Fuzz introspector: cjpeg_fuzzer_3_0_x
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
18 18 6 :

['malloc', 'ftell', 'fopen', 'fread', 'fseek', 'exit']

685 959 cjpeg_main call site: 00227 /src/libjpeg-turbo.3.0.x/fuzz/../cjpeg.c:730
14 365 4 :

['keymatch', '__isoc99_sscanf', 'jpeg_set_colorspace', 'exit']

374 725 parse_switches(jpeg_compress_struct*,int,char**,int,int) call site: 00000 /src/libjpeg-turbo.3.0.x/fuzz/../cjpeg.c:323
6 6 1 :

['usage()']

703 977 cjpeg_main call site: 00037 /src/libjpeg-turbo.3.0.x/fuzz/../cjpeg.c:702
2 4 2 :

['out_of_memory', 'jpeg_get_small']

2 4 alloc_small call site: 00000 /src/libjpeg-turbo.3.0.x/jmemmgr.c:318
2 2 1 :

['read_stdin']

693 967 cjpeg_main call site: 00219 /src/libjpeg-turbo.3.0.x/fuzz/../cjpeg.c:709
0 2 1 :

['jpeg_mem_term']

14 16 jinit_memory_mgr call site: 00009 /src/libjpeg-turbo.3.0.x/jmemmgr.c:1227
0 0 None 703 1307 cjpeg_main call site: 00004 /src/libjpeg-turbo.3.0.x/fuzz/../cjpeg.c:651
0 0 None 703 977 cjpeg_main call site: 00037 /src/libjpeg-turbo.3.0.x/fuzz/../cjpeg.c:679
0 0 None 689 963 cjpeg_main call site: 00223 /src/libjpeg-turbo.3.0.x/fuzz/../cjpeg.c:720
0 0 None 374 725 parse_switches(jpeg_compress_struct*,int,char**,int,int) call site: 00000 /src/libjpeg-turbo.3.0.x/fuzz/../cjpeg.c:341
0 0 None 374 725 parse_switches(jpeg_compress_struct*,int,char**,int,int) call site: 00000 /src/libjpeg-turbo.3.0.x/fuzz/../cjpeg.c:347
0 0 None 374 725 parse_switches(jpeg_compress_struct*,int,char**,int,int) call site: 00000 /src/libjpeg-turbo.3.0.x/fuzz/../cjpeg.c:349

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 snprintf [call site] 00001
1 mkstemp [call site] 00002
1 write [call site] 00003
1 cjpeg_main [function] [call site] 00004
2 jpeg_std_error [function] [call site] 00005
2 jpeg_CreateCompress [function] [call site] 00006
3 jinit_memory_mgr [function] [call site] 00007
4 jpeg_mem_init [function] [call site] 00008
4 jpeg_get_small [function] [call site] 00009
4 jpeg_mem_term [function] [call site] 00010
4 __errno_location [call site] 00011
4 getenv [call site] 00012
4 strlen [call site] 00013
4 strncpy [call site] 00014
4 __isoc99_sscanf [call site] 00015
2 jpeg_set_defaults [function] [call site] 00016
3 jpeg_set_quality [function] [call site] 00017
4 jpeg_quality_scaling [function] [call site] 00018
4 jpeg_set_linear_quality [function] [call site] 00019
5 jpeg_add_quant_table [function] [call site] 00020
6 jpeg_alloc_quant_table [function] [call site] 00021
5 jpeg_add_quant_table [function] [call site] 00022
3 std_huff_tables [function] [call site] 00023
4 add_huff_table [function] [call site] 00024
5 jpeg_alloc_huff_table [function] [call site] 00025
4 add_huff_table [function] [call site] 00026
4 add_huff_table [function] [call site] 00027
4 add_huff_table [function] [call site] 00028
3 jpeg_default_colorspace [function] [call site] 00029
4 jpeg_set_colorspace [function] [call site] 00030
4 jpeg_set_colorspace [function] [call site] 00031
4 jpeg_set_colorspace [function] [call site] 00032
4 jpeg_set_colorspace [function] [call site] 00033
4 jpeg_set_colorspace [function] [call site] 00034
4 jpeg_set_colorspace [function] [call site] 00035
4 jpeg_set_colorspace [function] [call site] 00036
2 parse_switches(jpeg_compress_struct*, int, char**, int, int) [function] [call site] 00037
3 keymatch [function] [call site] 00038
4 __ctype_b_loc [call site] 00039
4 tolower [call site] 00040
3 keymatch [function] [call site] 00041
3 keymatch [function] [call site] 00042
3 usage() [function] [call site] 00043
4 fprintf [call site] 00044
4 fprintf [call site] 00045
4 fprintf [call site] 00046
4 fprintf [call site] 00047
4 fprintf [call site] 00048
4 fprintf [call site] 00049
4 fprintf [call site] 00050
4 fprintf [call site] 00051
4 fprintf [call site] 00052
4 fprintf [call site] 00053
4 fprintf [call site] 00054
4 fprintf [call site] 00055
4 fprintf [call site] 00056
4 fprintf [call site] 00057
4 fprintf [call site] 00058
4 fprintf [call site] 00059
4 fprintf [call site] 00060
4 fprintf [call site] 00061
4 fprintf [call site] 00062
4 fprintf [call site] 00063
4 fprintf [call site] 00064
4 fprintf [call site] 00065
4 fprintf [call site] 00066
4 fprintf [call site] 00067
4 fprintf [call site] 00068
4 fprintf [call site] 00069
4 fprintf [call site] 00070
4 fprintf [call site] 00071
4 fprintf [call site] 00072
4 fprintf [call site] 00073
4 fprintf [call site] 00074
4 fprintf [call site] 00075
4 fprintf [call site] 00076
4 fprintf [call site] 00077
4 exit [call site] 00078
3 keymatch [function] [call site] 00079
3 keymatch [function] [call site] 00080
3 keymatch [function] [call site] 00081
3 usage() [function] [call site] 00082
3 keymatch [function] [call site] 00083
3 fprintf [call site] 00084
3 fprintf [call site] 00085
3 fprintf [call site] 00086
3 fprintf [call site] 00087
3 keymatch [function] [call site] 00088
3 fprintf [call site] 00089
3 exit [call site] 00090
3 keymatch [function] [call site] 00091
3 keymatch [function] [call site] 00092
3 jpeg_set_colorspace [function] [call site] 00093
3 keymatch [function] [call site] 00094
3 jpeg_set_colorspace [function] [call site] 00095
3 keymatch [function] [call site] 00096
3 usage() [function] [call site] 00097
3 keymatch [function] [call site] 00098
3 usage() [function] [call site] 00099
3 __isoc99_sscanf [call site] 00100
3 usage() [function] [call site] 00101
3 __isoc99_sscanf [call site] 00102
3 keymatch [function] [call site] 00103
3 usage() [function] [call site] 00104
3 __isoc99_sscanf [call site] 00105
3 usage() [function] [call site] 00106
3 keymatch [function] [call site] 00107
3 keymatch [function] [call site] 00108
3 usage() [function] [call site] 00109
3 keymatch [function] [call site] 00110
3 usage() [function] [call site] 00111
3 __isoc99_sscanf [call site] 00112
3 usage() [function] [call site] 00113
3 usage() [function] [call site] 00114
3 keymatch [function] [call site] 00115
3 keymatch [function] [call site] 00116
3 keymatch [function] [call site] 00117
3 usage() [function] [call site] 00118
3 keymatch [function] [call site] 00119
3 usage() [function] [call site] 00120
3 keymatch [function] [call site] 00121
3 usage() [function] [call site] 00122
3 keymatch [function] [call site] 00123
3 keymatch [function] [call site] 00124
3 usage() [function] [call site] 00125
3 __isoc99_sscanf [call site] 00126
3 usage() [function] [call site] 00127
3 usage() [function] [call site] 00128
3 keymatch [function] [call site] 00129
3 usage() [function] [call site] 00130
3 keymatch [function] [call site] 00131
3 usage() [function] [call site] 00132
3 keymatch [function] [call site] 00133
3 usage() [function] [call site] 00134
3 __isoc99_sscanf [call site] 00135
3 usage() [function] [call site] 00136
3 usage() [function] [call site] 00137
3 keymatch [function] [call site] 00138
3 keymatch [function] [call site] 00139
3 usage() [function] [call site] 00140
3 set_quality_ratings [function] [call site] 00141
4 __isoc99_sscanf [call site] 00142
4 jpeg_quality_scaling [function] [call site] 00143
4 jpeg_quality_scaling [function] [call site] 00144
4 jpeg_default_qtables [function] [call site] 00145
5 jpeg_add_quant_table [function] [call site] 00146
5 jpeg_add_quant_table [function] [call site] 00147
3 usage() [function] [call site] 00148
3 read_quant_tables [function] [call site] 00149
4 fopen [call site] 00150
4 fprintf [call site] 00151
4 read_text_integer [function] [call site] 00152
5 text_getc [function] [call site] 00153
6 getc [call site] 00154
6 getc [call site] 00155
5 __ctype_b_loc [call site] 00156
5 __ctype_b_loc [call site] 00157
5 text_getc [function] [call site] 00158
5 __ctype_b_loc [call site] 00159
4 fprintf [call site] 00160
4 fclose [call site] 00161
4 read_text_integer [function] [call site] 00162
4 fprintf [call site] 00163
4 fclose [call site] 00164
4 fprintf [call site] 00165
4 fclose [call site] 00166
4 fclose [call site] 00167
3 usage() [function] [call site] 00168
3 set_quant_slots [function] [call site] 00169
4 __isoc99_sscanf [call site] 00170
4 fprintf [call site] 00171
3 usage() [function] [call site] 00172
3 set_sample_factors [function] [call site] 00173
4 __isoc99_sscanf [call site] 00174
4 fprintf [call site] 00175
3 usage() [function] [call site] 00176
3 jpeg_simple_progression [function] [call site] 00177
4 jpeg_default_colorspace [function] [call site] 00178
4 fill_dc_scans [function] [call site] 00179
5 fill_scans [function] [call site] 00180
4 fill_a_scan [function] [call site] 00181
4 fill_a_scan [function] [call site] 00182
4 fill_a_scan [function] [call site] 00183
4 fill_a_scan [function] [call site] 00184
4 fill_a_scan [function] [call site] 00185
4 fill_dc_scans [function] [call site] 00186
4 fill_a_scan [function] [call site] 00187
4 fill_a_scan [function] [call site] 00188
4 fill_a_scan [function] [call site] 00189
4 fill_dc_scans [function] [call site] 00190
4 fill_scans [function] [call site] 00191
4 fill_scans [function] [call site] 00192
4 fill_scans [function] [call site] 00193
4 fill_dc_scans [function] [call site] 00194
4 fill_scans [function] [call site] 00195
3 jpeg_enable_lossless [function] [call site] 00196
3 read_scan_script [function] [call site] 00197
4 fopen [call site] 00198
4 fprintf [call site] 00199
4 read_scan_integer [function] [call site] 00200
5 read_text_integer [function] [call site] 00201
5 __ctype_b_loc [call site] 00202
5 text_getc [function] [call site] 00203
5 __ctype_b_loc [call site] 00204
5 ungetc [call site] 00205
4 fprintf [call site] 00206
4 fclose [call site] 00207
4 fclose [call site] 00208
4 read_scan_integer [function] [call site] 00209
4 read_scan_integer [function] [call site] 00210
4 read_scan_integer [function] [call site] 00211
4 read_scan_integer [function] [call site] 00212
4 read_scan_integer [function] [call site] 00213
4 fclose [call site] 00214
4 fclose [call site] 00215
4 fclose [call site] 00216
3 usage() [function] [call site] 00217
2 fprintf [call site] 00218
2 usage() [function] [call site] 00219
2 fopen [call site] 00220
2 fprintf [call site] 00221
2 exit [call site] 00222
2 read_stdin [function] [call site] 00223
2 fopen [call site] 00224
2 fprintf [call site] 00225
2 exit [call site] 00226
2 write_stdout [function] [call site] 00227
2 fopen [call site] 00228
2 fprintf [call site] 00229
2 exit [call site] 00230
2 fseek [call site] 00231
2 ftell [call site] 00232
2 fseek [call site] 00233
2 fprintf [call site] 00234
2 exit [call site] 00235
2 fprintf [call site] 00236
2 fclose [call site] 00237
2 exit [call site] 00238
2 fread [call site] 00239
2 fprintf [call site] 00240
2 fclose [call site] 00241
2 exit [call site] 00242
2 fclose [call site] 00243
2 _setjmp [call site] 00244
2 jpeg_abort_compress [function] [call site] 00245
3 jpeg_abort [function] [call site] 00246
2 jpeg_destroy_compress [function] [call site] 00247
3 jpeg_destroy [function] [call site] 00248
2 fclose [call site] 00249
2 start_progress_monitor [function] [call site] 00250
2 select_file_type(jpeg_compress_struct*, _IO_FILE*) [function] [call site] 00251
3 getc [call site] 00252
3 ungetc [call site] 00253
2 jpeg_default_colorspace [function] [call site] 00254
2 parse_switches(jpeg_compress_struct*, int, char**, int, int) [function] [call site] 00255
2 jpeg_mem_dest [function] [call site] 00256
2 jpeg_stdio_dest [function] [call site] 00257
2 _setjmp [call site] 00258
2 jpeg_abort_compress [function] [call site] 00259
2 jpeg_destroy_compress [function] [call site] 00260
2 fclose [call site] 00261
2 jpeg_start_compress [function] [call site] 00262
3 jpeg_suppress_tables [function] [call site] 00263
3 jinit_compress_master [function] [call site] 00264
4 jinit_c_master_control [function] [call site] 00265
5 validate_script [function] [call site] 00266
5 jpeg_default_colorspace [function] [call site] 00267
5 initial_setup [function] [call site] 00268
6 jdiv_round_up [function] [call site] 00269
6 jdiv_round_up [function] [call site] 00270
6 jdiv_round_up [function] [call site] 00271
6 jdiv_round_up [function] [call site] 00272
6 jdiv_round_up [function] [call site] 00273
5 using_std_huff_tables [function] [call site] 00274
6 memcmp [call site] 00275
6 memcmp [call site] 00276
6 memcmp [call site] 00277
6 memcmp [call site] 00278
6 memcmp [call site] 00279
6 memcmp [call site] 00280
6 memcmp [call site] 00281
6 memcmp [call site] 00282
4 j16init_color_converter [function] [call site] 00283
4 j16init_downsampler [function] [call site] 00284
4 j16init_c_prep_controller [function] [call site] 00285
5 create_context_buffer [function] [call site] 00286
4 j12init_color_converter [function] [call site] 00287
4 j12init_downsampler [function] [call site] 00288
4 j12init_c_prep_controller [function] [call site] 00289
4 jinit_color_converter [function] [call site] 00290
5 jsimd_can_rgb_gray [function] [call site] 00291
6 init_simd [function] [call site] 00292
7 jpeg_simd_cpu_support [call site] 00293
7 __errno_location [call site] 00294
7 getenv [call site] 00295
7 strlen [call site] 00296
7 strncpy [call site] 00297
7 strcmp [call site] 00298
7 __errno_location [call site] 00299
7 getenv [call site] 00300
7 strlen [call site] 00301
7 strncpy [call site] 00302
7 strcmp [call site] 00303
7 __errno_location [call site] 00304
7 getenv [call site] 00305
7 strlen [call site] 00306
7 strncpy [call site] 00307
7 strcmp [call site] 00308
7 __errno_location [call site] 00309
7 getenv [call site] 00310
7 strlen [call site] 00311
7 strncpy [call site] 00312
7 strcmp [call site] 00313
5 jsimd_can_rgb_ycc [function] [call site] 00314
6 init_simd [function] [call site] 00315
4 jinit_downsampler [function] [call site] 00316
5 jsimd_can_h2v1_downsample [function] [call site] 00317
6 init_simd [function] [call site] 00318
5 jsimd_can_h2v2_downsample [function] [call site] 00319
6 init_simd [function] [call site] 00320
4 jinit_c_prep_controller [function] [call site] 00321
4 j16init_lossless_compressor [function] [call site] 00322
4 j12init_lossless_compressor [function] [call site] 00323
4 jinit_lossless_compressor [function] [call site] 00324
4 jinit_lhuff_encoder [function] [call site] 00325
4 j16init_c_diff_controller [function] [call site] 00326
5 jround_up [function] [call site] 00327
5 jround_up [function] [call site] 00328
5 jround_up [function] [call site] 00329
5 jround_up [function] [call site] 00330
5 jround_up [function] [call site] 00331
5 jround_up [function] [call site] 00332
4 j12init_c_diff_controller [function] [call site] 00333
4 jinit_c_diff_controller [function] [call site] 00334
4 j12init_forward_dct [function] [call site] 00335
4 jinit_forward_dct [function] [call site] 00336
5 jsimd_can_fdct_islow [function] [call site] 00337
6 init_simd [function] [call site] 00338
5 jsimd_can_fdct_ifast [function] [call site] 00339
6 init_simd [function] [call site] 00340
5 jsimd_can_fdct_float [function] [call site] 00341
6 init_simd [function] [call site] 00342
5 jsimd_can_convsamp [function] [call site] 00343
6 init_simd [function] [call site] 00344
5 jsimd_can_quantize [function] [call site] 00345
6 init_simd [function] [call site] 00346
5 jsimd_can_convsamp_float [function] [call site] 00347
6 init_simd [function] [call site] 00348
5 jsimd_can_quantize_float [function] [call site] 00349
6 init_simd [function] [call site] 00350
4 jinit_arith_encoder [function] [call site] 00351
4 jinit_phuff_encoder [function] [call site] 00352
4 jinit_huff_encoder [function] [call site] 00353
4 j12init_c_coef_controller [function] [call site] 00354
5 jround_up [function] [call site] 00355
5 jround_up [function] [call site] 00356
4 jinit_c_coef_controller [function] [call site] 00357
4 j16init_c_main_controller [function] [call site] 00358
4 j12init_c_main_controller [function] [call site] 00359
4 jinit_c_main_controller [function] [call site] 00360
4 jinit_marker_writer [function] [call site] 00361
2 jpeg_write_icc_profile [function] [call site] 00362
3 jpeg_write_m_header [function] [call site] 00363
3 jpeg_write_m_byte [function] [call site] 00364
3 jpeg_write_m_byte [function] [call site] 00365
3 jpeg_write_m_byte [function] [call site] 00366
3 jpeg_write_m_byte [function] [call site] 00367
3 jpeg_write_m_byte [function] [call site] 00368
3 jpeg_write_m_byte [function] [call site] 00369
3 jpeg_write_m_byte [function] [call site] 00370
3 jpeg_write_m_byte [function] [call site] 00371
3 jpeg_write_m_byte [function] [call site] 00372
3 jpeg_write_m_byte [function] [call site] 00373
3 jpeg_write_m_byte [function] [call site] 00374
3 jpeg_write_m_byte [function] [call site] 00375
3 jpeg_write_m_byte [function] [call site] 00376
3 jpeg_write_m_byte [function] [call site] 00377
3 jpeg_write_m_byte [function] [call site] 00378
2 jpeg16_write_scanlines [function] [call site] 00379
2 jpeg12_write_scanlines [function] [call site] 00380
2 jpeg_write_scanlines [function] [call site] 00381
2 jpeg_finish_compress [function] [call site] 00382
3 jpeg_abort [function] [call site] 00383
2 jpeg_destroy_compress [function] [call site] 00384
2 fclose [call site] 00385
2 fclose [call site] 00386
2 end_progress_monitor [function] [call site] 00387
3 fprintf [call site] 00388
3 fflush [call site] 00389
1 cjpeg_main [function] [call site] 00390
1 cjpeg_main [function] [call site] 00391
1 cjpeg_main [function] [call site] 00392
1 close [call site] 00393
1 strlen [call site] 00394
1 unlink [call site] 00395