Fuzz introspector: opusfile_fuzzer
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
4 4 2 :

['ogg_sync_buffer', 'ogg_sync_wrote']

6 270 op_open1 call site: 00007 /src/opusfile/src/opusfile.c:1536
0 264 3 :

['opus_tags_clear', 'op_fetch_headers', 'op_find_initial_pcm_offset']

0 264 op_open1 call site: 00069 /src/opusfile/src/opusfile.c:1577
0 0 None 58 652 op_fetch_and_process_page call site: 00208 /src/opusfile/src/opusfile.c:1918
0 0 None 8 8 op_decode call site: 00197 /src/opusfile/src/opusfile.c:2804
0 0 None 4 14 op_clear call site: 00095 /src/opusfile/src/opusfile.c:1495
0 0 None 2 2 op_float2short_filter call site: 00242 /src/opusfile/src/opusfile.c:3232
0 0 None 0 79 op_open2 call site: 00101 /src/opusfile/src/opusfile.c:1593
0 0 None 0 49 opus_tags_parse call site: 00049 /src/opusfile/src/info.c:231
0 0 None 0 0 op_tags call site: 00258 /src/opusfile/src/opusfile.c:1777
0 0 None 0 0 op_seek_helper call site: 00110 /src/opusfile/src/opusfile.c:161
0 0 None 0 0 op_read_native call site: 00191 /src/opusfile/src/opusfile.c:2855
0 0 None 0 0 op_init_buffer call site: 00196 /src/opusfile/src/opusfile.c:2781

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 op_open_memory [function] [call site] 00001
2 op_mem_stream_create [function] [call site] 00002
2 op_open_close_on_failure [function] [call site] 00003
3 op_open_callbacks [function] [call site] 00004
4 op_test_callbacks [function] [call site] 00005
5 op_open1 [function] [call site] 00006
6 ogg_sync_init [call site] 00007
6 ogg_sync_buffer [call site] 00008
6 ogg_sync_wrote [call site] 00009
6 ogg_stream_init [call site] 00010
6 op_fetch_headers [function] [call site] 00011
7 op_get_next_page [function] [call site] 00012
8 ogg_sync_pageseek [call site] 00013
8 op_position [function] [call site] 00014
8 op_get_data [function] [call site] 00015
9 op_fatal_impl [function] [call site] 00016
10 fprintf [call site] 00017
10 abort [call site] 00018
9 ogg_sync_buffer [call site] 00019
9 op_fatal_impl [function] [call site] 00020
9 ogg_sync_wrote [call site] 00021
8 op_fatal_impl [function] [call site] 00022
7 op_fetch_headers_impl [function] [call site] 00023
8 ogg_page_bos [call site] 00024
8 op_lookup_page_serialno [function] [call site] 00025
9 ogg_page_serialno [call site] 00026
9 op_lookup_serialno [function] [call site] 00027
8 op_add_serialno [function] [call site] 00028
9 ogg_page_serialno [call site] 00029
9 op_fatal_impl [function] [call site] 00030
9 realloc [call site] 00031
8 ogg_page_serialno [call site] 00032
8 ogg_stream_reset_serialno [call site] 00033
8 ogg_stream_pagein [call site] 00034
8 ogg_stream_packetout [call site] 00035
8 opus_head_parse [function] [call site] 00036
9 memcmp [call site] 00037
9 op_parse_uint16le [function] [call site] 00038
9 op_parse_uint32le [function] [call site] 00039
9 op_parse_int16le [function] [call site] 00040
8 op_get_next_page [function] [call site] 00041
8 ogg_page_serialno [call site] 00042
8 ogg_stream_pagein [call site] 00043
8 ogg_stream_packetout [call site] 00044
8 op_get_next_page [function] [call site] 00045
8 ogg_page_serialno [call site] 00046
8 ogg_stream_pagein [call site] 00047
8 ogg_page_bos [call site] 00048
8 opus_tags_parse [function] [call site] 00049
9 opus_tags_init [function] [call site] 00050
9 opus_tags_parse_impl [function] [call site] 00051
10 memcmp [call site] 00052
10 op_parse_uint32le [function] [call site] 00053
10 op_strdup_with_len [function] [call site] 00054
10 op_parse_uint32le [function] [call site] 00055
10 op_tags_ensure_capacity [function] [call site] 00056
11 op_fatal_impl [function] [call site] 00057
11 realloc [call site] 00058
11 op_fatal_impl [function] [call site] 00059
11 realloc [call site] 00060
11 op_fatal_impl [function] [call site] 00061
10 op_parse_uint32le [function] [call site] 00062
10 op_strdup_with_len [function] [call site] 00063
9 opus_tags_clear [function] [call site] 00064
10 op_fatal_impl [function] [call site] 00065
9 opus_tags_parse_impl [function] [call site] 00066
8 ogg_stream_packetout [call site] 00067
8 opus_tags_clear [function] [call site] 00068
6 op_find_initial_pcm_offset [function] [call site] 00069
7 op_get_next_page [function] [call site] 00070
7 ogg_page_bos [call site] 00071
7 ogg_page_serialno [call site] 00072
7 ogg_stream_pagein [call site] 00073
7 op_collect_audio_packets [function] [call site] 00074
8 ogg_stream_packetout [call site] 00075
8 op_fatal_impl [function] [call site] 00076
8 op_fatal_impl [function] [call site] 00077
8 op_get_packet_duration [function] [call site] 00078
9 opus_packet_get_nb_frames [call site] 00079
9 opus_packet_get_samples_per_frame [call site] 00080
7 op_granpos_add [function] [call site] 00081
8 op_fatal_impl [function] [call site] 00082
7 op_granpos_add [function] [call site] 00083
7 op_granpos_cmp [function] [call site] 00084
8 op_fatal_impl [function] [call site] 00085
8 op_fatal_impl [function] [call site] 00086
7 op_granpos_diff [function] [call site] 00087
8 op_fatal_impl [function] [call site] 00088
8 op_fatal_impl [function] [call site] 00089
7 op_fatal_impl [function] [call site] 00090
7 op_granpos_add [function] [call site] 00091
7 op_fatal_impl [function] [call site] 00092
6 opus_tags_clear [function] [call site] 00093
5 op_clear [function] [call site] 00094
6 opus_multistream_decoder_destroy [call site] 00095
6 opus_tags_clear [function] [call site] 00096
6 opus_tags_clear [function] [call site] 00097
6 ogg_stream_clear [call site] 00098
6 ogg_sync_clear [call site] 00099
4 op_open2 [function] [call site] 00100
5 op_fatal_impl [function] [call site] 00101
5 op_open_seekable2 [function] [call site] 00102
6 op_position [function] [call site] 00103
6 op_fatal_impl [function] [call site] 00104
6 ogg_sync_init [call site] 00105
6 ogg_stream_init [call site] 00106
6 op_open_seekable2_impl [function] [call site] 00107
7 op_get_prev_page_serial [function] [call site] 00108
8 op_fatal_impl [function] [call site] 00109
8 op_seek_helper [function] [call site] 00110
9 ogg_sync_reset [call site] 00111
8 op_get_next_page [function] [call site] 00112
8 ogg_page_serialno [call site] 00113
8 op_fatal_impl [function] [call site] 00114
8 op_fatal_impl [function] [call site] 00115
8 ogg_page_granulepos [call site] 00116
8 op_lookup_serialno [function] [call site] 00117
7 op_bisect_forward_serialno [function] [call site] 00118
8 op_fatal_impl [function] [call site] 00119
8 realloc [call site] 00120
8 op_lookup_serialno [function] [call site] 00121
8 op_seek_helper [function] [call site] 00122
8 op_fatal_impl [function] [call site] 00123
8 op_get_next_page [function] [call site] 00124
8 ogg_page_serialno [call site] 00125
8 ogg_page_granulepos [call site] 00126
8 op_lookup_serialno [function] [call site] 00127
8 op_fatal_impl [function] [call site] 00128
8 op_fatal_impl [function] [call site] 00129
8 op_predict_link_start [function] [call site] 00130
9 op_fatal_impl [function] [call site] 00131
9 op_rescale64 [function] [call site] 00132
10 op_fatal_impl [function] [call site] 00133
8 op_find_final_pcm_offset [function] [call site] 00134
9 op_get_last_page [function] [call site] 00135
10 op_lookup_serialno [function] [call site] 00136
10 op_fatal_impl [function] [call site] 00137
10 op_fatal_impl [function] [call site] 00138
10 op_seek_helper [function] [call site] 00139
10 op_get_next_page [function] [call site] 00140
10 ogg_page_serialno [call site] 00141
10 ogg_page_granulepos [call site] 00142
10 op_lookup_serialno [function] [call site] 00143
9 op_granpos_diff [function] [call site] 00144
8 op_seek_helper [function] [call site] 00145
8 op_fetch_headers [function] [call site] 00146
8 op_find_initial_pcm_offset [function] [call site] 00147
8 op_find_final_pcm_offset [function] [call site] 00148
8 realloc [call site] 00149
6 ogg_stream_clear [call site] 00150
6 ogg_sync_clear [call site] 00151
6 op_position [function] [call site] 00152
5 op_make_decode_ready [function] [call site] 00153
6 memcmp [call site] 00154
6 opus_multistream_decoder_ctl [call site] 00155
6 opus_multistream_decoder_destroy [call site] 00156
6 opus_multistream_decoder_create [call site] 00157
6 op_update_gain [function] [call site] 00158
7 opus_tags_get_album_gain [function] [call site] 00159
8 opus_tags_get_gain [function] [call site] 00160
9 op_fatal_impl [function] [call site] 00161
9 opus_tagncompare [function] [call site] 00162
10 op_fatal_impl [function] [call site] 00163
10 op_strncasecmp [function] [call site] 00164
7 opus_tags_get_track_gain [function] [call site] 00165
8 opus_tags_get_gain [function] [call site] 00166
7 op_fatal_impl [function] [call site] 00167
7 op_fatal_impl [function] [call site] 00168
7 opus_multistream_decoder_ctl [call site] 00169
1 op_link_count [function] [call site] 00171
1 op_pcm_total [function] [call site] 00172
2 op_granpos_diff [function] [call site] 00173
2 op_fatal_impl [function] [call site] 00174
1 op_raw_total [function] [call site] 00175
1 op_pcm_tell [function] [call site] 00176
2 op_granpos_add [function] [call site] 00177
2 op_fatal_impl [function] [call site] 00178
2 op_granpos_add [function] [call site] 00179
2 op_get_pcm_offset [function] [call site] 00180
3 op_fatal_impl [function] [call site] 00181
3 op_granpos_cmp [function] [call site] 00182
3 op_granpos_cmp [function] [call site] 00183
3 op_granpos_diff [function] [call site] 00184
3 op_fatal_impl [function] [call site] 00185
3 op_fatal_impl [function] [call site] 00186
1 op_raw_tell [function] [call site] 00187
1 op_read_stereo [function] [call site] 00188
2 op_filter_read_native [function] [call site] 00189
3 op_read_native [function] [call site] 00190
4 op_fatal_impl [function] [call site] 00191
4 op_get_packet_duration [function] [call site] 00192
4 op_fatal_impl [function] [call site] 00193
4 op_granpos_cmp [function] [call site] 00194
4 op_granpos_diff [function] [call site] 00195
4 op_init_buffer [function] [call site] 00196
4 op_decode [function] [call site] 00197
5 opus_multistream_decode_float [call site] 00198
5 op_fatal_impl [function] [call site] 00199
4 op_fatal_impl [function] [call site] 00200
4 op_decode [function] [call site] 00201
4 op_fetch_and_process_page [function] [call site] 00202
5 op_fatal_impl [function] [call site] 00203
5 op_fatal_impl [function] [call site] 00204
5 op_get_next_page [function] [call site] 00205
5 ogg_page_serialno [call site] 00206
5 ogg_page_bos [call site] 00207
5 op_decode_clear [function] [call site] 00208
6 op_fatal_impl [function] [call site] 00209
6 opus_tags_clear [function] [call site] 00210
5 ogg_page_serialno [call site] 00211
5 op_fatal_impl [function] [call site] 00212
5 op_get_link_from_serialno [function] [call site] 00213
6 op_fatal_impl [function] [call site] 00214
5 ogg_stream_reset_serialno [call site] 00215
5 op_fetch_headers [function] [call site] 00216
5 op_find_initial_pcm_offset [function] [call site] 00217
5 op_make_decode_ready [function] [call site] 00218
5 op_make_decode_ready [function] [call site] 00219
5 ogg_stream_pagein [call site] 00220
5 op_collect_audio_packets [function] [call site] 00221
5 op_collect_audio_packets [function] [call site] 00222
5 op_fatal_impl [function] [call site] 00223
5 op_granpos_add [function] [call site] 00224
5 op_granpos_diff [function] [call site] 00225
5 op_granpos_add [function] [call site] 00226
5 op_granpos_diff [function] [call site] 00227
5 op_granpos_add [function] [call site] 00228
5 op_fatal_impl [function] [call site] 00229
5 op_granpos_diff [function] [call site] 00230
5 op_fatal_impl [function] [call site] 00231
5 op_granpos_add [function] [call site] 00232
5 op_granpos_add [function] [call site] 00233
5 op_fatal_impl [function] [call site] 00234
5 op_granpos_add [function] [call site] 00235
5 op_fatal_impl [function] [call site] 00236
5 op_fatal_impl [function] [call site] 00237
3 op_fatal_impl [function] [call site] 00238
3 op_fatal_impl [function] [call site] 00239
2 op_float2short_stereo_filter [function] [call site] 00240
3 op_float2short_filter [function] [call site] 00241
4 opus_pcm_soft_clip [call site] 00242
4 lrintf [call site] 00243
4 lrintf [call site] 00246
3 op_stereo_filter [function] [call site] 00247
3 op_float2short_filter [function] [call site] 00248
1 op_current_link [function] [call site] 00249
1 op_current_link [function] [call site] 00250
1 op_pcm_total [function] [call site] 00251
1 op_raw_total [function] [call site] 00252
1 op_pcm_tell [function] [call site] 00253
1 op_raw_tell [function] [call site] 00254
1 op_bitrate_instant [function] [call site] 00255
2 op_calc_bitrate [function] [call site] 00256
1 opus_tagncompare [function] [call site] 00259
1 opus_picture_tag_parse [function] [call site] 00260
2 opus_tagncompare [function] [call site] 00261
2 strlen [call site] 00262
2 opus_picture_tag_init [function] [call site] 00263
2 opus_picture_tag_parse_impl [function] [call site] 00264
3 op_fatal_impl [function] [call site] 00265
3 op_parse_uint32be [function] [call site] 00266
3 op_parse_uint32be [function] [call site] 00267
3 op_parse_uint32be [function] [call site] 00268
3 op_parse_uint32be [function] [call site] 00269
3 op_parse_uint32be [function] [call site] 00270
3 op_parse_uint32be [function] [call site] 00271
3 op_parse_uint32be [function] [call site] 00272
3 op_parse_uint32be [function] [call site] 00273
3 strcmp [call site] 00274
3 op_strncasecmp [function] [call site] 00275
3 op_is_jpeg [function] [call site] 00276
4 memcmp [call site] 00277
3 op_strncasecmp [function] [call site] 00278
3 op_is_png [function] [call site] 00279
4 memcmp [call site] 00280
3 op_strncasecmp [function] [call site] 00281
3 op_is_gif [function] [call site] 00282
4 memcmp [call site] 00283
3 op_strncasecmp [function] [call site] 00284
3 op_is_jpeg [function] [call site] 00285
3 op_is_png [function] [call site] 00286
3 op_is_gif [function] [call site] 00287
3 op_extract_jpeg_params [function] [call site] 00288
4 op_is_jpeg [function] [call site] 00289
3 op_extract_png_params [function] [call site] 00290
4 op_is_png [function] [call site] 00291
4 op_parse_uint32be [function] [call site] 00292
4 memcmp [call site] 00293
4 op_parse_uint32be [function] [call site] 00294
4 op_parse_uint32be [function] [call site] 00295
4 memcmp [call site] 00296
3 op_extract_gif_params [function] [call site] 00297
4 op_is_gif [function] [call site] 00298
3 realloc [call site] 00299
2 opus_picture_tag_clear [function] [call site] 00300
1 opus_picture_tag_clear [function] [call site] 00301
1 opus_tags_get_binary_suffix [function] [call site] 00302
2 op_fatal_impl [function] [call site] 00303
1 op_pcm_seek [function] [call site] 00304
2 op_get_granulepos [function] [call site] 00305
3 op_fatal_impl [function] [call site] 00306
3 op_granpos_diff [function] [call site] 00307
3 op_fatal_impl [function] [call site] 00308
2 op_granpos_diff [function] [call site] 00309
2 op_fatal_impl [function] [call site] 00310
2 op_granpos_add [function] [call site] 00311
2 op_fatal_impl [function] [call site] 00312
2 op_granpos_diff [function] [call site] 00313
2 op_pcm_seek_page [function] [call site] 00314
3 op_granpos_add [function] [call site] 00315
3 op_granpos_cmp [function] [call site] 00316
3 op_granpos_add [function] [call site] 00317
3 op_fatal_impl [function] [call site] 00318
3 op_granpos_cmp [function] [call site] 00319
3 op_granpos_cmp [function] [call site] 00320
3 op_granpos_cmp [function] [call site] 00321
3 op_granpos_diff [function] [call site] 00322
3 op_fatal_impl [function] [call site] 00323
3 op_fatal_impl [function] [call site] 00324
3 op_get_packet_duration [function] [call site] 00325
3 op_granpos_add [function] [call site] 00326
3 op_fatal_impl [function] [call site] 00327
3 op_granpos_cmp [function] [call site] 00328
3 op_make_decode_ready [function] [call site] 00329
3 op_decode_clear [function] [call site] 00330
3 ogg_stream_reset_serialno [call site] 00331
3 op_granpos_diff [function] [call site] 00332
3 op_fatal_impl [function] [call site] 00333
3 op_granpos_diff [function] [call site] 00334
3 op_fatal_impl [function] [call site] 00335
3 op_rescale64 [function] [call site] 00336
3 ogg_stream_reset [call site] 00337
3 op_seek_helper [function] [call site] 00338
3 op_get_next_page [function] [call site] 00339
3 ogg_stream_reset [call site] 00340
3 op_seek_helper [function] [call site] 00341
3 ogg_page_serialno [call site] 00342
3 ogg_page_packets [call site] 00343
3 ogg_page_granulepos [call site] 00344
3 ogg_stream_pagein [call site] 00345
3 ogg_stream_reset [call site] 00346
3 op_granpos_cmp [function] [call site] 00347
3 op_granpos_cmp [function] [call site] 00348
3 op_granpos_cmp [function] [call site] 00349
3 ogg_stream_reset [call site] 00350
3 op_page_continues [function] [call site] 00351
4 op_fatal_impl [function] [call site] 00352
4 op_fatal_impl [function] [call site] 00353
3 op_buffer_continued_data [function] [call site] 00354
4 ogg_stream_pagein [call site] 00355
4 ogg_stream_packetout [call site] 00356
3 op_granpos_diff [function] [call site] 00357
3 op_fatal_impl [function] [call site] 00358
3 op_granpos_cmp [function] [call site] 00359
3 op_granpos_cmp [function] [call site] 00360
3 op_granpos_cmp [function] [call site] 00361
3 op_fatal_impl [function] [call site] 00362
3 op_seek_helper [function] [call site] 00363
3 op_get_next_page [function] [call site] 00364
3 op_buffer_continued_data [function] [call site] 00365
3 op_fetch_and_process_page [function] [call site] 00366
3 op_granpos_cmp [function] [call site] 00367
2 op_fatal_impl [function] [call site] 00368
2 op_fatal_impl [function] [call site] 00369
2 op_granpos_diff [function] [call site] 00370
2 op_fetch_and_process_page [function] [call site] 00371
2 op_granpos_diff [function] [call site] 00372
1 op_read_stereo [function] [call site] 00373