Fuzz introspector: opj_decompress_fuzzer_JP2
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
524 524 15 :

['rev_init', 'rev_init_mrp', 'mel_init', 'rev_advance_mrp', 'population_count', 'count_leading_zeros', 'frwd_init', 'rev_advance', 'frwd_advance', 'decode_init_uvlc', 'frwd_fetch', 'rev_fetch', 'rev_fetch_mrp', 'mel_get_run', 'decode_noninit_uvlc']

524 724 opj_t1_ht_decode_cblk call site: 00000 /src/openjpeg/src/lib/openjp2/ht_dec.c:1298
420 816 13 :

['opj_uint_min.1245', 'opj_dwt_max_resolution', 'opj_dwt_get_band_coordinates', 'opj_aligned_free', 'opj_dwt_segment_grow', 'opj_uint_max.1249', 'opj_uint_subs', 'opj_dwt_interleave_partial_v', 'opj_aligned_32_malloc', 'opj_dwt_decode_partial_1_parallel', 'opj_dwt_interleave_partial_h', 'opj_dwt_decode_partial_1', 'opj_sparse_array_int32_write']

420 977 opj_dwt_decode_partial_tile call site: 00000 /src/openjpeg/src/lib/openjp2/dwt.c:2869
252 252 1 :

['opj_j2k_create_compress']

252 438 opj_jp2_create call site: 00167 /src/openjpeg/src/lib/openjp2/jp2.c:3155
138 443 11 :

['opj_thread_pool_wait_completion', 'opj_dwt_max_resolution', 'opj_v8dwt_decode', 'opj_aligned_malloc', 'opj_free', 'opj_uint_max.1249', 'opj_aligned_free', 'opj_malloc', 'opj_thread_pool_submit_job', 'opj_v8dwt_interleave_h', 'opj_v8dwt_interleave_v']

138 443 opj_dwt_decode_tile_97 call site: 00000 /src/openjpeg/src/lib/openjp2/dwt.c:3534
98 164 3 :

['opj_mutex_create', 'opj_thread_pool_setup', 'opj_thread_pool_destroy']

98 166 opj_thread_pool_create call site: 00027 /src/openjpeg/src/lib/openjp2/thread.c:635
19 26 3 :

['opj_mct_decode_custom', 'opj_malloc', 'opj_free']

19 26 opj_tcd_mct_decode call site: 00000 /src/openjpeg/src/lib/openjp2/tcd.c:2192
16 16 1 :

['opj_mct_decode']

16 16 opj_tcd_mct_decode call site: 00000 /src/openjpeg/src/lib/openjp2/tcd.c:2229
10 10 3 :

['opj_get_num_cpus', 'strcmp', 'atoi']

10 10 opj_j2k_get_default_thread_count call site: 00020 /src/openjpeg/src/lib/openjp2/j2k.c:6795
8 38 6 :

['opj_mutex_unlock', 'opj_cond_wait', 'opj_free', 'opj_mutex_lock', 'opj_cond_signal', 'opj_malloc']

8 38 opj_thread_pool_submit_job call site: 00000 /src/openjpeg/src/lib/openjp2/thread.c:834
4 12 3 :

['opj_mutex_lock', 'opj_cond_wait', 'opj_mutex_unlock']

4 12 opj_thread_pool_wait_completion call site: 00064 /src/openjpeg/src/lib/openjp2/thread.c:897
0 113 3 :

['opj_event_msg', 'opj_read_bytes_LE', 'opj_malloc']

0 113 opj_jp2_read_colr call site: 00000 /src/openjpeg/src/lib/openjp2/jp2.c:1518
0 22 1 :

['opj_j2k_update_image_dimensions']

0 4393 opj_j2k_decode call site: 00000 /src/openjpeg/src/lib/openjp2/j2k.c:12368

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 memcmp [call site] 00001
1 opj_create_decompress [function] [call site] 00002
2 opj_calloc [function] [call site] 00003
3 calloc [call site] 00004
2 opj_j2k_create_decompress [function] [call site] 00005
3 opj_calloc [function] [call site] 00006
3 opj_calloc [function] [call site] 00007
3 opj_calloc [function] [call site] 00008
3 opj_j2k_create_cstr_index [function] [call site] 00009
4 opj_calloc [function] [call site] 00010
4 opj_calloc [function] [call site] 00011
4 opj_free [function] [call site] 00012
3 opj_procedure_list_create [function] [call site] 00013
4 opj_calloc [function] [call site] 00014
4 opj_calloc [function] [call site] 00015
4 opj_free [function] [call site] 00016
3 opj_procedure_list_create [function] [call site] 00017
3 opj_j2k_get_default_thread_count [function] [call site] 00018
4 getenv [call site] 00019
4 opj_has_thread_support [function] [call site] 00020
4 opj_get_num_cpus [function] [call site] 00021
5 sysconf [call site] 00022
4 strcmp [call site] 00023
4 atoi [function] [call site] 00024
5 strtol [call site] 00025
3 opj_thread_pool_create [function] [call site] 00026
4 opj_calloc [function] [call site] 00027
4 opj_tls_new [function] [call site] 00028
5 opj_calloc [function] [call site] 00029
4 opj_free [function] [call site] 00030
4 opj_mutex_create [function] [call site] 00031
5 opj_calloc [function] [call site] 00032
5 pthread_mutex_init [call site] 00033
5 opj_free [function] [call site] 00034
4 opj_free [function] [call site] 00035
4 opj_thread_pool_setup [function] [call site] 00036
5 opj_cond_create [function] [call site] 00037
6 opj_malloc [function] [call site] 00038
6 pthread_cond_init [call site] 00039
6 opj_free [function] [call site] 00040
5 opj_calloc [function] [call site] 00041
5 opj_mutex_create [function] [call site] 00042
5 opj_cond_create [function] [call site] 00043
5 opj_mutex_destroy [function] [call site] 00044
6 pthread_mutex_destroy [call site] 00045
6 opj_free [function] [call site] 00046
5 opj_thread_create [function] [call site] 00047
6 opj_malloc [function] [call site] 00048
6 pthread_attr_init [call site] 00049
6 pthread_attr_setdetachstate [call site] 00050
6 pthread_create [call site] 00051
6 opj_thread_callback_adapter [function] [call site] 00052
6 opj_free [function] [call site] 00053
5 opj_mutex_destroy [function] [call site] 00054
5 opj_cond_destroy [function] [call site] 00055
6 pthread_cond_destroy [call site] 00056
6 opj_free [function] [call site] 00057
5 opj_mutex_lock [function] [call site] 00058
6 pthread_mutex_lock [call site] 00059
5 opj_cond_wait [function] [call site] 00060
5 opj_mutex_unlock [function] [call site] 00061
6 pthread_mutex_unlock [call site] 00062
4 opj_thread_pool_destroy [function] [call site] 00063
5 opj_thread_pool_wait_completion [function] [call site] 00064
6 opj_mutex_lock [function] [call site] 00065
6 opj_cond_wait [function] [call site] 00066
6 opj_mutex_unlock [function] [call site] 00067
5 opj_mutex_lock [function] [call site] 00068
5 opj_mutex_unlock [function] [call site] 00069
5 opj_mutex_lock [function] [call site] 00070
5 opj_cond_signal [function] [call site] 00071
6 pthread_cond_signal [call site] 00072
5 opj_mutex_unlock [function] [call site] 00073
5 opj_thread_join [function] [call site] 00074
6 pthread_join [call site] 00075
6 opj_free [function] [call site] 00076
5 opj_cond_destroy [function] [call site] 00077
5 opj_mutex_destroy [function] [call site] 00078
5 opj_free [function] [call site] 00079
5 opj_free [function] [call site] 00080
5 opj_cond_destroy [function] [call site] 00081
5 opj_mutex_destroy [function] [call site] 00082
5 opj_tls_destroy [function] [call site] 00083
6 opj_free [function] [call site] 00084
6 opj_free [function] [call site] 00085
5 opj_free [function] [call site] 00086
3 opj_thread_pool_create [function] [call site] 00087
3 opj_j2k_destroy [function] [call site] 00088
4 opj_j2k_tcp_destroy [function] [call site] 00089
5 opj_free [function] [call site] 00090
5 opj_free [function] [call site] 00091
5 opj_free [function] [call site] 00092
5 opj_free [function] [call site] 00093
5 opj_free [function] [call site] 00094
5 opj_free [function] [call site] 00095
5 opj_free [function] [call site] 00096
5 opj_free [function] [call site] 00097
5 opj_free [function] [call site] 00098
5 opj_free [function] [call site] 00099
5 opj_j2k_tcp_data_destroy [function] [call site] 00100
6 opj_free [function] [call site] 00101
4 opj_free [function] [call site] 00102
4 opj_free [function] [call site] 00103
4 opj_free [function] [call site] 00104
4 opj_free [function] [call site] 00105
4 opj_free [function] [call site] 00106
4 opj_free [function] [call site] 00107
4 opj_free [function] [call site] 00108
4 opj_free [function] [call site] 00109
4 opj_tcd_destroy [function] [call site] 00110
5 opj_tcd_free_tile [function] [call site] 00111
6 opj_tgt_destroy [function] [call site] 00112
7 opj_free [function] [call site] 00113
7 opj_free [function] [call site] 00114
6 opj_tgt_destroy [function] [call site] 00115
6 opj_free [function] [call site] 00116
6 opj_free [function] [call site] 00117
6 opj_image_data_free [function] [call site] 00118
7 opj_aligned_free [function] [call site] 00119
6 opj_image_data_free [function] [call site] 00120
6 opj_free [function] [call site] 00121
6 opj_free [function] [call site] 00122
5 opj_free [function] [call site] 00123
5 opj_free [function] [call site] 00124
5 opj_free [function] [call site] 00125
4 opj_j2k_cp_destroy [function] [call site] 00126
5 opj_j2k_tcp_destroy [function] [call site] 00127
5 opj_free [function] [call site] 00128
5 opj_free [function] [call site] 00129
5 opj_free [function] [call site] 00130
5 opj_free [function] [call site] 00131
5 opj_free [function] [call site] 00132
5 opj_free [function] [call site] 00133
4 opj_procedure_list_destroy [function] [call site] 00134
5 opj_free [function] [call site] 00135
5 opj_free [function] [call site] 00136
4 opj_procedure_list_destroy [function] [call site] 00137
4 j2k_destroy_cstr_index [function] [call site] 00138
5 opj_free [function] [call site] 00139
5 opj_free [function] [call site] 00140
5 opj_free [function] [call site] 00141
5 opj_free [function] [call site] 00142
5 opj_free [function] [call site] 00143
5 opj_free [function] [call site] 00144
4 opj_image_destroy [function] [call site] 00145
5 opj_image_data_free [function] [call site] 00146
5 opj_free [function] [call site] 00147
5 opj_free [function] [call site] 00148
5 opj_free [function] [call site] 00149
4 opj_image_destroy [function] [call site] 00150
4 opj_thread_pool_destroy [function] [call site] 00151
4 opj_free [function] [call site] 00152
2 opj_free [function] [call site] 00153
2 opj_jp2_create [function] [call site] 00154
3 opj_calloc [function] [call site] 00155
3 opj_j2k_create_compress [function] [call site] 00156
4 opj_calloc [function] [call site] 00157
4 opj_malloc [function] [call site] 00158
4 opj_procedure_list_create [function] [call site] 00159
4 opj_procedure_list_create [function] [call site] 00160
4 opj_j2k_get_default_thread_count [function] [call site] 00161
4 opj_thread_pool_create [function] [call site] 00162
4 opj_thread_pool_create [function] [call site] 00163
3 opj_j2k_create_decompress [function] [call site] 00164
3 opj_procedure_list_create [function] [call site] 00165
3 opj_procedure_list_create [function] [call site] 00166
3 opj_jp2_destroy [function] [call site] 00167
4 opj_j2k_destroy [function] [call site] 00168
4 opj_free [function] [call site] 00169
4 opj_free [function] [call site] 00170
4 opj_free [function] [call site] 00171
4 opj_free [function] [call site] 00172
4 opj_free [function] [call site] 00173
4 opj_free [function] [call site] 00174
4 opj_free [function] [call site] 00175
4 opj_free [function] [call site] 00176
4 opj_free [function] [call site] 00177
4 opj_free [function] [call site] 00178
4 opj_procedure_list_destroy [function] [call site] 00179
4 opj_procedure_list_destroy [function] [call site] 00180
4 opj_free [function] [call site] 00181
2 opj_free [function] [call site] 00182
2 opj_set_default_event_handler [function] [call site] 00183
1 opj_set_info_handler [function] [call site] 00184
1 InfoCallback(char const*, void*) [function] [call site] 00185
1 opj_set_warning_handler [function] [call site] 00186
1 WarningCallback(char const*, void*) [function] [call site] 00187
1 opj_set_error_handler [function] [call site] 00188
1 ErrorCallback(char const*, void*) [function] [call site] 00189
1 opj_set_default_decoder_parameters [function] [call site] 00190
1 opj_setup_decoder [function] [call site] 00191
2 opj_event_msg [function] [call site] 00192
3 vsnprintf [call site] 00193
1 opj_stream_create [function] [call site] 00194
2 opj_calloc [function] [call site] 00195
2 opj_malloc [function] [call site] 00196
2 opj_free [function] [call site] 00197
1 opj_stream_set_user_data_length [function] [call site] 00198
1 opj_stream_set_read_function [function] [call site] 00199
1 ReadCallback(void*, unsigned long, void*) [function] [call site] 00200
1 opj_stream_set_seek_function [function] [call site] 00201
1 SeekCallback(long, void*) [function] [call site] 00202
1 opj_stream_set_skip_function [function] [call site] 00203
1 SkipCallback(long, void*) [function] [call site] 00204
1 opj_stream_set_user_data [function] [call site] 00205
1 opj_read_header [function] [call site] 00206
2 opj_event_msg [function] [call site] 00207
1 opj_destroy_codec [function] [call site] 00208
2 opj_free [function] [call site] 00209
1 opj_stream_destroy [function] [call site] 00210
2 opj_free [function] [call site] 00211
2 opj_free [function] [call site] 00212
1 opj_image_destroy [function] [call site] 00213
1 opj_set_decode_area [function] [call site] 00214
1 opj_decode [function] [call site] 00215
1 opj_end_decompress [function] [call site] 00216
1 opj_stream_destroy [function] [call site] 00217
1 opj_destroy_codec [function] [call site] 00218
1 opj_image_destroy [function] [call site] 00219