Fuzz introspector: decompress_yuv_fuzzer
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
114 114 4 :

['jinit_1pass_quantizer', 'j12init_2pass_quantizer', 'j12init_1pass_quantizer', 'jinit_2pass_quantizer']

125 656 master_selection call site: 00195 /src/libjpeg-turbo.3.0.x/jdmaster.c:555
11 83 2 :

['jinit_merged_upsampler', 'j12init_merged_upsampler']

11 213 master_selection call site: 00207 /src/libjpeg-turbo.3.0.x/jdmaster.c:610
2 2 1 :

['jsimd_h2v2_upsample_sse2']

2 2 jsimd_h2v2_upsample call site: 00000 /src/libjpeg-turbo.3.0.x/simd/x86_64/jsimd.c:424
2 2 1 :

['jsimd_h2v1_upsample_sse2']

2 2 jsimd_h2v1_upsample call site: 00000 /src/libjpeg-turbo.3.0.x/simd/x86_64/jsimd.c:439
2 2 1 :

['jsimd_idct_islow_sse2']

2 2 jsimd_idct_islow call site: 00000 /src/libjpeg-turbo.3.0.x/simd/x86_64/jsimd.c:1011
0 47 1 :

['init_simd']

4 51 jsimd_h2v2_upsample call site: 00000 /src/libjpeg-turbo.3.0.x/simd/x86_64/jsimd.c:421
0 47 1 :

['init_simd']

4 51 jsimd_h2v1_upsample call site: 00000 /src/libjpeg-turbo.3.0.x/simd/x86_64/jsimd.c:436
0 47 1 :

['init_simd']

4 51 jsimd_idct_islow call site: 00000 /src/libjpeg-turbo.3.0.x/simd/x86_64/jsimd.c:1008
0 47 1 :

['init_simd']

0 47 jsimd_ycc_rgb_convert call site: 00000 /src/libjpeg-turbo.3.0.x/simd/x86_64/jsimd.c:252
0 47 1 :

['init_simd']

0 47 jsimd_h2v2_merged_upsample call site: 00000 /src/libjpeg-turbo.3.0.x/simd/x86_64/jsimd.c:572
0 47 1 :

['init_simd']

0 47 jsimd_h2v1_merged_upsample call site: 00000 /src/libjpeg-turbo.3.0.x/simd/x86_64/jsimd.c:623
0 2 1 :

['jcopy_sample_rows']

0 2 merged_2v_upsample call site: 00000 /src/libjpeg-turbo.3.0.x/jdmerge.c:232

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 tj3Init [function] [call site] 00001
2 snprintf [call site] 00002
2 snprintf [call site] 00003
2 snprintf [call site] 00004
2 _tjInitCompress [function] [call site] 00005
3 jpeg_std_error [function] [call site] 00006
3 _setjmp [call site] 00007
3 jpeg_CreateCompress [function] [call site] 00008
4 jinit_memory_mgr [function] [call site] 00009
5 jpeg_mem_init [function] [call site] 00010
5 jpeg_get_small [function] [call site] 00011
5 jpeg_mem_term [function] [call site] 00012
5 __errno_location [call site] 00013
5 getenv [call site] 00014
5 strlen [call site] 00015
5 strncpy [call site] 00016
5 __isoc99_sscanf [call site] 00017
3 jpeg_mem_dest_tj [function] [call site] 00018
2 _tjInitDecompress [function] [call site] 00019
3 jpeg_std_error [function] [call site] 00020
3 _setjmp [call site] 00021
3 jpeg_CreateDecompress [function] [call site] 00022
4 jinit_memory_mgr [function] [call site] 00023
4 jinit_marker_reader [function] [call site] 00024
5 reset_marker_reader [function] [call site] 00025
4 jinit_input_controller [function] [call site] 00026
3 jpeg_mem_src_tj [function] [call site] 00027
2 _tjInitCompress [function] [call site] 00028
2 _tjInitDecompress [function] [call site] 00029
1 tj3DecompressHeader [function] [call site] 00030
2 snprintf [call site] 00031
2 snprintf [call site] 00032
2 snprintf [call site] 00033
2 _setjmp [call site] 00034
2 jpeg_mem_src_tj [function] [call site] 00035
2 jpeg_save_markers [function] [call site] 00036
2 jpeg_read_header [function] [call site] 00037
3 jpeg_consume_input [function] [call site] 00038
4 default_decompress_parms [function] [call site] 00039
3 jpeg_abort [function] [call site] 00040
2 setDecompParameters [function] [call site] 00041
3 getSubsamp [function] [call site] 00042
2 jpeg_read_icc_profile [function] [call site] 00043
3 marker_is_icc [function] [call site] 00044
3 marker_is_icc [function] [call site] 00045
2 jpeg_abort_decompress [function] [call site] 00046
3 jpeg_abort [function] [call site] 00047
2 snprintf [call site] 00048
2 snprintf [call site] 00049
1 tj3Get [function] [call site] 00050
1 tj3Get [function] [call site] 00051
1 tj3Get [function] [call site] 00052
1 tj3Set [function] [call site] 00053
2 snprintf [call site] 00054
2 snprintf [call site] 00055
2 snprintf [call site] 00056
2 snprintf [call site] 00057
2 snprintf [call site] 00058
2 snprintf [call site] 00059
2 snprintf [call site] 00060
2 snprintf [call site] 00061
2 snprintf [call site] 00062
2 snprintf [call site] 00063
2 snprintf [call site] 00064
2 snprintf [call site] 00065
2 snprintf [call site] 00066
2 snprintf [call site] 00067
2 snprintf [call site] 00068
2 snprintf [call site] 00069
2 snprintf [call site] 00070
2 snprintf [call site] 00071
2 snprintf [call site] 00072
2 snprintf [call site] 00073
2 snprintf [call site] 00074
2 snprintf [call site] 00075
2 snprintf [call site] 00076
2 snprintf [call site] 00077
2 snprintf [call site] 00078
2 snprintf [call site] 00079
2 snprintf [call site] 00080
2 snprintf [call site] 00081
2 snprintf [call site] 00082
2 snprintf [call site] 00083
2 snprintf [call site] 00084
2 snprintf [call site] 00085
2 snprintf [call site] 00086
2 snprintf [call site] 00087
2 snprintf [call site] 00088
2 snprintf [call site] 00089
2 snprintf [call site] 00090
2 snprintf [call site] 00091
2 snprintf [call site] 00092
2 snprintf [call site] 00093
2 snprintf [call site] 00094
2 snprintf [call site] 00095
2 snprintf [call site] 00096
2 snprintf [call site] 00097
2 snprintf [call site] 00098
2 snprintf [call site] 00099
2 snprintf [call site] 00100
1 tj3Get [function] [call site] 00101
1 tj3Set [function] [call site] 00102
1 tj3Set [function] [call site] 00103
1 tj3Set [function] [call site] 00104
1 tj3SetScalingFactor [function] [call site] 00105
2 snprintf [call site] 00106
2 snprintf [call site] 00107
2 snprintf [call site] 00108
1 tj3SetScalingFactor [function] [call site] 00109
1 tj3Alloc [function] [call site] 00110
1 tj3YUVBufSize [function] [call site] 00111
2 snprintf [call site] 00112
2 tj3YUVPlaneWidth [function] [call site] 00113
3 snprintf [call site] 00114
3 snprintf [call site] 00115
3 snprintf [call site] 00116
2 tj3YUVPlaneHeight [function] [call site] 00117
3 snprintf [call site] 00118
3 snprintf [call site] 00119
3 snprintf [call site] 00120
1 tj3Alloc [function] [call site] 00121
1 tj3DecompressToYUV8 [function] [call site] 00122
2 snprintf [call site] 00123
2 snprintf [call site] 00124
2 _setjmp [call site] 00125
2 jpeg_mem_src_tj [function] [call site] 00126
2 jpeg_read_header [function] [call site] 00127
2 setDecompParameters [function] [call site] 00128
2 snprintf [call site] 00129
2 tj3YUVPlaneWidth [function] [call site] 00130
2 tj3YUVPlaneHeight [function] [call site] 00131
2 tj3YUVPlaneWidth [function] [call site] 00132
2 tj3YUVPlaneHeight [function] [call site] 00133
2 snprintf [call site] 00134
2 tj3DecompressToYUVPlanes8 [function] [call site] 00135
3 snprintf [call site] 00136
3 snprintf [call site] 00137
3 snprintf [call site] 00138
3 _setjmp [call site] 00139
3 jpeg_mem_src_tj [function] [call site] 00140
3 jpeg_read_header [function] [call site] 00141
3 setDecompParameters [function] [call site] 00142
3 snprintf [call site] 00143
3 snprintf [call site] 00144
3 snprintf [call site] 00145
3 snprintf [call site] 00146
3 jpeg_calc_output_dimensions [function] [call site] 00147
4 jpeg_core_output_dimensions [function] [call site] 00148
5 jdiv_round_up [function] [call site] 00149
5 jdiv_round_up [function] [call site] 00150
5 jdiv_round_up [function] [call site] 00151
5 jdiv_round_up [function] [call site] 00152
5 jdiv_round_up [function] [call site] 00153
5 jdiv_round_up [function] [call site] 00154
5 jdiv_round_up [function] [call site] 00155
5 jdiv_round_up [function] [call site] 00156
5 jdiv_round_up [function] [call site] 00157
5 jdiv_round_up [function] [call site] 00158
5 jdiv_round_up [function] [call site] 00159
5 jdiv_round_up [function] [call site] 00160
5 jdiv_round_up [function] [call site] 00161
5 jdiv_round_up [function] [call site] 00162
5 jdiv_round_up [function] [call site] 00163
5 jdiv_round_up [function] [call site] 00164
5 jdiv_round_up [function] [call site] 00165
5 jdiv_round_up [function] [call site] 00166
5 jdiv_round_up [function] [call site] 00167
5 jdiv_round_up [function] [call site] 00168
5 jdiv_round_up [function] [call site] 00169
5 jdiv_round_up [function] [call site] 00170
5 jdiv_round_up [function] [call site] 00171
5 jdiv_round_up [function] [call site] 00172
5 jdiv_round_up [function] [call site] 00173
5 jdiv_round_up [function] [call site] 00174
5 jdiv_round_up [function] [call site] 00175
5 jdiv_round_up [function] [call site] 00176
5 jdiv_round_up [function] [call site] 00177
5 jdiv_round_up [function] [call site] 00178
5 jdiv_round_up [function] [call site] 00179
5 jdiv_round_up [function] [call site] 00180
4 jdiv_round_up [function] [call site] 00181
4 jdiv_round_up [function] [call site] 00182
4 use_merged_upsample [function] [call site] 00183
3 tj3YUVPlaneWidth [function] [call site] 00184
3 tj3YUVPlaneHeight [function] [call site] 00185
3 snprintf [call site] 00186
3 snprintf [call site] 00187
3 snprintf [call site] 00188
3 _setjmp [call site] 00189
3 jpeg_start_decompress [function] [call site] 00190
4 jinit_master_decompress [function] [call site] 00191
5 master_selection [function] [call site] 00192
6 jpeg_calc_output_dimensions [function] [call site] 00193
6 prepare_range_limit_table [function] [call site] 00194
6 use_merged_upsample [function] [call site] 00195
6 jinit_1pass_quantizer [function] [call site] 00196
7 create_colormap [function] [call site] 00197
8 select_ncolors [function] [call site] 00198
8 output_value [function] [call site] 00199
7 create_colorindex [function] [call site] 00200
8 largest_input_value [function] [call site] 00201
8 largest_input_value [function] [call site] 00202
7 alloc_fs_workspace [function] [call site] 00203
6 j12init_1pass_quantizer [function] [call site] 00204
6 jinit_2pass_quantizer [function] [call site] 00205
7 init_error_limit [function] [call site] 00206
6 j12init_2pass_quantizer [function] [call site] 00207
6 jinit_merged_upsampler [function] [call site] 00208
7 jsimd_can_h2v2_merged_upsample [function] [call site] 00209
8 init_simd [function] [call site] 00210
9 jpeg_simd_cpu_support [call site] 00211
9 __errno_location [call site] 00212
9 getenv [call site] 00213
9 strlen [call site] 00214
9 strncpy [call site] 00215
9 strcmp [call site] 00216
9 __errno_location [call site] 00217
9 getenv [call site] 00218
9 strlen [call site] 00219
9 strncpy [call site] 00220
9 strcmp [call site] 00221
9 __errno_location [call site] 00222
9 getenv [call site] 00223
9 strlen [call site] 00224
9 strncpy [call site] 00225
9 strcmp [call site] 00226
9 __errno_location [call site] 00227
9 getenv [call site] 00228
9 strlen [call site] 00229
9 strncpy [call site] 00230
9 strcmp [call site] 00231
7 jsimd_can_h2v1_merged_upsample [function] [call site] 00232
8 init_simd [function] [call site] 00233
7 build_ycc_rgb_table [function] [call site] 00234
6 j12init_merged_upsampler [function] [call site] 00235
6 jinit_color_deconverter [function] [call site] 00236
7 build_rgb_y_table [function] [call site] 00237
7 jsimd_can_ycc_rgb [function] [call site] 00238
8 init_simd [function] [call site] 00239
7 build_ycc_rgb_table [function] [call site] 00240
7 jsimd_can_ycc_rgb565 [function] [call site] 00241
7 build_ycc_rgb_table [function] [call site] 00242
7 build_ycc_rgb_table [function] [call site] 00243
7 build_ycc_rgb_table [function] [call site] 00244
6 jinit_upsampler [function] [call site] 00245
7 jsimd_can_h2v1_fancy_upsample [function] [call site] 00246
8 init_simd [function] [call site] 00247
7 jsimd_can_h2v1_upsample [function] [call site] 00248
8 init_simd [function] [call site] 00249
7 jsimd_can_h2v2_fancy_upsample [function] [call site] 00250
8 init_simd [function] [call site] 00251
7 jsimd_can_h2v2_upsample [function] [call site] 00252
8 init_simd [function] [call site] 00253
7 jround_up [function] [call site] 00254
6 j12init_color_deconverter [function] [call site] 00255
6 j12init_upsampler [function] [call site] 00256
6 j16init_color_deconverter [function] [call site] 00257
6 j16init_upsampler [function] [call site] 00258
6 jinit_d_post_controller [function] [call site] 00259
7 jround_up [function] [call site] 00260
6 j12init_d_post_controller [function] [call site] 00261
6 j16init_d_post_controller [function] [call site] 00262
6 jinit_lossless_decompressor [function] [call site] 00263
6 j12init_lossless_decompressor [function] [call site] 00264
6 j16init_lossless_decompressor [function] [call site] 00265
6 jinit_lhuff_decoder [function] [call site] 00266
6 jinit_d_diff_controller [function] [call site] 00267
7 jround_up [function] [call site] 00268
7 jround_up [function] [call site] 00269
7 jround_up [function] [call site] 00270
7 jround_up [function] [call site] 00271
6 j12init_d_diff_controller [function] [call site] 00272
6 j16init_d_diff_controller [function] [call site] 00273
6 jinit_inverse_dct [function] [call site] 00274
6 j12init_inverse_dct [function] [call site] 00275
6 jinit_arith_decoder [function] [call site] 00276
6 jinit_phuff_decoder [function] [call site] 00277
6 jinit_huff_decoder [function] [call site] 00278
7 std_huff_tables [function] [call site] 00279
8 add_huff_table [function] [call site] 00280
9 jpeg_alloc_huff_table [function] [call site] 00281
8 add_huff_table [function] [call site] 00282
8 add_huff_table [function] [call site] 00283
8 add_huff_table [function] [call site] 00284
6 j12init_d_coef_controller [function] [call site] 00285
7 jround_up [function] [call site] 00286
7 jround_up [function] [call site] 00287
6 jinit_d_coef_controller [function] [call site] 00288
6 jinit_d_main_controller [function] [call site] 00289
7 alloc_funny_pointers [function] [call site] 00290
6 j12init_d_main_controller [function] [call site] 00291
6 j16init_d_main_controller [function] [call site] 00292
4 output_pass_setup [function] [call site] 00293
3 jpeg_read_raw_data [function] [call site] 00294
3 jpeg_finish_decompress [function] [call site] 00295
4 jpeg_abort [function] [call site] 00296
3 jpeg_abort_decompress [function] [call site] 00297
2 jpeg_abort_decompress [function] [call site] 00298
1 tj3DecodeYUV8 [function] [call site] 00299
2 snprintf [call site] 00300
2 snprintf [call site] 00301
2 snprintf [call site] 00302
2 tj3YUVPlaneWidth [function] [call site] 00303
2 tj3YUVPlaneHeight [function] [call site] 00304
2 tj3YUVPlaneWidth [function] [call site] 00305
2 tj3YUVPlaneHeight [function] [call site] 00306
2 snprintf [call site] 00307
2 tj3DecodeYUVPlanes8 [function] [call site] 00308
3 snprintf [call site] 00309
3 snprintf [call site] 00310
3 snprintf [call site] 00311
3 snprintf [call site] 00312
3 _setjmp [call site] 00313
3 snprintf [call site] 00314
3 snprintf [call site] 00315
3 setDecodeDefaults [function] [call site] 00316
4 jpeg_alloc_quant_table [function] [call site] 00317
3 jpeg_read_header [function] [call site] 00318
3 jinit_master_decompress [function] [call site] 00319
3 snprintf [call site] 00320
3 snprintf [call site] 00321
3 snprintf [call site] 00322
3 snprintf [call site] 00323
3 _setjmp [call site] 00324
3 jcopy_sample_rows [function] [call site] 00325
3 jpeg_abort_decompress [function] [call site] 00326
3 jpeg_abort_decompress [function] [call site] 00327
1 tj3Destroy [function] [call site] 00328
2 _setjmp [call site] 00329
2 jpeg_destroy_compress [function] [call site] 00330
3 jpeg_destroy [function] [call site] 00331
2 jpeg_destroy_decompress [function] [call site] 00332
3 jpeg_destroy [function] [call site] 00333