The followings are the branches where fuzzer fails to bypass.
Unique non-covered Complexity | Unique Reachable Complexities | Unique Reachable Functions | All non-covered Complexity | All Reachable Complexity | Function Name | Function Callsite | Blocked Branch |
---|---|---|---|---|---|---|---|
14 | 14 |
1 :
['oc_parse_amd_flags'] |
14 | 30 | oc_cpu_flags_get | call site: 00091 | /src/libtheora/lib/x86/x86cpu.c:106 |
0 | 12 |
2 :
['oc_huff_trees_clear', 'oc_state_clear'] |
0 | 12 | oc_dec_init | call site: 00116 | /src/libtheora/lib/decode.c:388 |
0 | 3 |
2 :
['free', 'oc_aligned_free'] |
0 | 3 | oc_state_ref_bufs_init | call site: 00108 | /src/libtheora/lib/state.c:594 |
0 | 2 |
2 :
['oc_ycbcr_buffer_flip', 'malloc'] |
0 | 2 | oc_dec_postprocess_init | call site: 00190 | /src/libtheora/lib/decode.c:1209 |
0 | 2 |
1 :
['oc_state_frarray_clear'] |
0 | 2 | oc_state_init | call site: 00107 | /src/libtheora/lib/state.c:737 |
0 | 0 | None | 53 | 125 | th_decode_packetin | call site: 00205 | /src/libtheora/lib/decode.c:2895 |
0 | 0 | None | 53 | 125 | th_decode_packetin | call site: 00211 | /src/libtheora/lib/decode.c:2929 |
0 | 0 | None | 0 | 9 | oc_dec_init | call site: 00112 | /src/libtheora/lib/decode.c:378 |
0 | 0 | None | 0 | 0 | oc_pack_refill | call site: 00015 | /src/libtheora/lib/bitpack.c:48 |
0 | 0 | None | 0 | 0 | oc_dec_headerin | call site: 00014 | /src/libtheora/lib/decinfo.c:200 |
0 | 0 | None | 0 | 0 | oc_comment_unpack | call site: 00047 | /src/libtheora/lib/decinfo.c:141 |
0 | 0 | None | 0 | 0 | oc_comment_unpack | call site: 00049 | /src/libtheora/lib/decinfo.c:153 |
LLVMFuzzerTestOneInput
[function]
[call site]
00000
fuzzing::datasource::Datasource::Datasource(unsigned char const*, unsigned long)
[function]
[call site]
00001
fuzzing::datasource::Base::Base()
[function]
[call site]
00002
TheoraDecoder::TheoraDecoder(fuzzing::datasource::Datasource&)
[function]
[call site]
00003
TheoraDecoder::Run()
[function]
[call site]
00004
TheoraDecoder::initialize()
[function]
[call site]
00005
th_info_init
[function]
[call site]
00006
th_comment_init
[function]
[call site]
00007
fuzzing::datasource::Base::GetData(unsigned long, unsigned long, unsigned long)
[function]
[call site]
00008
__cxa_begin_catch
[call site]
00009
__cxa_end_catch
[call site]
00010
th_decode_headerin
[function]
[call site]
00011
oc_pack_readinit
[function]
[call site]
00012
oc_dec_headerin
[function]
[call site]
00013
oc_pack_read_c
[function]
[call site]
00014
oc_pack_refill
[function]
[call site]
00015
oc_unpack_octets
[function]
[call site]
00016
oc_pack_read_c
[function]
[call site]
00017
memcmp
[call site]
00018
oc_info_unpack
[function]
[call site]
00019
oc_pack_read_c
[function]
[call site]
00020
oc_pack_read_c
[function]
[call site]
00021
oc_pack_read_c
[function]
[call site]
00022
oc_pack_read_c
[function]
[call site]
00023
oc_pack_read_c
[function]
[call site]
00024
oc_pack_read_c
[function]
[call site]
00025
oc_pack_read_c
[function]
[call site]
00026
oc_pack_read_c
[function]
[call site]
00027
oc_pack_read_c
[function]
[call site]
00028
oc_pack_read_c
[function]
[call site]
00029
oc_pack_read_c
[function]
[call site]
00030
oc_pack_read_c
[function]
[call site]
00031
oc_pack_read_c
[function]
[call site]
00032
oc_pack_read_c
[function]
[call site]
00033
oc_pack_read_c
[function]
[call site]
00034
oc_pack_read_c
[function]
[call site]
00035
oc_pack_read_c
[function]
[call site]
00036
oc_pack_read_c
[function]
[call site]
00037
oc_pack_read_c
[function]
[call site]
00038
oc_pack_bytes_left
[function]
[call site]
00039
th_info_clear
[function]
[call site]
00040
oc_comment_unpack
[function]
[call site]
00041
oc_unpack_length
[function]
[call site]
00042
oc_pack_read_c
[function]
[call site]
00043
oc_pack_bytes_left
[function]
[call site]
00044
oc_unpack_octets
[function]
[call site]
00045
oc_unpack_length
[function]
[call site]
00046
oc_pack_bytes_left
[function]
[call site]
00047
oc_unpack_length
[function]
[call site]
00048
oc_pack_bytes_left
[function]
[call site]
00049
oc_unpack_octets
[function]
[call site]
00050
oc_pack_bytes_left
[function]
[call site]
00051
th_comment_clear
[function]
[call site]
00052
calloc
[call site]
00053
oc_setup_unpack
[function]
[call site]
00054
oc_quant_params_unpack
[function]
[call site]
00055
oc_pack_read_c
[function]
[call site]
00056
oc_pack_read_c
[function]
[call site]
00057
oc_pack_read_c
[function]
[call site]
00058
oc_pack_read_c
[function]
[call site]
00059
oc_pack_read_c
[function]
[call site]
00060
oc_ilog
[function]
[call site]
00061
oc_pack_read1_c
[function]
[call site]
00062
oc_pack_read_c
[function]
[call site]
00063
oc_ilog
[function]
[call site]
00064
oc_pack_read_c
[function]
[call site]
00065
oc_huff_trees_unpack
[function]
[call site]
00066
oc_huff_tree_unpack
[function]
[call site]
00067
oc_pack_read1_c
[function]
[call site]
00068
oc_pack_bytes_left
[function]
[call site]
00069
oc_pack_read_c
[function]
[call site]
00070
oc_huff_tree_collapse
[function]
[call site]
00071
oc_huff_tree_collapse_depth
[function]
[call site]
00072
oc_huff_subtree_tokens
[function]
[call site]
00073
oc_huff_subtree_tokens
[function]
[call site]
00074
oc_huff_node_size
[function]
[call site]
00075
oc_huff_subtree_tokens
[function]
[call site]
00076
oc_huff_tree_collapse
[function]
[call site]
00077
oc_setup_clear
[function]
[call site]
00078
oc_quant_params_clear
[function]
[call site]
00079
oc_huff_trees_clear
[function]
[call site]
00080
TheoraDecoder::processComments() const
[function]
[call site]
00081
fuzzing::memory::memory_test(void const*, unsigned long)
[function]
[call site]
00082
fuzzing::memory::memory_test_asan(void const*, unsigned long)
[function]
[call site]
00083
fuzzing::memory::memory_test_msan(void const*, unsigned long)
[function]
[call site]
00084
th_decode_alloc
[function]
[call site]
00085
oc_aligned_malloc
[function]
[call site]
00086
oc_dec_init
[function]
[call site]
00087
oc_state_init
[function]
[call site]
00088
oc_state_accel_init_x86
[function]
[call site]
00089
oc_state_accel_init_c
[function]
[call site]
00090
oc_cpu_flags_get
[function]
[call site]
00091
oc_parse_intel_flags
[function]
[call site]
00092
oc_parse_amd_flags
[function]
[call site]
00093
oc_parse_intel_flags
[function]
[call site]
00094
oc_parse_intel_flags
[function]
[call site]
00095
oc_parse_amd_flags
[function]
[call site]
00096
oc_state_frarray_init
[function]
[call site]
00097
calloc
[call site]
00098
calloc
[call site]
00099
calloc
[call site]
00100
calloc
[call site]
00101
oc_sb_create_plane_mapping
[function]
[call site]
00102
oc_sb_quad_top_left_frag
[function]
[call site]
00103
oc_mb_create_mapping
[function]
[call site]
00104
oc_mb_fill_ymapping
[function]
[call site]
00105
oc_state_border_init
[function]
[call site]
00106
oc_state_ref_bufs_init
[function]
[call site]
00107
oc_aligned_malloc
[function]
[call site]
00108
oc_aligned_free
[function]
[call site]
00109
oc_ycbcr_buffer_flip
[function]
[call site]
00110
oc_state_frarray_clear
[function]
[call site]
00111
oc_huff_trees_copy
[function]
[call site]
00112
oc_huff_tree_size
[function]
[call site]
00113
oc_huff_node_size
[function]
[call site]
00114
oc_huff_tree_size
[function]
[call site]
00115
oc_state_clear
[function]
[call site]
00116
oc_state_ref_bufs_clear
[function]
[call site]
00117
oc_aligned_free
[function]
[call site]
00118
oc_state_frarray_clear
[function]
[call site]
00119
oc_huff_trees_clear
[function]
[call site]
00120
oc_state_clear
[function]
[call site]
00121
oc_dequant_tables_init
[function]
[call site]
00122
memcmp
[call site]
00123
oc_dec_accel_init_c
[function]
[call site]
00124
oc_aligned_free
[function]
[call site]
00125
th_setup_free
[function]
[call site]
00126
oc_setup_clear
[function]
[call site]
00127
bool fuzzing::datasource::Base::Get<bool>(unsigned long)
[function]
[call site]
00128
TheoraDecoder::decodePacket()
[function]
[call site]
00129
fuzzing::datasource::Base::GetData(unsigned long, unsigned long, unsigned long)
[function]
[call site]
00130
th_decode_packetin
[function]
[call site]
00131
oc_pack_readinit
[function]
[call site]
00132
oc_dec_frame_header_unpack
[function]
[call site]
00133
oc_pack_read1_c
[function]
[call site]
00134
oc_pack_read1_c
[function]
[call site]
00135
oc_pack_read_c
[function]
[call site]
00136
oc_pack_read1_c
[function]
[call site]
00137
oc_pack_read_c
[function]
[call site]
00138
oc_pack_read1_c
[function]
[call site]
00139
oc_pack_read_c
[function]
[call site]
00140
oc_pack_read_c
[function]
[call site]
00141
oc_dec_mark_all_intra
[function]
[call site]
00142
oc_dec_coded_flags_unpack
[function]
[call site]
00143
oc_dec_partial_sb_flags_unpack
[function]
[call site]
00144
oc_pack_read1_c
[function]
[call site]
00145
oc_sb_run_unpack
[function]
[call site]
00146
oc_huff_token_decode_c
[function]
[call site]
00147
oc_pack_read_c
[function]
[call site]
00148
oc_pack_read1_c
[function]
[call site]
00149
oc_dec_coded_sb_flags_unpack
[function]
[call site]
00150
oc_pack_read1_c
[function]
[call site]
00151
oc_sb_run_unpack
[function]
[call site]
00152
oc_pack_read1_c
[function]
[call site]
00153
oc_pack_read1_c
[function]
[call site]
00154
oc_block_run_unpack
[function]
[call site]
00155
oc_huff_token_decode_c
[function]
[call site]
00156
oc_dec_init_dummy_frame
[function]
[call site]
00157
oc_dec_mb_modes_unpack
[function]
[call site]
00158
oc_pack_read_c
[function]
[call site]
00159
oc_pack_read_c
[function]
[call site]
00160
oc_huff_token_decode_c
[function]
[call site]
00161
oc_dec_mv_unpack_and_frag_modes_fill
[function]
[call site]
00162
oc_pack_read1_c
[function]
[call site]
00163
oc_mv_unpack
[function]
[call site]
00164
oc_huff_token_decode_c
[function]
[call site]
00165
oc_huff_token_decode_c
[function]
[call site]
00166
oc_mv_unpack
[function]
[call site]
00167
oc_mv_unpack
[function]
[call site]
00168
oc_dec_block_qis_unpack
[function]
[call site]
00169
oc_pack_read1_c
[function]
[call site]
00170
oc_sb_run_unpack
[function]
[call site]
00171
oc_pack_read1_c
[function]
[call site]
00172
oc_pack_read1_c
[function]
[call site]
00173
oc_sb_run_unpack
[function]
[call site]
00174
oc_pack_read1_c
[function]
[call site]
00175
oc_dec_residual_tokens_unpack
[function]
[call site]
00176
oc_pack_read_c
[function]
[call site]
00177
oc_pack_read_c
[function]
[call site]
00178
oc_dec_dc_coeff_unpack
[function]
[call site]
00179
oc_huff_token_decode_c
[function]
[call site]
00180
oc_pack_read_c
[function]
[call site]
00181
oc_pack_read_c
[function]
[call site]
00182
oc_pack_read_c
[function]
[call site]
00183
oc_dec_ac_coeff_unpack
[function]
[call site]
00184
oc_huff_token_decode_c
[function]
[call site]
00185
oc_pack_read_c
[function]
[call site]
00186
oc_dec_pipeline_init
[function]
[call site]
00187
oc_loop_filter_init_mmxext
[function]
[call site]
00188
oc_dec_postprocess_init
[function]
[call site]
00189
oc_restore_fpu_mmx
[function]
[call site]
00190
oc_ycbcr_buffer_flip
[function]
[call site]
00191
oc_ycbcr_buffer_flip
[function]
[call site]
00192
oc_dec_dc_unpredict_mcu_plane_c
[function]
[call site]
00193
oc_dec_frags_recon_mcu_plane
[function]
[call site]
00194
oc_state_frag_recon_mmx
[function]
[call site]
00195
oc_idct8x8_sse2
[function]
[call site]
00196
oc_idct8x8_10_sse2
[function]
[call site]
00197
oc_idct8x8_slow_sse2
[function]
[call site]
00198
oc_frag_recon_intra_mmx
[function]
[call site]
00199
oc_state_get_mv_offsets
[function]
[call site]
00200
oc_frag_recon_inter2_mmx
[function]
[call site]
00201
oc_frag_recon_inter_mmx
[function]
[call site]
00202
oc_frag_copy_list_mmx
[function]
[call site]
00203
oc_state_loop_filter_frag_rows_mmxext
[function]
[call site]
00204
oc_state_borders_fill_rows
[function]
[call site]
00205
oc_dec_deblock_frag_rows
[function]
[call site]
00206
oc_filter_hedge
[function]
[call site]
00207
oc_filter_hedge
[function]
[call site]
00208
oc_filter_vedge
[function]
[call site]
00209
oc_filter_vedge
[function]
[call site]
00210
oc_dec_dering_frag_rows
[function]
[call site]
00211
oc_dering_block
[function]
[call site]
00212
oc_dering_block
[function]
[call site]
00213
oc_dering_block
[function]
[call site]
00214
oc_dering_block
[function]
[call site]
00215
oc_dering_block
[function]
[call site]
00216
oc_restore_fpu_mmx
[function]
[call site]
00217
oc_state_borders_fill_caps
[function]
[call site]
00218
oc_restore_fpu_mmx
[function]
[call site]
00219
void fuzzing::memory::memory_test<long>(long const&)
[function]
[call site]
00220
th_decode_ycbcr_out
[function]
[call site]
00221
oc_ycbcr_buffer_flip
[function]
[call site]
00222
TheoraDecoder::writeImage(th_img_plane const (&) [3]) const
[function]
[call site]
00223
fuzzing::memory::memory_test(void const*, unsigned long)
[function]
[call site]
00224
fuzzing::memory::memory_test(void const*, unsigned long)
[function]
[call site]
00225
fuzzing::memory::memory_test(void const*, unsigned long)
[function]
[call site]
00226
fuzzing::memory::memory_test(void const*, unsigned long)
[function]
[call site]
00227
fuzzing::memory::memory_test(void const*, unsigned long)
[function]
[call site]
00228
fuzzing::memory::memory_test(void const*, unsigned long)
[function]
[call site]
00229
__cxa_begin_catch
[call site]
00230
TheoraDecoder::~TheoraDecoder()
[function]
[call site]
00231
th_info_clear
[function]
[call site]
00232
th_comment_clear
[function]
[call site]
00233
th_decode_free
[function]
[call site]
00234
oc_dec_clear
[function]
[call site]
00235
oc_huff_trees_clear
[function]
[call site]
00236
oc_state_clear
[function]
[call site]
00237
oc_aligned_free
[function]
[call site]
00238
th_setup_free
[function]
[call site]
00239
__clang_call_terminate
[call site]
00240
__cxa_begin_catch
[call site]
00241
fuzzing::datasource::Datasource::~Datasource()
[function]
[call site]
00242
fuzzing::datasource::Base::~Base()
[function]
[call site]
00243