-turbo.2.1.x/jctrans.c	7
libjpeg-turbo.2.1.x/jcparam.c	7
libjpeg-turbo.2.1.x/jcmaster.c	8
libjpeg-turbo.2.1.x/jcarith.c	11
libjpeg-turbo.2.1.x/jcphuff.c	17
libjpeg-turbo.2.1.x/simd/x86_64/jsimd.c	7
libjpeg-turbo.2.1.x/jchuff.c	14
libjpeg-turbo.2.1.x/jcmarker.c	19

Fuzzer: compress_yuv_fuzzer_2_1_x

Call tree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color Runtime hitcount Callsite count Percentage

red 0 208 29.0%

gold [1:9] 5 0.69%

yellow [10:29] 0 0.0%

greenyellow [30:49] 0 0.0%

lawngreen 50+ 502 70.2%

All colors 715 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
4	4	2 : View List ['__errno_location', 'strerror']	6	23	tjLoadImage	call site: 00090	/src/libjpeg-turbo.2.1.x/turbojpeg.c:2152
2	2	1 : View List ['jsimd_h2v2_downsample_sse2']	2	2	jsimd_h2v2_downsample	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:348
2	2	1 : View List ['jsimd_h2v1_downsample_sse2']	2	2	jsimd_h2v1_downsample	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:367
2	2	1 : View List ['jsimd_convsamp_sse2']	2	2	jsimd_convsamp	call site: 00405	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:718
2	2	1 : View List ['jsimd_fdct_islow_sse2']	2	2	jsimd_fdct_islow	call site: 00386	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:790
2	2	1 : View List ['jsimd_quantize_sse2']	2	2	jsimd_quantize	call site: 00412	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:854
0	47	1 : View List ['init_simd']	4	51	jsimd_h2v2_downsample	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:345
0	47	1 : View List ['init_simd']	4	51	jsimd_h2v1_downsample	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:364
0	47	1 : View List ['init_simd']	4	51	jsimd_convsamp	call site: 00404	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:715
0	47	1 : View List ['init_simd']	4	51	jsimd_fdct_islow	call site: 00385	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:787
0	47	1 : View List ['init_simd']	4	51	jsimd_quantize	call site: 00411	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:851
0	47	1 : View List ['init_simd']	0	47	jsimd_rgb_ycc_convert	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:148

Runtime coverage analysis

188

108

289

62.63%

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
libjpeg-turbo.2.1.x/fuzz/compress_yuv.cc	1
libjpeg-turbo.2.1.x/turbojpeg.c	17
libjpeg-turbo.2.1.x/jerror.c	6
libjpeg-turbo.2.1.x/jcomapi.c	4
libjpeg-turbo.2.1.x/jcapimin.c	5
libjpeg-turbo.2.1.x/jmemmgr.c	16
libjpeg-turbo.2.1.x/jmemnobs.c	8
libjpeg-turbo.2.1.x/jutils.c	4
libjpeg-turbo.2.1.x/jdatadst-tj.c	4
libjpeg-turbo.2.1.x/rdbmp.c	9
libjpeg-turbo.2.1.x/rdppm.c	18
libjpeg-turbo.2.1.x/jdapimin.c	1
libjpeg-turbo.2.1.x/jcparam.c	11
libjpeg-turbo.2.1.x/jstdhuff.c	2
libjpeg-turbo.2.1.x/jcmaster.c	8
libjpeg-turbo.2.1.x/jccolor.c	9
libjpeg-turbo.2.1.x/simd/x86_64/jsimd.c	25
libjpeg-turbo.2.1.x/jcsample.c	10
libjpeg-turbo.2.1.x/jcapistd.c	2
libjpeg-turbo.2.1.x/jcinit.c	1
libjpeg-turbo.2.1.x/jcprepct.c	6
libjpeg-turbo.2.1.x/jcdctmgr.c	10
libjpeg-turbo.2.1.x/jfdctint.c	1
libjpeg-turbo.2.1.x/jfdctfst.c	1
libjpeg-turbo.2.1.x/jfdctflt.c	1
libjpeg-turbo.2.1.x/jcarith.c	11
libjpeg-turbo.2.1.x/jcphuff.c	17
libjpeg-turbo.2.1.x/jchuff.c	14
libjpeg-turbo.2.1.x/jccoefct.c	6
libjpeg-turbo.2.1.x/jcmainct.c	2
libjpeg-turbo.2.1.x/jcmarker.c	19

Fuzzer: compress_fuzzer

Call tree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color Runtime hitcount Callsite count Percentage

red 0 344 40.5%

gold [1:9] 5 0.58%

yellow [10:29] 0 0.0%

greenyellow [30:49] 0 0.0%

lawngreen 50+ 500 58.8%

All colors 849 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
451	451	7 : View List ['j12init_lossless_compressor', 'jinit_c_diff_controller', 'j12init_c_diff_controller', 'j16init_lossless_compressor', 'jinit_lhuff_encoder', 'j16init_c_diff_controller', 'jinit_lossless_compressor']	487	613	jinit_compress_master	call site: 00454	/src/libjpeg-turbo.main/jcinit.c:64
394	394	1 : View List ['encode_one_block']	394	394	encode_mcu_huff	call site: 00702	/src/libjpeg-turbo.main/jchuff.c:724
203	203	3 : View List ['j16init_color_converter', 'j16init_c_prep_controller', 'j16init_downsampler']	797	2155	jinit_compress_master	call site: 00375	/src/libjpeg-turbo.main/jcinit.c:43
203	203	3 : View List ['j12init_c_prep_controller', 'j12init_color_converter', 'j12init_downsampler']	797	2155	jinit_compress_master	call site: 00426	/src/libjpeg-turbo.main/jcinit.c:52
55	55	1 : View List ['j12init_forward_dct']	143	1324	jinit_compress_master	call site: 00512	/src/libjpeg-turbo.main/jcinit.c:97
52	52	1 : View List ['j12init_c_coef_controller']	88	214	jinit_compress_master	call site: 00692	/src/libjpeg-turbo.main/jcinit.c:120
18	18	1 : View List ['j16init_c_main_controller']	18	126	jinit_compress_master	call site: 00734	/src/libjpeg-turbo.main/jcinit.c:128
18	18	1 : View List ['j12init_c_main_controller']	18	126	jinit_compress_master	call site: 00735	/src/libjpeg-turbo.main/jcinit.c:134
16	16	1 : View List ['do_barray_io']	16	18	access_virt_barray	call site: 00071	/src/libjpeg-turbo.main/jmemmgr.c:1024
8	8	2 : View List ['__errno_location', 'strerror']	10	25	tj3LoadImage8	call site: 00210	/src/libjpeg-turbo.main/turbojpeg-mp.c:321
8	8	1 : View List ['fill_scans']	8	20	jpeg_simple_progression	call site: 00352	/src/libjpeg-turbo.main/jcparam.c:516
7	7	1 : View List ['jpeg_abort_compress']	7	7	tj3Compress8	call site: 00840	/src/libjpeg-turbo.main/turbojpeg-mp.c:128

Runtime coverage analysis

203

155

55.71%

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
libjpeg-turbo.main/fuzz/compress.cc	1
libjpeg-turbo.main/turbojpeg.c	12
libjpeg-turbo.main/jerror.c	6
libjpeg-turbo.main/jcomapi.c	4
libjpeg-turbo.main/jcapimin.c	5
libjpeg-turbo.main/jmemmgr.c	16
libjpeg-turbo.main/jmemnobs.c	8
libjpeg-turbo.main/jutils.c	4
libjpeg-turbo.main/jdatadst-tj.c	4
libjpeg-turbo.main/jdapimin.c	2
libjpeg-turbo.main/jdmarker.c	17
libjpeg-turbo.main/jdinput.c	8
libjpeg-turbo.main/jdatasrc-tj.c	5
libjpeg-turbo.main/turbojpeg-mp.c	2
libjpeg-turbo.main/rdbmp.c	9
libjpeg-turbo.main/rdppm.c	21
libjpeg-turbo.main/jcparam.c	12
libjpeg-turbo.main/jstdhuff.c	2
libjpeg-turbo.main/jcapistd.c	2
libjpeg-turbo.main/jcinit.c	1
libjpeg-turbo.main/jcmaster.c	8
libjpeg-turbo.main/jccolor.c	11
libjpeg-turbo.main/jcsample.c	12
libjpeg-turbo.main/jcprepct.c	8
libjpeg-turbo.main/simd/x86_64/jsimd.c	24
libjpeg-turbo.main/jclossls.c	15
libjpeg-turbo.main/jclhuff.c	9
libjpeg-turbo.main/jchuff.c	14
libjpeg-turbo.main/jcdiffct.c	8
libjpeg-turbo.main/jcdctmgr.c	9
libjpeg-turbo.main/jfdctint.c	1
libjpeg-turbo.main/jfdctfst.c	1
libjpeg-turbo.main/jfdctflt.c	1
libjpeg-turbo.main/jcarith.c	11
libjpeg-turbo.main/jcphuff.c	17
libjpeg-turbo.main/jccoefct.c	7
libjpeg-turbo.main/jcmainct.c	5
libjpeg-turbo.main/jcmarker.c	19

Fuzzer: compress16_lossless_fuzzer

Call tree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color Runtime hitcount Callsite count Percentage

red 0 494 58.3%

gold [1:9] 4 0.47%

yellow [10:29] 0 0.0%

greenyellow [30:49] 4 0.47%

lawngreen 50+ 344 40.6%

All colors 846 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
261	261	1 : View List ['jinit_phuff_encoder']	401	527	jinit_compress_master	call site: 00555	/src/libjpeg-turbo.main/jcinit.c:109
169	169	1 : View List ['jinit_arith_encoder']	309	435	jinit_compress_master	call site: 00522	/src/libjpeg-turbo.main/jcinit.c:102
108	108	2 : View List ['jinit_c_diff_controller', 'j12init_c_diff_controller']	144	270	jinit_compress_master	call site: 00475	/src/libjpeg-turbo.main/jcinit.c:81
106	106	2 : View List ['j12init_lossless_compressor', 'jinit_lossless_compressor']	250	560	jinit_compress_master	call site: 00451	/src/libjpeg-turbo.main/jcinit.c:67
57	57	1 : View List ['validate_script']	57	87	jinit_c_master_control	call site: 00383	/src/libjpeg-turbo.main/jcmaster.c:614
55	55	1 : View List ['j12init_forward_dct']	1198	1324	jinit_compress_master	call site: 00509	/src/libjpeg-turbo.main/jcinit.c:97
52	52	1 : View List ['j12init_c_coef_controller']	88	214	jinit_compress_master	call site: 00689	/src/libjpeg-turbo.main/jcinit.c:120
28	28	1 : View List ['do_sarray_io']	30	30	access_virt_sarray	call site: 00067	/src/libjpeg-turbo.main/jmemmgr.c:940
20	20	1 : View List ['emit_dac']	20	44	write_scan_header	call site: 00795	/src/libjpeg-turbo.main/jcmarker.c:569
18	18	1 : View List ['j12init_c_main_controller']	18	126	jinit_compress_master	call site: 00732	/src/libjpeg-turbo.main/jcinit.c:134
8	8	2 : View List ['__errno_location', 'strerror']	10	25	tj3LoadImage16	call site: 00206	/src/libjpeg-turbo.main/turbojpeg-mp.c:321
2	4	2 : View List ['jpeg_get_small', 'out_of_memory']	2	4	alloc_small	call site: 00034	/src/libjpeg-turbo.main/jmemmgr.c:318

Runtime coverage analysis

156

208

40.57%

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
libjpeg-turbo.main/fuzz/compress16_lossless.cc	1
libjpeg-turbo.main/turbojpeg.c	12
libjpeg-turbo.main/jerror.c	6
libjpeg-turbo.main/jcomapi.c	4
libjpeg-turbo.main/jcapimin.c	5
libjpeg-turbo.main/jmemmgr.c	16
libjpeg-turbo.main/jmemnobs.c	8
libjpeg-turbo.main/jutils.c	4
libjpeg-turbo.main/jdatadst-tj.c	4
libjpeg-turbo.main/jdapimin.c	2
libjpeg-turbo.main/jdmarker.c	17
libjpeg-turbo.main/jdinput.c	8
libjpeg-turbo.main/jdatasrc-tj.c	5
libjpeg-turbo.main/turbojpeg-mp.c	2
libjpeg-turbo.main/rdbmp.c	9
libjpeg-turbo.main/rdppm.c	21
libjpeg-turbo.main/jcparam.c	12
libjpeg-turbo.main/jstdhuff.c	2
libjpeg-turbo.main/jcapistd.c	2
libjpeg-turbo.main/jcinit.c	1
libjpeg-turbo.main/jcmaster.c	8
libjpeg-turbo.main/jccolor.c	11
libjpeg-turbo.main/jcsample.c	12
libjpeg-turbo.main/jcprepct.c	8
libjpeg-turbo.main/simd/x86_64/jsimd.c	24
libjpeg-turbo.main/jclossls.c	15
libjpeg-turbo.main/jclhuff.c	9
libjpeg-turbo.main/jchuff.c	14
libjpeg-turbo.main/jcdiffct.c	8
libjpeg-turbo.main/jcdctmgr.c	9
libjpeg-turbo.main/jfdctint.c	1
libjpeg-turbo.main/jfdctfst.c	1
libjpeg-turbo.main/jfdctflt.c	1
libjpeg-turbo.main/jcarith.c	11
libjpeg-turbo.main/jcphuff.c	17
libjpeg-turbo.main/jccoefct.c	7
libjpeg-turbo.main/jcmainct.c	5
libjpeg-turbo.main/jcmarker.c	19

Fuzzer: libjpeg_turbo_fuzzer

Call tree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color Runtime hitcount Callsite count Percentage

red 0 252 41.0%

gold [1:9] 11 1.79%

yellow [10:29] 3 0.48%

greenyellow [30:49] 3 0.48%

lawngreen 50+ 345 56.1%

All colors 614 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
160	160	1 : View List ['jpeg_crop_scanline']	286	318	tj3Decompress8	call site: 00244	/src/libjpeg-turbo.main/turbojpeg-mp.c:193
92	92	1 : View List ['jpeg12_crop_scanline']	222	256	tj3Decompress12	call site: 00606	/src/libjpeg-turbo.main/turbojpeg-mp.c:193
28	28	1 : View List ['do_sarray_io']	28	30	access_virt_sarray	call site: 00065	/src/libjpeg-turbo.main/jmemmgr.c:940
16	16	1 : View List ['do_barray_io']	16	18	access_virt_barray	call site: 00069	/src/libjpeg-turbo.main/jmemmgr.c:1024
2	4	2 : View List ['jpeg_get_small', 'out_of_memory']	2	4	alloc_small	call site: 00032	/src/libjpeg-turbo.main/jmemmgr.c:318
2	2	1 : View List ['out_of_memory']	2	109	alloc_sarray	call site: 00041	/src/libjpeg-turbo.main/jmemmgr.c:461
2	2	1 : View List ['out_of_memory']	2	2	alloc_large	call site: 00038	/src/libjpeg-turbo.main/jmemmgr.c:394
2	2	1 : View List ['jsimd_h2v2_upsample_sse2']	2	2	jsimd_h2v2_upsample	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:424
2	2	1 : View List ['jsimd_h2v1_upsample_sse2']	2	2	jsimd_h2v1_upsample	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:439
2	2	1 : View List ['jsimd_h2v2_fancy_upsample_sse2']	2	2	jsimd_h2v2_fancy_upsample	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:496
2	2	1 : View List ['jsimd_h2v1_fancy_upsample_sse2']	2	2	jsimd_h2v1_fancy_upsample	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:513
2	2	1 : View List ['jsimd_idct_islow_sse2']	2	2	jsimd_idct_islow	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:1011

Runtime coverage analysis

235

301

69.77%

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
libjpeg-turbo.main/fuzz/decompress.cc	1
libjpeg-turbo.main/turbojpeg.c	15
libjpeg-turbo.main/jerror.c	6
libjpeg-turbo.main/jcomapi.c	4
libjpeg-turbo.main/jcapimin.c	2
libjpeg-turbo.main/jmemmgr.c	16
libjpeg-turbo.main/jmemnobs.c	8
libjpeg-turbo.main/jutils.c	6
libjpeg-turbo.main/jdatadst-tj.c	4
libjpeg-turbo.main/jdapimin.c	7
libjpeg-turbo.main/jdmarker.c	17
libjpeg-turbo.main/jdinput.c	8
libjpeg-turbo.main/jdatasrc-tj.c	5
libjpeg-turbo.main/turbojpeg-mp.c	3
libjpeg-turbo.main/jdapistd.c	9
libjpeg-turbo.main/jdmaster.c	8
libjpeg-turbo.main/jquant1.c	19
libjpeg-turbo.main/jquant2.c	20
libjpeg-turbo.main/jdmerge.c	12
libjpeg-turbo.main/simd/x86_64/jsimd.c	9
libjpeg-turbo.main/jdcolor.c	19
libjpeg-turbo.main/jdsample.c	13
libjpeg-turbo.main/jdpostct.c	7
libjpeg-turbo.main/jdlossls.c	14
libjpeg-turbo.main/jdlhuff.c	4
libjpeg-turbo.main/jdhuff.c	8
libjpeg-turbo.main/jddiffct.c	11
libjpeg-turbo.main/jddctmgr.c	3
libjpeg-turbo.main/jdarith.c	10
libjpeg-turbo.main/jdphuff.c	7
libjpeg-turbo.main/jstdhuff.c	2
libjpeg-turbo.main/jdcoefct.c	10
libjpeg-turbo.main/jdcoefct.h	1
libjpeg-turbo.main/jdmainct.c	10
libjpeg-turbo.main/jdmainct.h	1

Fuzzer: compress_lossless_fuzzer

Call tree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color Runtime hitcount Callsite count Percentage

red 0 492 58.1%

gold [1:9] 0 0.0%

yellow [10:29] 2 0.23%

greenyellow [30:49] 3 0.35%

lawngreen 50+ 349 41.2%

All colors 846 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
261	261	1 : View List ['jinit_phuff_encoder']	401	527	jinit_compress_master	call site: 00555	/src/libjpeg-turbo.main/jcinit.c:109
203	203	3 : View List ['j16init_color_converter', 'j16init_c_prep_controller', 'j16init_downsampler']	1792	2155	jinit_compress_master	call site: 00372	/src/libjpeg-turbo.main/jcinit.c:43
203	203	3 : View List ['j12init_c_prep_controller', 'j12init_color_converter', 'j12init_downsampler']	1792	2155	jinit_compress_master	call site: 00423	/src/libjpeg-turbo.main/jcinit.c:52
169	169	1 : View List ['jinit_arith_encoder']	309	435	jinit_compress_master	call site: 00522	/src/libjpeg-turbo.main/jcinit.c:102
57	57	1 : View List ['validate_script']	57	87	jinit_c_master_control	call site: 00383	/src/libjpeg-turbo.main/jcmaster.c:614
55	55	1 : View List ['j12init_forward_dct']	1198	1324	jinit_compress_master	call site: 00509	/src/libjpeg-turbo.main/jcinit.c:97
54	54	1 : View List ['j16init_c_diff_controller']	90	216	jinit_compress_master	call site: 00475	/src/libjpeg-turbo.main/jcinit.c:81
54	54	1 : View List ['j12init_c_diff_controller']	90	216	jinit_compress_master	call site: 00492	/src/libjpeg-turbo.main/jcinit.c:84
53	53	1 : View List ['j16init_lossless_compressor']	197	507	jinit_compress_master	call site: 00451	/src/libjpeg-turbo.main/jcinit.c:67
53	53	1 : View List ['j12init_lossless_compressor']	197	507	jinit_compress_master	call site: 00452	/src/libjpeg-turbo.main/jcinit.c:69
53	53	1 : View List ['jsimd_can_rgb_gray']	53	53	jinit_color_converter	call site: 00436	/src/libjpeg-turbo.main/jccolor.c:615
52	52	1 : View List ['j12init_c_coef_controller']	88	214	jinit_compress_master	call site: 00689	/src/libjpeg-turbo.main/jcinit.c:120

Runtime coverage analysis

164

200

42.86%

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
libjpeg-turbo.main/fuzz/compress_lossless.cc	1
libjpeg-turbo.main/turbojpeg.c	12
libjpeg-turbo.main/jerror.c	6
libjpeg-turbo.main/jcomapi.c	4
libjpeg-turbo.main/jcapimin.c	5
libjpeg-turbo.main/jmemmgr.c	16
libjpeg-turbo.main/jmemnobs.c	8
libjpeg-turbo.main/jutils.c	4
libjpeg-turbo.main/jdatadst-tj.c	4
libjpeg-turbo.main/jdapimin.c	2
libjpeg-turbo.main/jdmarker.c	17
libjpeg-turbo.main/jdinput.c	8
libjpeg-turbo.main/jdatasrc-tj.c	5
libjpeg-turbo.main/turbojpeg-mp.c	2
libjpeg-turbo.main/rdbmp.c	9
libjpeg-turbo.main/rdppm.c	21
libjpeg-turbo.main/jcparam.c	12
libjpeg-turbo.main/jstdhuff.c	2
libjpeg-turbo.main/jcapistd.c	2
libjpeg-turbo.main/jcinit.c	1
libjpeg-turbo.main/jcmaster.c	8
libjpeg-turbo.main/jccolor.c	11
libjpeg-turbo.main/jcsample.c	12
libjpeg-turbo.main/jcprepct.c	8
libjpeg-turbo.main/simd/x86_64/jsimd.c	24
libjpeg-turbo.main/jclossls.c	15
libjpeg-turbo.main/jclhuff.c	9
libjpeg-turbo.main/jchuff.c	14
libjpeg-turbo.main/jcdiffct.c	8
libjpeg-turbo.main/jcdctmgr.c	9
libjpeg-turbo.main/jfdctint.c	1
libjpeg-turbo.main/jfdctfst.c	1
libjpeg-turbo.main/jfdctflt.c	1
libjpeg-turbo.main/jcarith.c	11
libjpeg-turbo.main/jcphuff.c	17
libjpeg-turbo.main/jccoefct.c	7
libjpeg-turbo.main/jcmainct.c	5
libjpeg-turbo.main/jcmarker.c	19

Fuzzer: decompress_yuv_fuzzer

Call tree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color Runtime hitcount Callsite count Percentage

red 0 248 38.8%

gold [1:9] 12 1.87%

yellow [10:29] 5 0.78%

greenyellow [30:49] 1 0.15%

lawngreen 50+ 373 58.3%

All colors 639 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
28	28	1 : View List ['do_sarray_io']	28	30	access_virt_sarray	call site: 00065	/src/libjpeg-turbo.main/jmemmgr.c:940
16	16	1 : View List ['do_barray_io']	16	18	access_virt_barray	call site: 00069	/src/libjpeg-turbo.main/jmemmgr.c:1024
3	3	1 : View List ['alloc_funny_pointers']	3	3	j12init_d_main_controller	call site: 00595	/src/libjpeg-turbo.main/jdmainct.c:449
2	4	2 : View List ['jpeg_get_small', 'out_of_memory']	2	4	alloc_small	call site: 00032	/src/libjpeg-turbo.main/jmemmgr.c:318
2	2	1 : View List ['out_of_memory']	2	109	alloc_sarray	call site: 00041	/src/libjpeg-turbo.main/jmemmgr.c:461
2	2	1 : View List ['out_of_memory']	2	2	alloc_large	call site: 00038	/src/libjpeg-turbo.main/jmemmgr.c:394
2	2	1 : View List ['jsimd_h2v2_upsample_sse2']	2	2	jsimd_h2v2_upsample	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:424
2	2	1 : View List ['jsimd_h2v1_upsample_sse2']	2	2	jsimd_h2v1_upsample	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:439
2	2	1 : View List ['jsimd_idct_islow_sse2']	2	2	jsimd_idct_islow	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:1011
0	94	1 : View List ['jinit_arith_decoder']	0	331	master_selection	call site: 00306	/src/libjpeg-turbo.2.1.x/jdmaster.c:537
0	47	1 : View List ['init_simd']	4	51	jsimd_h2v2_upsample	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:421
0	47	1 : View List ['init_simd']	4	51	jsimd_h2v1_upsample	call site: 00000	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:436

Runtime coverage analysis

209

104

297

64.98%

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
libjpeg-turbo.main/fuzz/decompress_yuv.cc	1
libjpeg-turbo.main/turbojpeg.c	24
libjpeg-turbo.main/jerror.c	6
libjpeg-turbo.main/jcomapi.c	4
libjpeg-turbo.main/jcapimin.c	2
libjpeg-turbo.main/jmemmgr.c	16
libjpeg-turbo.main/jmemnobs.c	8
libjpeg-turbo.main/jutils.c	7
libjpeg-turbo.main/jdatadst-tj.c	4
libjpeg-turbo.main/jdapimin.c	7
libjpeg-turbo.main/jdmarker.c	17
libjpeg-turbo.main/jdinput.c	8
libjpeg-turbo.main/jdatasrc-tj.c	5
libjpeg-turbo.main/jdmaster.c	8
libjpeg-turbo.main/jdapistd.c	3
libjpeg-turbo.main/jquant1.c	19
libjpeg-turbo.main/jquant2.c	20
libjpeg-turbo.main/jdmerge.c	12
libjpeg-turbo.main/simd/x86_64/jsimd.c	9
libjpeg-turbo.main/jdcolor.c	19
libjpeg-turbo.main/jdsample.c	13
libjpeg-turbo.main/jdpostct.c	7
libjpeg-turbo.main/jdlossls.c	14
libjpeg-turbo.main/jdlhuff.c	4
libjpeg-turbo.main/jdhuff.c	8
libjpeg-turbo.main/jddiffct.c	11
libjpeg-turbo.main/jddctmgr.c	3
libjpeg-turbo.main/jdarith.c	10
libjpeg-turbo.main/jdphuff.c	7
libjpeg-turbo.main/jstdhuff.c	2
libjpeg-turbo.main/jdcoefct.c	10
libjpeg-turbo.main/jdcoefct.h	1
libjpeg-turbo.main/jdmainct.c	10
libjpeg-turbo.main/jdmainct.h	1

Fuzzer: libjpeg_turbo_fuzzer_2_0_x

Call tree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color Runtime hitcount Callsite count Percentage

red 0 172 36.9%

gold [1:9] 12 2.57%

yellow [10:29] 2 0.42%

greenyellow [30:49] 6 1.28%

lawngreen 50+ 274 58.7%

All colors 466 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
2	2	1 : View List ['out_of_memory']	2	2	alloc_large	call site: 00037	/src/libjpeg-turbo.main/jmemmgr.c:394
0	0	None	24	24	init_simd	call site: 00203	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:56
0	0	None	6	10	alloc_large	call site: 00033	/src/libjpeg-turbo.main/jmemmgr.c:375
0	0	None	4	6	alloc_large	call site: 00035	/src/libjpeg-turbo.main/jmemmgr.c:383
0	0	None	2	1413	tjDecompress2	call site: 00157	/src/libjpeg-turbo.2.1.x/turbojpeg.c:1379
0	0	None	2	4	alloc_large	call site: 00036	/src/libjpeg-turbo.main/jmemmgr.c:388
0	0	None	0	210	jinit_upsampler	call site: 00300	/src/libjpeg-turbo.2.1.x/jdsample.c:421
0	0	None	0	210	jinit_upsampler	call site: 00302	/src/libjpeg-turbo.2.1.x/jdsample.c:432
0	0	None	0	210	jinit_upsampler	call site: 00305	/src/libjpeg-turbo.2.1.x/jdsample.c:467
0	0	None	0	210	jinit_upsampler	call site: 00308	/src/libjpeg-turbo.2.1.x/jdsample.c:472
0	0	None	0	210	jinit_upsampler	call site: 00315	/src/libjpeg-turbo.2.1.x/jdsample.c:492
0	0	None	0	2	decompress_onepass	call site: 00441	/src/libjpeg-turbo.2.1.x/jdcoefct.c:105

Runtime coverage analysis

177

240

66.25%

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
libjpeg-turbo.2.0.x/fuzz/decompress.cc	1
libjpeg-turbo.2.0.x/turbojpeg.c	10
libjpeg-turbo.2.0.x/jerror.c	6
libjpeg-turbo.2.0.x/jcomapi.c	4
libjpeg-turbo.2.0.x/jdapimin.c	7
libjpeg-turbo.2.0.x/jmemmgr.c	16
libjpeg-turbo.2.0.x/jmemnobs.c	8
libjpeg-turbo.2.0.x/jutils.c	5
libjpeg-turbo.2.0.x/jdmarker.c	17
libjpeg-turbo.2.0.x/jdinput.c	8
libjpeg-turbo.2.0.x/jdatasrc-tj.c	5
libjpeg-turbo.2.0.x/jdapistd.c	3
libjpeg-turbo.2.0.x/jdmaster.c	8
libjpeg-turbo.2.0.x/simd/x86_64/jsimd.c	14
libjpeg-turbo.2.0.x/jquant1.c	17
libjpeg-turbo.2.0.x/jquant2.c	18
libjpeg-turbo.2.0.x/jdmerge.c	11
libjpeg-turbo.2.0.x/jdcolor.c	17
libjpeg-turbo.2.0.x/jdsample.c	11
libjpeg-turbo.2.0.x/jdpostct.c	5
libjpeg-turbo.2.0.x/jddctmgr.c	2
libjpeg-turbo.2.0.x/jdarith.c	10
libjpeg-turbo.2.0.x/jdphuff.c	7
libjpeg-turbo.2.0.x/jdhuff.c	8
libjpeg-turbo.2.0.x/jstdhuff.c	2
libjpeg-turbo.2.0.x/jdcoefct.c	9
libjpeg-turbo.2.0.x/jdcoefct.h	1
libjpeg-turbo.2.0.x/jdmainct.c	8
libjpeg-turbo.2.0.x/jdmainct.h	1
libjpeg-turbo.2.0.x/jcapimin.c	1

Fuzzer: decompress_yuv_fuzzer_2_0_x

Call tree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color Runtime hitcount Callsite count Percentage

red 0 184 34.7%

gold [1:9] 12 2.26%

yellow [10:29] 4 0.75%

greenyellow [30:49] 5 0.94%

lawngreen 50+ 325 61.3%

All colors 530 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
2	2	1 : View List ['out_of_memory']	2	2	alloc_large	call site: 00037	/src/libjpeg-turbo.main/jmemmgr.c:394
0	0	None	106	210	jinit_upsampler	call site: 00335	/src/libjpeg-turbo.2.1.x/jdsample.c:421
0	0	None	106	210	jinit_upsampler	call site: 00337	/src/libjpeg-turbo.2.1.x/jdsample.c:432
0	0	None	106	210	jinit_upsampler	call site: 00339	/src/libjpeg-turbo.2.1.x/jdsample.c:466
0	0	None	106	210	jinit_upsampler	call site: 00343	/src/libjpeg-turbo.2.1.x/jdsample.c:472
0	0	None	106	210	jinit_upsampler	call site: 00350	/src/libjpeg-turbo.2.1.x/jdsample.c:492
0	0	None	24	24	init_simd	call site: 00226	/src/libjpeg-turbo.main/simd/x86_64/jsimd.c:56
0	0	None	6	10	alloc_large	call site: 00033	/src/libjpeg-turbo.main/jmemmgr.c:375
0	0	None	4	6	alloc_large	call site: 00035	/src/libjpeg-turbo.main/jmemmgr.c:383
0	0	None	2	4	alloc_large	call site: 00036	/src/libjpeg-turbo.main/jmemmgr.c:388
0	0	None	0	2	decompress_onepass	call site: 00476	/src/libjpeg-turbo.2.1.x/jdcoefct.c:105
0	0	None	0	2	get_dqt	call site: 00091	/src/libjpeg-turbo.2.1.x/jdmarker.c:542

Runtime coverage analysis

173

249