Fuzz introspector: transform_fuzzer_3_0_x
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
458 458 1 :

['encode_one_block']

458 458 encode_mcu_huff call site: 00000 /src/libjpeg-turbo.3.0.x/jchuff.c:717
50 50 3 :

['do_crop_ext_zero', 'do_crop_ext_flat', 'do_crop_ext_reflect']

50 50 jtransform_execute_transform call site: 00234 /src/libjpeg-turbo.3.0.x/transupp.c:2173
16 16 1 :

['do_barray_io']

16 18 access_virt_barray call site: 00000 /src/libjpeg-turbo.3.0.x/jmemmgr.c:1024
8 8 1 :

['jtransform_perfect_transform']

20 40 jtransform_request_workspace call site: 00120 /src/libjpeg-turbo.3.0.x/transupp.c:1527
2 4 2 :

['out_of_memory', 'jpeg_get_small']

2 4 alloc_small call site: 00000 /src/libjpeg-turbo.3.0.x/jmemmgr.c:318
2 2 1 :

['out_of_memory']

2 2 alloc_large call site: 00000 /src/libjpeg-turbo.3.0.x/jmemmgr.c:394
0 7 1 :

['jpeg_default_colorspace']

19 49 jinit_c_master_control call site: 00208 /src/libjpeg-turbo.3.0.x/jcmaster.c:740
0 7 1 :

['jpeg_default_colorspace']

0 55 jpeg_simple_progression call site: 00185 /src/libjpeg-turbo.3.0.x/jcparam.c:488
0 2 1 :

['jpeg_mem_term']

14 16 jinit_memory_mgr call site: 00011 /src/libjpeg-turbo.3.0.x/jmemmgr.c:1227
0 2 1 :

['fill_scans']

0 2 fill_dc_scans call site: 00187 /src/libjpeg-turbo.3.0.x/jcparam.c:454
0 0 1 :

['emit_restart.1496']

458 473 encode_mcu_huff call site: 00000 /src/libjpeg-turbo.3.0.x/jchuff.c:709
0 0 None 56 97 realize_virt_arrays call site: 00000 /src/libjpeg-turbo.3.0.x/jmemmgr.c:736

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 tj3Init [function] [call site] 00001
2 snprintf [call site] 00002
2 snprintf [call site] 00003
2 snprintf [call site] 00004
2 _tjInitCompress [function] [call site] 00005
3 jpeg_std_error [function] [call site] 00006
3 _setjmp [call site] 00007
3 jpeg_CreateCompress [function] [call site] 00008
4 jinit_memory_mgr [function] [call site] 00009
5 jpeg_mem_init [function] [call site] 00010
5 jpeg_get_small [function] [call site] 00011
5 jpeg_mem_term [function] [call site] 00012
5 __errno_location [call site] 00013
5 getenv [call site] 00014
5 strlen [call site] 00015
5 strncpy [call site] 00016
5 __isoc99_sscanf [call site] 00017
3 jpeg_mem_dest_tj [function] [call site] 00018
2 _tjInitDecompress [function] [call site] 00019
3 jpeg_std_error [function] [call site] 00020
3 _setjmp [call site] 00021
3 jpeg_CreateDecompress [function] [call site] 00022
4 jinit_memory_mgr [function] [call site] 00023
4 jinit_marker_reader [function] [call site] 00024
5 reset_marker_reader [function] [call site] 00025
4 jinit_input_controller [function] [call site] 00026
3 jpeg_mem_src_tj [function] [call site] 00027
2 _tjInitCompress [function] [call site] 00028
2 _tjInitDecompress [function] [call site] 00029
1 tj3DecompressHeader [function] [call site] 00030
2 snprintf [call site] 00031
2 snprintf [call site] 00032
2 snprintf [call site] 00033
2 _setjmp [call site] 00034
2 jpeg_mem_src_tj [function] [call site] 00035
2 jpeg_read_header [function] [call site] 00036
3 jpeg_consume_input [function] [call site] 00037
4 default_decompress_parms [function] [call site] 00038
3 jpeg_abort [function] [call site] 00039
2 setDecompParameters [function] [call site] 00040
3 getSubsamp [function] [call site] 00041
2 jpeg_abort_decompress [function] [call site] 00042
3 jpeg_abort [function] [call site] 00043
2 snprintf [call site] 00044
2 snprintf [call site] 00045
1 tj3Get [function] [call site] 00046
1 tj3Get [function] [call site] 00047
1 tj3Get [function] [call site] 00048
1 tj3Set [function] [call site] 00049
2 snprintf [call site] 00050
2 snprintf [call site] 00051
2 snprintf [call site] 00052
2 snprintf [call site] 00053
2 snprintf [call site] 00054
2 snprintf [call site] 00055
2 snprintf [call site] 00056
2 snprintf [call site] 00057
2 snprintf [call site] 00058
2 snprintf [call site] 00059
2 snprintf [call site] 00060
2 snprintf [call site] 00061
2 snprintf [call site] 00062
2 snprintf [call site] 00063
2 snprintf [call site] 00064
2 snprintf [call site] 00065
2 snprintf [call site] 00066
2 snprintf [call site] 00067
2 snprintf [call site] 00068
2 snprintf [call site] 00069
2 snprintf [call site] 00070
2 snprintf [call site] 00071
2 snprintf [call site] 00072
2 snprintf [call site] 00073
2 snprintf [call site] 00074
2 snprintf [call site] 00075
2 snprintf [call site] 00076
2 snprintf [call site] 00077
2 snprintf [call site] 00078
2 snprintf [call site] 00079
2 snprintf [call site] 00080
2 snprintf [call site] 00081
2 snprintf [call site] 00082
2 snprintf [call site] 00083
2 snprintf [call site] 00084
2 snprintf [call site] 00085
2 snprintf [call site] 00086
2 snprintf [call site] 00087
2 snprintf [call site] 00088
2 snprintf [call site] 00089
2 snprintf [call site] 00090
2 snprintf [call site] 00091
2 snprintf [call site] 00092
2 snprintf [call site] 00093
2 snprintf [call site] 00094
2 snprintf [call site] 00095
1 tj3Set [function] [call site] 00096
1 tj3Set [function] [call site] 00097
1 tj3Set [function] [call site] 00098
1 tj3JPEGBufSize [function] [call site] 00099
2 snprintf [call site] 00100
1 tj3Alloc [function] [call site] 00101
1 tj3JPEGBufSize [function] [call site] 00102
1 tj3Set [function] [call site] 00103
1 tj3Transform [function] [call site] 00104
2 snprintf [call site] 00105
2 snprintf [call site] 00106
2 snprintf [call site] 00107
2 snprintf [call site] 00108
2 _setjmp [call site] 00109
2 jpeg_mem_src_tj [function] [call site] 00110
2 snprintf [call site] 00111
2 snprintf [call site] 00112
2 jcopy_markers_setup [function] [call site] 00113
3 jpeg_save_markers [function] [call site] 00114
3 jpeg_save_markers [function] [call site] 00115
3 jpeg_save_markers [function] [call site] 00116
2 jpeg_read_header [function] [call site] 00117
2 snprintf [call site] 00118
2 getSubsamp [function] [call site] 00119
2 jtransform_request_workspace [function] [call site] 00120
3 jtransform_perfect_transform [function] [call site] 00121
3 jtransform_perfect_transform [function] [call site] 00122
3 jdiv_round_up [function] [call site] 00123
3 jdiv_round_up [function] [call site] 00124
3 trim_right_edge [function] [call site] 00125
3 trim_bottom_edge [function] [call site] 00126
3 trim_right_edge [function] [call site] 00127
3 trim_bottom_edge [function] [call site] 00128
3 trim_right_edge [function] [call site] 00129
3 trim_right_edge [function] [call site] 00130
3 trim_bottom_edge [function] [call site] 00131
3 trim_bottom_edge [function] [call site] 00132
3 jdiv_round_up [function] [call site] 00133
3 jdiv_round_up [function] [call site] 00134
2 snprintf [call site] 00135
2 snprintf [call site] 00136
2 snprintf [call site] 00137
2 jpeg_read_coefficients [function] [call site] 00138
3 transdecode_master_selection [function] [call site] 00139
4 jinit_arith_decoder [function] [call site] 00140
4 jinit_phuff_decoder [function] [call site] 00141
4 jinit_huff_decoder [function] [call site] 00142
5 std_huff_tables [function] [call site] 00143
6 add_huff_table [function] [call site] 00144
7 jpeg_alloc_huff_table [function] [call site] 00145
6 add_huff_table [function] [call site] 00146
6 add_huff_table [function] [call site] 00147
6 add_huff_table [function] [call site] 00148
4 j12init_d_coef_controller [function] [call site] 00149
5 jround_up [function] [call site] 00150
5 jround_up [function] [call site] 00151
4 jinit_d_coef_controller [function] [call site] 00152
2 snprintf [call site] 00153
2 snprintf [call site] 00154
2 tj3JPEGBufSize [function] [call site] 00155
2 jpeg_mem_dest_tj [function] [call site] 00156
2 jpeg_copy_critical_parameters [function] [call site] 00157
3 jpeg_set_defaults [function] [call site] 00158
4 jpeg_set_quality [function] [call site] 00159
5 jpeg_quality_scaling [function] [call site] 00160
5 jpeg_set_linear_quality [function] [call site] 00161
6 jpeg_add_quant_table [function] [call site] 00162
7 jpeg_alloc_quant_table [function] [call site] 00163
6 jpeg_add_quant_table [function] [call site] 00164
4 std_huff_tables [function] [call site] 00165
4 jpeg_default_colorspace [function] [call site] 00166
5 jpeg_set_colorspace [function] [call site] 00167
5 jpeg_set_colorspace [function] [call site] 00168
5 jpeg_set_colorspace [function] [call site] 00169
5 jpeg_set_colorspace [function] [call site] 00170
5 jpeg_set_colorspace [function] [call site] 00171
5 jpeg_set_colorspace [function] [call site] 00172
5 jpeg_set_colorspace [function] [call site] 00173
3 jpeg_set_colorspace [function] [call site] 00174
3 jpeg_alloc_quant_table [function] [call site] 00175
2 jtransform_adjust_parameters [function] [call site] 00176
3 jpeg_set_colorspace [function] [call site] 00177
3 transpose_critical_parameters [function] [call site] 00178
3 adjust_quant [function] [call site] 00179
4 requant_comp [function] [call site] 00180
4 largest_common_denominator [function] [call site] 00181
4 dequant_comp [function] [call site] 00182
4 dequant_comp [function] [call site] 00183
3 adjust_exif_parameters [function] [call site] 00184
2 jpeg_simple_progression [function] [call site] 00185
3 jpeg_default_colorspace [function] [call site] 00186
3 fill_dc_scans [function] [call site] 00187
4 fill_scans [function] [call site] 00188
3 fill_a_scan [function] [call site] 00189
3 fill_a_scan [function] [call site] 00190
3 fill_a_scan [function] [call site] 00191
3 fill_a_scan [function] [call site] 00192
3 fill_a_scan [function] [call site] 00193
3 fill_dc_scans [function] [call site] 00194
3 fill_a_scan [function] [call site] 00195
3 fill_a_scan [function] [call site] 00196
3 fill_a_scan [function] [call site] 00197
3 fill_dc_scans [function] [call site] 00198
3 fill_scans [function] [call site] 00199
3 fill_scans [function] [call site] 00200
3 fill_scans [function] [call site] 00201
3 fill_dc_scans [function] [call site] 00202
3 fill_scans [function] [call site] 00203
2 jpeg_write_coefficients [function] [call site] 00204
3 jpeg_suppress_tables [function] [call site] 00205
3 transencode_master_selection [function] [call site] 00206
4 jinit_c_master_control [function] [call site] 00207
5 validate_script [function] [call site] 00208
5 jpeg_default_colorspace [function] [call site] 00209
5 initial_setup [function] [call site] 00210
6 jdiv_round_up [function] [call site] 00211
6 jdiv_round_up [function] [call site] 00212
6 jdiv_round_up [function] [call site] 00213
6 jdiv_round_up [function] [call site] 00214
6 jdiv_round_up [function] [call site] 00215
5 using_std_huff_tables [function] [call site] 00216
6 memcmp [call site] 00217
6 memcmp [call site] 00218
6 memcmp [call site] 00219
6 memcmp [call site] 00220
6 memcmp [call site] 00221
6 memcmp [call site] 00222
6 memcmp [call site] 00223
6 memcmp [call site] 00224
4 jinit_arith_encoder [function] [call site] 00225
4 jinit_phuff_encoder [function] [call site] 00226
4 jinit_huff_encoder [function] [call site] 00227
4 transencode_coef_controller [function] [call site] 00228
5 jzero_far [function] [call site] 00229
4 jinit_marker_writer [function] [call site] 00230
2 jcopy_markers_execute [function] [call site] 00231
3 jpeg_write_marker [function] [call site] 00232
2 jinit_c_master_control [function] [call site] 00233
2 jtransform_execute_transform [function] [call site] 00234
3 do_crop_ext_reflect [function] [call site] 00235
4 jcopy_block_row [function] [call site] 00236
3 do_crop_ext_flat [function] [call site] 00237
4 jcopy_block_row [function] [call site] 00238
3 do_crop_ext_zero [function] [call site] 00239
4 jcopy_block_row [function] [call site] 00240
4 jcopy_block_row [function] [call site] 00241
3 do_crop [function] [call site] 00242
4 jcopy_block_row [function] [call site] 00243
3 do_flip_h [function] [call site] 00244
4 jcopy_block_row [function] [call site] 00245
3 do_flip_h_no_crop [function] [call site] 00246
4 jcopy_block_row [function] [call site] 00247
3 do_flip_v [function] [call site] 00248
4 jcopy_block_row [function] [call site] 00249
3 do_transpose [function] [call site] 00250
3 do_transverse [function] [call site] 00251
3 do_rot_90 [function] [call site] 00252
3 do_rot_180 [function] [call site] 00253
4 jcopy_block_row [function] [call site] 00254
3 do_rot_270 [function] [call site] 00255
3 jdiv_round_up [function] [call site] 00256
3 jdiv_round_up [function] [call site] 00257
3 do_reflect [function] [call site] 00258
3 do_flatten [function] [call site] 00259
3 do_wipe [function] [call site] 00260
3 do_drop [function] [call site] 00261
4 jcopy_block_row [function] [call site] 00262
2 snprintf [call site] 00263
2 jpeg_finish_compress [function] [call site] 00264
3 jpeg_abort [function] [call site] 00265
2 jpeg_finish_decompress [function] [call site] 00266
3 jpeg_abort [function] [call site] 00267
2 jpeg_abort_compress [function] [call site] 00268
3 jpeg_abort [function] [call site] 00269
2 jpeg_abort_decompress [function] [call site] 00270
1 tj3JPEGBufSize [function] [call site] 00271
1 tj3Alloc [function] [call site] 00272
1 tj3JPEGBufSize [function] [call site] 00273
1 tj3Transform [function] [call site] 00274
1 tj3JPEGBufSize [function] [call site] 00275
1 tj3Alloc [function] [call site] 00276
1 tj3JPEGBufSize [function] [call site] 00277
1 tj3Transform [function] [call site] 00278
1 tj3Set [function] [call site] 00279
1 tj3Transform [function] [call site] 00280
1 tj3Destroy [function] [call site] 00281
2 _setjmp [call site] 00282
2 jpeg_destroy_compress [function] [call site] 00283
3 jpeg_destroy [function] [call site] 00284
2 jpeg_destroy_decompress [function] [call site] 00285
3 jpeg_destroy [function] [call site] 00286