Fuzz introspector: vpx_dec_fuzzer_vp9
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
1758 1758 1 :

['decode_tiles_row_wise_mt']

1758 1851 vp9_decode_frame call site: 00000 /src/libvpx/vp9/decoder/vp9_decodeframe.c:3015
264 364 5 :

['highbd_write_buffer_8', 'transpose_16bit_8x8', 'idct16_8col', 'highbd_load_pack_transpose_32bit_8x8', 'vpx_iadst16_8col_sse2']

264 364 vp9_highbd_iht16x16_256_add_sse4_1 call site: 00000 /src/libvpx/vp9/common/x86/vp9_highbd_iht16x16_add_sse4.c:355
115 138 6 :

['pthread_mutex_init', 'mi_cols_aligned_to_sb', 'vp9_jobq_alloc', 'vpx_calloc', 'vp9_dec_free_row_mt_mem', 'vp9_dec_alloc_row_mt_mem']

115 160 read_uncompressed_header call site: 00000 /src/libvpx/vp9/decoder/vp9_decodeframe.c:2820
34 34 3 :

['vp9_jobq_deinit', 'vp9_dec_free_row_mt_mem', 'pthread_mutex_destroy']

34 69 vp9_decoder_remove call site: 00000 /src/libvpx/vp9/decoder/vp9_decoder.c:236
0 125 4 :

['transpose_16bit_8x8.2638', 'highbd_write_buffer_8.2639', 'idct32_1024_8x32', 'highbd_load_pack_transpose_32bit_8x8.2637']

0 125 vpx_highbd_idct32x32_1024_add_sse4_1 call site: 00000 /src/libvpx/vpx_dsp/x86/highbd_idct32x32_add_sse4.c:305
0 87 4 :

['transpose_16bit_8x8.2638', 'highbd_write_buffer_8.2639', 'idct32_135_8x32_ssse3', 'highbd_load_pack_transpose_32bit_8x8.2637']

0 87 vpx_highbd_idct32x32_135_add_sse4_1 call site: 00000 /src/libvpx/vpx_dsp/x86/highbd_idct32x32_add_sse4.c:529
0 64 3 :

['round_shift_8x8', 'iadst8_sse2', 'vpx_idct8_sse2']

0 70 vp9_highbd_iht8x8_64_add_sse4_1 call site: 00000 /src/libvpx/vp9/common/x86/vp9_highbd_iht8x8_add_sse4.c:194
0 58 4 :

['idct32_34_8x32_ssse3', 'highbd_write_buffer_8.2639', 'transpose_16bit_8x8.2638', 'highbd_load_pack_transpose_32bit_8x8.2637']

0 58 vpx_highbd_idct32x32_34_add_sse4_1 call site: 00000 /src/libvpx/vpx_dsp/x86/highbd_idct32x32_add_sse4.c:725
0 38 2 :

['idct4_sse2', 'iadst4_sse2']

0 44 vp9_highbd_iht4x4_16_add_sse4_1 call site: 00000 /src/libvpx/vp9/common/x86/vp9_highbd_iht4x4_add_sse4.c:96
0 28 2 :

['round_shift_8x8.2402', 'vpx_idct8_sse2']

0 28 vpx_highbd_idct8x8_64_add_sse4_1 call site: 00000 /src/libvpx/vpx_dsp/x86/highbd_idct8x8_add_sse4.c:109
0 20 1 :

['idct4_sse2']

0 20 vpx_highbd_idct4x4_16_add_sse4_1 call site: 00000 /src/libvpx/vpx_dsp/x86/highbd_idct4x4_add_sse4.c:28
0 7 1 :

['vpx_internal_error']

0 15 setup_tile_info call site: 00000 /src/libvpx/vp9/decoder/vp9_decodeframe.c:1638

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 vpx_codec_vp9_dx [function] [call site] 00001
1 vpx_codec_dec_init_ver [function] [call site] 00002
2 vpx_codec_destroy [function] [call site] 00003
1 vpx_codec_control_VP9D_SET_LOOP_FILTER_OPT(vpx_codec_ctx*, int, int) [function] [call site] 00004
2 vpx_codec_control_ [function] [call site] 00005
1 mem_get_le32_as_int(void const*) [function] [call site] 00006
1 vpx_codec_decode [function] [call site] 00007
2 get_alg_priv [function] [call site] 00008
1 vpx_codec_get_frame [function] [call site] 00009
2 get_alg_priv [function] [call site] 00010
1 vpx_codec_destroy [function] [call site] 00011