Fuzz introspector
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues
Project coverage
Per-fuzzer coverage

Table of contents

Project overview: qpdf
High level conclusions
Reachability and coverage overview
Fuzzers overview
Project functions overview
Fuzzer details
Fuzzer: future_hex_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: runlength_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: lzw_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: future_lzw_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: ascii85_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: flate_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: future_ascii85_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: future_pngpredictor_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: tiffpredictor_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: future_flate_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: future_tiffpredictor_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: future_dct_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: pngpredictor_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: future_runlength_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: future_json_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: hex_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: qpdf_pages_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: json_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: future_qpdf_outlines_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: future_qpdf_pages_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: dct_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: qpdf_outlines_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: qpdf_crypt_insecure_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: future_qpdf_lin_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: future_qpdf_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: qpdf_lin_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: qpdf_crypt_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: future_qpdf_crypt_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: qpdf_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: future_qpdf_crypt_insecure_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Analyses and suggestions
Optimal target analysis
Remaining optimal interesting functions
All functions overview
Fuzz engine guidance
/src/qpdf/fuzz/hex_fuzzer.cc
Dictionary
Fuzzer function priority
/src/qpdf/fuzz/runlength_fuzzer.cc
Dictionary
Fuzzer function priority
/src/qpdf/fuzz/lzw_fuzzer.cc
Dictionary
Fuzzer function priority
/src/qpdf/fuzz/lzw_fuzzer.cc
Dictionary
Fuzzer function priority
/src/qpdf/fuzz/ascii85_fuzzer.cc
Dictionary
Fuzzer function priority
/src/qpdf/fuzz/flate_fuzzer.cc
Dictionary
Fuzzer function priority
/src/qpdf/fuzz/ascii85_fuzzer.cc
Dictionary
Fuzzer function priority
/src/qpdf/fuzz/pngpredictor_fuzzer.cc
Dictionary
Fuzzer function priority
/src/qpdf/fuzz/tiffpredictor_fuzzer.cc
Dictionary
Fuzzer function priority
/src/qpdf/fuzz/flate_fuzzer.cc
Dictionary
Fuzzer function priority
/src/qpdf/fuzz/tiffpredictor_fuzzer.cc
Dictionary
Fuzzer function priority
/src/qpdf/fuzz/dct_fuzzer.cc
Dictionary
Fuzzer function priority
/src/qpdf/fuzz/pngpredictor_fuzzer.cc
Dictionary
Fuzzer function priority
/src/qpdf/fuzz/runlength_fuzzer.cc
Dictionary
Fuzzer function priority
/src/qpdf/fuzz/json_fuzzer.cc
Dictionary
Fuzzer function priority
/src/qpdf/fuzz/hex_fuzzer.cc
Dictionary
Fuzzer function priority
/src/qpdf/fuzz/qpdf_pages_fuzzer.cc
Dictionary
Fuzzer function priority
/src/qpdf/fuzz/json_fuzzer.cc
Dictionary
Fuzzer function priority
/src/qpdf/fuzz/qpdf_outlines_fuzzer.cc
Dictionary
Fuzzer function priority
/src/qpdf/fuzz/qpdf_pages_fuzzer.cc
Dictionary
Fuzzer function priority
/src/qpdf/fuzz/dct_fuzzer.cc
Dictionary
Fuzzer function priority
/src/qpdf/fuzz/qpdf_outlines_fuzzer.cc
Dictionary
Fuzzer function priority
/src/qpdf/fuzz/qpdf_crypt_insecure_fuzzer.cc
Dictionary
Fuzzer function priority
/src/qpdf/fuzz/qpdf_lin_fuzzer.cc
Dictionary
Fuzzer function priority
/src/qpdf/fuzz/qpdf_fuzzer.cc
Dictionary
Fuzzer function priority
/src/qpdf/fuzz/qpdf_lin_fuzzer.cc
Dictionary
Fuzzer function priority
/src/qpdf/fuzz/qpdf_crypt_fuzzer.cc
Dictionary
Fuzzer function priority
/src/qpdf/fuzz/qpdf_crypt_fuzzer.cc
Dictionary
Fuzzer function priority
/src/qpdf/fuzz/qpdf_fuzzer.cc
Dictionary
Fuzzer function priority
/src/qpdf/fuzz/qpdf_crypt_insecure_fuzzer.cc
Dictionary
Fuzzer function priority
Runtime coverage analysis
Complex functions with low coverage
Files and Directories in report
Files in report
Directories in report
Metadata section
Report generation date: 2024-09-08

Project overview: qpdf

High level conclusions

Reachability and coverage overview

Functions statically reachable by fuzzers
47.0%
1389 / 2963
Cyclomatic complexity statically reachable by fuzzers
53.0%
18062 / 33995
Runtime code coverage of functions
56.9%
1702 / 2963

Warning: The number of runtime covered functions are larger than the number of reachable functions. This means that Fuzz Introspector found there are more functions covered at runtime than what is considered reachable based on the static analysis. This is a limitation in the analysis as anything covered at runtime is by definition reachable by the fuzzers.
This is likely due to a limitation in the static analysis. In this case, the count of functions covered at runtime is the true value, which means this is what should be considered "achieved" by the fuzzer.

Use the project functions table below to query all functions that were not covered at runtime.

Fuzzers overview

Fuzzer Fuzzer filename Functions Reached Functions unreached Fuzzer depth Files reached Basic blocks reached Cyclomatic complexity Details
future_hex_fuzzer /src/qpdf/fuzz/hex_fuzzer.cc 38 28 6 7 132 81 hex_fuzzer.cc
runlength_fuzzer /src/qpdf/fuzz/runlength_fuzzer.cc 48 25 7 6 176 106 runlength_fuzzer.cc
lzw_fuzzer /src/qpdf/fuzz/lzw_fuzzer.cc 65 46 10 11 270 180 lzw_fuzzer.cc
future_lzw_fuzzer /src/qpdf/fuzz/lzw_fuzzer.cc 65 46 10 11 270 180 lzw_fuzzer.cc
ascii85_fuzzer /src/qpdf/fuzz/ascii85_fuzzer.cc 38 28 6 7 133 77 ascii85_fuzzer.cc
flate_fuzzer /src/qpdf/fuzz/flate_fuzzer.cc 123 78 11 15 2650 1027 flate_fuzzer.cc
future_ascii85_fuzzer /src/qpdf/fuzz/ascii85_fuzzer.cc 38 28 6 7 133 77 ascii85_fuzzer.cc
future_pngpredictor_fuzzer /src/qpdf/fuzz/pngpredictor_fuzzer.cc 55 30 8 8 208 151 pngpredictor_fuzzer.cc
tiffpredictor_fuzzer /src/qpdf/fuzz/tiffpredictor_fuzzer.cc 72 37 11 12 266 200 tiffpredictor_fuzzer.cc
future_flate_fuzzer /src/qpdf/fuzz/flate_fuzzer.cc 123 78 11 15 2650 1027 flate_fuzzer.cc
future_tiffpredictor_fuzzer /src/qpdf/fuzz/tiffpredictor_fuzzer.cc 72 37 11 12 266 200 tiffpredictor_fuzzer.cc
future_dct_fuzzer /src/qpdf/fuzz/dct_fuzzer.cc 243 532 10 56 3747 1592 dct_fuzzer.cc
pngpredictor_fuzzer /src/qpdf/fuzz/pngpredictor_fuzzer.cc 55 30 8 8 208 151 pngpredictor_fuzzer.cc
future_runlength_fuzzer /src/qpdf/fuzz/runlength_fuzzer.cc 48 25 7 6 176 106 runlength_fuzzer.cc
future_json_fuzzer /src/qpdf/fuzz/json_fuzzer.cc 1208 2084 37 71 10248 7701 json_fuzzer.cc
hex_fuzzer /src/qpdf/fuzz/hex_fuzzer.cc 38 28 6 7 132 81 hex_fuzzer.cc
qpdf_pages_fuzzer /src/qpdf/fuzz/qpdf_pages_fuzzer.cc 1749 1912 37 101 15222 11345 qpdf_pages_fuzzer.cc
json_fuzzer /src/qpdf/fuzz/json_fuzzer.cc 1206 2083 37 71 10260 7704 json_fuzzer.cc
future_qpdf_outlines_fuzzer /src/qpdf/fuzz/qpdf_outlines_fuzzer.cc 1293 2089 37 81 10661 8067 qpdf_outlines_fuzzer.cc
future_qpdf_pages_fuzzer /src/qpdf/fuzz/qpdf_pages_fuzzer.cc 1753 1912 37 101 15209 11344 qpdf_pages_fuzzer.cc
dct_fuzzer /src/qpdf/fuzz/dct_fuzzer.cc 243 532 10 56 3747 1592 dct_fuzzer.cc
qpdf_outlines_fuzzer /src/qpdf/fuzz/qpdf_outlines_fuzzer.cc 1289 2089 37 81 10673 8068 qpdf_outlines_fuzzer.cc
qpdf_crypt_insecure_fuzzer /src/qpdf/fuzz/qpdf_crypt_insecure_fuzzer.cc 1572 2075 37 82 14509 10523 qpdf_crypt_insecure_fuzzer.cc
future_qpdf_lin_fuzzer /src/qpdf/fuzz/qpdf_lin_fuzzer.cc 1554 2085 37 82 14303 10402 qpdf_lin_fuzzer.cc
future_qpdf_fuzzer /src/qpdf/fuzz/qpdf_fuzzer.cc 1578 2074 37 82 14511 10527 qpdf_fuzzer.cc
qpdf_lin_fuzzer /src/qpdf/fuzz/qpdf_lin_fuzzer.cc 1552 2084 37 82 14317 10405 qpdf_lin_fuzzer.cc
qpdf_crypt_fuzzer /src/qpdf/fuzz/qpdf_crypt_fuzzer.cc 1572 2075 37 82 14512 10524 qpdf_crypt_fuzzer.cc
future_qpdf_crypt_fuzzer /src/qpdf/fuzz/qpdf_crypt_fuzzer.cc 1574 2076 37 82 14498 10521 qpdf_crypt_fuzzer.cc
qpdf_fuzzer /src/qpdf/fuzz/qpdf_fuzzer.cc 1576 2073 37 82 14525 10530 qpdf_fuzzer.cc
future_qpdf_crypt_insecure_fuzzer /src/qpdf/fuzz/qpdf_crypt_insecure_fuzzer.cc 1574 2076 37 82 14495 10520 qpdf_crypt_insecure_fuzzer.cc

Project functions overview

The following table shows data about each function in the project. The functions included in this table correspond to all functions that exist in the executables of the fuzzers. As such, there may be functions that are from third-party libraries.

For further technical details on the meaning of columns in the below table, please see the Glossary .

Func name Functions filename Args Function call depth Reached by Fuzzers Fuzzers runtime hit Func lines hit % I Count BB Count Cyclomatic complexity Functions reached Reached by functions Accumulated cyclomatic complexity Undiscovered complexity

Fuzzer details

Fuzzer: future_hex_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 4 14.8%
gold [1:9] 1 3.70%
yellow [10:29] 0 0.0%
greenyellow [30:49] 2 7.40%
lawngreen 50+ 20 74.0%
All colors 27 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
0 0 None 0 0 Pl_ASCIIHexDecoder::write(unsignedcharconst*,unsignedlong) call site: 00000 /src/qpdf/libqpdf/Pl_ASCIIHexDecoder.cc:20

Runtime coverage analysis

Covered functions
16
Functions that are reachable but not covered
11
Reachable functions
38
Percentage of reachable functions covered
71.05%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/qpdf/fuzz/hex_fuzzer.cc 4
/src/qpdf/libqpdf/Pl_Discard.cc 2
/src/qpdf/libqpdf/Pipeline.cc 2
/src/qpdf/libqpdf/Pl_ASCIIHexDecoder.cc 4
/src/qpdf/include/qpdf/QTC.hh 1
/src/qpdf/libqpdf/qpdf/Pl_ASCIIHexDecoder.hh 1
/src/qpdf/include/qpdf/Pipeline.hh 1

Fuzzer: runlength_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 18 52.9%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 16 47.0%
All colors 34 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
41 41 1 :

['Pl_RunLength::encode(unsigned char const*, unsigned long)']

41 41 Pl_RunLength::write(unsignedcharconst*,unsignedlong) call site: 00000 /src/qpdf/libqpdf/Pl_RunLength.cc:27
32 32 1 :

['Pl_RunLength::flush_encode()']

32 32 Pl_RunLength::finish() call site: 00000 /src/qpdf/libqpdf/Pl_RunLength.cc:140

Runtime coverage analysis

Covered functions
20
Functions that are reachable but not covered
15
Reachable functions
48
Percentage of reachable functions covered
68.75%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/qpdf/fuzz/runlength_fuzzer.cc 4
/src/qpdf/libqpdf/Pl_Discard.cc 2
/src/qpdf/libqpdf/Pipeline.cc 4
/src/qpdf/libqpdf/Pl_RunLength.cc 7
/src/qpdf/include/qpdf/Pipeline.hh 1
/src/qpdf/include/qpdf/QTC.hh 1

Fuzzer: lzw_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 12 25.0%
gold [1:9] 2 4.16%
yellow [10:29] 0 0.0%
greenyellow [30:49] 2 4.16%
lawngreen 50+ 32 66.6%
All colors 48 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
8 8 4 :

['__cxa_allocate_exception', 'std::runtime_error::runtime_error(char const*)', '__cxa_free_exception', '__cxa_throw']

8 8 Pl_LZWDecoder::getFirstChar(unsignedint) call site: 00000 /src/qpdf/libqpdf/Pl_LZWDecoder.cc:91
8 8 4 :

['__cxa_allocate_exception', 'std::runtime_error::runtime_error(char const*)', '__cxa_free_exception', '__cxa_throw']

8 8 Pl_LZWDecoder::addToTable(unsignedchar) call site: 00000 /src/qpdf/libqpdf/Pl_LZWDecoder.cc:116
0 0 None 0 0 Buffer::Members::Members(unsignedlong,unsignedchar*,bool) call site: 00000 /src/qpdf/libqpdf/Buffer.cc:23

Runtime coverage analysis

Covered functions
28
Functions that are reachable but not covered
18
Reachable functions
65
Percentage of reachable functions covered
72.31%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/qpdf/fuzz/lzw_fuzzer.cc 4
/src/qpdf/libqpdf/Pl_Discard.cc 2
/src/qpdf/libqpdf/Pipeline.cc 2
/src/qpdf/libqpdf/Pl_LZWDecoder.cc 7
/src/qpdf/include/qpdf/QTC.hh 1
/src/qpdf/include/qpdf/QIntC.hh 3
/usr/local/bin/../include/c++/v1/stdexcept 1
/src/qpdf/libqpdf/Buffer.cc 4
/src/qpdf/include/qpdf/Buffer.hh 1
/src/qpdf/libqpdf/qpdf/Pl_LZWDecoder.hh 1
/src/qpdf/include/qpdf/Pipeline.hh 1

Fuzzer: future_lzw_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 12 25.0%
gold [1:9] 2 4.16%
yellow [10:29] 0 0.0%
greenyellow [30:49] 1 2.08%
lawngreen 50+ 33 68.7%
All colors 48 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
8 8 4 :

['__cxa_allocate_exception', 'std::runtime_error::runtime_error(char const*)', '__cxa_free_exception', '__cxa_throw']

8 8 Pl_LZWDecoder::getFirstChar(unsignedint) call site: 00000 /src/qpdf/libqpdf/Pl_LZWDecoder.cc:91
8 8 4 :

['__cxa_allocate_exception', 'std::runtime_error::runtime_error(char const*)', '__cxa_free_exception', '__cxa_throw']

8 8 Pl_LZWDecoder::addToTable(unsignedchar) call site: 00000 /src/qpdf/libqpdf/Pl_LZWDecoder.cc:116
0 0 None 0 0 Buffer::Members::Members(unsignedlong,unsignedchar*,bool) call site: 00000 /src/qpdf/libqpdf/Buffer.cc:23

Runtime coverage analysis

Covered functions
28
Functions that are reachable but not covered
18
Reachable functions
65
Percentage of reachable functions covered
72.31%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/qpdf/fuzz/lzw_fuzzer.cc 4
/src/qpdf/libqpdf/Pl_Discard.cc 2
/src/qpdf/libqpdf/Pipeline.cc 2
/src/qpdf/libqpdf/Pl_LZWDecoder.cc 7
/src/qpdf/include/qpdf/QTC.hh 1
/src/qpdf/include/qpdf/QIntC.hh 3
/usr/local/bin/../include/c++/v1/stdexcept 1
/src/qpdf/libqpdf/Buffer.cc 4
/src/qpdf/include/qpdf/Buffer.hh 1
/src/qpdf/libqpdf/qpdf/Pl_LZWDecoder.hh 1
/src/qpdf/include/qpdf/Pipeline.hh 1

Fuzzer: ascii85_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 4 13.3%
gold [1:9] 3 10.0%
yellow [10:29] 1 3.33%
greenyellow [30:49] 1 3.33%
lawngreen 50+ 21 70.0%
All colors 30 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
0 0 None 0 0 Pl_ASCII85Decoder::write(unsignedcharconst*,unsignedlong) call site: 00000 /src/qpdf/libqpdf/Pl_ASCII85Decoder.cc:18

Runtime coverage analysis

Covered functions
16
Functions that are reachable but not covered
11
Reachable functions
38
Percentage of reachable functions covered
71.05%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/qpdf/fuzz/ascii85_fuzzer.cc 4
/src/qpdf/libqpdf/Pl_Discard.cc 2
/src/qpdf/libqpdf/Pipeline.cc 2
/src/qpdf/libqpdf/Pl_ASCII85Decoder.cc 4
/src/qpdf/include/qpdf/QTC.hh 1
/src/qpdf/libqpdf/qpdf/Pl_ASCII85Decoder.hh 1
/src/qpdf/include/qpdf/Pipeline.hh 1

Fuzzer: flate_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 112 57.4%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 83 42.5%
All colors 195 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
38 38 1 :

['inflateInit_']

370 945 Pl_Flate::handleData(unsignedcharconst*,unsignedlong,int) call site: 00000 /src/qpdf/libqpdf/Pl_Flate.cc:131
21 21 1 :

['crc32']

579 630 deflate call site: 00083 /src/zlib/deflate.c:1160
21 21 1 :

['crc32']

21 21 read_buf call site: 00091 /src/zlib/deflate.c:227
16 37 3 :

['deflateEnd', '__clang_call_terminate', 'inflateEnd']

16 37 Pl_Flate::Members::~Members() call site: 00000 /src/qpdf/libqpdf/Pl_Flate.cc:46
12 12 1 :

['inflateEnd']

32 125 Pl_Flate::finish() call site: 00000 /src/qpdf/libqpdf/Pl_Flate.cc:218
8 8 4 :

['__cxa_allocate_exception', 'std::runtime_error::runtime_error(char const*)', '__cxa_free_exception', '__cxa_throw']

8 8 Pl_Flate::Members::Members(unsignedlong,Pl_Flate::action_e) call site: 00000 /src/qpdf/libqpdf/Pl_Flate.cc:29
8 8 13 :

['__cxa_allocate_exception', 'std::__1::basic_string , std::__1::allocator > std::__1::operator+[abi:v180000] , std::__1::allocator >(std::__1::basic_string , std::__1::allocator >&&, char const*)', 'std::__1::basic_string , std::__1::allocator > std::__1::operator+[abi:v180000] , std::__1::allocator >(std::__1::basic_string , std::__1::allocator >&&, std::__1::basic_string , std::__1::allocator >&&)', 'std::__1::basic_string , std::__1::allocator >::~basic_string()', 'std::__1::shared_ptr ::operator->[abi:v180000]() const', 'std::__1::basic_string , std::__1::allocator >::operator+=[abi:v180000](char const*)', 'std::runtime_error::runtime_error(std::__1::basic_string , std::__1::allocator > const&)', '__cxa_free_exception', '__cxa_throw', '_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC2B7v180000ILi0EEEPKc', 'std::__1::to_string(int)', 'std::__1::basic_string , std::__1::allocator > std::__1::operator+[abi:v180000] , std::__1::allocator >(std::__1::basic_string , std::__1::allocator > const&, char const*)', 'std::__1::basic_string , std::__1::allocator >::operator+=[abi:v180000](std::__1::basic_string , std::__1::allocator > const&)']

8 8 Pl_Flate::checkError(charconst*,int) call site: 00000 /src/qpdf/libqpdf/Pl_Flate.cc:250
7 14 2 :

['_tr_stored_block', '_tr_align']

7 38 deflate call site: 00128 /src/zlib/deflate.c:1211
0 21 1 :

['deflateEnd']

0 21 deflateInit2_ call site: 00026 /src/zlib/deflate.c:499
0 0 None 747 869 deflate call site: 00064 /src/zlib/deflate.c:1009
0 0 None 747 869 deflate call site: 00064 /src/zlib/deflate.c:1011
0 0 None 747 869 deflate call site: 00064 /src/zlib/deflate.c:1013

Runtime coverage analysis

Covered functions
64
Functions that are reachable but not covered
44
Reachable functions
123
Percentage of reachable functions covered
64.23%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/qpdf/fuzz/flate_fuzzer.cc 4
/src/qpdf/libqpdf/Pl_Discard.cc 2
/src/qpdf/libqpdf/Pipeline.cc 2
/src/qpdf/libqpdf/Pl_Flate.cc 8
/src/qpdf/include/qpdf/QIntC.hh 7
/usr/local/bin/../include/c++/v1/stdexcept 1
/src/qpdf/include/qpdf/QUtil.hh 1
/src/qpdf/include/qpdf/Pipeline.hh 1
/src/zlib/deflate.c 16
/src/zlib/crc32.c 5
/src/zlib/adler32.c 2
/src/zlib/trees.c 20
/src/zlib/inflate.c 10
/src/zlib/inftrees.c 1
/src/zlib/inffast.c 1

Fuzzer: future_ascii85_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 4 13.3%
gold [1:9] 2 6.66%
yellow [10:29] 2 6.66%
greenyellow [30:49] 1 3.33%
lawngreen 50+ 21 70.0%
All colors 30 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
0 0 None 0 0 Pl_ASCII85Decoder::write(unsignedcharconst*,unsignedlong) call site: 00000 /src/qpdf/libqpdf/Pl_ASCII85Decoder.cc:18

Runtime coverage analysis

Covered functions
16
Functions that are reachable but not covered
11
Reachable functions
38
Percentage of reachable functions covered
71.05%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/qpdf/fuzz/ascii85_fuzzer.cc 4
/src/qpdf/libqpdf/Pl_Discard.cc 2
/src/qpdf/libqpdf/Pipeline.cc 2
/src/qpdf/libqpdf/Pl_ASCII85Decoder.cc 4
/src/qpdf/include/qpdf/QTC.hh 1
/src/qpdf/libqpdf/qpdf/Pl_ASCII85Decoder.hh 1
/src/qpdf/include/qpdf/Pipeline.hh 1

Fuzzer: future_pngpredictor_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 11 25.0%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 33 75.0%
All colors 44 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
28 28 1 :

['Pl_PNGFilter::encodeRow()']

28 28 Pl_PNGFilter::processRow() call site: 00000 /src/qpdf/libqpdf/Pl_PNGFilter.cc:100
8 8 4 :

['__cxa_allocate_exception', 'std::runtime_error::runtime_error(char const*)', '__cxa_free_exception', '__cxa_throw']

8 10 Pl_PNGFilter::Pl_PNGFilter(charconst*,Pipeline*,Pl_PNGFilter::action_e,unsignedint,unsignedint,unsignedint) call site: 00000 /src/qpdf/libqpdf/Pl_PNGFilter.cc:49
0 0 None 8 10 Pl_PNGFilter::Pl_PNGFilter(charconst*,Pipeline*,Pl_PNGFilter::action_e,unsignedint,unsignedint,unsignedint) call site: 00000 /src/qpdf/libqpdf/Pl_PNGFilter.cc:36
0 0 None 8 10 Pl_PNGFilter::Pl_PNGFilter(charconst*,Pipeline*,Pl_PNGFilter::action_e,unsignedint,unsignedint,unsignedint) call site: 00000 /src/qpdf/libqpdf/Pl_PNGFilter.cc:46

Runtime coverage analysis

Covered functions
25
Functions that are reachable but not covered
10
Reachable functions
55
Percentage of reachable functions covered
81.82%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/qpdf/fuzz/pngpredictor_fuzzer.cc 4
/src/qpdf/libqpdf/Pl_Discard.cc 2
/src/qpdf/libqpdf/Pipeline.cc 2
/src/qpdf/libqpdf/Pl_PNGFilter.cc 12
/src/qpdf/include/qpdf/QUtil.hh 1
/src/qpdf/include/qpdf/Pipeline.hh 1
/src/qpdf/include/qpdf/QTC.hh 1
/src/qpdf/libqpdf/qpdf/Pl_PNGFilter.hh 1

Fuzzer: tiffpredictor_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 20 39.2%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 31 60.7%
All colors 51 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
10 10 4 :

['__cxa_allocate_exception', 'std::out_of_range::out_of_range[abi:v180000](char const*)', '__cxa_free_exception', '__cxa_throw']

10 10 read_bits(unsignedcharconst*&,unsignedlong&,unsignedlong&,unsignedlong) call site: 00000 /src/qpdf/libqpdf/qpdf/bits_functions.hh:34
10 10 4 :

['__cxa_allocate_exception', 'std::out_of_range::out_of_range[abi:v180000](char const*)', '__cxa_free_exception', '__cxa_throw']

10 10 write_bits(unsignedchar&,unsignedlong&,unsignedlonglong,unsignedlong,Pipeline*) call site: 00000 /src/qpdf/libqpdf/qpdf/bits_functions.hh:89
8 8 4 :

['__cxa_allocate_exception', 'std::runtime_error::runtime_error(char const*)', '__cxa_free_exception', '__cxa_throw']

8 8 BitStream::reset() call site: 00000 /src/qpdf/libqpdf/BitStream.cc:21
0 0 None 8 10 Pl_TIFFPredictor::Pl_TIFFPredictor(charconst*,Pipeline*,Pl_TIFFPredictor::action_e,unsignedint,unsignedint,unsignedint) call site: 00000 /src/qpdf/libqpdf/Pl_TIFFPredictor.cc:29
0 0 None 8 10 Pl_TIFFPredictor::Pl_TIFFPredictor(charconst*,Pipeline*,Pl_TIFFPredictor::action_e,unsignedint,unsignedint,unsignedint) call site: 00000 /src/qpdf/libqpdf/Pl_TIFFPredictor.cc:32
0 0 None 8 10 Pl_TIFFPredictor::Pl_TIFFPredictor(charconst*,Pipeline*,Pl_TIFFPredictor::action_e,unsignedint,unsignedint,unsignedint) call site: 00000 /src/qpdf/libqpdf/Pl_TIFFPredictor.cc:36
0 0 None 0 78 Pl_TIFFPredictor::processRow() call site: 00000 /src/qpdf/libqpdf/Pl_TIFFPredictor.cc:83
0 0 None 0 0 Pl_TIFFPredictor::processRow() call site: 00000 /src/qpdf/libqpdf/Pl_TIFFPredictor.cc:104

Runtime coverage analysis

Covered functions
28
Functions that are reachable but not covered
21
Reachable functions
72
Percentage of reachable functions covered
70.83%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/qpdf/fuzz/tiffpredictor_fuzzer.cc 4
/src/qpdf/libqpdf/Pl_Discard.cc 2
/src/qpdf/libqpdf/Pipeline.cc 2
/src/qpdf/libqpdf/Pl_TIFFPredictor.cc 4
/src/qpdf/include/qpdf/Pipeline.hh 1
/src/qpdf/include/qpdf/QTC.hh 1
/src/qpdf/libqpdf/BitWriter.cc 4
/src/qpdf/libqpdf/BitStream.cc 3
/src/qpdf/include/qpdf/QIntC.hh 3
/usr/local/bin/../include/c++/v1/stdexcept 2
/src/qpdf/libqpdf/qpdf/bits_functions.hh 2
/src/qpdf/libqpdf/qpdf/Pl_TIFFPredictor.hh 1

Fuzzer: future_flate_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 112 57.4%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 83 42.5%
All colors 195 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
38 38 1 :

['inflateInit_']

370 945 Pl_Flate::handleData(unsignedcharconst*,unsignedlong,int) call site: 00000 /src/qpdf/libqpdf/Pl_Flate.cc:131
21 21 1 :

['crc32']

579 630 deflate call site: 00083 /src/zlib/deflate.c:1160
21 21 1 :

['crc32']

21 21 read_buf call site: 00091 /src/zlib/deflate.c:227
16 37 3 :

['deflateEnd', '__clang_call_terminate', 'inflateEnd']

16 37 Pl_Flate::Members::~Members() call site: 00000 /src/qpdf/libqpdf/Pl_Flate.cc:46
12 12 1 :

['inflateEnd']

32 125 Pl_Flate::finish() call site: 00000 /src/qpdf/libqpdf/Pl_Flate.cc:218
8 8 4 :

['__cxa_allocate_exception', 'std::runtime_error::runtime_error(char const*)', '__cxa_free_exception', '__cxa_throw']

8 8 Pl_Flate::Members::Members(unsignedlong,Pl_Flate::action_e) call site: 00000 /src/qpdf/libqpdf/Pl_Flate.cc:29
8 8 13 :

['__cxa_allocate_exception', 'std::__1::basic_string , std::__1::allocator > std::__1::operator+[abi:v180000] , std::__1::allocator >(std::__1::basic_string , std::__1::allocator >&&, char const*)', 'std::__1::basic_string , std::__1::allocator > std::__1::operator+[abi:v180000] , std::__1::allocator >(std::__1::basic_string , std::__1::allocator >&&, std::__1::basic_string , std::__1::allocator >&&)', 'std::__1::basic_string , std::__1::allocator >::~basic_string()', 'std::__1::shared_ptr ::operator->[abi:v180000]() const', 'std::__1::basic_string , std::__1::allocator >::operator+=[abi:v180000](char const*)', 'std::runtime_error::runtime_error(std::__1::basic_string , std::__1::allocator > const&)', '__cxa_free_exception', '__cxa_throw', '_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC2B7v180000ILi0EEEPKc', 'std::__1::to_string(int)', 'std::__1::basic_string , std::__1::allocator > std::__1::operator+[abi:v180000] , std::__1::allocator >(std::__1::basic_string , std::__1::allocator > const&, char const*)', 'std::__1::basic_string , std::__1::allocator >::operator+=[abi:v180000](std::__1::basic_string , std::__1::allocator > const&)']

8 8 Pl_Flate::checkError(charconst*,int) call site: 00000 /src/qpdf/libqpdf/Pl_Flate.cc:250
7 14 2 :

['_tr_stored_block', '_tr_align']

7 38 deflate call site: 00128 /src/zlib/deflate.c:1211
0 21 1 :

['deflateEnd']

0 21 deflateInit2_ call site: 00026 /src/zlib/deflate.c:499
0 0 None 747 869 deflate call site: 00064 /src/zlib/deflate.c:1009
0 0 None 747 869 deflate call site: 00064 /src/zlib/deflate.c:1011
0 0 None 747 869 deflate call site: 00064 /src/zlib/deflate.c:1013

Runtime coverage analysis

Covered functions
64
Functions that are reachable but not covered
44
Reachable functions
123
Percentage of reachable functions covered
64.23%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/qpdf/fuzz/flate_fuzzer.cc 4
/src/qpdf/libqpdf/Pl_Discard.cc 2
/src/qpdf/libqpdf/Pipeline.cc 2
/src/qpdf/libqpdf/Pl_Flate.cc 8
/src/qpdf/include/qpdf/QIntC.hh 7
/usr/local/bin/../include/c++/v1/stdexcept 1
/src/qpdf/include/qpdf/QUtil.hh 1
/src/qpdf/include/qpdf/Pipeline.hh 1
/src/zlib/deflate.c 16
/src/zlib/crc32.c 5
/src/zlib/adler32.c 2
/src/zlib/trees.c 20
/src/zlib/inflate.c 10
/src/zlib/inftrees.c 1
/src/zlib/inffast.c 1

Fuzzer: future_tiffpredictor_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 20 39.2%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 31 60.7%
All colors 51 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
10 10 4 :

['__cxa_allocate_exception', 'std::out_of_range::out_of_range[abi:v180000](char const*)', '__cxa_free_exception', '__cxa_throw']

10 10 read_bits(unsignedcharconst*&,unsignedlong&,unsignedlong&,unsignedlong) call site: 00000 /src/qpdf/libqpdf/qpdf/bits_functions.hh:34
10 10 4 :

['__cxa_allocate_exception', 'std::out_of_range::out_of_range[abi:v180000](char const*)', '__cxa_free_exception', '__cxa_throw']

10 10 write_bits(unsignedchar&,unsignedlong&,unsignedlonglong,unsignedlong,Pipeline*) call site: 00000 /src/qpdf/libqpdf/qpdf/bits_functions.hh:89
8 8 4 :

['__cxa_allocate_exception', 'std::runtime_error::runtime_error(char const*)', '__cxa_free_exception', '__cxa_throw']

8 8 BitStream::reset() call site: 00000 /src/qpdf/libqpdf/BitStream.cc:21
0 0 None 8 10 Pl_TIFFPredictor::Pl_TIFFPredictor(charconst*,Pipeline*,Pl_TIFFPredictor::action_e,unsignedint,unsignedint,unsignedint) call site: 00000 /src/qpdf/libqpdf/Pl_TIFFPredictor.cc:29
0 0 None 8 10 Pl_TIFFPredictor::Pl_TIFFPredictor(charconst*,Pipeline*,Pl_TIFFPredictor::action_e,unsignedint,unsignedint,unsignedint) call site: 00000 /src/qpdf/libqpdf/Pl_TIFFPredictor.cc:32
0 0 None 8 10 Pl_TIFFPredictor::Pl_TIFFPredictor(charconst*,Pipeline*,Pl_TIFFPredictor::action_e,unsignedint,unsignedint,unsignedint) call site: 00000 /src/qpdf/libqpdf/Pl_TIFFPredictor.cc:36
0 0 None 0 78 Pl_TIFFPredictor::processRow() call site: 00000 /src/qpdf/libqpdf/Pl_TIFFPredictor.cc:83
0 0 None 0 0 Pl_TIFFPredictor::processRow() call site: 00000 /src/qpdf/libqpdf/Pl_TIFFPredictor.cc:104

Runtime coverage analysis

Covered functions
28
Functions that are reachable but not covered
21
Reachable functions
72
Percentage of reachable functions covered
70.83%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/qpdf/fuzz/tiffpredictor_fuzzer.cc 4
/src/qpdf/libqpdf/Pl_Discard.cc 2
/src/qpdf/libqpdf/Pipeline.cc 2
/src/qpdf/libqpdf/Pl_TIFFPredictor.cc 4
/src/qpdf/include/qpdf/Pipeline.hh 1
/src/qpdf/include/qpdf/QTC.hh 1
/src/qpdf/libqpdf/BitWriter.cc 4
/src/qpdf/libqpdf/BitStream.cc 3
/src/qpdf/include/qpdf/QIntC.hh 3
/usr/local/bin/../include/c++/v1/stdexcept 2
/src/qpdf/libqpdf/qpdf/bits_functions.hh 2
/src/qpdf/libqpdf/qpdf/Pl_TIFFPredictor.hh 1

Fuzzer: future_dct_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 174 57.6%
gold [1:9] 8 2.64%
yellow [10:29] 0 0.0%
greenyellow [30:49] 1 0.33%
lawngreen 50+ 119 39.4%
All colors 302 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
768 768 1 :

['Pl_DCT::compress(void*, Buffer*)']

797 802 Pl_DCT::finish() call site: 00000 /src/qpdf/libqpdf/Pl_DCT.cc:155
60 60 1 :

['do_sarray_io']

60 62 access_virt_sarray call site: 00000 /src/libjpeg-turbo/jmemmgr.c:940
28 28 1 :

['do_barray_io']

28 30 access_virt_barray call site: 00000 /src/libjpeg-turbo/jmemmgr.c:1024
8 8 4 :

['__cxa_allocate_exception', 'std::runtime_error::runtime_error(char const*)', '__cxa_free_exception', '__cxa_throw']

8 8 skip_buffer_input_data(jpeg_decompress_struct*,long) call site: 00000 /src/qpdf/libqpdf/Pl_DCT.cc:250
5 5 1 :

['jpeg_destroy_compress']

17 22 Pl_DCT::finish() call site: 00000 /src/qpdf/libqpdf/Pl_DCT.cc:171
2 2 1 :

['out_of_memory']

2 106 alloc_sarray call site: 00000 /src/libjpeg-turbo/jmemmgr.c:461
2 2 1 :

['__isoc99_sscanf']

2 2 jinit_memory_mgr call site: 00044 /src/libjpeg-turbo/jmemmgr.c:1273
2 2 1 :

['out_of_memory']

2 2 alloc_large call site: 00000 /src/libjpeg-turbo/jmemmgr.c:394
0 24 1 :

['Pipeline::getNext(bool)']

2 26 Pl_DCT::finish() call site: 00000 /src/qpdf/libqpdf/Pl_DCT.cc:132
0 2 1 :

['jpeg_mem_term']

8 10 jinit_memory_mgr call site: 00042 /src/libjpeg-turbo/jmemmgr.c:1227
0 0 None 225 686 master_selection call site: 00213 /src/libjpeg-turbo/jdmaster.c:537
0 0 None 225 657 master_selection call site: 00214 /src/libjpeg-turbo/jdmaster.c:548

Runtime coverage analysis

Covered functions
217
Functions that are reachable but not covered
118
Reachable functions
243
Percentage of reachable functions covered
51.44%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/qpdf/fuzz/dct_fuzzer.cc 4
/src/qpdf/libqpdf/Pl_DCT.cc 14
/src/qpdf/libqpdf/Pl_Discard.cc 2
/src/qpdf/libqpdf/Pipeline.cc 2
/src/qpdf/libqpdf/Pl_Buffer.cc 4
/src/qpdf/include/qpdf/Pl_Buffer.hh 1
/src/qpdf/include/qpdf/Pipeline.hh 1
/src/qpdf/libqpdf/Buffer.cc 4
/src/qpdf/include/qpdf/Buffer.hh 1
/src/libjpeg-turbo/jerror.c 1
/src/libjpeg-turbo/jcapimin.c 4
/src/libjpeg-turbo/jmemmgr.c 1
/src/libjpeg-turbo/jmemnobs.c 3
/src/libjpeg-turbo/jcparam.c 7
/src/libjpeg-turbo/jcomapi.c 4
/src/libjpeg-turbo/jstdhuff.c 2
/src/libjpeg-turbo/jcapistd.c 2
/src/libjpeg-turbo/jcinit.c 1
/src/libjpeg-turbo/jcmaster.c 4
/src/libjpeg-turbo/jutils.c 2
/src/libjpeg-turbo/jccolor.c 3
/src/libjpeg-turbo/jcsample.c 3
/src/libjpeg-turbo/jcprepct.c 4
/src/libjpeg-turbo/simd/x86_64/jsimd.c 18
/src/libjpeg-turbo/jclossls.c 3
/src/libjpeg-turbo/jclhuff.c 1
/src/libjpeg-turbo/jcdiffct.c 3
/src/libjpeg-turbo/jcdctmgr.c 2
/src/libjpeg-turbo/jcarith.c 1
/src/libjpeg-turbo/jcphuff.c 1
/src/libjpeg-turbo/jchuff.c 1
/src/libjpeg-turbo/jccoefct.c 2
/src/libjpeg-turbo/jcmainct.c 3
/src/libjpeg-turbo/jcmarker.c 1
/src/qpdf/include/qpdf/QIntC.hh 6
/usr/local/bin/../include/c++/v1/stdexcept 1
/src/libjpeg-turbo/jdapimin.c 6
/src/libjpeg-turbo/jdmarker.c 2
/src/libjpeg-turbo/jdinput.c 1
/src/libjpeg-turbo/jdmaster.c 6
/src/libjpeg-turbo/jdapistd.c 3
/src/libjpeg-turbo/jquant1.c 8
/src/libjpeg-turbo/jquant2.c 3
/src/libjpeg-turbo/jdmerge.c 3
/src/libjpeg-turbo/jdcolor.c 5
/src/libjpeg-turbo/jdsample.c 3
/src/libjpeg-turbo/jdpostct.c 3
/src/libjpeg-turbo/jdlossls.c 3
/src/libjpeg-turbo/jdlhuff.c 1
/src/libjpeg-turbo/jddiffct.c 3
/src/libjpeg-turbo/jddctmgr.c 2
/src/libjpeg-turbo/jdarith.c 1
/src/libjpeg-turbo/jdphuff.c 1
/src/libjpeg-turbo/jdhuff.c 1
/src/libjpeg-turbo/jdcoefct.c 2
/src/libjpeg-turbo/jdmainct.c 4

Fuzzer: pngpredictor_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 11 25.0%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 33 75.0%
All colors 44 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
28 28 1 :

['Pl_PNGFilter::encodeRow()']

28 28 Pl_PNGFilter::processRow() call site: 00000 /src/qpdf/libqpdf/Pl_PNGFilter.cc:100
8 8 4 :

['__cxa_allocate_exception', 'std::runtime_error::runtime_error(char const*)', '__cxa_free_exception', '__cxa_throw']

8 10 Pl_PNGFilter::Pl_PNGFilter(charconst*,Pipeline*,Pl_PNGFilter::action_e,unsignedint,unsignedint,unsignedint) call site: 00000 /src/qpdf/libqpdf/Pl_PNGFilter.cc:49
0 0 None 8 10 Pl_PNGFilter::Pl_PNGFilter(charconst*,Pipeline*,Pl_PNGFilter::action_e,unsignedint,unsignedint,unsignedint) call site: 00000 /src/qpdf/libqpdf/Pl_PNGFilter.cc:36
0 0 None 8 10 Pl_PNGFilter::Pl_PNGFilter(charconst*,Pipeline*,Pl_PNGFilter::action_e,unsignedint,unsignedint,unsignedint) call site: 00000 /src/qpdf/libqpdf/Pl_PNGFilter.cc:46

Runtime coverage analysis

Covered functions
25
Functions that are reachable but not covered
10
Reachable functions
55
Percentage of reachable functions covered
81.82%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/qpdf/fuzz/pngpredictor_fuzzer.cc 4
/src/qpdf/libqpdf/Pl_Discard.cc 2
/src/qpdf/libqpdf/Pipeline.cc 2
/src/qpdf/libqpdf/Pl_PNGFilter.cc 12
/src/qpdf/include/qpdf/QUtil.hh 1
/src/qpdf/include/qpdf/Pipeline.hh 1
/src/qpdf/include/qpdf/QTC.hh 1
/src/qpdf/libqpdf/qpdf/Pl_PNGFilter.hh 1

Fuzzer: future_runlength_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 18 52.9%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 16 47.0%
All colors 34 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
41 41 1 :

['Pl_RunLength::encode(unsigned char const*, unsigned long)']

41 41 Pl_RunLength::write(unsignedcharconst*,unsignedlong) call site: 00000 /src/qpdf/libqpdf/Pl_RunLength.cc:27
32 32 1 :

['Pl_RunLength::flush_encode()']

32 32 Pl_RunLength::finish() call site: 00000 /src/qpdf/libqpdf/Pl_RunLength.cc:140

Runtime coverage analysis

Covered functions
20
Functions that are reachable but not covered
15
Reachable functions
48
Percentage of reachable functions covered
68.75%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/qpdf/fuzz/runlength_fuzzer.cc 4
/src/qpdf/libqpdf/Pl_Discard.cc 2
/src/qpdf/libqpdf/Pipeline.cc 4
/src/qpdf/libqpdf/Pl_RunLength.cc 7
/src/qpdf/include/qpdf/Pipeline.hh 1
/src/qpdf/include/qpdf/QTC.hh 1

Fuzzer: future_json_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 1566 74.6%
gold [1:9] 16 0.76%
yellow [10:29] 18 0.85%
greenyellow [30:49] 15 0.71%
lawngreen 50+ 482 22.9%
All colors 2097 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
124884 392671 63 :

['QPDF::damagedPDF(std::__1::basic_string , std::__1::allocator > const&, std::__1::basic_string , std::__1::allocator > const&)', 'QPDF::interpretCF(std::__1::shared_ptr , QPDFObjectHandle)', 'std::__1::basic_string , std::__1::allocator >::basic_string[abi:v180000]()', 'QPDFObjectHandle::isNull() const', 'std::__1::basic_string , std::__1::allocator > std::__1::operator+[abi:v180000] , std::__1::allocator >(std::__1::basic_string , std::__1::allocator >&&, char const*)', 'std::__1::shared_ptr ::operator->[abi:v180000]() const', 'QPDFObjectHandle::isString() const', 'QPDFExc::~QPDFExc()', 'QPDFObjectHandle::isName() const', 'check_owner_password(std::__1::basic_string , std::__1::allocator >&, std::__1::basic_string , std::__1::allocator > const&, QPDF::EncryptionData const&)', 'QPDF::compute_encryption_key(std::__1::basic_string , std::__1::allocator > const&, QPDF::EncryptionData const&)', '__cxa_free_exception', 'std::__1::basic_string , std::__1::allocator > std::__1::operator+[abi:v180000] , std::__1::allocator >(char const*, std::__1::basic_string , std::__1::allocator >&&)', 'QPDFObjectHandle::getName() const', 'std::__1::to_string(int)', 'std::__1::map , std::__1::allocator >, QPDF::encryption_method_e, std::__1::less , std::__1::allocator > >, std::__1::allocator , std::__1::allocator > const, QPDF::encryption_method_e> > >::operator[](std::__1::basic_string , std::__1::allocator > const&)', 'QPDFObjectHandle::getIntValueAsInt() const', 'QPDF::warn(QPDFExc const&)', 'QTC::TC(char const*, char const*, int)', '__cxa_allocate_exception', 'QPDFObjectHandle::getBoolValue() const', 'std::__1::basic_string , std::__1::allocator >::operator=(std::__1::basic_string , std::__1::allocator > const&)', 'QPDFExc::QPDFExc(qpdf_error_code_e, std::__1::basic_string , std::__1::allocator > const&, std::__1::basic_string , std::__1::allocator > const&, long long, std::__1::basic_string , std::__1::allocator > const&)', 'std::__1::set , std::__1::allocator >, std::__1::less , std::__1::allocator > >, std::__1::allocator , std::__1::allocator > > >::begin[abi:v180000]()', 'QPDFObjectHandle::getKey(std::__1::basic_string , std::__1::allocator > const&) const', 'std::__1::basic_string , std::__1::allocator >::operator=[abi:v180000](std::__1::basic_string , std::__1::allocator >&&)', 'QPDFObjectHandle::getArrayNItems() const', 'std::__1::__tree_const_iterator , std::__1::allocator >, std::__1::__tree_node , std::__1::allocator >, void*>*, long>::operator*[abi:v180000]() const', 'std::__1::shared_ptr ::~shared_ptr[abi:v180000]()', 'QPDF::EncryptionData::~EncryptionData()', '_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC2B7v180000ILi0EEEPKc', 'QUtil::hex_decode(std::__1::basic_string , std::__1::allocator > const&)', 'std::__1::shared_ptr ::shared_ptr[abi:v180000](std::__1::shared_ptr const&)', 'QPDFObjectHandle::getIntValue() const', 'std::__1::shared_ptr ::operator->[abi:v180000]() const', 'QPDF::damagedPDF(std::__1::basic_string , std::__1::allocator > const&)', 'std::__1::basic_string , std::__1::allocator > std::__1::operator+[abi:v180000] , std::__1::allocator >(std::__1::basic_string , std::__1::allocator >&&, std::__1::basic_string , std::__1::allocator >&&)', 'QPDFObjectHandle::QPDFObjectHandle(QPDFObjectHandle const&)', 'QPDFObjectHandle::isBool() const', 'std::__1::basic_string , std::__1::allocator >::~basic_string()', 'QPDFObjectHandle::isArray() const', 'QPDFObjectHandle::isDictionary() const', '__cxa_throw', 'QPDF::warn(qpdf_error_code_e, std::__1::basic_string , std::__1::allocator > const&, long long, std::__1::basic_string , std::__1::allocator > const&)', 'QPDFObjectHandle::getStringValue() const', 'QPDFObjectHandle::getArrayItem(int) const', 'QPDFObjectHandle::isInteger() const', 'std::__1::set , std::__1::allocator >, std::__1::less , std::__1::allocator > >, std::__1::allocator , std::__1::allocator > > >::~set[abi:v180000]()', 'pad_short_parameter(std::__1::basic_string , std::__1::allocator >&, unsigned long)', 'bool std::__1::operator==[abi:v180000] >(std::__1::basic_string , std::__1::allocator > const&, std::__1::basic_string , std::__1::allocator > const&)', 'std::__1::operator!=[abi:v180000](std::__1::__tree_const_iterator , std::__1::allocator >, std::__1::__tree_node , std::__1::allocator >, void*>*, long> const&, std::__1::__tree_const_iterator , std::__1::allocator >, std::__1::__tree_node , std::__1::allocator >, void*>*, long> const&)', 'bool std::__1::operator==[abi:v180000] , std::__1::allocator >(std::__1::basic_string , std::__1::allocator > const&, char const*)', 'QPDF::EncryptionData::EncryptionData(int, int, int, int, std::__1::basic_string , std::__1::allocator > const&, std::__1::basic_string , std::__1::allocator > const&, std::__1::basic_string , std::__1::allocator > const&, std::__1::basic_string , std::__1::allocator > const&, std::__1::basic_string , std::__1::allocator > const&, std::__1::basic_string , std::__1::allocator > const&, bool)', 'QPDF::recover_encryption_key_with_password(std::__1::basic_string , std::__1::allocator > const&, QPDF::EncryptionData const&, bool&)', 'QPDFObjectHandle::~QPDFObjectHandle()', 'InputSource::getLastOffset() const', 'QPDF::getTrimmedUserPassword() const', 'std::__1::basic_string , std::__1::allocator >::length[abi:v180000]() const', 'std::__1::set , std::__1::allocator >, std::__1::less , std::__1::allocator > >, std::__1::allocator , std::__1::allocator > > >::end[abi:v180000]()', 'check_user_password(std::__1::basic_string , std::__1::allocator > const&, QPDF::EncryptionData const&)', 'std::__1::__tree_const_iterator , std::__1::allocator >, std::__1::__tree_node , std::__1::allocator >, void*>*, long>::operator++[abi:v180000]()', 'std::__1::shared_ptr ::operator->[abi:v180000]() const', 'QPDFObjectHandle::getKeys() const']

124884 392671 QPDF::initializeEncryption() call site: 00000 /src/qpdf/libqpdf/QPDF_encryption.cc:730
5633 5637 8 :

['std::__1::basic_string , std::__1::allocator >::~basic_string()', 'std::__1::shared_ptr ::~shared_ptr[abi:v180000]()', 'QPDF_Null::create(std::__1::shared_ptr , std::__1::basic_string_view > const&, std::__1::basic_string , std::__1::allocator >)', 'std::__1::shared_ptr ::shared_ptr[abi:v180000](std::__1::shared_ptr const&)', 'QPDFObjectHandle::QPDFObjectHandle(std::__1::shared_ptr const&)', '_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC2B7v180000ILi0EEEPKc', 'QPDFObjectHandle::typeWarning(char const*, std::__1::basic_string , std::__1::allocator > const&) const', 'QTC::TC(char const*, char const*, int)']

5633 5637 QPDFObjectHandle::getKey(std::__1::basic_string ,std::__1::allocator >const&)const call site: 00000 /src/qpdf/libqpdf/QPDFObjectHandle.cc:1266
5619 5619 1 :

['QPDF::getAllPages()']

5619 5619 QPDF::JSONReactor::dictionaryItem(std::__1::basic_string ,std::__1::allocator >const&,JSONconst&) call site: 00000 /src/qpdf/libqpdf/QPDF_json.cc:530
5581 5648 3 :

['std::__1::shared_ptr ::operator->[abi:v180000]() const', 'QPDF::damagedPDF(std::__1::basic_string , std::__1::allocator > const&, long long, std::__1::basic_string , std::__1::allocator > const&)', 'QPDF::read_xrefStream(long long)']

5613 55781 QPDF::read_xrefTable(longlong) call site: 00000 /src/qpdf/libqpdf/QPDF.cc:1019
5572 5574 4 :

['_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC2B7v180000ILi0EEEPKc', 'std::__1::basic_string , std::__1::allocator >::~basic_string()', 'QPDFObjectHandle::typeWarning(char const*, std::__1::basic_string , std::__1::allocator > const&) const', 'QTC::TC(char const*, char const*, int)']

5572 5574 QPDFObjectHandle::getIntValue()const call site: 00000 /src/qpdf/libqpdf/QPDFObjectHandle.cc:654
5572 5574 4 :

['_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC2B7v180000ILi0EEEPKc', 'std::__1::basic_string , std::__1::allocator >::~basic_string()', 'QPDFObjectHandle::typeWarning(char const*, std::__1::basic_string , std::__1::allocator > const&) const', 'QTC::TC(char const*, char const*, int)']

5572 5574 QPDFObjectHandle::getName()const call site: 00000 /src/qpdf/libqpdf/QPDFObjectHandle.cc:832
5572 5574 4 :

['_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC2B7v180000ILi0EEEPKc', 'std::__1::basic_string , std::__1::allocator >::~basic_string()', 'QPDFObjectHandle::typeWarning(char const*, std::__1::basic_string , std::__1::allocator > const&) const', 'QTC::TC(char const*, char const*, int)']

5572 5574 QPDFObjectHandle::appendItem(QPDFObjectHandleconst&) call site: 00000 /src/qpdf/libqpdf/QPDFObjectHandle.cc:1194
5572 5574 4 :

['_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC2B7v180000ILi0EEEPKc', 'std::__1::basic_string , std::__1::allocator >::~basic_string()', 'QPDFObjectHandle::typeWarning(char const*, std::__1::basic_string , std::__1::allocator > const&) const', 'QTC::TC(char const*, char const*, int)']

5572 5574 QPDFObjectHandle::hasKey(std::__1::basic_string ,std::__1::allocator >const&)const call site: 00000 /src/qpdf/libqpdf/QPDFObjectHandle.cc:1249
5572 5574 4 :

['_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC2B7v180000ILi0EEEPKc', 'std::__1::basic_string , std::__1::allocator >::~basic_string()', 'QPDFObjectHandle::typeWarning(char const*, std::__1::basic_string , std::__1::allocator > const&) const', 'QTC::TC(char const*, char const*, int)']

5572 5574 QPDFObjectHandle::replaceKey(std::__1::basic_string ,std::__1::allocator >const&,QPDFObjectHandleconst&) call site: 00000 /src/qpdf/libqpdf/QPDFObjectHandle.cc:1519
5572 5574 4 :

['_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC2B7v180000ILi0EEEPKc', 'std::__1::basic_string , std::__1::allocator >::~basic_string()', 'QPDFObjectHandle::typeWarning(char const*, std::__1::basic_string , std::__1::allocator > const&) const', 'QTC::TC(char const*, char const*, int)']

5572 5574 QPDFObjectHandle::removeKey(std::__1::basic_string ,std::__1::allocator >const&) call site: 00000 /src/qpdf/libqpdf/QPDFObjectHandle.cc:1547
5553 5553 5 :

['std::__1::shared_ptr ::operator->[abi:v180000]() const', '__dynamic_cast', 'std::__1::shared_ptr ::get[abi:v180000]() const', 'QPDFObject::isUnresolved() const', 'QPDF::Resolver::resolved(QPDF*, QPDFObjGen)']

5553 5553 QPDF_Stream*QPDFObject::as ()const call site: 00000 /src/qpdf/libqpdf/qpdf/QPDFObject_private.hh:172
5553 5553 5 :

['std::__1::shared_ptr ::operator->[abi:v180000]() const', '__dynamic_cast', 'std::__1::shared_ptr ::get[abi:v180000]() const', 'QPDFObject::isUnresolved() const', 'QPDF::Resolver::resolved(QPDF*, QPDFObjGen)']

5553 5553 QPDF_Array*QPDFObject::as ()const call site: 00000 /src/qpdf/libqpdf/qpdf/QPDFObject_private.hh:172

Runtime coverage analysis

Covered functions
401
Functions that are reachable but not covered
665
Reachable functions
1208
Percentage of reachable functions covered
44.95%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/qpdf/fuzz/json_fuzzer.cc 4
/src/qpdf/libqpdf/JSON.cc 28
/src/qpdf/libqpdf/BufferInputSource.cc 3
/src/qpdf/include/qpdf/InputSource.hh 8
/src/qpdf/libqpdf/Buffer.cc 7
/src/qpdf/include/qpdf/QIntC.hh 25
/usr/local/bin/../include/c++/v1/stdexcept 2
/src/qpdf/include/qpdf/QTC.hh 1
/src/qpdf/include/qpdf/QUtil.hh 3
/src/qpdf/libqpdf/QUtil.cc 12
/src/qpdf/include/qpdf/JSON.hh 6
/src/qpdf/include/qpdf/Buffer.hh 1
/src/qpdf/libqpdf/QPDF.cc 67
/src/qpdf/libqpdf/QPDFLogger.cc 8
/src/qpdf/libqpdf/Pl_Discard.cc 1
/src/qpdf/libqpdf/Pipeline.cc 7
/src/qpdf/libqpdf/Pl_OStream.cc 2
/src/qpdf/include/qpdf/Pipeline.hh 1
/src/qpdf/libqpdf/QPDFTokenizer.cc 35
/src/qpdf/include/qpdf/QPDFObjGen.hh 10
/src/qpdf/include/qpdf/QPDFObjectHandle_future.hh 15
/src/qpdf/include/qpdf/QPDF.hh 22
/src/qpdf/include/qpdf/QPDFTokenizer.hh 13
/src/qpdf/libqpdf/QPDF_json.cc 5
/src/qpdf/libqpdf/InputSource.cc 5
/src/qpdf/libqpdf/QPDFExc.cc 2
/src/qpdf/include/qpdf/QPDFExc.hh 2
/src/qpdf/include/qpdf/QPDFXRefEntry.hh 2
/src/qpdf/libqpdf/qpdf/QPDFParser.hh 1
/src/qpdf/libqpdf/QPDFParser.cc 26
/src/qpdf/libqpdf/QPDF_Null.cc 4
/src/qpdf/libqpdf/qpdf/QPDFValue.hh 11
/src/qpdf/libqpdf/QPDFValue.cc 2
/src/qpdf/libqpdf/qpdf/QPDFObject_private.hh 20
/src/qpdf/libqpdf/QPDF_Integer.cc 3
/src/qpdf/libqpdf/QPDF_Unresolved.cc 2
/src/qpdf/libqpdf/QPDF_Array.cc 9
/src/qpdf/libqpdf/QPDFObjectHandle.cc 53
/src/qpdf/libqpdf/QPDFObjGen.cc 2
/src/qpdf/libqpdf/QPDFXRefEntry.cc 3
/src/qpdf/libqpdf/QPDF_Stream.cc 7
/src/qpdf/libqpdf/QPDF_Bool.cc 2
/src/qpdf/libqpdf/QPDF_Real.cc 4
/src/qpdf/libqpdf/QPDF_Name.cc 2
/src/qpdf/libqpdf/QPDF_Operator.cc 2
/src/qpdf/libqpdf/QPDF_String.cc 2
/src/qpdf/libqpdf/QPDF_Dictionary.cc 7
/src/qpdf/libqpdf/qpdf/QPDF_Array.hh 1
/src/qpdf/libqpdf/Pl_Buffer.cc 5
/src/qpdf/include/qpdf/Pl_Buffer.hh 1
/src/qpdf/libqpdf/Pl_Flate.cc 1
/src/qpdf/libqpdf/Pl_Count.cc 4
/src/qpdf/libqpdf/QPDF_encryption.cc 40
/src/qpdf/libqpdf/MD5.cc 4
/src/qpdf/libqpdf/QPDFCryptoProvider.cc 6
/src/qpdf/include/qpdf/QPDFCryptoProvider.hh 1
/src/qpdf/libqpdf/qpdf/MD5.hh 1
/src/qpdf/libqpdf/ContentNormalizer.cc 2
/src/qpdf/libqpdf/QPDF_pages.cc 4
/src/qpdf/libqpdf/QPDF_optimization.cc 2
/src/qpdf/libqpdf/RC4.cc 2
/src/qpdf/libqpdf/qpdf/RC4.hh 1
/src/qpdf/libqpdf/Pl_SHA2.cc 4
/src/qpdf/libqpdf/Pl_AES_PDF.cc 7
/src/qpdf/libqpdf/CryptoRandomDataProvider.cc 1
/src/qpdf/libqpdf/qpdf/CryptoRandomDataProvider.hh 1
/src/qpdf/include/qpdf/RandomDataProvider.hh 1
/src/qpdf/libqpdf/qpdf/Pl_AES_PDF.hh 1
/src/qpdf/libqpdf/qpdf/Pl_SHA2.hh 1
/src/qpdf/libqpdf/QPDFObject.cc 1
/src/qpdf/libqpdf/QPDF_Destroyed.cc 2

Fuzzer: hex_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 4 14.8%
gold [1:9] 1 3.70%
yellow [10:29] 0 0.0%
greenyellow [30:49] 2 7.40%
lawngreen 50+ 20 74.0%
All colors 27 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
0 0 None 0 0 Pl_ASCIIHexDecoder::write(unsignedcharconst*,unsignedlong) call site: 00000 /src/qpdf/libqpdf/Pl_ASCIIHexDecoder.cc:20

Runtime coverage analysis

Covered functions
16
Functions that are reachable but not covered
11
Reachable functions
38
Percentage of reachable functions covered
71.05%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/qpdf/fuzz/hex_fuzzer.cc 4
/src/qpdf/libqpdf/Pl_Discard.cc 2
/src/qpdf/libqpdf/Pipeline.cc 2
/src/qpdf/libqpdf/Pl_ASCIIHexDecoder.cc 4
/src/qpdf/include/qpdf/QTC.hh 1
/src/qpdf/libqpdf/qpdf/Pl_ASCIIHexDecoder.hh 1
/src/qpdf/include/qpdf/Pipeline.hh 1

Fuzzer: qpdf_pages_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 748 23.7%
gold [1:9] 78 2.47%
yellow [10:29] 53 1.68%
greenyellow [30:49] 55 1.74%
lawngreen 50+ 2214 70.3%
All colors 3148 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
11205 33925 8 :

['QPDFObjectHandle::getUTF8Value() const', 'QPDFObjectHandle::isString() const', 'QPDFAcroFormDocumentHelper::QPDFAcroFormDocumentHelper(QPDF&)', 'QPDFAcroFormDocumentHelper::~QPDFAcroFormDocumentHelper()', 'QPDFAcroFormDocumentHelper::setNeedAppearances(bool)', 'QPDFObjectHandle::newUnicodeString(std::__1::basic_string , std::__1::allocator > const&)', 'QPDFObjectHandle::getQPDF(std::__1::basic_string , std::__1::allocator > const&) const', 'QPDFFormFieldObjectHelper::setFieldAttribute(std::__1::basic_string , std::__1::allocator > const&, QPDFObjectHandle)']

11213 33935 QPDFFormFieldObjectHelper::setV(QPDFObjectHandle,bool) call site: 00000 /src/qpdf/libqpdf/QPDFFormFieldObjectHelper.cc:302
5896 5896 2 :

['QPDFObjectHandle::getKey(std::__1::basic_string , std::__1::allocator > const&) const', 'QPDFObjectHandle::warnIfPossible(std::__1::basic_string , std::__1::allocator > const&) const']

11474 57408 QPDFPageDocumentHelper::flattenAnnotations(int,int) call site: 00000 /src/qpdf/libqpdf/QPDFPageDocumentHelper.cc:59
5726 5726 5 :

['std::__1::shared_ptr ::~shared_ptr[abi:v180000]()', 'std::__1::shared_ptr ::~shared_ptr[abi:v180000]()', 'QPDF::decryptStream(std::__1::shared_ptr , std::__1::shared_ptr , QPDF&, Pipeline*&, QPDFObjGen const&, QPDFObjectHandle&, std::__1::unique_ptr >&)', 'std::__1::shared_ptr ::shared_ptr[abi:v180000](std::__1::shared_ptr const&)', 'std::__1::shared_ptr ::shared_ptr[abi:v180000](std::__1::shared_ptr const&)']

5752 6426 QPDF::pipeStreamData(std::__1::shared_ptr ,std::__1::shared_ptr ,QPDF&,QPDFObjGenconst&,longlong,unsignedlong,QPDFObjectHandle,Pipeline*,bool,bool) call site: 00000 /src/qpdf/libqpdf/QPDF.cc:2720
5714 5714 1 :

['QPDFObjectHandle::parseAsContents(QPDFObjectHandle::ParserCallbacks*)']

5714 5714 QPDFPageObjectHelper::parseContents(QPDFObjectHandle::ParserCallbacks*) call site: 00000 /src/qpdf/libqpdf/QPDFPageObjectHelper.cc:488
5580 5580 2 :

['QPDFObjectHandle::getArrayAsMatrix() const', 'QPDFMatrix::QPDFMatrix(QPDFObjectHandle::Matrix const&)']

16774 22490 QPDFAnnotationObjectHelper::getPageContentForAppearance(std::__1::basic_string ,std::__1::allocator >const&,int,int,int) call site: 00000 /src/qpdf/libqpdf/QPDFAnnotationObjectHelper.cc:165
1864 2071 12 :

['(anonymous namespace)::JSONParser::ignore((anonymous namespace)::JSONParser::lex_state_e)', 'std::__1::basic_string , std::__1::allocator >::operator+=[abi:v180000](char)', 'std::__1::basic_string , std::__1::allocator > std::__1::operator+[abi:v180000] , std::__1::allocator >(std::__1::basic_string , std::__1::allocator >&&, std::__1::basic_string , std::__1::allocator >&&)', '(anonymous namespace)::JSONParser::append()', 'std::logic_error::logic_error(char const*)', '(anonymous namespace)::JSONParser::ignore()', 'std::__1::basic_string , std::__1::allocator >::empty[abi:v180000]() const', '(anonymous namespace)::JSONParser::handle_u_code(unsigned long, long long, unsigned long&, long long&, std::__1::basic_string , std::__1::allocator >&)', '(anonymous namespace)::JSONParser::tokenError()', 'QUtil::hex_decode_char(char)', '(anonymous namespace)::JSONParser::append((anonymous namespace)::JSONParser::lex_state_e)', 'std::__1::basic_string , std::__1::allocator >::basic_string[abi:v180000](char const*, unsigned long)']

1916 2133 (anonymousnamespace)::JSONParser::getToken() call site: 00000 /src/qpdf/libqpdf/JSON.cc:963
252 474 6 :

['adler32', 'fixedtables', 'inflate_fast', 'inflate_table', 'crc32', 'updatewindow']

252 474 inflate call site: 00000 /src/zlib/inflate.c:817
119 119 5 :

['BitStream::BitStream(unsigned char const*, unsigned long)', 'BitWriter::writeBitsSigned(long long, unsigned long)', 'BitStream::getBitsSigned(unsigned long)', 'BitWriter::BitWriter(Pipeline*)', 'BitWriter::flush()']

119 119 Pl_TIFFPredictor::processRow() call site: 00000 /src/qpdf/libqpdf/Pl_TIFFPredictor.cc:76
108 108 1 :

['deflateInit_']

521 1015 Pl_Flate::handleData(unsignedcharconst*,unsignedlong,int) call site: 00000 /src/qpdf/libqpdf/Pl_Flate.cc:131
60 71 3 :

['QPDFObjectHandle::QPDFObjectHandle(QPDFObjectHandle const&)', 'QPDFObjectHandle::getObjGen() const', 'QPDF::replaceObject(QPDFObjGen const&, QPDFObjectHandle)']

88 22457 QPDFPageDocumentHelper::flattenAnnotationsForPage(QPDFPageObjectHelper&,QPDFObjectHandle&,QPDFAcroFormDocumentHelper&,int,int) call site: 00000 /src/qpdf/libqpdf/QPDFPageDocumentHelper.cc:147
46 46 1 :

['void QIntC::range_check_substract_error (long long const&, long long const&)']

46 46 voidQIntC::range_check_substract (longlongconst&,longlongconst&) call site: 00000 /src/qpdf/include/qpdf/QIntC.hh:304
44 44 3 :

['std::__1::basic_string , std::__1::allocator >::~basic_string()', 'QPDFObjectHandle QPDFParser::withDescription , std::__1::allocator >&>(std::__1::basic_string , std::__1::allocator >&)', 'std::__1::basic_string , std::__1::allocator >::basic_string(std::__1::basic_string , std::__1::allocator > const&)']

44 101 QPDFParser::parse(bool&,bool) call site: 00000 /src/qpdf/libqpdf/QPDFParser.cc:115

Runtime coverage analysis

Covered functions
1015
Functions that are reachable but not covered
369
Reachable functions
1749
Percentage of reachable functions covered
78.9%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/qpdf/fuzz/qpdf_pages_fuzzer.cc 9
/src/qpdf/libqpdf/Buffer.cc 5
/src/qpdf/libqpdf/Pl_Discard.cc 2
/src/qpdf/libqpdf/Pipeline.cc 7
/src/qpdf/include/qpdf/Buffer.hh 1
/src/qpdf/libqpdf/Pl_DCT.cc 3
/src/qpdf/libqpdf/Pl_PNGFilter.cc 1
/src/qpdf/libqpdf/Pl_TIFFPredictor.cc 1
/src/qpdf/libqpdf/Pl_Flate.cc 2
/src/qpdf/libqpdf/BufferInputSource.cc 4
/src/qpdf/include/qpdf/InputSource.hh 8
/src/qpdf/include/qpdf/QIntC.hh 30
/usr/local/bin/../include/c++/v1/stdexcept 2
/src/qpdf/libqpdf/QPDF.cc 65
/src/qpdf/include/qpdf/QPDF.hh 21
/src/qpdf/libqpdf/InputSource.cc 5
/src/qpdf/include/qpdf/QTC.hh 1
/src/qpdf/libqpdf/QPDFExc.cc 2
/src/qpdf/include/qpdf/QPDFExc.hh 2
/src/qpdf/libqpdf/QPDFTokenizer.cc 41
/src/qpdf/include/qpdf/QUtil.hh 3
/src/qpdf/include/qpdf/QPDFTokenizer.hh 14
/src/qpdf/libqpdf/QUtil.cc 25
/src/qpdf/include/qpdf/QPDFObjGen.hh 10
/src/qpdf/include/qpdf/QPDFXRefEntry.hh 2
/src/qpdf/libqpdf/qpdf/QPDFParser.hh 1
/src/qpdf/libqpdf/QPDFParser.cc 26
/src/qpdf/libqpdf/QPDFLogger.cc 8
/src/qpdf/include/qpdf/QPDFObjectHandle.hh 21
/src/qpdf/libqpdf/QPDF_Null.cc 4
/src/qpdf/libqpdf/qpdf/QPDFValue.hh 10
/src/qpdf/libqpdf/QPDFValue.cc 2
/src/qpdf/libqpdf/qpdf/QPDFObject_private.hh 23
/src/qpdf/libqpdf/QPDF_Integer.cc 3
/src/qpdf/libqpdf/QPDF_Unresolved.cc 2
/src/qpdf/libqpdf/QPDF_Array.cc 11
/src/qpdf/libqpdf/QPDFObjectHandle.cc 100
/src/qpdf/libqpdf/QPDFObjGen.cc 3
/src/qpdf/libqpdf/QPDFXRefEntry.cc 3
/src/qpdf/libqpdf/QPDF_Stream.cc 10
/src/qpdf/libqpdf/QPDF_Bool.cc 2
/src/qpdf/libqpdf/QPDF_Real.cc 4
/src/qpdf/libqpdf/QPDF_Name.cc 2
/src/qpdf/libqpdf/QPDF_Operator.cc 2
/src/qpdf/libqpdf/QPDF_String.cc 4
/src/qpdf/libqpdf/QPDF_Dictionary.cc 8
/src/qpdf/libqpdf/Pl_OStream.cc 2
/src/qpdf/include/qpdf/Pipeline.hh 1
/src/qpdf/libqpdf/qpdf/QPDF_Array.hh 1
/src/qpdf/libqpdf/Pl_Buffer.cc 6
/src/qpdf/include/qpdf/Pl_Buffer.hh 1
/src/qpdf/libqpdf/Pl_Count.cc 4
/src/qpdf/libqpdf/QPDF_encryption.cc 40
/src/qpdf/libqpdf/MD5.cc 4
/src/qpdf/libqpdf/QPDFCryptoProvider.cc 6
/src/qpdf/include/qpdf/QPDFCryptoProvider.hh 1
/src/qpdf/libqpdf/qpdf/MD5.hh 1
/src/qpdf/libqpdf/ContentNormalizer.cc 2
/src/qpdf/libqpdf/QPDF_pages.cc 4
/src/qpdf/libqpdf/QPDF_optimization.cc 2
/src/qpdf/libqpdf/RC4.cc 2
/src/qpdf/libqpdf/qpdf/RC4.hh 1
/src/qpdf/libqpdf/Pl_SHA2.cc 4
/src/qpdf/libqpdf/Pl_AES_PDF.cc 7
/src/qpdf/libqpdf/CryptoRandomDataProvider.cc 1
/src/qpdf/libqpdf/qpdf/CryptoRandomDataProvider.hh 1
/src/qpdf/include/qpdf/RandomDataProvider.hh 1
/src/qpdf/libqpdf/qpdf/Pl_AES_PDF.hh 1
/src/qpdf/libqpdf/qpdf/Pl_SHA2.hh 1
/src/qpdf/libqpdf/QPDFPageDocumentHelper.cc 4
/src/qpdf/include/qpdf/QPDFDocumentHelper.hh 1
/src/qpdf/libqpdf/QPDFPageLabelDocumentHelper.cc 3
/src/qpdf/include/qpdf/QPDFPageLabelDocumentHelper.hh 2
/src/qpdf/libqpdf/QPDFDocumentHelper.cc 1
/src/qpdf/libqpdf/QPDFOutlineDocumentHelper.cc 4
/src/qpdf/include/qpdf/QPDFOutlineDocumentHelper.hh 3
/src/qpdf/include/qpdf/QPDFOutlineObjectHelper.hh 3
/src/qpdf/libqpdf/QPDFOutlineObjectHelper.cc 5
/src/qpdf/include/qpdf/QPDFObjectHelper.hh 5
/src/qpdf/libqpdf/QPDFObjectHelper.cc 1
/src/qpdf/libqpdf/QPDFAcroFormDocumentHelper.cc 9
/src/qpdf/libqpdf/QPDFFormFieldObjectHelper.cc 23
/src/qpdf/include/qpdf/QPDFFormFieldObjectHelper.hh 2
/src/qpdf/include/qpdf/QPDFPageDocumentHelper.hh 1
/src/qpdf/include/qpdf/QPDFPageObjectHelper.hh 1
/src/qpdf/libqpdf/QPDFPageObjectHelper.cc 9
/src/qpdf/include/qpdf/QPDFAnnotationObjectHelper.hh 1
/src/qpdf/libqpdf/QPDFAnnotationObjectHelper.cc 7
/src/qpdf/libqpdf/Pl_QPDFTokenizer.cc 4
/src/qpdf/libqpdf/QPDFMatrix.cc 11
/src/qpdf/include/qpdf/QPDFAcroFormDocumentHelper.hh 1
/src/qpdf/libqpdf/QPDFNumberTreeObjectHelper.cc 6
/src/qpdf/libqpdf/NNTree.cc 24
/src/qpdf/libqpdf/qpdf/NNTree.hh 4
/src/qpdf/include/qpdf/QPDFNumberTreeObjectHelper.hh 1
/src/qpdf/libqpdf/JSON.cc 29
/src/qpdf/libqpdf/qpdf/JSON_writer.hh 3
/src/qpdf/include/qpdf/JSON.hh 4
/src/qpdf/libqpdf/Pl_String.cc 3
/src/qpdf/libqpdf/QPDFNameTreeObjectHelper.cc 6
/src/qpdf/include/qpdf/QPDFNameTreeObjectHelper.hh 1

Fuzzer: json_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 1566 74.6%
gold [1:9] 10 0.47%
yellow [10:29] 21 1.00%
greenyellow [30:49] 18 0.85%
lawngreen 50+ 482 22.9%
All colors 2097 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
391725 392671 63 :

['QPDF::damagedPDF(std::__1::basic_string , std::__1::allocator > const&, std::__1::basic_string , std::__1::allocator > const&)', 'QPDF::interpretCF(std::__1::shared_ptr , QPDFObjectHandle)', 'std::__1::basic_string , std::__1::allocator >::basic_string[abi:v180000]()', 'QPDFObjectHandle::isNull() const', 'std::__1::basic_string , std::__1::allocator > std::__1::operator+[abi:v180000] , std::__1::allocator >(std::__1::basic_string , std::__1::allocator >&&, char const*)', 'std::__1::shared_ptr ::operator->[abi:v180000]() const', 'QPDFObjectHandle::isString() const', 'QPDFExc::~QPDFExc()', 'QPDFObjectHandle::isName() const', 'check_owner_password(std::__1::basic_string , std::__1::allocator >&, std::__1::basic_string , std::__1::allocator > const&, QPDF::EncryptionData const&)', 'QPDF::compute_encryption_key(std::__1::basic_string , std::__1::allocator > const&, QPDF::EncryptionData const&)', '__cxa_free_exception', 'std::__1::basic_string , std::__1::allocator > std::__1::operator+[abi:v180000] , std::__1::allocator >(char const*, std::__1::basic_string , std::__1::allocator >&&)', 'QPDFObjectHandle::getName() const', 'std::__1::to_string(int)', 'std::__1::map , std::__1::allocator >, QPDF::encryption_method_e, std::__1::less , std::__1::allocator > >, std::__1::allocator , std::__1::allocator > const, QPDF::encryption_method_e> > >::operator[](std::__1::basic_string , std::__1::allocator > const&)', 'QPDFObjectHandle::getIntValueAsInt() const', 'QPDF::warn(QPDFExc const&)', 'QTC::TC(char const*, char const*, int)', '__cxa_allocate_exception', 'QPDFObjectHandle::getBoolValue() const', 'std::__1::basic_string , std::__1::allocator >::operator=(std::__1::basic_string , std::__1::allocator > const&)', 'QPDFExc::QPDFExc(qpdf_error_code_e, std::__1::basic_string , std::__1::allocator > const&, std::__1::basic_string , std::__1::allocator > const&, long long, std::__1::basic_string , std::__1::allocator > const&)', 'std::__1::set , std::__1::allocator >, std::__1::less , std::__1::allocator > >, std::__1::allocator , std::__1::allocator > > >::begin[abi:v180000]()', 'QPDFObjectHandle::getKey(std::__1::basic_string , std::__1::allocator > const&) const', 'std::__1::basic_string , std::__1::allocator >::operator=[abi:v180000](std::__1::basic_string , std::__1::allocator >&&)', 'QPDFObjectHandle::getArrayNItems() const', 'std::__1::__tree_const_iterator , std::__1::allocator >, std::__1::__tree_node , std::__1::allocator >, void*>*, long>::operator*[abi:v180000]() const', 'std::__1::shared_ptr ::~shared_ptr[abi:v180000]()', 'QPDF::EncryptionData::~EncryptionData()', '_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC2B7v180000ILi0EEEPKc', 'QUtil::hex_decode(std::__1::basic_string , std::__1::allocator > const&)', 'std::__1::shared_ptr ::shared_ptr[abi:v180000](std::__1::shared_ptr const&)', 'QPDFObjectHandle::getIntValue() const', 'std::__1::shared_ptr ::operator->[abi:v180000]() const', 'QPDF::damagedPDF(std::__1::basic_string , std::__1::allocator > const&)', 'std::__1::basic_string , std::__1::allocator > std::__1::operator+[abi:v180000] , std::__1::allocator >(std::__1::basic_string , std::__1::allocator >&&, std::__1::basic_string , std::__1::allocator >&&)', 'QPDFObjectHandle::QPDFObjectHandle(QPDFObjectHandle const&)', 'QPDFObjectHandle::isBool() const', 'std::__1::basic_string , std::__1::allocator >::~basic_string()', 'QPDFObjectHandle::isArray() const', 'QPDFObjectHandle::isDictionary() const', '__cxa_throw', 'QPDF::warn(qpdf_error_code_e, std::__1::basic_string , std::__1::allocator > const&, long long, std::__1::basic_string , std::__1::allocator > const&)', 'QPDFObjectHandle::getStringValue() const', 'QPDFObjectHandle::getArrayItem(int) const', 'QPDFObjectHandle::isInteger() const', 'std::__1::set , std::__1::allocator >, std::__1::less , std::__1::allocator > >, std::__1::allocator , std::__1::allocator > > >::~set[abi:v180000]()', 'pad_short_parameter(std::__1::basic_string , std::__1::allocator >&, unsigned long)', 'bool std::__1::operator==[abi:v180000] >(std::__1::basic_string , std::__1::allocator > const&, std::__1::basic_string , std::__1::allocator > const&)', 'std::__1::operator!=[abi:v180000](std::__1::__tree_const_iterator , std::__1::allocator >, std::__1::__tree_node , std::__1::allocator >, void*>*, long> const&, std::__1::__tree_const_iterator , std::__1::allocator >, std::__1::__tree_node , std::__1::allocator >, void*>*, long> const&)', 'bool std::__1::operator==[abi:v180000] , std::__1::allocator >(std::__1::basic_string , std::__1::allocator > const&, char const*)', 'QPDF::EncryptionData::EncryptionData(int, int, int, int, std::__1::basic_string , std::__1::allocator > const&, std::__1::basic_string , std::__1::allocator > const&, std::__1::basic_string , std::__1::allocator > const&, std::__1::basic_string , std::__1::allocator > const&, std::__1::basic_string , std::__1::allocator > const&, std::__1::basic_string , std::__1::allocator > const&, bool)', 'QPDF::recover_encryption_key_with_password(std::__1::basic_string , std::__1::allocator > const&, QPDF::EncryptionData const&, bool&)', 'QPDFObjectHandle::~QPDFObjectHandle()', 'InputSource::getLastOffset() const', 'QPDF::getTrimmedUserPassword() const', 'std::__1::basic_string , std::__1::allocator >::length[abi:v180000]() const', 'std::__1::set , std::__1::allocator >, std::__1::less , std::__1::allocator > >, std::__1::allocator , std::__1::allocator > > >::end[abi:v180000]()', 'check_user_password(std::__1::basic_string , std::__1::allocator > const&, QPDF::EncryptionData const&)', 'std::__1::__tree_const_iterator , std::__1::allocator >, std::__1::__tree_node , std::__1::allocator >, void*>*, long>::operator++[abi:v180000]()', 'std::__1::shared_ptr ::operator->[abi:v180000]() const', 'QPDFObjectHandle::getKeys() const']

391725 392671 QPDF::initializeEncryption() call site: 00000 /src/qpdf/libqpdf/QPDF_encryption.cc:730
22237 22312 9 :

['__cxa_allocate_exception', 'QPDF::damagedPDF(std::__1::basic_string , std::__1::allocator > const&, std::__1::basic_string , std::__1::allocator > const&)', 'QPDFObjectHandle::getKey(std::__1::basic_string , std::__1::allocator > const&) const', '__cxa_free_exception', '__cxa_throw', '_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC2B7v180000ILi0EEEPKc', 'QPDFObjectHandle::isInteger() const', 'QPDFObjectHandle::getIntValue() const', 'QTC::TC(char const*, char const*, int)']

22249 22324 QPDF::read_xrefTable(longlong) call site: 00000 /src/qpdf/libqpdf/QPDF.cc:1038
5633 5637 8 :

['std::__1::basic_string , std::__1::allocator >::~basic_string()', 'std::__1::shared_ptr ::~shared_ptr[abi:v180000]()', 'QPDF_Null::create(std::__1::shared_ptr , std::__1::basic_string_view > const&, std::__1::basic_string , std::__1::allocator >)', 'std::__1::shared_ptr ::shared_ptr[abi:v180000](std::__1::shared_ptr const&)', 'QPDFObjectHandle::QPDFObjectHandle(std::__1::shared_ptr const&)', '_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC2B7v180000ILi0EEEPKc', 'QPDFObjectHandle::typeWarning(char const*, std::__1::basic_string , std::__1::allocator > const&) const', 'QTC::TC(char const*, char const*, int)']

5633 5637 QPDFObjectHandle::getKey(std::__1::basic_string ,std::__1::allocator >const&) call site: 00000 /src/qpdf/libqpdf/QPDFObjectHandle.cc:1266
5619 5619 1 :

['QPDF::getAllPages()']

5619 5619 QPDF::JSONReactor::dictionaryItem(std::__1::basic_string ,std::__1::allocator >const&,JSONconst&) call site: 00000 /src/qpdf/libqpdf/QPDF_json.cc:530
5581 5648 3 :

['std::__1::shared_ptr ::operator->[abi:v180000]() const', 'QPDF::damagedPDF(std::__1::basic_string , std::__1::allocator > const&, long long, std::__1::basic_string , std::__1::allocator > const&)', 'QPDF::read_xrefStream(long long)']

55632 55781 QPDF::read_xrefTable(longlong) call site: 00000 /src/qpdf/libqpdf/QPDF.cc:1019
5572 5574 4 :

['_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC2B7v180000ILi0EEEPKc', 'std::__1::basic_string , std::__1::allocator >::~basic_string()', 'QPDFObjectHandle::typeWarning(char const*, std::__1::basic_string , std::__1::allocator > const&) const', 'QTC::TC(char const*, char const*, int)']

5572 5574 QPDFObjectHandle::getIntValue() call site: 00000 /src/qpdf/libqpdf/QPDFObjectHandle.cc:654
5572 5574 4 :

['_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC2B7v180000ILi0EEEPKc', 'std::__1::basic_string , std::__1::allocator >::~basic_string()', 'QPDFObjectHandle::typeWarning(char const*, std::__1::basic_string , std::__1::allocator > const&) const', 'QTC::TC(char const*, char const*, int)']

5572 5574 QPDFObjectHandle::getName() call site: 00000 /src/qpdf/libqpdf/QPDFObjectHandle.cc:832
5572 5574 4 :

['_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC2B7v180000ILi0EEEPKc', 'std::__1::basic_string , std::__1::allocator >::~basic_string()', 'QPDFObjectHandle::typeWarning(char const*, std::__1::basic_string , std::__1::allocator > const&) const', 'QTC::TC(char const*, char const*, int)']

5572 5574 QPDFObjectHandle::appendItem(QPDFObjectHandleconst&) call site: 00000 /src/qpdf/libqpdf/QPDFObjectHandle.cc:1194
5572 5574 4 :

['_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC2B7v180000ILi0EEEPKc', 'std::__1::basic_string , std::__1::allocator >::~basic_string()', 'QPDFObjectHandle::typeWarning(char const*, std::__1::basic_string , std::__1::allocator > const&) const', 'QTC::TC(char const*, char const*, int)']

5572 5574 QPDFObjectHandle::hasKey(std::__1::basic_string ,std::__1::allocator >const&) call site: 00000 /src/qpdf/libqpdf/QPDFObjectHandle.cc:1249
5572 5574 4 :

['_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC2B7v180000ILi0EEEPKc', 'std::__1::basic_string , std::__1::allocator >::~basic_string()', 'QPDFObjectHandle::typeWarning(char const*, std::__1::basic_string , std::__1::allocator > const&) const', 'QTC::TC(char const*, char const*, int)']

5572 5574 QPDFObjectHandle::replaceKey(std::__1::basic_string ,std::__1::allocator >const&,QPDFObjectHandleconst&) call site: 00000 /src/qpdf/libqpdf/QPDFObjectHandle.cc:1519
5572 5574 4 :

['_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC2B7v180000ILi0EEEPKc', 'std::__1::basic_string , std::__1::allocator >::~basic_string()', 'QPDFObjectHandle::typeWarning(char const*, std::__1::basic_string , std::__1::allocator > const&) const', 'QTC::TC(char const*, char const*, int)']

5572 5574 QPDFObjectHandle::removeKey(std::__1::basic_string ,std::__1::allocator >const&) call site: 00000 /src/qpdf/libqpdf/QPDFObjectHandle.cc:1547
5553 5553 5 :

['std::__1::shared_ptr ::operator->[abi:v180000]() const', '__dynamic_cast', 'std::__1::shared_ptr ::get[abi:v180000]() const', 'QPDFObject::isUnresolved() const', 'QPDF::Resolver::resolved(QPDF*, QPDFObjGen)']

5553 5553 QPDF_Stream*QPDFObject::as ()const call site: 00000 /src/qpdf/libqpdf/qpdf/QPDFObject_private.hh:172

Runtime coverage analysis

Covered functions
399
Functions that are reachable but not covered
665
Reachable functions
1206
Percentage of reachable functions covered
44.86%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/qpdf/fuzz/json_fuzzer.cc 4
/src/qpdf/libqpdf/JSON.cc 28
/src/qpdf/libqpdf/BufferInputSource.cc 3
/src/qpdf/include/qpdf/InputSource.hh 8
/src/qpdf/libqpdf/Buffer.cc 7
/src/qpdf/include/qpdf/QIntC.hh 25
/usr/local/bin/../include/c++/v1/stdexcept 2
/src/qpdf/include/qpdf/QTC.hh 1
/src/qpdf/include/qpdf/QUtil.hh 3
/src/qpdf/libqpdf/QUtil.cc 12
/src/qpdf/include/qpdf/JSON.hh 6
/src/qpdf/include/qpdf/Buffer.hh 1
/src/qpdf/libqpdf/QPDF.cc 67
/src/qpdf/libqpdf/QPDFLogger.cc 8
/src/qpdf/libqpdf/Pl_Discard.cc 1
/src/qpdf/libqpdf/Pipeline.cc 7
/src/qpdf/libqpdf/Pl_OStream.cc 2
/src/qpdf/include/qpdf/Pipeline.hh 1
/src/qpdf/libqpdf/QPDFTokenizer.cc 35
/src/qpdf/include/qpdf/QPDFObjGen.hh 10
/src/qpdf/include/qpdf/QPDFObjectHandle.hh 14
/src/qpdf/include/qpdf/QPDF.hh 22
/src/qpdf/include/qpdf/QPDFTokenizer.hh 13
/src/qpdf/libqpdf/QPDF_json.cc 5
/src/qpdf/libqpdf/InputSource.cc 5
/src/qpdf/libqpdf/QPDFExc.cc 2
/src/qpdf/include/qpdf/QPDFExc.hh 2
/src/qpdf/include/qpdf/QPDFXRefEntry.hh 2
/src/qpdf/libqpdf/qpdf/QPDFParser.hh 1
/src/qpdf/libqpdf/QPDFParser.cc 26
/src/qpdf/libqpdf/QPDF_Null.cc 4
/src/qpdf/libqpdf/qpdf/QPDFValue.hh 11
/src/qpdf/libqpdf/QPDFValue.cc 2
/src/qpdf/libqpdf/qpdf/QPDFObject_private.hh 20
/src/qpdf/libqpdf/QPDF_Integer.cc 3
/src/qpdf/libqpdf/QPDF_Unresolved.cc 2
/src/qpdf/libqpdf/QPDF_Array.cc 9
/src/qpdf/libqpdf/QPDFObjectHandle.cc 53
/src/qpdf/libqpdf/QPDFObjGen.cc 2
/src/qpdf/libqpdf/QPDFXRefEntry.cc 3
/src/qpdf/libqpdf/QPDF_Stream.cc 7
/src/qpdf/libqpdf/QPDF_Bool.cc 2
/src/qpdf/libqpdf/QPDF_Real.cc 4
/src/qpdf/libqpdf/QPDF_Name.cc 2
/src/qpdf/libqpdf/QPDF_Operator.cc 2
/src/qpdf/libqpdf/QPDF_String.cc 2
/src/qpdf/libqpdf/QPDF_Dictionary.cc 7
/src/qpdf/libqpdf/qpdf/QPDF_Array.hh 1
/src/qpdf/libqpdf/Pl_Buffer.cc 5
/src/qpdf/include/qpdf/Pl_Buffer.hh 1
/src/qpdf/libqpdf/Pl_Flate.cc 1
/src/qpdf/libqpdf/Pl_Count.cc 4
/src/qpdf/libqpdf/QPDF_encryption.cc 40
/src/qpdf/libqpdf/MD5.cc 4
/src/qpdf/libqpdf/QPDFCryptoProvider.cc 6
/src/qpdf/include/qpdf/QPDFCryptoProvider.hh 1
/src/qpdf/libqpdf/qpdf/MD5.hh 1
/src/qpdf/libqpdf/ContentNormalizer.cc 2
/src/qpdf/libqpdf/QPDF_pages.cc 4
/src/qpdf/libqpdf/QPDF_optimization.cc 2
/src/qpdf/libqpdf/RC4.cc 2
/src/qpdf/libqpdf/qpdf/RC4.hh 1
/src/qpdf/libqpdf/Pl_SHA2.cc 4
/src/qpdf/libqpdf/Pl_AES_PDF.cc 7
/src/qpdf/libqpdf/CryptoRandomDataProvider.cc 1
/src/qpdf/libqpdf/qpdf/CryptoRandomDataProvider.hh 1
/src/qpdf/include/qpdf/RandomDataProvider.hh 1
/src/qpdf/libqpdf/qpdf/Pl_AES_PDF.hh 1
/src/qpdf/libqpdf/qpdf/Pl_SHA2.hh 1
/src/qpdf/libqpdf/QPDFObject.cc 1
/src/qpdf/libqpdf/QPDF_Destroyed.cc 2

Fuzzer: future_qpdf_outlines_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 591 26.2%
gold [1:9] 90 4.0%
yellow [10:29] 37 1.64%
greenyellow [30:49] 42 1.86%
lawngreen 50+ 1490 66.2%
All colors 2250 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
150219 156017 19 :

['std::__1::list >::begin[abi:v180000]()', 'QPDFObjectHandle::QPDFObjectHandle(QPDFObjectHandle const&)', 'QPDFObjectHandle::isArray()', 'QPDFObjectHandle::getArrayItem(int)', 'QPDFObjectHandle::getKey(std::__1::basic_string , std::__1::allocator > const&)', 'std::__1::__list_iterator ::operator--[abi:v180000]()', 'QPDFObjectHandle::isInitialized() const', 'std::__1::__list_iterator ::operator->[abi:v180000]() const', 'QPDFObjectHandle::operator=(QPDFObjectHandle const&)', 'QPDFObjectHandle::newArray()', 'QPDFObjectHandle::QPDFObjectHandle()', 'QPDFObjectHandle::~QPDFObjectHandle()', 'std::__1::operator==[abi:v180000](std::__1::__list_iterator const&, std::__1::__list_iterator const&)', 'QPDFObjectHandle::appendItem(QPDFObjectHandle const&)', 'QPDFObjectHandle::getArrayNItems()', 'std::__1::list >::end[abi:v180000]()', 'QPDFObjectHandle::isDictionary()', 'warn(QPDF&, QPDFObjectHandle&, std::__1::basic_string , std::__1::allocator > const&)', 'QPDFObjectHandle::replaceKey(std::__1::basic_string , std::__1::allocator > const&, QPDFObjectHandle const&)']

150219 161580 NNTreeIterator::resetLimits(QPDFObjectHandle,std::__1::__list_iterator ) call site: 00000 /src/qpdf/libqpdf/NNTree.cc:161
33392 107107 25 :

['std::__1::list >::begin[abi:v180000]()', 'QPDF::makeIndirectObject(QPDFObjectHandle)', 'QPDFObjectHandle::QPDFObjectHandle(QPDFObjectHandle const&)', 'QPDFObjectHandle::newDictionary()', 'QPDFObjectHandle::removeKey(std::__1::basic_string , std::__1::allocator > const&)', 'QPDFObjectHandle::getArrayItem(int)', 'QPDFObjectHandle::getKey(std::__1::basic_string , std::__1::allocator > const&)', 'std::__1::__list_iterator ::operator--[abi:v180000]()', 'std::__1::__list_iterator ::operator->[abi:v180000]() const', 'NNTreeIterator::split(QPDFObjectHandle, std::__1::__list_iterator )', 'std::__1::__list_iterator ::operator++[abi:v180000]()', 'QTC::TC(char const*, char const*, int)', 'QPDFObjectHandle::operator=(QPDFObjectHandle const&)', 'QPDFObjectHandle::insertItem(int, QPDFObjectHandle const&)', 'QPDFObjectHandle::newArray()', 'NNTreeIterator::setItemNumber(QPDFObjectHandle const&, int)', 'QPDFObjectHandle::eraseItem(int)', 'std::__1::operator==[abi:v180000](std::__1::__list_iterator const&, std::__1::__list_iterator const&)', 'NNTreeIterator::resetLimits(QPDFObjectHandle, std::__1::__list_iterator )', 'QPDFObjectHandle::appendItem(QPDFObjectHandle const&)', 'QPDFObjectHandle::getArrayNItems()', '_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC2B7v180000ILi0EEEPKc', 'std::__1::list >::end[abi:v180000]()', 'NNTreeIterator::PathElement& std::__1::list >::emplace_front (QPDFObjectHandle&, int&&)', 'QPDFObjectHandle::replaceKey(std::__1::basic_string , std::__1::allocator > const&, QPDFObjectHandle const&)']

33456 107171 NNTreeIterator::split(QPDFObjectHandle,std::__1::__list_iterator ) call site: 00000 /src/qpdf/libqpdf/NNTree.cc:283
5726 5726 5 :

['std::__1::shared_ptr ::~shared_ptr[abi:v180000]()', 'std::__1::shared_ptr ::~shared_ptr[abi:v180000]()', 'QPDF::decryptStream(std::__1::shared_ptr , std::__1::shared_ptr , QPDF&, Pipeline*&, QPDFObjGen const&, QPDFObjectHandle&, std::__1::unique_ptr >&)', 'std::__1::shared_ptr ::shared_ptr[abi:v180000](std::__1::shared_ptr const&)', 'std::__1::shared_ptr ::shared_ptr[abi:v180000](std::__1::shared_ptr const&)']

5752 6426 QPDF::pipeStreamData(std::__1::shared_ptr ,std::__1::shared_ptr ,QPDF&,QPDFObjGenconst&,longlong,unsignedlong,QPDFObjectHandle,Pipeline*,bool,bool) call site: 00000 /src/qpdf/libqpdf/QPDF.cc:2720
547 547 1 :

['QPDF::compute_encryption_key(std::__1::basic_string , std::__1::allocator > const&, QPDF::EncryptionData const&)']

559 559 QPDF::initializeEncryption() call site: 00000 /src/qpdf/libqpdf/QPDF_encryption.cc:935
252 474 6 :

['adler32', 'fixedtables', 'inflate_fast', 'inflate_table', 'crc32', 'updatewindow']

252 474 inflate call site: 00000 /src/zlib/inflate.c:817
119 119 5 :

['BitStream::BitStream(unsigned char const*, unsigned long)', 'BitWriter::writeBitsSigned(long long, unsigned long)', 'BitStream::getBitsSigned(unsigned long)', 'BitWriter::BitWriter(Pipeline*)', 'BitWriter::flush()']

119 119 Pl_TIFFPredictor::processRow() call site: 00000 /src/qpdf/libqpdf/Pl_TIFFPredictor.cc:76
108 108 1 :

['deflateInit_']

521 1015 Pl_Flate::handleData(unsignedcharconst*,unsignedlong,int) call site: 00000 /src/qpdf/libqpdf/Pl_Flate.cc:131
53 53 2 :

['QPDF::getTrimmedUserPassword() const', 'bool std::__1::operator==[abi:v180000] >(std::__1::basic_string , std::__1::allocator > const&, std::__1::basic_string , std::__1::allocator > const&)']

1068 1352 QPDF::initializeEncryption() call site: 00000 /src/qpdf/libqpdf/QPDF_encryption.cc:913
44 44 3 :

['std::__1::basic_string , std::__1::allocator >::~basic_string()', 'QPDFObjectHandle QPDFParser::withDescription , std::__1::allocator >&>(std::__1::basic_string , std::__1::allocator >&)', 'std::__1::basic_string , std::__1::allocator >::basic_string(std::__1::basic_string , std::__1::allocator > const&)']

44 101 QPDFParser::parse(bool&,bool) call site: 00000 /src/qpdf/libqpdf/QPDFParser.cc:115
44 44 1 :

['QPDFObjectHandle QPDFParser::withDescription , std::__1::allocator > const&>(std::__1::basic_string , std::__1::allocator > const&)']

44 98 QPDFParser::parse(bool&,bool) call site: 00000 /src/qpdf/libqpdf/QPDFParser.cc:99
41 41 1 :

['Pl_RunLength::encode(unsigned char const*, unsigned long)']

41 41 Pl_RunLength::write(unsignedcharconst*,unsignedlong) call site: 00000 /src/qpdf/libqpdf/Pl_RunLength.cc:27
32 32 1 :

['Pl_RunLength::flush_encode()']

32 32 Pl_RunLength::finish() call site: 00000 /src/qpdf/libqpdf/Pl_RunLength.cc:140

Runtime coverage analysis

Covered functions
680
Functions that are reachable but not covered
341
Reachable functions
1293
Percentage of reachable functions covered
73.63%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/qpdf/fuzz/qpdf_outlines_fuzzer.cc 7
/src/qpdf/libqpdf/Buffer.cc 7
/src/qpdf/libqpdf/Pl_Discard.cc 2
/src/qpdf/libqpdf/Pipeline.cc 7
/src/qpdf/include/qpdf/Buffer.hh 1
/src/qpdf/libqpdf/Pl_DCT.cc 3
/src/qpdf/libqpdf/Pl_PNGFilter.cc 1
/src/qpdf/libqpdf/Pl_TIFFPredictor.cc 1
/src/qpdf/libqpdf/Pl_Flate.cc 2
/src/qpdf/libqpdf/BufferInputSource.cc 2
/src/qpdf/include/qpdf/InputSource.hh 8
/src/qpdf/include/qpdf/QIntC.hh 28
/usr/local/bin/../include/c++/v1/stdexcept 2
/src/qpdf/libqpdf/QPDF.cc 62
/src/qpdf/include/qpdf/QPDF.hh 21
/src/qpdf/libqpdf/InputSource.cc 5
/src/qpdf/include/qpdf/QTC.hh 1
/src/qpdf/libqpdf/QPDFExc.cc 2
/src/qpdf/include/qpdf/QPDFExc.hh 2
/src/qpdf/libqpdf/QPDFTokenizer.cc 34
/src/qpdf/include/qpdf/QUtil.hh 3
/src/qpdf/include/qpdf/QPDFTokenizer.hh 13
/src/qpdf/libqpdf/QUtil.cc 25
/src/qpdf/include/qpdf/QPDFObjGen.hh 10
/src/qpdf/include/qpdf/QPDFXRefEntry.hh 2
/src/qpdf/libqpdf/qpdf/QPDFParser.hh 1
/src/qpdf/libqpdf/QPDFParser.cc 26
/src/qpdf/libqpdf/QPDFLogger.cc 8
/src/qpdf/include/qpdf/QPDFObjectHandle_future.hh 16
/src/qpdf/libqpdf/QPDF_Null.cc 4
/src/qpdf/libqpdf/qpdf/QPDFValue.hh 10
/src/qpdf/libqpdf/QPDFValue.cc 2
/src/qpdf/libqpdf/qpdf/QPDFObject_private.hh 20
/src/qpdf/libqpdf/QPDF_Integer.cc 3
/src/qpdf/libqpdf/QPDF_Unresolved.cc 2
/src/qpdf/libqpdf/QPDF_Array.cc 11
/src/qpdf/libqpdf/QPDFObjectHandle.cc 60
/src/qpdf/libqpdf/QPDFObjGen.cc 2
/src/qpdf/libqpdf/QPDFXRefEntry.cc 3
/src/qpdf/libqpdf/QPDF_Stream.cc 7
/src/qpdf/libqpdf/QPDF_Bool.cc 2
/src/qpdf/libqpdf/QPDF_Real.cc 4
/src/qpdf/libqpdf/QPDF_Name.cc 2
/src/qpdf/libqpdf/QPDF_Operator.cc 2
/src/qpdf/libqpdf/QPDF_String.cc 4
/src/qpdf/libqpdf/QPDF_Dictionary.cc 8
/src/qpdf/libqpdf/Pl_OStream.cc 2
/src/qpdf/include/qpdf/Pipeline.hh 1
/src/qpdf/libqpdf/qpdf/QPDF_Array.hh 1
/src/qpdf/libqpdf/Pl_Buffer.cc 5
/src/qpdf/include/qpdf/Pl_Buffer.hh 1
/src/qpdf/libqpdf/Pl_Count.cc 4
/src/qpdf/libqpdf/QPDF_encryption.cc 40
/src/qpdf/libqpdf/MD5.cc 4
/src/qpdf/libqpdf/QPDFCryptoProvider.cc 6
/src/qpdf/include/qpdf/QPDFCryptoProvider.hh 1
/src/qpdf/libqpdf/qpdf/MD5.hh 1
/src/qpdf/libqpdf/ContentNormalizer.cc 2
/src/qpdf/libqpdf/QPDF_pages.cc 4
/src/qpdf/libqpdf/QPDF_optimization.cc 2
/src/qpdf/libqpdf/RC4.cc 2
/src/qpdf/libqpdf/qpdf/RC4.hh 1
/src/qpdf/libqpdf/Pl_SHA2.cc 4
/src/qpdf/libqpdf/Pl_AES_PDF.cc 7
/src/qpdf/libqpdf/CryptoRandomDataProvider.cc 1
/src/qpdf/libqpdf/qpdf/CryptoRandomDataProvider.hh 1
/src/qpdf/include/qpdf/RandomDataProvider.hh 1
/src/qpdf/libqpdf/qpdf/Pl_AES_PDF.hh 1
/src/qpdf/libqpdf/qpdf/Pl_SHA2.hh 1
/src/qpdf/libqpdf/QPDFOutlineDocumentHelper.cc 3
/src/qpdf/include/qpdf/QPDFDocumentHelper.hh 1
/src/qpdf/include/qpdf/QPDFOutlineDocumentHelper.hh 3
/src/qpdf/include/qpdf/QPDFOutlineObjectHelper.hh 2
/src/qpdf/libqpdf/QPDFOutlineObjectHelper.cc 5
/src/qpdf/include/qpdf/QPDFObjectHelper.hh 1
/src/qpdf/libqpdf/QPDFObjectHelper.cc 1
/src/qpdf/libqpdf/QPDFDocumentHelper.cc 1
/src/qpdf/libqpdf/QPDFNameTreeObjectHelper.cc 6
/src/qpdf/libqpdf/NNTree.cc 24
/src/qpdf/libqpdf/qpdf/NNTree.hh 4
/src/qpdf/include/qpdf/QPDFNameTreeObjectHelper.hh 1

Fuzzer: future_qpdf_pages_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 725 23.0%
gold [1:9] 76 2.41%
yellow [10:29] 57 1.81%
greenyellow [30:49] 33 1.04%
lawngreen 50+ 2257 71.6%
All colors 3148 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
139083 156017 19 :

['std::__1::list >::begin[abi:v180000]()', 'QPDFObjectHandle::QPDFObjectHandle(QPDFObjectHandle const&)', 'QPDFObjectHandle::isArray()', 'QPDFObjectHandle::getArrayItem(int)', 'QPDFObjectHandle::getKey(std::__1::basic_string , std::__1::allocator > const&)', 'std::__1::__list_iterator ::operator--[abi:v180000]()', 'QPDFObjectHandle::isInitialized() const', 'std::__1::__list_iterator ::operator->[abi:v180000]() const', 'QPDFObjectHandle::operator=(QPDFObjectHandle const&)', 'QPDFObjectHandle::newArray()', 'QPDFObjectHandle::QPDFObjectHandle()', 'QPDFObjectHandle::~QPDFObjectHandle()', 'std::__1::operator==[abi:v180000](std::__1::__list_iterator const&, std::__1::__list_iterator const&)', 'QPDFObjectHandle::appendItem(QPDFObjectHandle const&)', 'QPDFObjectHandle::getArrayNItems()', 'std::__1::list >::end[abi:v180000]()', 'QPDFObjectHandle::isDictionary()', 'warn(QPDF&, QPDFObjectHandle&, std::__1::basic_string , std::__1::allocator > const&)', 'QPDFObjectHandle::replaceKey(std::__1::basic_string , std::__1::allocator > const&, QPDFObjectHandle const&)']

139083 161580 NNTreeIterator::resetLimits(QPDFObjectHandle,std::__1::__list_iterator ) call site: 00000 /src/qpdf/libqpdf/NNTree.cc:161
22256 107107 25 :

['std::__1::list >::begin[abi:v180000]()', 'QPDF::makeIndirectObject(QPDFObjectHandle)', 'QPDFObjectHandle::QPDFObjectHandle(QPDFObjectHandle const&)', 'QPDFObjectHandle::newDictionary()', 'QPDFObjectHandle::removeKey(std::__1::basic_string , std::__1::allocator > const&)', 'QPDFObjectHandle::getArrayItem(int)', 'QPDFObjectHandle::getKey(std::__1::basic_string , std::__1::allocator > const&)', 'std::__1::__list_iterator ::operator--[abi:v180000]()', 'std::__1::__list_iterator ::operator->[abi:v180000]() const', 'NNTreeIterator::split(QPDFObjectHandle, std::__1::__list_iterator )', 'std::__1::__list_iterator ::operator++[abi:v180000]()', 'QTC::TC(char const*, char const*, int)', 'QPDFObjectHandle::operator=(QPDFObjectHandle const&)', 'QPDFObjectHandle::insertItem(int, QPDFObjectHandle const&)', 'QPDFObjectHandle::newArray()', 'NNTreeIterator::setItemNumber(QPDFObjectHandle const&, int)', 'QPDFObjectHandle::eraseItem(int)', 'std::__1::operator==[abi:v180000](std::__1::__list_iterator const&, std::__1::__list_iterator const&)', 'NNTreeIterator::resetLimits(QPDFObjectHandle, std::__1::__list_iterator )', 'QPDFObjectHandle::appendItem(QPDFObjectHandle const&)', 'QPDFObjectHandle::getArrayNItems()', '_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC2B7v180000ILi0EEEPKc', 'std::__1::list >::end[abi:v180000]()', 'NNTreeIterator::PathElement& std::__1::list >::emplace_front (QPDFObjectHandle&, int&&)', 'QPDFObjectHandle::replaceKey(std::__1::basic_string , std::__1::allocator > const&, QPDFObjectHandle const&)']

22320 107171 NNTreeIterator::split(QPDFObjectHandle,std::__1::__list_iterator ) call site: 00000 /src/qpdf/libqpdf/NNTree.cc:283
5726 5726 5 :

['std::__1::shared_ptr ::~shared_ptr[abi:v180000]()', 'std::__1::shared_ptr ::~shared_ptr[abi:v180000]()', 'QPDF::decryptStream(std::__1::shared_ptr , std::__1::shared_ptr , QPDF&, Pipeline*&, QPDFObjGen const&, QPDFObjectHandle&, std::__1::unique_ptr >&)', 'std::__1::shared_ptr ::shared_ptr[abi:v180000](std::__1::shared_ptr const&)', 'std::__1::shared_ptr ::shared_ptr[abi:v180000](std::__1::shared_ptr const&)']

5752 6426 QPDF::pipeStreamData(std::__1::shared_ptr ,std::__1::shared_ptr ,QPDF&,QPDFObjGenconst&,longlong,unsignedlong,QPDFObjectHandle,Pipeline*,bool,bool) call site: 00000 /src/qpdf/libqpdf/QPDF.cc:2720
5714 5714 1 :

['QPDFObjectHandle::parseAsContents(QPDFObjectHandle::ParserCallbacks*)']

5714 5714 QPDFPageObjectHelper::parseContents(QPDFObjectHandle::ParserCallbacks*) call site: 00000 /src/qpdf/libqpdf/QPDFPageObjectHelper.cc:488
5560 5562 4 :

['QPDFObjectHandle::getKey(std::__1::basic_string , std::__1::allocator > const&)', 'QTC::TC(char const*, char const*, int)', 'std::__1::basic_string , std::__1::allocator >::~basic_string()', '_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC2B7v180000ILi0EEEPKc']

5564 5566 QPDFOutlineDocumentHelper::resolveNamedDest(QPDFObjectHandle) call site: 00000 /src/qpdf/libqpdf/QPDFOutlineDocumentHelper.cc:91
1864 2071 12 :

['(anonymous namespace)::JSONParser::ignore((anonymous namespace)::JSONParser::lex_state_e)', 'std::__1::basic_string , std::__1::allocator >::operator+=[abi:v180000](char)', 'std::__1::basic_string , std::__1::allocator > std::__1::operator+[abi:v180000] , std::__1::allocator >(std::__1::basic_string , std::__1::allocator >&&, std::__1::basic_string , std::__1::allocator >&&)', '(anonymous namespace)::JSONParser::append()', 'std::logic_error::logic_error(char const*)', '(anonymous namespace)::JSONParser::ignore()', 'std::__1::basic_string , std::__1::allocator >::empty[abi:v180000]() const', '(anonymous namespace)::JSONParser::handle_u_code(unsigned long, long long, unsigned long&, long long&, std::__1::basic_string , std::__1::allocator >&)', '(anonymous namespace)::JSONParser::tokenError()', 'QUtil::hex_decode_char(char)', '(anonymous namespace)::JSONParser::append((anonymous namespace)::JSONParser::lex_state_e)', 'std::__1::basic_string , std::__1::allocator >::basic_string[abi:v180000](char const*, unsigned long)']

1916 2133 (anonymousnamespace)::JSONParser::getToken() call site: 00000 /src/qpdf/libqpdf/JSON.cc:963
252 474 6 :

['adler32', 'fixedtables', 'inflate_fast', 'inflate_table', 'crc32', 'updatewindow']

252 474 inflate call site: 00000 /src/zlib/inflate.c:817
119 119 5 :

['BitStream::BitStream(unsigned char const*, unsigned long)', 'BitWriter::writeBitsSigned(long long, unsigned long)', 'BitStream::getBitsSigned(unsigned long)', 'BitWriter::BitWriter(Pipeline*)', 'BitWriter::flush()']

119 119 Pl_TIFFPredictor::processRow() call site: 00000 /src/qpdf/libqpdf/Pl_TIFFPredictor.cc:76
108 108 1 :

['deflateInit_']

521 1015 Pl_Flate::handleData(unsignedcharconst*,unsignedlong,int) call site: 00000 /src/qpdf/libqpdf/Pl_Flate.cc:131
44 44 3 :

['std::__1::basic_string , std::__1::allocator >::~basic_string()', 'QPDFObjectHandle QPDFParser::withDescription , std::__1::allocator >&>(std::__1::basic_string , std::__1::allocator >&)', 'std::__1::basic_string , std::__1::allocator >::basic_string(std::__1::basic_string , std::__1::allocator > const&)']

44 101 QPDFParser::parse(bool&,bool) call site: 00000 /src/qpdf/libqpdf/QPDFParser.cc:115
42 42 1 :

['QPDFObjectHandle::newString(std::__1::basic_string , std::__1::allocator > const&)']

46 98 QPDFTokenizer::Token::Token(QPDFTokenizer::token_type_e,std::__1::basic_string ,std::__1::allocator >const&) call site: 00000 /src/qpdf/libqpdf/QPDFTokenizer.cc:97
41 41 1 :

['Pl_RunLength::encode(unsigned char const*, unsigned long)']

41 41 Pl_RunLength::write(unsignedcharconst*,unsignedlong) call site: 00000 /src/qpdf/libqpdf/Pl_RunLength.cc:27

Runtime coverage analysis

Covered functions
1016
Functions that are reachable but not covered
358
Reachable functions
1753
Percentage of reachable functions covered
79.58%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/qpdf/fuzz/qpdf_pages_fuzzer.cc 9
/src/qpdf/libqpdf/Buffer.cc 5
/src/qpdf/libqpdf/Pl_Discard.cc 2
/src/qpdf/libqpdf/Pipeline.cc 7
/src/qpdf/include/qpdf/Buffer.hh 1
/src/qpdf/libqpdf/Pl_DCT.cc 3
/src/qpdf/libqpdf/Pl_PNGFilter.cc 1
/src/qpdf/libqpdf/Pl_TIFFPredictor.cc 1
/src/qpdf/libqpdf/Pl_Flate.cc 2
/src/qpdf/libqpdf/BufferInputSource.cc 4
/src/qpdf/include/qpdf/InputSource.hh 8
/src/qpdf/include/qpdf/QIntC.hh 30
/usr/local/bin/../include/c++/v1/stdexcept 2
/src/qpdf/libqpdf/QPDF.cc 65
/src/qpdf/include/qpdf/QPDF.hh 21
/src/qpdf/libqpdf/InputSource.cc 5
/src/qpdf/include/qpdf/QTC.hh 1
/src/qpdf/libqpdf/QPDFExc.cc 2
/src/qpdf/include/qpdf/QPDFExc.hh 2
/src/qpdf/libqpdf/QPDFTokenizer.cc 41
/src/qpdf/include/qpdf/QUtil.hh 3
/src/qpdf/include/qpdf/QPDFTokenizer.hh 14
/src/qpdf/libqpdf/QUtil.cc 25
/src/qpdf/include/qpdf/QPDFObjGen.hh 10
/src/qpdf/include/qpdf/QPDFXRefEntry.hh 2
/src/qpdf/libqpdf/qpdf/QPDFParser.hh 1
/src/qpdf/libqpdf/QPDFParser.cc 26
/src/qpdf/libqpdf/QPDFLogger.cc 8
/src/qpdf/include/qpdf/QPDFObjectHandle_future.hh 23
/src/qpdf/libqpdf/QPDF_Null.cc 4
/src/qpdf/libqpdf/qpdf/QPDFValue.hh 10
/src/qpdf/libqpdf/QPDFValue.cc 2
/src/qpdf/libqpdf/qpdf/QPDFObject_private.hh 23
/src/qpdf/libqpdf/QPDF_Integer.cc 3
/src/qpdf/libqpdf/QPDF_Unresolved.cc 2
/src/qpdf/libqpdf/QPDF_Array.cc 11
/src/qpdf/libqpdf/QPDFObjectHandle.cc 100
/src/qpdf/libqpdf/QPDFObjGen.cc 3
/src/qpdf/libqpdf/QPDFXRefEntry.cc 3
/src/qpdf/libqpdf/QPDF_Stream.cc 10
/src/qpdf/libqpdf/QPDF_Bool.cc 2
/src/qpdf/libqpdf/QPDF_Real.cc 4
/src/qpdf/libqpdf/QPDF_Name.cc 2
/src/qpdf/libqpdf/QPDF_Operator.cc 2
/src/qpdf/libqpdf/QPDF_String.cc 4
/src/qpdf/libqpdf/QPDF_Dictionary.cc 8
/src/qpdf/libqpdf/Pl_OStream.cc 2
/src/qpdf/include/qpdf/Pipeline.hh 1
/src/qpdf/libqpdf/qpdf/QPDF_Array.hh 1
/src/qpdf/libqpdf/Pl_Buffer.cc 6
/src/qpdf/include/qpdf/Pl_Buffer.hh 1
/src/qpdf/libqpdf/Pl_Count.cc 4
/src/qpdf/libqpdf/QPDF_encryption.cc 40
/src/qpdf/libqpdf/MD5.cc 4
/src/qpdf/libqpdf/QPDFCryptoProvider.cc 6
/src/qpdf/include/qpdf/QPDFCryptoProvider.hh 1
/src/qpdf/libqpdf/qpdf/MD5.hh 1
/src/qpdf/libqpdf/ContentNormalizer.cc 2
/src/qpdf/libqpdf/QPDF_pages.cc 4
/src/qpdf/libqpdf/QPDF_optimization.cc 2
/src/qpdf/libqpdf/RC4.cc 2
/src/qpdf/libqpdf/qpdf/RC4.hh 1
/src/qpdf/libqpdf/Pl_SHA2.cc 4
/src/qpdf/libqpdf/Pl_AES_PDF.cc 7
/src/qpdf/libqpdf/CryptoRandomDataProvider.cc 1
/src/qpdf/libqpdf/qpdf/CryptoRandomDataProvider.hh 1
/src/qpdf/include/qpdf/RandomDataProvider.hh 1
/src/qpdf/libqpdf/qpdf/Pl_AES_PDF.hh 1
/src/qpdf/libqpdf/qpdf/Pl_SHA2.hh 1
/src/qpdf/libqpdf/QPDFPageDocumentHelper.cc 4
/src/qpdf/include/qpdf/QPDFDocumentHelper.hh 1
/src/qpdf/libqpdf/QPDFPageLabelDocumentHelper.cc 3
/src/qpdf/include/qpdf/QPDFPageLabelDocumentHelper.hh 2
/src/qpdf/libqpdf/QPDFDocumentHelper.cc 1
/src/qpdf/libqpdf/QPDFOutlineDocumentHelper.cc 4
/src/qpdf/include/qpdf/QPDFOutlineDocumentHelper.hh 3
/src/qpdf/include/qpdf/QPDFOutlineObjectHelper.hh 3
/src/qpdf/libqpdf/QPDFOutlineObjectHelper.cc 5
/src/qpdf/include/qpdf/QPDFObjectHelper.hh 5
/src/qpdf/libqpdf/QPDFObjectHelper.cc 1
/src/qpdf/libqpdf/QPDFAcroFormDocumentHelper.cc 9
/src/qpdf/libqpdf/QPDFFormFieldObjectHelper.cc 23
/src/qpdf/include/qpdf/QPDFFormFieldObjectHelper.hh 2
/src/qpdf/include/qpdf/QPDFPageDocumentHelper.hh 1
/src/qpdf/include/qpdf/QPDFPageObjectHelper.hh 1
/src/qpdf/libqpdf/QPDFPageObjectHelper.cc 9
/src/qpdf/include/qpdf/QPDFAnnotationObjectHelper.hh 1
/src/qpdf/libqpdf/QPDFAnnotationObjectHelper.cc 7
/src/qpdf/libqpdf/Pl_QPDFTokenizer.cc 4
/src/qpdf/libqpdf/QPDFMatrix.cc 11
/src/qpdf/include/qpdf/QPDFAcroFormDocumentHelper.hh 1
/src/qpdf/libqpdf/QPDFNumberTreeObjectHelper.cc 6
/src/qpdf/libqpdf/NNTree.cc 24
/src/qpdf/libqpdf/qpdf/NNTree.hh 4
/src/qpdf/include/qpdf/QPDFNumberTreeObjectHelper.hh 1
/src/qpdf/libqpdf/JSON.cc 29
/src/qpdf/libqpdf/qpdf/JSON_writer.hh 3
/src/qpdf/include/qpdf/JSON.hh 4
/src/qpdf/libqpdf/Pl_String.cc 3
/src/qpdf/libqpdf/QPDFNameTreeObjectHelper.cc 6
/src/qpdf/include/qpdf/QPDFNameTreeObjectHelper.hh 1

Fuzzer: dct_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 174 57.6%
gold [1:9] 8 2.64%
yellow [10:29] 0 0.0%
greenyellow [30:49] 1 0.33%
lawngreen 50+ 119 39.4%
All colors 302 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
768 768 1 :

['Pl_DCT::compress(void*, Buffer*)']

797 802 Pl_DCT::finish() call site: 00000 /src/qpdf/libqpdf/Pl_DCT.cc:155
60 60 1 :

['do_sarray_io']

60 62 access_virt_sarray call site: 00000 /src/libjpeg-turbo/jmemmgr.c:940
28 28 1 :

['do_barray_io']

28 30 access_virt_barray call site: 00000 /src/libjpeg-turbo/jmemmgr.c:1024
8 8 4 :

['__cxa_allocate_exception', 'std::runtime_error::runtime_error(char const*)', '__cxa_free_exception', '__cxa_throw']

8 8 skip_buffer_input_data(jpeg_decompress_struct*,long) call site: 00000 /src/qpdf/libqpdf/Pl_DCT.cc:250
5 5 1 :

['jpeg_destroy_compress']

17 22 Pl_DCT::finish() call site: 00000 /src/qpdf/libqpdf/Pl_DCT.cc:171
2 2 1 :

['out_of_memory']

2 106 alloc_sarray call site: 00000 /src/libjpeg-turbo/jmemmgr.c:461
2 2 1 :

['__isoc99_sscanf']

2 2 jinit_memory_mgr call site: 00044 /src/libjpeg-turbo/jmemmgr.c:1273
2 2 1 :

['out_of_memory']

2 2 alloc_large call site: 00000 /src/libjpeg-turbo/jmemmgr.c:394
0 24 1 :

['Pipeline::getNext(bool)']

2 26 Pl_DCT::finish() call site: 00000 /src/qpdf/libqpdf/Pl_DCT.cc:132
0 2 1 :

['jpeg_mem_term']

8 10 jinit_memory_mgr call site: 00042 /src/libjpeg-turbo/jmemmgr.c:1227
0 0 None 225 686 master_selection call site: 00213 /src/libjpeg-turbo/jdmaster.c:537
0 0 None 225 657 master_selection call site: 00214 /src/libjpeg-turbo/jdmaster.c:548

Runtime coverage analysis

Covered functions
217
Functions that are reachable but not covered
118
Reachable functions
243
Percentage of reachable functions covered
51.44%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/qpdf/fuzz/dct_fuzzer.cc 4
/src/qpdf/libqpdf/Pl_DCT.cc 14
/src/qpdf/libqpdf/Pl_Discard.cc 2
/src/qpdf/libqpdf/Pipeline.cc 2
/src/qpdf/libqpdf/Pl_Buffer.cc 4
/src/qpdf/include/qpdf/Pl_Buffer.hh 1
/src/qpdf/include/qpdf/Pipeline.hh 1
/src/qpdf/libqpdf/Buffer.cc 4
/src/qpdf/include/qpdf/Buffer.hh 1
/src/libjpeg-turbo/jerror.c 1
/src/libjpeg-turbo/jcapimin.c 4
/src/libjpeg-turbo/jmemmgr.c 1
/src/libjpeg-turbo/jmemnobs.c 3
/src/libjpeg-turbo/jcparam.c 7
/src/libjpeg-turbo/jcomapi.c 4
/src/libjpeg-turbo/jstdhuff.c 2
/src/libjpeg-turbo/jcapistd.c 2
/src/libjpeg-turbo/jcinit.c 1
/src/libjpeg-turbo/jcmaster.c 4
/src/libjpeg-turbo/jutils.c 2
/src/libjpeg-turbo/jccolor.c 3
/src/libjpeg-turbo/jcsample.c 3
/src/libjpeg-turbo/jcprepct.c 4
/src/libjpeg-turbo/simd/x86_64/jsimd.c 18
/src/libjpeg-turbo/jclossls.c 3
/src/libjpeg-turbo/jclhuff.c 1
/src/libjpeg-turbo/jcdiffct.c 3
/src/libjpeg-turbo/jcdctmgr.c 2
/src/libjpeg-turbo/jcarith.c 1
/src/libjpeg-turbo/jcphuff.c 1
/src/libjpeg-turbo/jchuff.c 1
/src/libjpeg-turbo/jccoefct.c 2
/src/libjpeg-turbo/jcmainct.c 3
/src/libjpeg-turbo/jcmarker.c 1
/src/qpdf/include/qpdf/QIntC.hh 6
/usr/local/bin/../include/c++/v1/stdexcept 1
/src/libjpeg-turbo/jdapimin.c 6
/src/libjpeg-turbo/jdmarker.c 2
/src/libjpeg-turbo/jdinput.c 1
/src/libjpeg-turbo/jdmaster.c 6
/src/libjpeg-turbo/jdapistd.c 3
/src/libjpeg-turbo/jquant1.c 8
/src/libjpeg-turbo/jquant2.c 3
/src/libjpeg-turbo/jdmerge.c 3
/src/libjpeg-turbo/jdcolor.c 5
/src/libjpeg-turbo/jdsample.c 3
/src/libjpeg-turbo/jdpostct.c 3
/src/libjpeg-turbo/jdlossls.c 3
/src/libjpeg-turbo/jdlhuff.c 1
/src/libjpeg-turbo/jddiffct.c 3
/src/libjpeg-turbo/jddctmgr.c 2
/src/libjpeg-turbo/jdarith.c 1
/src/libjpeg-turbo/jdphuff.c 1
/src/libjpeg-turbo/jdhuff.c 1
/src/libjpeg-turbo/jdcoefct.c 2
/src/libjpeg-turbo/jdmainct.c 4

Fuzzer: qpdf_outlines_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 398 17.6%
gold [1:9] 98 4.35%
yellow [10:29] 82 3.64%
greenyellow [30:49] 17 0.75%
lawngreen 50+ 1655 73.5%
All colors 2250 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
16704 22308 16 :

['std::__1::basic_string , std::__1::allocator > std::__1::operator+[abi:v180000] , std::__1::allocator >(std::__1::basic_string , std::__1::allocator >&&, char const*)', 'QPDFObjectHandle::hasKey(std::__1::basic_string , std::__1::allocator > const&) const', 'std::__1::basic_string , std::__1::allocator > std::__1::operator+[abi:v180000] , std::__1::allocator >(std::__1::basic_string , std::__1::allocator >&&, std::__1::basic_string , std::__1::allocator >&&)', 'QPDFObjectHandle::getKey(std::__1::basic_string , std::__1::allocator > const&) const', 'std::__1::shared_ptr ::operator->[abi:v180000]() const', 'std::__1::to_string(long long)', 'Pl_Count::Pl_Count(char const*, Pipeline*)', 'QPDFObjectHandle::newInteger(long long)', 'std::runtime_error::runtime_error(std::__1::basic_string , std::__1::allocator > const&)', 'QPDFObjGen::unparse(char) const', 'Pl_Count::getCount() const', 'std::__1::basic_string , std::__1::allocator > std::__1::operator+[abi:v180000] , std::__1::allocator >(char const*, std::__1::basic_string , std::__1::allocator >&&)', 'QPDFObjectHandle::StreamDataProvider::supportsRetry()', 'QPDFObjectHandle::getIntValue() const', 'Pl_Count::~Pl_Count()', 'QPDFObjectHandle::replaceKey(std::__1::basic_string , std::__1::allocator > const&, QPDFObjectHandle const&)']

16722 22583 QPDF_Stream::pipeStreamData(Pipeline*,bool*,int,qpdf_stream_decode_level_e,bool,bool) call site: 00000 /src/qpdf/libqpdf/QPDF_Stream.cc:575
16703 107107 25 :

['std::__1::list >::begin[abi:v180000]()', 'QPDF::makeIndirectObject(QPDFObjectHandle)', 'QPDFObjectHandle::QPDFObjectHandle(QPDFObjectHandle const&)', 'QPDFObjectHandle::newDictionary()', 'QPDFObjectHandle::removeKey(std::__1::basic_string , std::__1::allocator > const&)', 'QPDFObjectHandle::getArrayItem(int)', 'QPDFObjectHandle::getKey(std::__1::basic_string , std::__1::allocator > const&)', 'std::__1::__list_iterator ::operator--[abi:v180000]()', 'std::__1::__list_iterator ::operator->[abi:v180000]() const', 'NNTreeIterator::split(QPDFObjectHandle, std::__1::__list_iterator )', 'std::__1::__list_iterator ::operator++[abi:v180000]()', 'QTC::TC(char const*, char const*, int)', 'QPDFObjectHandle::operator=(QPDFObjectHandle const&)', 'QPDFObjectHandle::insertItem(int, QPDFObjectHandle const&)', 'QPDFObjectHandle::newArray()', 'NNTreeIterator::setItemNumber(QPDFObjectHandle const&, int)', 'QPDFObjectHandle::eraseItem(int)', 'std::__1::operator==[abi:v180000](std::__1::__list_iterator const&, std::__1::__list_iterator const&)', 'NNTreeIterator::resetLimits(QPDFObjectHandle, std::__1::__list_iterator )', 'QPDFObjectHandle::appendItem(QPDFObjectHandle const&)', 'QPDFObjectHandle::getArrayNItems()', '_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC2B7v180000ILi0EEEPKc', 'std::__1::list >::end[abi:v180000]()', 'NNTreeIterator::PathElement& std::__1::list >::emplace_front (QPDFObjectHandle&, int&&)', 'QPDFObjectHandle::replaceKey(std::__1::basic_string , std::__1::allocator > const&, QPDFObjectHandle const&)']

16767 107171 NNTreeIterator::split(QPDFObjectHandle,std::__1::__list_iterator ) call site: 00000 /src/qpdf/libqpdf/NNTree.cc:283
11216 156017 19 :

['std::__1::list >::begin[abi:v180000]()', 'QPDFObjectHandle::QPDFObjectHandle(QPDFObjectHandle const&)', 'QPDFObjectHandle::isArray()', 'QPDFObjectHandle::getArrayItem(int)', 'QPDFObjectHandle::getKey(std::__1::basic_string , std::__1::allocator > const&)', 'std::__1::__list_iterator ::operator--[abi:v180000]()', 'QPDFObjectHandle::isInitialized() const', 'std::__1::__list_iterator ::operator->[abi:v180000]() const', 'QPDFObjectHandle::operator=(QPDFObjectHandle const&)', 'QPDFObjectHandle::newArray()', 'QPDFObjectHandle::QPDFObjectHandle()', 'QPDFObjectHandle::~QPDFObjectHandle()', 'std::__1::operator==[abi:v180000](std::__1::__list_iterator const&, std::__1::__list_iterator const&)', 'QPDFObjectHandle::appendItem(QPDFObjectHandle const&)', 'QPDFObjectHandle::getArrayNItems()', 'std::__1::list >::end[abi:v180000]()', 'QPDFObjectHandle::isDictionary()', 'warn(QPDF&, QPDFObjectHandle&, std::__1::basic_string , std::__1::allocator > const&)', 'QPDFObjectHandle::replaceKey(std::__1::basic_string , std::__1::allocator > const&, QPDFObjectHandle const&)']

11216 161580 NNTreeIterator::resetLimits(QPDFObjectHandle,std::__1::__list_iterator ) call site: 00000 /src/qpdf/libqpdf/NNTree.cc:161
5726 5726 5 :

['std::__1::shared_ptr ::~shared_ptr[abi:v180000]()', 'std::__1::shared_ptr ::~shared_ptr[abi:v180000]()', 'QPDF::decryptStream(std::__1::shared_ptr , std::__1::shared_ptr , QPDF&, Pipeline*&, QPDFObjGen const&, QPDFObjectHandle&, std::__1::unique_ptr >&)', 'std::__1::shared_ptr ::shared_ptr[abi:v180000](std::__1::shared_ptr const&)', 'std::__1::shared_ptr ::shared_ptr[abi:v180000](std::__1::shared_ptr const&)']

5752 6426 QPDF::pipeStreamData(std::__1::shared_ptr ,std::__1::shared_ptr ,QPDF&,QPDFObjGenconst&,longlong,unsignedlong,QPDFObjectHandle,Pipeline*,bool,bool) call site: 00000 /src/qpdf/libqpdf/QPDF.cc:2720
607 607 1 :

['compute_U_value_R2(std::__1::basic_string , std::__1::allocator > const&, QPDF::EncryptionData const&)']

607 607 compute_U_value(std::__1::basic_string ,std::__1::allocator >const&,QPDF::EncryptionDataconst&) call site: 00000 /src/qpdf/libqpdf/QPDF_encryption.cc:503
443 443 1 :

['QPDF::recover_encryption_key_with_password(std::__1::basic_string , std::__1::allocator > const&, QPDF::EncryptionData const&)']

443 443 QPDF::compute_encryption_key(std::__1::basic_string ,std::__1::allocator >const&,QPDF::EncryptionDataconst&) call site: 00000 /src/qpdf/libqpdf/QPDF_encryption.cc:362
252 474 6 :

['adler32', 'fixedtables', 'inflate_fast', 'inflate_table', 'crc32', 'updatewindow']

252 474 inflate call site: 00000 /src/zlib/inflate.c:817
119 119 5 :

['BitStream::BitStream(unsigned char const*, unsigned long)', 'BitWriter::writeBitsSigned(long long, unsigned long)', 'BitStream::getBitsSigned(unsigned long)', 'BitWriter::BitWriter(Pipeline*)', 'BitWriter::flush()']

119 119 Pl_TIFFPredictor::processRow() call site: 00000 /src/qpdf/libqpdf/Pl_TIFFPredictor.cc:76
108 108 1 :

['deflateInit_']

521 1015 Pl_Flate::handleData(unsignedcharconst*,unsignedlong,int) call site: 00000 /src/qpdf/libqpdf/Pl_Flate.cc:131
53 53 2 :

['QPDF::getTrimmedUserPassword() const', 'bool std::__1::operator==[abi:v180000] >(std::__1::basic_string , std::__1::allocator > const&, std::__1::basic_string , std::__1::allocator > const&)']

80 1352 QPDF::initializeEncryption() call site: 00000 /src/qpdf/libqpdf/QPDF_encryption.cc:913
44 44 1 :

['QPDFObjectHandle QPDFParser::withDescription , std::__1::allocator > const&>(std::__1::basic_string , std::__1::allocator > const&)']

44 98 QPDFParser::parse(bool&,bool) call site: 00000 /src/qpdf/libqpdf/QPDFParser.cc:99
41 41 1 :

['Pl_RunLength::encode(unsigned char const*, unsigned long)']

41 41 Pl_RunLength::write(unsignedcharconst*,unsignedlong) call site: 00000 /src/qpdf/libqpdf/Pl_RunLength.cc:27

Runtime coverage analysis

Covered functions
829
Functions that are reachable but not covered
194
Reachable functions
1289
Percentage of reachable functions covered
84.95%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/qpdf/fuzz/qpdf_outlines_fuzzer.cc 7
/src/qpdf/libqpdf/Buffer.cc 7
/src/qpdf/libqpdf/Pl_Discard.cc 2
/src/qpdf/libqpdf/Pipeline.cc 7
/src/qpdf/include/qpdf/Buffer.hh 1
/src/qpdf/libqpdf/Pl_DCT.cc 3
/src/qpdf/libqpdf/Pl_PNGFilter.cc 1
/src/qpdf/libqpdf/Pl_TIFFPredictor.cc 1
/src/qpdf/libqpdf/Pl_Flate.cc 2
/src/qpdf/libqpdf/BufferInputSource.cc 2
/src/qpdf/include/qpdf/InputSource.hh 8
/src/qpdf/include/qpdf/QIntC.hh 28
/usr/local/bin/../include/c++/v1/stdexcept 2
/src/qpdf/libqpdf/QPDF.cc 62
/src/qpdf/include/qpdf/QPDF.hh 21
/src/qpdf/libqpdf/InputSource.cc 5
/src/qpdf/include/qpdf/QTC.hh 1
/src/qpdf/libqpdf/QPDFExc.cc 2
/src/qpdf/include/qpdf/QPDFExc.hh 2
/src/qpdf/libqpdf/QPDFTokenizer.cc 34
/src/qpdf/include/qpdf/QUtil.hh 3
/src/qpdf/include/qpdf/QPDFTokenizer.hh 13
/src/qpdf/libqpdf/QUtil.cc 25
/src/qpdf/include/qpdf/QPDFObjGen.hh 10
/src/qpdf/include/qpdf/QPDFXRefEntry.hh 2
/src/qpdf/libqpdf/qpdf/QPDFParser.hh 1
/src/qpdf/libqpdf/QPDFParser.cc 26
/src/qpdf/libqpdf/QPDFLogger.cc 8
/src/qpdf/include/qpdf/QPDFObjectHandle.hh 14
/src/qpdf/libqpdf/QPDF_Null.cc 4
/src/qpdf/libqpdf/qpdf/QPDFValue.hh 10
/src/qpdf/libqpdf/QPDFValue.cc 2
/src/qpdf/libqpdf/qpdf/QPDFObject_private.hh 20
/src/qpdf/libqpdf/QPDF_Integer.cc 3
/src/qpdf/libqpdf/QPDF_Unresolved.cc 2
/src/qpdf/libqpdf/QPDF_Array.cc 11
/src/qpdf/libqpdf/QPDFObjectHandle.cc 60
/src/qpdf/libqpdf/QPDFObjGen.cc 2
/src/qpdf/libqpdf/QPDFXRefEntry.cc 3
/src/qpdf/libqpdf/QPDF_Stream.cc 7
/src/qpdf/libqpdf/QPDF_Bool.cc 2
/src/qpdf/libqpdf/QPDF_Real.cc 4
/src/qpdf/libqpdf/QPDF_Name.cc 2
/src/qpdf/libqpdf/QPDF_Operator.cc 2
/src/qpdf/libqpdf/QPDF_String.cc 4
/src/qpdf/libqpdf/QPDF_Dictionary.cc 8
/src/qpdf/libqpdf/Pl_OStream.cc 2
/src/qpdf/include/qpdf/Pipeline.hh 1
/src/qpdf/libqpdf/qpdf/QPDF_Array.hh 1
/src/qpdf/libqpdf/Pl_Buffer.cc 5
/src/qpdf/include/qpdf/Pl_Buffer.hh 1
/src/qpdf/libqpdf/Pl_Count.cc 4
/src/qpdf/libqpdf/QPDF_encryption.cc 40
/src/qpdf/libqpdf/MD5.cc 4
/src/qpdf/libqpdf/QPDFCryptoProvider.cc 6
/src/qpdf/include/qpdf/QPDFCryptoProvider.hh 1
/src/qpdf/libqpdf/qpdf/MD5.hh 1
/src/qpdf/libqpdf/ContentNormalizer.cc 2
/src/qpdf/libqpdf/QPDF_pages.cc 4
/src/qpdf/libqpdf/QPDF_optimization.cc 2
/src/qpdf/libqpdf/RC4.cc 2
/src/qpdf/libqpdf/qpdf/RC4.hh 1
/src/qpdf/libqpdf/Pl_SHA2.cc 4
/src/qpdf/libqpdf/Pl_AES_PDF.cc 7
/src/qpdf/libqpdf/CryptoRandomDataProvider.cc 1
/src/qpdf/libqpdf/qpdf/CryptoRandomDataProvider.hh 1
/src/qpdf/include/qpdf/RandomDataProvider.hh 1
/src/qpdf/libqpdf/qpdf/Pl_AES_PDF.hh 1
/src/qpdf/libqpdf/qpdf/Pl_SHA2.hh 1
/src/qpdf/libqpdf/QPDFOutlineDocumentHelper.cc 3
/src/qpdf/include/qpdf/QPDFDocumentHelper.hh 1
/src/qpdf/include/qpdf/QPDFOutlineDocumentHelper.hh 3
/src/qpdf/include/qpdf/QPDFOutlineObjectHelper.hh 2
/src/qpdf/libqpdf/QPDFOutlineObjectHelper.cc 5
/src/qpdf/include/qpdf/QPDFObjectHelper.hh 1
/src/qpdf/libqpdf/QPDFObjectHelper.cc 1
/src/qpdf/libqpdf/QPDFDocumentHelper.cc 1
/src/qpdf/libqpdf/QPDFNameTreeObjectHelper.cc 6
/src/qpdf/libqpdf/NNTree.cc 24
/src/qpdf/libqpdf/qpdf/NNTree.hh 4
/src/qpdf/include/qpdf/QPDFNameTreeObjectHelper.hh 1

Fuzzer: qpdf_crypt_insecure_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 1277 38.8%
gold [1:9] 80 2.43%
yellow [10:29] 57 1.73%
greenyellow [30:49] 20 0.60%
lawngreen 50+ 1853 56.3%
All colors 3287 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
116781 127879 11 :

['QPDF::interpretCF(std::__1::shared_ptr , QPDFObjectHandle)', 'QPDFObjectHandle::isNameAndEquals(std::__1::basic_string , std::__1::allocator > const&) const', 'QPDFObjectHandle::getKey(std::__1::basic_string , std::__1::allocator > const&) const', 'QPDFObjectHandle::getArrayNItems() const', 'QPDFObjectHandle::isArray() const', 'QPDFObjectHandle::isDictionary() const', 'QPDFObjectHandle::~QPDFObjectHandle()', 'QPDFObjectHandle::isName() const', 'QPDFObjectHandle::isDictionaryOfType(std::__1::basic_string , std::__1::allocator > const&, std::__1::basic_string , std::__1::allocator > const&) const', 'QPDFObjectHandle::getArrayItem(int) const', 'std::__1::basic_string , std::__1::allocator >::operator=[abi:v180000](char const*)']

116781 128292 QPDF::decryptStream(std::__1::shared_ptr ,std::__1::shared_ptr ,QPDF&,Pipeline*&,QPDFObjGenconst&,QPDFObjectHandle&,std::__1::unique_ptr >&) call site: 00000 /src/qpdf/libqpdf/QPDF_encryption.cc:1067
16680 22308 16 :

['std::__1::basic_string , std::__1::allocator > std::__1::operator+[abi:v180000] , std::__1::allocator >(std::__1::basic_string , std::__1::allocator >&&, char const*)', 'QPDFObjectHandle::hasKey(std::__1::basic_string , std::__1::allocator > const&) const', 'std::__1::basic_string , std::__1::allocator > std::__1::operator+[abi:v180000] , std::__1::allocator >(std::__1::basic_string , std::__1::allocator >&&, std::__1::basic_string , std::__1::allocator >&&)', 'QPDFObjectHandle::getKey(std::__1::basic_string , std::__1::allocator > const&) const', 'std::__1::shared_ptr ::operator->[abi:v180000]() const', 'std::__1::to_string(long long)', 'Pl_Count::Pl_Count(char const*, Pipeline*)', 'QPDFObjectHandle::newInteger(long long)', 'std::runtime_error::runtime_error(std::__1::basic_string , std::__1::allocator > const&)', 'QPDFObjGen::unparse(char) const', 'Pl_Count::getCount() const', 'std::__1::basic_string , std::__1::allocator > std::__1::operator+[abi:v180000] , std::__1::allocator >(char const*, std::__1::basic_string , std::__1::allocator >&&)', 'QPDFObjectHandle::StreamDataProvider::supportsRetry()', 'QPDFObjectHandle::getIntValue() const', 'Pl_Count::~Pl_Count()', 'QPDFObjectHandle::replaceKey(std::__1::basic_string , std::__1::allocator > const&, QPDFObjectHandle const&)']

16698 22583 QPDF_Stream::pipeStreamData(Pipeline*,bool*,int,qpdf_stream_decode_level_e,bool,bool) call site: 00000 /src/qpdf/libqpdf/QPDF_Stream.cc:575
11133 11133 3 :

['QPDFObjectHandle::getArrayItem(int) const', 'std::__1::vector >::push_back[abi:v180000](QPDFObjectHandle&&)', 'QPDFObjectHandle::getArrayNItems() const']

11153 11240 QPDF_Stream::filterable(std::__1::vector ,std::__1::allocator >>&,bool&,bool&) call site: 00000 /src/qpdf/libqpdf/QPDF_Stream.cc:446
8150 8150 1 :

['QPDFWriter::writeLinearized()']

8152 8184 QPDFWriter::write() call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:2231
6776 6776 1 :

['QPDFWriter::writeObjectStream(QPDFObjectHandle)']

6780 6782 QPDFWriter::writeObject(QPDFObjectHandle,int) call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:1763
6295 6295 1 :

['QPDFWriter::copyEncryptionParameters(QPDF&)']

17938 35467 QPDFWriter::doWriteSetup() call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:2125
5711 5711 1 :

['QPDFWriter::enqueueObjectsPCLm()']

12623 26039 QPDFWriter::writeStandard() call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:3010
5638 11198 5 :

['QPDFObjectHandle::makeDirect(bool)', 'std::__1::basic_string , std::__1::allocator >::~basic_string()', '_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC2B7v180000ILi0EEEPKc', 'QPDFObjectHandle::replaceKey(std::__1::basic_string , std::__1::allocator > const&, QPDFObjectHandle const&)', 'QTC::TC(char const*, char const*, int)']

5650 11210 QPDFWriter::prepareFileForWrite() call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:2067
5564 5568 10 :

['std::__1::shared_ptr ::operator->[abi:v180000]() const', 'QPDFObjectHandle::QPDFObjectHandle(QPDFObjectHandle const&)', 'QTC::TC(char const*, char const*, int)', 'std::__1::__wrap_iter ::operator++[abi:v180000]()', 'bool std::__1::operator!=[abi:v180000] (std::__1::__wrap_iter const&, std::__1::__wrap_iter const&)', 'std::__1::vector >::~vector[abi:v180000]()', 'std::__1::vector >::end[abi:v180000]()', 'QPDF::getAllObjects()', 'std::__1::vector >::begin[abi:v180000]()', 'std::__1::__wrap_iter ::operator*[abi:v180000]() const']

5580 44649 QPDFWriter::enqueueObjectsStandard() call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:2916
5549 5570 3 :

['QPDFObjectHandle::operator=(QPDFObjectHandle const&)', 'QPDFObjectHandle::replaceKeyAndGetNew(std::__1::basic_string , std::__1::allocator > const&, QPDFObjectHandle const&)', 'QPDFObjectHandle::shallowCopy()']

11205 27919 QPDFWriter::prepareFileForWrite() call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:2061
768 768 1 :

['Pl_DCT::compress(void*, Buffer*)']

797 802 Pl_DCT::finish() call site: 00000 /src/qpdf/libqpdf/Pl_DCT.cc:155
663 663 1 :

['check_owner_password_V4(std::__1::basic_string , std::__1::allocator >&, std::__1::basic_string , std::__1::allocator > const&, QPDF::EncryptionData const&)']

663 663 check_owner_password(std::__1::basic_string ,std::__1::allocator >&,std::__1::basic_string ,std::__1::allocator >const&,QPDF::EncryptionDataconst&) call site: 00000 /src/qpdf/libqpdf/QPDF_encryption.cc:585

Runtime coverage analysis

Covered functions
1035
Functions that are reachable but not covered
427
Reachable functions
1572
Percentage of reachable functions covered
72.84%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/qpdf/fuzz/qpdf_crypt_insecure_fuzzer.cc 9
/src/qpdf/libqpdf/Buffer.cc 7
/src/qpdf/libqpdf/Pl_Discard.cc 2
/src/qpdf/libqpdf/Pipeline.cc 8
/src/qpdf/include/qpdf/Buffer.hh 1
/src/qpdf/libqpdf/Pl_DCT.cc 3
/src/qpdf/libqpdf/Pl_PNGFilter.cc 2
/src/qpdf/libqpdf/Pl_TIFFPredictor.cc 1
/src/qpdf/libqpdf/Pl_Flate.cc 4
/src/qpdf/libqpdf/BufferInputSource.cc 2
/src/qpdf/include/qpdf/InputSource.hh 8
/src/qpdf/include/qpdf/QIntC.hh 27
/usr/local/bin/../include/c++/v1/stdexcept 3
/src/qpdf/libqpdf/QPDF.cc 75
/src/qpdf/include/qpdf/QPDF.hh 37
/src/qpdf/libqpdf/InputSource.cc 5
/src/qpdf/include/qpdf/QTC.hh 1
/src/qpdf/libqpdf/QPDFExc.cc 2
/src/qpdf/include/qpdf/QPDFExc.hh 2
/src/qpdf/libqpdf/QPDFTokenizer.cc 34
/src/qpdf/include/qpdf/QUtil.hh 5
/src/qpdf/include/qpdf/QPDFTokenizer.hh 13
/src/qpdf/libqpdf/QUtil.cc 20
/src/qpdf/include/qpdf/QPDFObjGen.hh 11
/src/qpdf/include/qpdf/QPDFXRefEntry.hh 2
/src/qpdf/libqpdf/qpdf/QPDFParser.hh 1
/src/qpdf/libqpdf/QPDFParser.cc 26
/src/qpdf/libqpdf/QPDFLogger.cc 8
/src/qpdf/include/qpdf/QPDFObjectHandle.hh 14
/src/qpdf/libqpdf/QPDF_Null.cc 4
/src/qpdf/libqpdf/qpdf/QPDFValue.hh 10
/src/qpdf/libqpdf/QPDFValue.cc 2
/src/qpdf/libqpdf/qpdf/QPDFObject_private.hh 21
/src/qpdf/libqpdf/QPDF_Integer.cc 3
/src/qpdf/libqpdf/QPDF_Unresolved.cc 2
/src/qpdf/libqpdf/QPDF_Array.cc 10
/src/qpdf/libqpdf/QPDFObjectHandle.cc 72
/src/qpdf/libqpdf/QPDFObjGen.cc 2
/src/qpdf/libqpdf/QPDFXRefEntry.cc 4
/src/qpdf/libqpdf/QPDF_Stream.cc 10
/src/qpdf/libqpdf/QPDF_Bool.cc 2
/src/qpdf/libqpdf/QPDF_Real.cc 4
/src/qpdf/libqpdf/QPDF_Name.cc 3
/src/qpdf/libqpdf/QPDF_Operator.cc 2
/src/qpdf/libqpdf/QPDF_String.cc 2
/src/qpdf/libqpdf/QPDF_Dictionary.cc 9
/src/qpdf/libqpdf/Pl_OStream.cc 2
/src/qpdf/include/qpdf/Pipeline.hh 1
/src/qpdf/libqpdf/qpdf/QPDF_Array.hh 1
/src/qpdf/libqpdf/Pl_Buffer.cc 5
/src/qpdf/include/qpdf/Pl_Buffer.hh 1
/src/qpdf/libqpdf/Pl_Count.cc 6
/src/qpdf/libqpdf/QPDF_encryption.cc 48
/src/qpdf/libqpdf/MD5.cc 6
/src/qpdf/libqpdf/QPDFCryptoProvider.cc 6
/src/qpdf/include/qpdf/QPDFCryptoProvider.hh 1
/src/qpdf/libqpdf/qpdf/MD5.hh 1
/src/qpdf/libqpdf/ContentNormalizer.cc 2
/src/qpdf/libqpdf/QPDF_pages.cc 4
/src/qpdf/libqpdf/QPDF_optimization.cc 9
/src/qpdf/libqpdf/RC4.cc 2
/src/qpdf/libqpdf/qpdf/RC4.hh 1
/src/qpdf/libqpdf/Pl_SHA2.cc 4
/src/qpdf/libqpdf/Pl_AES_PDF.cc 7
/src/qpdf/libqpdf/CryptoRandomDataProvider.cc 1
/src/qpdf/libqpdf/qpdf/CryptoRandomDataProvider.hh 1
/src/qpdf/include/qpdf/RandomDataProvider.hh 1
/src/qpdf/libqpdf/qpdf/Pl_AES_PDF.hh 1
/src/qpdf/libqpdf/qpdf/Pl_SHA2.hh 1
/src/qpdf/libqpdf/QPDFWriter.cc 65
/src/qpdf/libqpdf/qpdf/QPDF_String.hh 1
/src/qpdf/libqpdf/qpdf/ObjTable.hh 17
/src/qpdf/libqpdf/qpdf/QPDFWriter_private.hh 1
/src/qpdf/libqpdf/QPDF_linearization.cc 17
/src/qpdf/libqpdf/QPDFSystemError.cc 2
/src/qpdf/include/qpdf/QPDFSystemError.hh 1
/src/qpdf/libqpdf/Pl_StdioFile.cc 2
/src/qpdf/libqpdf/Pl_MD5.cc 4
/src/qpdf/include/qpdf/QPDFWriter.hh 1
/src/qpdf/libqpdf/Pl_RC4.cc 1
/src/qpdf/libqpdf/BitWriter.cc 4
/src/qpdf/libqpdf/qpdf/bits_functions.hh 1

Fuzzer: future_qpdf_lin_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 974 29.9%
gold [1:9] 92 2.83%
yellow [10:29] 48 1.47%
greenyellow [30:49] 24 0.73%
lawngreen 50+ 2111 64.9%
All colors 3249 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
16651 27758 8 :

['std::__1::basic_string , std::__1::allocator > std::__1::operator+[abi:v180000] , std::__1::allocator >(std::__1::basic_string , std::__1::allocator >&&, char const*)', 'QPDFObjectHandle::isInteger()', 'QPDFObjectHandle::parse(std::__1::basic_string , std::__1::allocator > const&, std::__1::basic_string , std::__1::allocator > const&)', 'std::__1::basic_string , std::__1::allocator > std::__1::operator+[abi:v180000] , std::__1::allocator >(std::__1::basic_string , std::__1::allocator >&&, std::__1::basic_string , std::__1::allocator >&&)', 'std::__1::basic_string , std::__1::allocator > std::__1::operator+ , std::__1::allocator >(char const*, std::__1::basic_string , std::__1::allocator > const&)', 'QPDFObjectHandle::getIntValue()', 'QPDFObjectHandle::isDictionary()', 'QPDFObjectHandle::replaceKey(std::__1::basic_string , std::__1::allocator > const&, QPDFObjectHandle const&)']

127827 201901 QPDFWriter::unparseObject(QPDFObjectHandle,int,int,unsignedlong,bool) call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:1415
6295 6295 1 :

['QPDFWriter::copyEncryptionParameters(QPDF&)']

12131 35467 QPDFWriter::doWriteSetup() call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:2125
5726 5726 5 :

['std::__1::shared_ptr ::~shared_ptr[abi:v180000]()', 'std::__1::shared_ptr ::~shared_ptr[abi:v180000]()', 'QPDF::decryptStream(std::__1::shared_ptr , std::__1::shared_ptr , QPDF&, Pipeline*&, QPDFObjGen const&, QPDFObjectHandle&, std::__1::unique_ptr >&)', 'std::__1::shared_ptr ::shared_ptr[abi:v180000](std::__1::shared_ptr const&)', 'std::__1::shared_ptr ::shared_ptr[abi:v180000](std::__1::shared_ptr const&)']

5752 6426 QPDF::pipeStreamData(std::__1::shared_ptr ,std::__1::shared_ptr ,QPDF&,QPDFObjGenconst&,longlong,unsignedlong,QPDFObjectHandle,Pipeline*,bool,bool) call site: 00000 /src/qpdf/libqpdf/QPDF.cc:2720
5638 11198 5 :

['QPDFObjectHandle::makeDirect(bool)', 'std::__1::basic_string , std::__1::allocator >::~basic_string()', '_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC2B7v180000ILi0EEEPKc', 'QPDFObjectHandle::replaceKey(std::__1::basic_string , std::__1::allocator > const&, QPDFObjectHandle const&)', 'QTC::TC(char const*, char const*, int)']

5650 11210 QPDFWriter::prepareFileForWrite() call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:2067
5597 5597 2 :

['QPDFObjectHandle::replaceKeyAndGetNew(std::__1::basic_string , std::__1::allocator > const&, QPDFObjectHandle const&)', 'QPDFObjectHandle::newDictionary()']

133430 207510 QPDFWriter::unparseObject(QPDFObjectHandle,int,int,unsignedlong,bool) call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:1398
5555 5731 4 :

['QPDFObjectHandle::getStringValue()', 'QPDF_String::unparse(bool)', 'QPDF_String::~QPDF_String()', 'QPDF_String::QPDF_String(std::__1::basic_string , std::__1::allocator > const&)']

5555 5733 QPDFWriter::unparseObject(QPDFObjectHandle,int,int,unsignedlong,bool) call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:1592
5549 5570 3 :

['QPDFObjectHandle::operator=(QPDFObjectHandle const&)', 'QPDFObjectHandle::replaceKeyAndGetNew(std::__1::basic_string , std::__1::allocator > const&, QPDFObjectHandle const&)', 'QPDFObjectHandle::shallowCopy()']

22320 27919 QPDFWriter::prepareFileForWrite() call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:2061
768 768 1 :

['Pl_DCT::compress(void*, Buffer*)']

797 802 Pl_DCT::finish() call site: 00000 /src/qpdf/libqpdf/Pl_DCT.cc:155
252 474 6 :

['adler32', 'fixedtables', 'inflate_fast', 'inflate_table', 'crc32', 'updatewindow']

252 474 inflate call site: 00000 /src/zlib/inflate.c:817
102 119 5 :

['BitStream::BitStream(unsigned char const*, unsigned long)', 'BitWriter::writeBitsSigned(long long, unsigned long)', 'BitStream::getBitsSigned(unsigned long)', 'BitWriter::BitWriter(Pipeline*)', 'BitWriter::flush()']

102 119 Pl_TIFFPredictor::processRow() call site: 00000 /src/qpdf/libqpdf/Pl_TIFFPredictor.cc:76
70 70 2 :

['j12init_color_deconverter', 'j12init_upsampler']

155 208 master_selection call site: 00000 /src/libjpeg-turbo/jdmaster.c:625
44 44 3 :

['std::__1::basic_string , std::__1::allocator >::~basic_string()', 'QPDFObjectHandle QPDFParser::withDescription , std::__1::allocator >&>(std::__1::basic_string , std::__1::allocator >&)', 'std::__1::basic_string , std::__1::allocator >::basic_string(std::__1::basic_string , std::__1::allocator > const&)']

44 101 QPDFParser::parse(bool&,bool) call site: 00000 /src/qpdf/libqpdf/QPDFParser.cc:115

Runtime coverage analysis

Covered functions
985
Functions that are reachable but not covered
397
Reachable functions
1554
Percentage of reachable functions covered
74.45%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/qpdf/fuzz/qpdf_lin_fuzzer.cc 9
/src/qpdf/libqpdf/Buffer.cc 7
/src/qpdf/libqpdf/Pl_Discard.cc 2
/src/qpdf/libqpdf/Pipeline.cc 8
/src/qpdf/include/qpdf/Buffer.hh 1
/src/qpdf/libqpdf/Pl_DCT.cc 3
/src/qpdf/libqpdf/Pl_PNGFilter.cc 2
/src/qpdf/libqpdf/Pl_TIFFPredictor.cc 1
/src/qpdf/libqpdf/Pl_Flate.cc 4
/src/qpdf/libqpdf/BufferInputSource.cc 2
/src/qpdf/include/qpdf/InputSource.hh 8
/src/qpdf/include/qpdf/QIntC.hh 27
/usr/local/bin/../include/c++/v1/stdexcept 3
/src/qpdf/libqpdf/QPDF.cc 75
/src/qpdf/include/qpdf/QPDF.hh 37
/src/qpdf/libqpdf/InputSource.cc 5
/src/qpdf/include/qpdf/QTC.hh 1
/src/qpdf/libqpdf/QPDFExc.cc 2
/src/qpdf/include/qpdf/QPDFExc.hh 2
/src/qpdf/libqpdf/QPDFTokenizer.cc 34
/src/qpdf/include/qpdf/QUtil.hh 5
/src/qpdf/include/qpdf/QPDFTokenizer.hh 13
/src/qpdf/libqpdf/QUtil.cc 20
/src/qpdf/include/qpdf/QPDFObjGen.hh 11
/src/qpdf/include/qpdf/QPDFXRefEntry.hh 2
/src/qpdf/libqpdf/qpdf/QPDFParser.hh 1
/src/qpdf/libqpdf/QPDFParser.cc 26
/src/qpdf/libqpdf/QPDFLogger.cc 8
/src/qpdf/include/qpdf/QPDFObjectHandle_future.hh 15
/src/qpdf/libqpdf/QPDF_Null.cc 4
/src/qpdf/libqpdf/qpdf/QPDFValue.hh 10
/src/qpdf/libqpdf/QPDFValue.cc 2
/src/qpdf/libqpdf/qpdf/QPDFObject_private.hh 21
/src/qpdf/libqpdf/QPDF_Integer.cc 3
/src/qpdf/libqpdf/QPDF_Unresolved.cc 2
/src/qpdf/libqpdf/QPDF_Array.cc 10
/src/qpdf/libqpdf/QPDFObjectHandle.cc 72
/src/qpdf/libqpdf/QPDFObjGen.cc 2
/src/qpdf/libqpdf/QPDFXRefEntry.cc 4
/src/qpdf/libqpdf/QPDF_Stream.cc 10
/src/qpdf/libqpdf/QPDF_Bool.cc 2
/src/qpdf/libqpdf/QPDF_Real.cc 4
/src/qpdf/libqpdf/QPDF_Name.cc 3
/src/qpdf/libqpdf/QPDF_Operator.cc 2
/src/qpdf/libqpdf/QPDF_String.cc 2
/src/qpdf/libqpdf/QPDF_Dictionary.cc 9
/src/qpdf/libqpdf/Pl_OStream.cc 2
/src/qpdf/include/qpdf/Pipeline.hh 1
/src/qpdf/libqpdf/qpdf/QPDF_Array.hh 1
/src/qpdf/libqpdf/Pl_Buffer.cc 5
/src/qpdf/include/qpdf/Pl_Buffer.hh 1
/src/qpdf/libqpdf/Pl_Count.cc 6
/src/qpdf/libqpdf/QPDF_encryption.cc 41
/src/qpdf/libqpdf/MD5.cc 6
/src/qpdf/libqpdf/QPDFCryptoProvider.cc 6
/src/qpdf/include/qpdf/QPDFCryptoProvider.hh 1
/src/qpdf/libqpdf/qpdf/MD5.hh 1
/src/qpdf/libqpdf/ContentNormalizer.cc 2
/src/qpdf/libqpdf/QPDF_pages.cc 4
/src/qpdf/libqpdf/QPDF_optimization.cc 9
/src/qpdf/libqpdf/RC4.cc 2
/src/qpdf/libqpdf/qpdf/RC4.hh 1
/src/qpdf/libqpdf/Pl_SHA2.cc 4
/src/qpdf/libqpdf/Pl_AES_PDF.cc 7
/src/qpdf/libqpdf/CryptoRandomDataProvider.cc 1
/src/qpdf/libqpdf/qpdf/CryptoRandomDataProvider.hh 1
/src/qpdf/include/qpdf/RandomDataProvider.hh 1
/src/qpdf/libqpdf/qpdf/Pl_AES_PDF.hh 1
/src/qpdf/libqpdf/qpdf/Pl_SHA2.hh 1
/src/qpdf/libqpdf/QPDFWriter.cc 63
/src/qpdf/libqpdf/qpdf/QPDF_String.hh 1
/src/qpdf/libqpdf/qpdf/ObjTable.hh 17
/src/qpdf/libqpdf/qpdf/QPDFWriter_private.hh 1
/src/qpdf/libqpdf/QPDF_linearization.cc 17
/src/qpdf/libqpdf/QPDFSystemError.cc 2
/src/qpdf/include/qpdf/QPDFSystemError.hh 1
/src/qpdf/libqpdf/Pl_StdioFile.cc 2
/src/qpdf/libqpdf/Pl_MD5.cc 4
/src/qpdf/include/qpdf/QPDFWriter.hh 1
/src/qpdf/libqpdf/Pl_RC4.cc 1
/src/qpdf/libqpdf/BitWriter.cc 4
/src/qpdf/libqpdf/qpdf/bits_functions.hh 1

Fuzzer: future_qpdf_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 490 14.8%
gold [1:9] 96 2.91%
yellow [10:29] 38 1.15%
greenyellow [30:49] 39 1.18%
lawngreen 50+ 2630 79.8%
All colors 3293 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
6295 6295 1 :

['QPDFWriter::copyEncryptionParameters(QPDF&)']

12151 35467 QPDFWriter::doWriteSetup() call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:2125
5711 5711 1 :

['QPDFWriter::enqueueObjectsPCLm()']

5719 26039 QPDFWriter::writeStandard() call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:3010
5564 5568 10 :

['std::__1::shared_ptr ::operator->[abi:v180000]() const', 'QPDFObjectHandle::QPDFObjectHandle(QPDFObjectHandle const&)', 'QTC::TC(char const*, char const*, int)', 'std::__1::__wrap_iter ::operator++[abi:v180000]()', 'bool std::__1::operator!=[abi:v180000] (std::__1::__wrap_iter const&, std::__1::__wrap_iter const&)', 'std::__1::vector >::~vector[abi:v180000]()', 'std::__1::vector >::end[abi:v180000]()', 'QPDF::getAllObjects()', 'std::__1::vector >::begin[abi:v180000]()', 'std::__1::__wrap_iter ::operator*[abi:v180000]() const']

22261 44649 QPDFWriter::enqueueObjectsStandard() call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:2916
768 768 1 :

['Pl_DCT::compress(void*, Buffer*)']

797 802 Pl_DCT::finish() call site: 00000 /src/qpdf/libqpdf/Pl_DCT.cc:155
695 695 1 :

['QPDF::compute_encryption_O_U(char const*, char const*, int, int, int, int, bool, std::__1::basic_string , std::__1::allocator > const&, std::__1::basic_string , std::__1::allocator >&, std::__1::basic_string , std::__1::allocator >&)']

695 1477 QPDFWriter::setEncryptionParameters(charconst*,charconst*,int,int,int,std::__1::set ,std::__1::allocator >&) call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:626
607 607 1 :

['compute_U_value_R2(std::__1::basic_string , std::__1::allocator > const&, QPDF::EncryptionData const&)']

607 607 compute_U_value(std::__1::basic_string ,std::__1::allocator >const&,QPDF::EncryptionDataconst&) call site: 00000 /src/qpdf/libqpdf/QPDF_encryption.cc:503
443 443 1 :

['QPDF::recover_encryption_key_with_password(std::__1::basic_string , std::__1::allocator > const&, QPDF::EncryptionData const&)']

443 443 QPDF::compute_encryption_key(std::__1::basic_string ,std::__1::allocator >const&,QPDF::EncryptionDataconst&) call site: 00000 /src/qpdf/libqpdf/QPDF_encryption.cc:362
252 474 6 :

['adler32', 'fixedtables', 'inflate_fast', 'inflate_table', 'crc32', 'updatewindow']

252 474 inflate call site: 00000 /src/zlib/inflate.c:817
102 119 5 :

['BitStream::BitStream(unsigned char const*, unsigned long)', 'BitWriter::writeBitsSigned(long long, unsigned long)', 'BitStream::getBitsSigned(unsigned long)', 'BitWriter::BitWriter(Pipeline*)', 'BitWriter::flush()']

102 119 Pl_TIFFPredictor::processRow() call site: 00000 /src/qpdf/libqpdf/Pl_TIFFPredictor.cc:76
70 70 2 :

['j16init_upsampler', 'j16init_color_deconverter']

113 208 master_selection call site: 00000 /src/libjpeg-turbo/jdmaster.c:618
53 53 2 :

['QPDF::getTrimmedUserPassword() const', 'bool std::__1::operator==[abi:v180000] >(std::__1::basic_string , std::__1::allocator > const&, std::__1::basic_string , std::__1::allocator > const&)']

80 1352 QPDF::initializeEncryption() call site: 00000 /src/qpdf/libqpdf/QPDF_encryption.cc:913
44 44 1 :

['QPDFObjectHandle QPDFParser::withDescription , std::__1::allocator > const&>(std::__1::basic_string , std::__1::allocator > const&)']

44 98 QPDFParser::parse(bool&,bool) call site: 00000 /src/qpdf/libqpdf/QPDFParser.cc:99

Runtime coverage analysis

Covered functions
1181
Functions that are reachable but not covered
229
Reachable functions
1578
Percentage of reachable functions covered
85.49%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/qpdf/fuzz/qpdf_fuzzer.cc 9
/src/qpdf/libqpdf/Buffer.cc 7
/src/qpdf/libqpdf/Pl_Discard.cc 2
/src/qpdf/libqpdf/Pipeline.cc 8
/src/qpdf/include/qpdf/Buffer.hh 1
/src/qpdf/libqpdf/Pl_DCT.cc 3
/src/qpdf/libqpdf/Pl_PNGFilter.cc 2
/src/qpdf/libqpdf/Pl_TIFFPredictor.cc 1
/src/qpdf/libqpdf/Pl_Flate.cc 4
/src/qpdf/libqpdf/BufferInputSource.cc 2
/src/qpdf/include/qpdf/InputSource.hh 8
/src/qpdf/include/qpdf/QIntC.hh 27
/usr/local/bin/../include/c++/v1/stdexcept 3
/src/qpdf/libqpdf/QPDF.cc 75
/src/qpdf/include/qpdf/QPDF.hh 37
/src/qpdf/libqpdf/InputSource.cc 5
/src/qpdf/include/qpdf/QTC.hh 1
/src/qpdf/libqpdf/QPDFExc.cc 2
/src/qpdf/include/qpdf/QPDFExc.hh 2
/src/qpdf/libqpdf/QPDFTokenizer.cc 34
/src/qpdf/include/qpdf/QUtil.hh 5
/src/qpdf/include/qpdf/QPDFTokenizer.hh 13
/src/qpdf/libqpdf/QUtil.cc 20
/src/qpdf/include/qpdf/QPDFObjGen.hh 11
/src/qpdf/include/qpdf/QPDFXRefEntry.hh 2
/src/qpdf/libqpdf/qpdf/QPDFParser.hh 1
/src/qpdf/libqpdf/QPDFParser.cc 26
/src/qpdf/libqpdf/QPDFLogger.cc 8
/src/qpdf/include/qpdf/QPDFObjectHandle_future.hh 15
/src/qpdf/libqpdf/QPDF_Null.cc 4
/src/qpdf/libqpdf/qpdf/QPDFValue.hh 10
/src/qpdf/libqpdf/QPDFValue.cc 2
/src/qpdf/libqpdf/qpdf/QPDFObject_private.hh 21
/src/qpdf/libqpdf/QPDF_Integer.cc 3
/src/qpdf/libqpdf/QPDF_Unresolved.cc 2
/src/qpdf/libqpdf/QPDF_Array.cc 10
/src/qpdf/libqpdf/QPDFObjectHandle.cc 72
/src/qpdf/libqpdf/QPDFObjGen.cc 2
/src/qpdf/libqpdf/QPDFXRefEntry.cc 4
/src/qpdf/libqpdf/QPDF_Stream.cc 10
/src/qpdf/libqpdf/QPDF_Bool.cc 2
/src/qpdf/libqpdf/QPDF_Real.cc 4
/src/qpdf/libqpdf/QPDF_Name.cc 3
/src/qpdf/libqpdf/QPDF_Operator.cc 2
/src/qpdf/libqpdf/QPDF_String.cc 2
/src/qpdf/libqpdf/QPDF_Dictionary.cc 9
/src/qpdf/libqpdf/Pl_OStream.cc 2
/src/qpdf/include/qpdf/Pipeline.hh 1
/src/qpdf/libqpdf/qpdf/QPDF_Array.hh 1
/src/qpdf/libqpdf/Pl_Buffer.cc 5
/src/qpdf/include/qpdf/Pl_Buffer.hh 1
/src/qpdf/libqpdf/Pl_Count.cc 6
/src/qpdf/libqpdf/QPDF_encryption.cc 48
/src/qpdf/libqpdf/MD5.cc 6
/src/qpdf/libqpdf/QPDFCryptoProvider.cc 6
/src/qpdf/include/qpdf/QPDFCryptoProvider.hh 1
/src/qpdf/libqpdf/qpdf/MD5.hh 1
/src/qpdf/libqpdf/ContentNormalizer.cc 2
/src/qpdf/libqpdf/QPDF_pages.cc 4
/src/qpdf/libqpdf/QPDF_optimization.cc 9
/src/qpdf/libqpdf/RC4.cc 2
/src/qpdf/libqpdf/qpdf/RC4.hh 1
/src/qpdf/libqpdf/Pl_SHA2.cc 4
/src/qpdf/libqpdf/Pl_AES_PDF.cc 7
/src/qpdf/libqpdf/CryptoRandomDataProvider.cc 1
/src/qpdf/libqpdf/qpdf/CryptoRandomDataProvider.hh 1
/src/qpdf/include/qpdf/RandomDataProvider.hh 1
/src/qpdf/libqpdf/qpdf/Pl_AES_PDF.hh 1
/src/qpdf/libqpdf/qpdf/Pl_SHA2.hh 1
/src/qpdf/libqpdf/QPDFWriter.cc 67
/src/qpdf/libqpdf/qpdf/QPDF_String.hh 1
/src/qpdf/libqpdf/qpdf/ObjTable.hh 17
/src/qpdf/libqpdf/qpdf/QPDFWriter_private.hh 1
/src/qpdf/libqpdf/QPDF_linearization.cc 17
/src/qpdf/libqpdf/QPDFSystemError.cc 2
/src/qpdf/include/qpdf/QPDFSystemError.hh 1
/src/qpdf/libqpdf/Pl_StdioFile.cc 2
/src/qpdf/libqpdf/Pl_MD5.cc 4
/src/qpdf/include/qpdf/QPDFWriter.hh 1
/src/qpdf/libqpdf/Pl_RC4.cc 1
/src/qpdf/libqpdf/BitWriter.cc 4
/src/qpdf/libqpdf/qpdf/bits_functions.hh 1

Fuzzer: qpdf_lin_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 1018 31.3%
gold [1:9] 94 2.89%
yellow [10:29] 49 1.50%
greenyellow [30:49] 42 1.29%
lawngreen 50+ 2046 62.9%
All colors 3249 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
16680 22308 16 :

['std::__1::basic_string , std::__1::allocator > std::__1::operator+[abi:v180000] , std::__1::allocator >(std::__1::basic_string , std::__1::allocator >&&, char const*)', 'QPDFObjectHandle::hasKey(std::__1::basic_string , std::__1::allocator > const&) const', 'std::__1::basic_string , std::__1::allocator > std::__1::operator+[abi:v180000] , std::__1::allocator >(std::__1::basic_string , std::__1::allocator >&&, std::__1::basic_string , std::__1::allocator >&&)', 'QPDFObjectHandle::getKey(std::__1::basic_string , std::__1::allocator > const&) const', 'std::__1::shared_ptr ::operator->[abi:v180000]() const', 'std::__1::to_string(long long)', 'Pl_Count::Pl_Count(char const*, Pipeline*)', 'QPDFObjectHandle::newInteger(long long)', 'std::runtime_error::runtime_error(std::__1::basic_string , std::__1::allocator > const&)', 'QPDFObjGen::unparse(char) const', 'Pl_Count::getCount() const', 'std::__1::basic_string , std::__1::allocator > std::__1::operator+[abi:v180000] , std::__1::allocator >(char const*, std::__1::basic_string , std::__1::allocator >&&)', 'QPDFObjectHandle::StreamDataProvider::supportsRetry()', 'QPDFObjectHandle::getIntValue() const', 'Pl_Count::~Pl_Count()', 'QPDFObjectHandle::replaceKey(std::__1::basic_string , std::__1::allocator > const&, QPDFObjectHandle const&)']

16698 22583 QPDF_Stream::pipeStreamData(Pipeline*,bool*,int,qpdf_stream_decode_level_e,bool,bool) call site: 00000 /src/qpdf/libqpdf/QPDF_Stream.cc:575
11133 11133 3 :

['QPDFObjectHandle::getArrayItem(int) const', 'std::__1::vector >::push_back[abi:v180000](QPDFObjectHandle&&)', 'QPDFObjectHandle::getArrayNItems() const']

11153 11240 QPDF_Stream::filterable(std::__1::vector ,std::__1::allocator >>&,bool&,bool&) call site: 00000 /src/qpdf/libqpdf/QPDF_Stream.cc:446
6295 6295 1 :

['QPDFWriter::copyEncryptionParameters(QPDF&)']

12131 35467 QPDFWriter::doWriteSetup() call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:2125
5726 5726 5 :

['std::__1::shared_ptr ::~shared_ptr[abi:v180000]()', 'std::__1::shared_ptr ::~shared_ptr[abi:v180000]()', 'QPDF::decryptStream(std::__1::shared_ptr , std::__1::shared_ptr , QPDF&, Pipeline*&, QPDFObjGen const&, QPDFObjectHandle&, std::__1::unique_ptr >&)', 'std::__1::shared_ptr ::shared_ptr[abi:v180000](std::__1::shared_ptr const&)', 'std::__1::shared_ptr ::shared_ptr[abi:v180000](std::__1::shared_ptr const&)']

5752 6426 QPDF::pipeStreamData(std::__1::shared_ptr ,std::__1::shared_ptr ,QPDF&,QPDFObjGenconst&,longlong,unsignedlong,QPDFObjectHandle,Pipeline*,bool,bool) call site: 00000 /src/qpdf/libqpdf/QPDF.cc:2720
5597 5597 2 :

['QPDFObjectHandle::replaceKeyAndGetNew(std::__1::basic_string , std::__1::allocator > const&, QPDFObjectHandle const&)', 'QPDFObjectHandle::newDictionary()']

5655 207510 QPDFWriter::unparseObject(QPDFObjectHandle,int,int,unsignedlong,bool) call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:1398
768 768 1 :

['Pl_DCT::compress(void*, Buffer*)']

797 802 Pl_DCT::finish() call site: 00000 /src/qpdf/libqpdf/Pl_DCT.cc:155
252 474 6 :

['adler32', 'fixedtables', 'inflate_fast', 'inflate_table', 'crc32', 'updatewindow']

252 474 inflate call site: 00000 /src/zlib/inflate.c:817
102 119 5 :

['BitStream::BitStream(unsigned char const*, unsigned long)', 'BitWriter::writeBitsSigned(long long, unsigned long)', 'BitStream::getBitsSigned(unsigned long)', 'BitWriter::BitWriter(Pipeline*)', 'BitWriter::flush()']

102 119 Pl_TIFFPredictor::processRow() call site: 00000 /src/qpdf/libqpdf/Pl_TIFFPredictor.cc:76
70 70 2 :

['j16init_upsampler', 'j16init_color_deconverter']

154 208 master_selection call site: 00000 /src/libjpeg-turbo/jdmaster.c:618
70 70 2 :

['j12init_color_deconverter', 'j12init_upsampler']

154 208 master_selection call site: 00000 /src/libjpeg-turbo/jdmaster.c:625
44 44 3 :

['std::__1::basic_string , std::__1::allocator >::~basic_string()', 'QPDFObjectHandle QPDFParser::withDescription , std::__1::allocator >&>(std::__1::basic_string , std::__1::allocator >&)', 'std::__1::basic_string , std::__1::allocator >::basic_string(std::__1::basic_string , std::__1::allocator > const&)']

44 101 QPDFParser::parse(bool&,bool) call site: 00000 /src/qpdf/libqpdf/QPDFParser.cc:115
44 44 1 :

['QPDFObjectHandle QPDFParser::withDescription , std::__1::allocator > const&>(std::__1::basic_string , std::__1::allocator > const&)']

44 98 QPDFParser::parse(bool&,bool) call site: 00000 /src/qpdf/libqpdf/QPDFParser.cc:99

Runtime coverage analysis

Covered functions
976
Functions that are reachable but not covered
403
Reachable functions
1552
Percentage of reachable functions covered
74.03%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/qpdf/fuzz/qpdf_lin_fuzzer.cc 9
/src/qpdf/libqpdf/Buffer.cc 7
/src/qpdf/libqpdf/Pl_Discard.cc 2
/src/qpdf/libqpdf/Pipeline.cc 8
/src/qpdf/include/qpdf/Buffer.hh 1
/src/qpdf/libqpdf/Pl_DCT.cc 3
/src/qpdf/libqpdf/Pl_PNGFilter.cc 2
/src/qpdf/libqpdf/Pl_TIFFPredictor.cc 1
/src/qpdf/libqpdf/Pl_Flate.cc 4
/src/qpdf/libqpdf/BufferInputSource.cc 2
/src/qpdf/include/qpdf/InputSource.hh 8
/src/qpdf/include/qpdf/QIntC.hh 27
/usr/local/bin/../include/c++/v1/stdexcept 3
/src/qpdf/libqpdf/QPDF.cc 75
/src/qpdf/include/qpdf/QPDF.hh 37
/src/qpdf/libqpdf/InputSource.cc 5
/src/qpdf/include/qpdf/QTC.hh 1
/src/qpdf/libqpdf/QPDFExc.cc 2
/src/qpdf/include/qpdf/QPDFExc.hh 2
/src/qpdf/libqpdf/QPDFTokenizer.cc 34
/src/qpdf/include/qpdf/QUtil.hh 5
/src/qpdf/include/qpdf/QPDFTokenizer.hh 13
/src/qpdf/libqpdf/QUtil.cc 20
/src/qpdf/include/qpdf/QPDFObjGen.hh 11
/src/qpdf/include/qpdf/QPDFXRefEntry.hh 2
/src/qpdf/libqpdf/qpdf/QPDFParser.hh 1
/src/qpdf/libqpdf/QPDFParser.cc 26
/src/qpdf/libqpdf/QPDFLogger.cc 8
/src/qpdf/include/qpdf/QPDFObjectHandle.hh 14
/src/qpdf/libqpdf/QPDF_Null.cc 4
/src/qpdf/libqpdf/qpdf/QPDFValue.hh 10
/src/qpdf/libqpdf/QPDFValue.cc 2
/src/qpdf/libqpdf/qpdf/QPDFObject_private.hh 21
/src/qpdf/libqpdf/QPDF_Integer.cc 3
/src/qpdf/libqpdf/QPDF_Unresolved.cc 2
/src/qpdf/libqpdf/QPDF_Array.cc 10
/src/qpdf/libqpdf/QPDFObjectHandle.cc 72
/src/qpdf/libqpdf/QPDFObjGen.cc 2
/src/qpdf/libqpdf/QPDFXRefEntry.cc 4
/src/qpdf/libqpdf/QPDF_Stream.cc 10
/src/qpdf/libqpdf/QPDF_Bool.cc 2
/src/qpdf/libqpdf/QPDF_Real.cc 4
/src/qpdf/libqpdf/QPDF_Name.cc 3
/src/qpdf/libqpdf/QPDF_Operator.cc 2
/src/qpdf/libqpdf/QPDF_String.cc 2
/src/qpdf/libqpdf/QPDF_Dictionary.cc 9
/src/qpdf/libqpdf/Pl_OStream.cc 2
/src/qpdf/include/qpdf/Pipeline.hh 1
/src/qpdf/libqpdf/qpdf/QPDF_Array.hh 1
/src/qpdf/libqpdf/Pl_Buffer.cc 5
/src/qpdf/include/qpdf/Pl_Buffer.hh 1
/src/qpdf/libqpdf/Pl_Count.cc 6
/src/qpdf/libqpdf/QPDF_encryption.cc 41
/src/qpdf/libqpdf/MD5.cc 6
/src/qpdf/libqpdf/QPDFCryptoProvider.cc 6
/src/qpdf/include/qpdf/QPDFCryptoProvider.hh 1
/src/qpdf/libqpdf/qpdf/MD5.hh 1
/src/qpdf/libqpdf/ContentNormalizer.cc 2
/src/qpdf/libqpdf/QPDF_pages.cc 4
/src/qpdf/libqpdf/QPDF_optimization.cc 9
/src/qpdf/libqpdf/RC4.cc 2
/src/qpdf/libqpdf/qpdf/RC4.hh 1
/src/qpdf/libqpdf/Pl_SHA2.cc 4
/src/qpdf/libqpdf/Pl_AES_PDF.cc 7
/src/qpdf/libqpdf/CryptoRandomDataProvider.cc 1
/src/qpdf/libqpdf/qpdf/CryptoRandomDataProvider.hh 1
/src/qpdf/include/qpdf/RandomDataProvider.hh 1
/src/qpdf/libqpdf/qpdf/Pl_AES_PDF.hh 1
/src/qpdf/libqpdf/qpdf/Pl_SHA2.hh 1
/src/qpdf/libqpdf/QPDFWriter.cc 63
/src/qpdf/libqpdf/qpdf/QPDF_String.hh 1
/src/qpdf/libqpdf/qpdf/ObjTable.hh 17
/src/qpdf/libqpdf/qpdf/QPDFWriter_private.hh 1
/src/qpdf/libqpdf/QPDF_linearization.cc 17
/src/qpdf/libqpdf/QPDFSystemError.cc 2
/src/qpdf/include/qpdf/QPDFSystemError.hh 1
/src/qpdf/libqpdf/Pl_StdioFile.cc 2
/src/qpdf/libqpdf/Pl_MD5.cc 4
/src/qpdf/include/qpdf/QPDFWriter.hh 1
/src/qpdf/libqpdf/Pl_RC4.cc 1
/src/qpdf/libqpdf/BitWriter.cc 4
/src/qpdf/libqpdf/qpdf/bits_functions.hh 1

Fuzzer: qpdf_crypt_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 856 26.0%
gold [1:9] 91 2.77%
yellow [10:29] 63 1.91%
greenyellow [30:49] 35 1.06%
lawngreen 50+ 2239 68.1%
All colors 3284 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
16680 22308 16 :

['std::__1::basic_string , std::__1::allocator > std::__1::operator+[abi:v180000] , std::__1::allocator >(std::__1::basic_string , std::__1::allocator >&&, char const*)', 'QPDFObjectHandle::hasKey(std::__1::basic_string , std::__1::allocator > const&) const', 'std::__1::basic_string , std::__1::allocator > std::__1::operator+[abi:v180000] , std::__1::allocator >(std::__1::basic_string , std::__1::allocator >&&, std::__1::basic_string , std::__1::allocator >&&)', 'QPDFObjectHandle::getKey(std::__1::basic_string , std::__1::allocator > const&) const', 'std::__1::shared_ptr ::operator->[abi:v180000]() const', 'std::__1::to_string(long long)', 'Pl_Count::Pl_Count(char const*, Pipeline*)', 'QPDFObjectHandle::newInteger(long long)', 'std::runtime_error::runtime_error(std::__1::basic_string , std::__1::allocator > const&)', 'QPDFObjGen::unparse(char) const', 'Pl_Count::getCount() const', 'std::__1::basic_string , std::__1::allocator > std::__1::operator+[abi:v180000] , std::__1::allocator >(char const*, std::__1::basic_string , std::__1::allocator >&&)', 'QPDFObjectHandle::StreamDataProvider::supportsRetry()', 'QPDFObjectHandle::getIntValue() const', 'Pl_Count::~Pl_Count()', 'QPDFObjectHandle::replaceKey(std::__1::basic_string , std::__1::allocator > const&, QPDFObjectHandle const&)']

16698 22583 QPDF_Stream::pipeStreamData(Pipeline*,bool*,int,qpdf_stream_decode_level_e,bool,bool) call site: 00000 /src/qpdf/libqpdf/QPDF_Stream.cc:575
6295 6295 1 :

['QPDFWriter::copyEncryptionParameters(QPDF&)']

12151 35467 QPDFWriter::doWriteSetup() call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:2125
5726 5726 5 :

['std::__1::shared_ptr ::~shared_ptr[abi:v180000]()', 'std::__1::shared_ptr ::~shared_ptr[abi:v180000]()', 'QPDF::decryptStream(std::__1::shared_ptr , std::__1::shared_ptr , QPDF&, Pipeline*&, QPDFObjGen const&, QPDFObjectHandle&, std::__1::unique_ptr >&)', 'std::__1::shared_ptr ::shared_ptr[abi:v180000](std::__1::shared_ptr const&)', 'std::__1::shared_ptr ::shared_ptr[abi:v180000](std::__1::shared_ptr const&)']

5752 6426 QPDF::pipeStreamData(std::__1::shared_ptr ,std::__1::shared_ptr ,QPDF&,QPDFObjGenconst&,longlong,unsignedlong,QPDFObjectHandle,Pipeline*,bool,bool) call site: 00000 /src/qpdf/libqpdf/QPDF.cc:2720
5638 11198 5 :

['QPDFObjectHandle::makeDirect(bool)', 'std::__1::basic_string , std::__1::allocator >::~basic_string()', '_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC2B7v180000ILi0EEEPKc', 'QPDFObjectHandle::replaceKey(std::__1::basic_string , std::__1::allocator > const&, QPDFObjectHandle const&)', 'QTC::TC(char const*, char const*, int)']

5650 11210 QPDFWriter::prepareFileForWrite() call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:2067
768 768 1 :

['Pl_DCT::compress(void*, Buffer*)']

797 802 Pl_DCT::finish() call site: 00000 /src/qpdf/libqpdf/Pl_DCT.cc:155
695 695 1 :

['QPDF::compute_encryption_O_U(char const*, char const*, int, int, int, int, bool, std::__1::basic_string , std::__1::allocator > const&, std::__1::basic_string , std::__1::allocator >&, std::__1::basic_string , std::__1::allocator >&)']

695 1477 QPDFWriter::setEncryptionParameters(charconst*,charconst*,int,int,int,std::__1::set ,std::__1::allocator >&) call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:626
547 547 3 :

['std::__1::basic_string , std::__1::allocator >::operator=[abi:v180000](std::__1::basic_string , std::__1::allocator >&&)', 'std::__1::basic_string , std::__1::allocator >::~basic_string()', 'QPDF::compute_encryption_key(std::__1::basic_string , std::__1::allocator > const&, QPDF::EncryptionData const&)']

551 551 QPDFWriter::setEncryptionParametersInternal(int,int,int,int,std::__1::basic_string ,std::__1::allocator >const&,std::__1::basic_string ,std::__1::allocator >const&,std::__1::basic_string ,std::__1::allocator >const&,std::__1::basic_string ,std::__1::allocator >const&,std::__1::basic_string ,std::__1::allocator >const&,std::__1::basic_string ,std::__1::allocator >const&,std::__1::basic_string ,std::__1::allocator >const&,std::__1::basic_string ,std::__1::allocator >const&) call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:835
252 474 6 :

['adler32', 'fixedtables', 'inflate_fast', 'inflate_table', 'crc32', 'updatewindow']

252 474 inflate call site: 00000 /src/zlib/inflate.c:817
115 33456 28 :

['std::__1::basic_string , std::__1::allocator >::c_str[abi:v180000]() const', 'MD5::digest(unsigned char*)', 'std::__1::basic_string , std::__1::allocator >::basic_string[abi:v180000]()', 'std::logic_error::logic_error(char const*)', 'std::__1::basic_string , std::__1::allocator >::operator+=[abi:v180000](char const*)', 'QPDFObjectHandle::getKey(std::__1::basic_string , std::__1::allocator > const&)', '__cxa_free_exception', 'QTC::TC(char const*, char const*, int)', '__cxa_allocate_exception', 'MD5::~MD5()', 'std::__1::set , std::__1::allocator >, std::__1::less , std::__1::allocator > >, std::__1::allocator , std::__1::allocator > > >::begin[abi:v180000]()', 'MD5::MD5()', 'QPDFObjectHandle::isString()', 'std::__1::__tree_const_iterator , std::__1::allocator >, std::__1::__tree_node , std::__1::allocator >, void*>*, long>::operator*[abi:v180000]() const', 'QPDFObjectHandle::getKeys()', 'MD5::encodeString(char const*)', '_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC2B7v180000ILi0EEEPKc', 'std::__1::basic_string , std::__1::allocator >::operator+=[abi:v180000](std::__1::basic_string , std::__1::allocator > const&)', 'QPDFObjectHandle::getStringValue()', 'std::__1::to_string(long)', '__cxa_throw', 'std::__1::set , std::__1::allocator >, std::__1::less , std::__1::allocator > >, std::__1::allocator , std::__1::allocator > > >::~set[abi:v180000]()', 'std::__1::operator!=[abi:v180000](std::__1::__tree_const_iterator , std::__1::allocator >, std::__1::__tree_node , std::__1::allocator >, void*>*, long> const&, std::__1::__tree_const_iterator , std::__1::allocator >, std::__1::__tree_node , std::__1::allocator >, void*>*, long> const&)', 'QUtil::get_current_time()', 'std::__1::set , std::__1::allocator >, std::__1::less , std::__1::allocator > >, std::__1::allocator , std::__1::allocator > > >::end[abi:v180000]()', 'QPDFObjectHandle::hasKey(std::__1::basic_string , std::__1::allocator > const&)', 'std::__1::__tree_const_iterator , std::__1::allocator >, std::__1::__tree_node , std::__1::allocator >, void*>*, long>::operator++[abi:v180000]()', 'std::__1::basic_string , std::__1::allocator >::basic_string[abi:v180000](char const*, unsigned long)']

127 39032 QPDFWriter::generateID() call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:1834
103 132 2 :

['Pl_RC4::Pl_RC4(char const*, Pipeline*, unsigned char const*, int, unsigned long)', 'int QIntC::to_int (unsigned long const&)']

103 164 QPDFWriter::pushEncryptionFilter(QPDFWriter::PipelinePopper&) call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:980
102 119 5 :

['BitStream::BitStream(unsigned char const*, unsigned long)', 'BitWriter::writeBitsSigned(long long, unsigned long)', 'BitStream::getBitsSigned(unsigned long)', 'BitWriter::BitWriter(Pipeline*)', 'BitWriter::flush()']

102 119 Pl_TIFFPredictor::processRow() call site: 00000 /src/qpdf/libqpdf/Pl_TIFFPredictor.cc:76
99 131 11 :

['std::__1::basic_string , std::__1::allocator >::c_str[abi:v180000]() const', 'MD5::~MD5()', 'MD5::digest(unsigned char*)', 'MD5::encodeDataIncrementally(char const*, unsigned long)', 'MD5::MD5()', 'std::__1::basic_string , std::__1::allocator >::operator+=[abi:v180000](char const*)', 'std::__1::basic_string , std::__1::allocator >::length[abi:v180000]() const', 'unsigned long QPDF::toS (int const&)', 'unsigned long const& std::__1::min[abi:v180000] (unsigned long const&, unsigned long const&)', 'std::__1::basic_string , std::__1::allocator >::append(unsigned long, char)', 'std::__1::basic_string , std::__1::allocator >::basic_string[abi:v180000](char const*, unsigned long)']

99 131 QPDF::compute_data_key(std::__1::basic_string ,std::__1::allocator >const&,int,int,bool,int,int) call site: 00000 /src/qpdf/libqpdf/QPDF_encryption.cc:337

Runtime coverage analysis

Covered functions
1038
Functions that are reachable but not covered
356
Reachable functions
1572
Percentage of reachable functions covered
77.35%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/qpdf/fuzz/qpdf_crypt_fuzzer.cc 9
/src/qpdf/libqpdf/Buffer.cc 5
/src/qpdf/libqpdf/Pl_Discard.cc 2
/src/qpdf/libqpdf/Pipeline.cc 8
/src/qpdf/include/qpdf/Buffer.hh 1
/src/qpdf/libqpdf/Pl_DCT.cc 3
/src/qpdf/libqpdf/Pl_PNGFilter.cc 2
/src/qpdf/libqpdf/Pl_TIFFPredictor.cc 1
/src/qpdf/libqpdf/Pl_Flate.cc 4
/src/qpdf/libqpdf/BufferInputSource.cc 2
/src/qpdf/include/qpdf/InputSource.hh 8
/src/qpdf/include/qpdf/QIntC.hh 27
/usr/local/bin/../include/c++/v1/stdexcept 3
/src/qpdf/libqpdf/QPDF.cc 75
/src/qpdf/include/qpdf/QPDF.hh 37
/src/qpdf/libqpdf/InputSource.cc 5
/src/qpdf/include/qpdf/QTC.hh 1
/src/qpdf/libqpdf/QPDFExc.cc 2
/src/qpdf/include/qpdf/QPDFExc.hh 2
/src/qpdf/libqpdf/QPDFTokenizer.cc 34
/src/qpdf/include/qpdf/QUtil.hh 5
/src/qpdf/include/qpdf/QPDFTokenizer.hh 13
/src/qpdf/libqpdf/QUtil.cc 20
/src/qpdf/include/qpdf/QPDFObjGen.hh 11
/src/qpdf/include/qpdf/QPDFXRefEntry.hh 2
/src/qpdf/libqpdf/qpdf/QPDFParser.hh 1
/src/qpdf/libqpdf/QPDFParser.cc 26
/src/qpdf/libqpdf/QPDFLogger.cc 8
/src/qpdf/include/qpdf/QPDFObjectHandle.hh 14
/src/qpdf/libqpdf/QPDF_Null.cc 4
/src/qpdf/libqpdf/qpdf/QPDFValue.hh 10
/src/qpdf/libqpdf/QPDFValue.cc 2
/src/qpdf/libqpdf/qpdf/QPDFObject_private.hh 21
/src/qpdf/libqpdf/QPDF_Integer.cc 3
/src/qpdf/libqpdf/QPDF_Unresolved.cc 2
/src/qpdf/libqpdf/QPDF_Array.cc 10
/src/qpdf/libqpdf/QPDFObjectHandle.cc 72
/src/qpdf/libqpdf/QPDFObjGen.cc 2
/src/qpdf/libqpdf/QPDFXRefEntry.cc 4
/src/qpdf/libqpdf/QPDF_Stream.cc 10
/src/qpdf/libqpdf/QPDF_Bool.cc 2
/src/qpdf/libqpdf/QPDF_Real.cc 4
/src/qpdf/libqpdf/QPDF_Name.cc 3
/src/qpdf/libqpdf/QPDF_Operator.cc 2
/src/qpdf/libqpdf/QPDF_String.cc 2
/src/qpdf/libqpdf/QPDF_Dictionary.cc 9
/src/qpdf/libqpdf/Pl_OStream.cc 2
/src/qpdf/include/qpdf/Pipeline.hh 1
/src/qpdf/libqpdf/qpdf/QPDF_Array.hh 1
/src/qpdf/libqpdf/Pl_Buffer.cc 5
/src/qpdf/include/qpdf/Pl_Buffer.hh 1
/src/qpdf/libqpdf/Pl_Count.cc 6
/src/qpdf/libqpdf/QPDF_encryption.cc 48
/src/qpdf/libqpdf/MD5.cc 6
/src/qpdf/libqpdf/QPDFCryptoProvider.cc 6
/src/qpdf/include/qpdf/QPDFCryptoProvider.hh 1
/src/qpdf/libqpdf/qpdf/MD5.hh 1
/src/qpdf/libqpdf/ContentNormalizer.cc 2
/src/qpdf/libqpdf/QPDF_pages.cc 4
/src/qpdf/libqpdf/QPDF_optimization.cc 9
/src/qpdf/libqpdf/RC4.cc 2
/src/qpdf/libqpdf/qpdf/RC4.hh 1
/src/qpdf/libqpdf/Pl_SHA2.cc 4
/src/qpdf/libqpdf/Pl_AES_PDF.cc 7
/src/qpdf/libqpdf/CryptoRandomDataProvider.cc 1
/src/qpdf/libqpdf/qpdf/CryptoRandomDataProvider.hh 1
/src/qpdf/include/qpdf/RandomDataProvider.hh 1
/src/qpdf/libqpdf/qpdf/Pl_AES_PDF.hh 1
/src/qpdf/libqpdf/qpdf/Pl_SHA2.hh 1
/src/qpdf/libqpdf/QPDFWriter.cc 65
/src/qpdf/libqpdf/qpdf/QPDF_String.hh 1
/src/qpdf/libqpdf/qpdf/ObjTable.hh 17
/src/qpdf/libqpdf/qpdf/QPDFWriter_private.hh 1
/src/qpdf/libqpdf/QPDF_linearization.cc 17
/src/qpdf/libqpdf/QPDFSystemError.cc 2
/src/qpdf/include/qpdf/QPDFSystemError.hh 1
/src/qpdf/libqpdf/Pl_StdioFile.cc 2
/src/qpdf/libqpdf/Pl_MD5.cc 4
/src/qpdf/include/qpdf/QPDFWriter.hh 1
/src/qpdf/libqpdf/Pl_RC4.cc 1
/src/qpdf/libqpdf/BitWriter.cc 4
/src/qpdf/libqpdf/qpdf/bits_functions.hh 1

Fuzzer: future_qpdf_crypt_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 652 19.8%
gold [1:9] 72 2.19%
yellow [10:29] 61 1.85%
greenyellow [30:49] 48 1.46%
lawngreen 50+ 2451 74.6%
All colors 3284 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
33363 33456 28 :

['std::__1::basic_string , std::__1::allocator >::c_str[abi:v180000]() const', 'MD5::digest(unsigned char*)', 'std::__1::basic_string , std::__1::allocator >::basic_string[abi:v180000]()', 'std::logic_error::logic_error(char const*)', 'std::__1::basic_string , std::__1::allocator >::operator+=[abi:v180000](char const*)', 'QPDFObjectHandle::getKey(std::__1::basic_string , std::__1::allocator > const&)', '__cxa_free_exception', 'QTC::TC(char const*, char const*, int)', '__cxa_allocate_exception', 'MD5::~MD5()', 'std::__1::set , std::__1::allocator >, std::__1::less , std::__1::allocator > >, std::__1::allocator , std::__1::allocator > > >::begin[abi:v180000]()', 'MD5::MD5()', 'QPDFObjectHandle::isString()', 'std::__1::__tree_const_iterator , std::__1::allocator >, std::__1::__tree_node , std::__1::allocator >, void*>*, long>::operator*[abi:v180000]() const', 'QPDFObjectHandle::getKeys()', 'MD5::encodeString(char const*)', '_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC2B7v180000ILi0EEEPKc', 'std::__1::basic_string , std::__1::allocator >::operator+=[abi:v180000](std::__1::basic_string , std::__1::allocator > const&)', 'QPDFObjectHandle::getStringValue()', 'std::__1::to_string(long)', '__cxa_throw', 'std::__1::set , std::__1::allocator >, std::__1::less , std::__1::allocator > >, std::__1::allocator , std::__1::allocator > > >::~set[abi:v180000]()', 'std::__1::operator!=[abi:v180000](std::__1::__tree_const_iterator , std::__1::allocator >, std::__1::__tree_node , std::__1::allocator >, void*>*, long> const&, std::__1::__tree_const_iterator , std::__1::allocator >, std::__1::__tree_node , std::__1::allocator >, void*>*, long> const&)', 'QUtil::get_current_time()', 'std::__1::set , std::__1::allocator >, std::__1::less , std::__1::allocator > >, std::__1::allocator , std::__1::allocator > > >::end[abi:v180000]()', 'QPDFObjectHandle::hasKey(std::__1::basic_string , std::__1::allocator > const&)', 'std::__1::__tree_const_iterator , std::__1::allocator >, std::__1::__tree_node , std::__1::allocator >, void*>*, long>::operator++[abi:v180000]()', 'std::__1::basic_string , std::__1::allocator >::basic_string[abi:v180000](char const*, unsigned long)']

33375 39032 QPDFWriter::generateID() call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:1834
33360 44474 6 :

['QPDFObjectHandle::isNameAndEquals(std::__1::basic_string , std::__1::allocator > const&)', 'QPDFObjectHandle::eraseItem(int)', 'QPDFObjectHandle::removeKey(std::__1::basic_string , std::__1::allocator > const&)', 'QPDFObjectHandle::getArrayItem(int)', 'QPDFObjectHandle::getArrayNItems()', 'QPDFObjectHandle::isName()']

55603 79643 QPDFWriter::unparseObject(QPDFObjectHandle,int,int,unsignedlong,bool) call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:1460
6295 6295 1 :

['QPDFWriter::copyEncryptionParameters(QPDF&)']

12151 35467 QPDFWriter::doWriteSetup() call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:2125
5638 11198 5 :

['QPDFObjectHandle::makeDirect(bool)', 'std::__1::basic_string , std::__1::allocator >::~basic_string()', '_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC2B7v180000ILi0EEEPKc', 'QPDFObjectHandle::replaceKey(std::__1::basic_string , std::__1::allocator > const&, QPDFObjectHandle const&)', 'QTC::TC(char const*, char const*, int)']

5650 11210 QPDFWriter::prepareFileForWrite() call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:2067
768 768 1 :

['Pl_DCT::compress(void*, Buffer*)']

797 802 Pl_DCT::finish() call site: 00000 /src/qpdf/libqpdf/Pl_DCT.cc:155
695 695 1 :

['QPDF::compute_encryption_O_U(char const*, char const*, int, int, int, int, bool, std::__1::basic_string , std::__1::allocator > const&, std::__1::basic_string , std::__1::allocator >&, std::__1::basic_string , std::__1::allocator >&)']

695 1477 QPDFWriter::setEncryptionParameters(charconst*,charconst*,int,int,int,std::__1::set ,std::__1::allocator >&) call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:626
443 443 1 :

['QPDF::recover_encryption_key_with_password(std::__1::basic_string , std::__1::allocator > const&, QPDF::EncryptionData const&)']

443 443 QPDF::compute_encryption_key(std::__1::basic_string ,std::__1::allocator >const&,QPDF::EncryptionDataconst&) call site: 00000 /src/qpdf/libqpdf/QPDF_encryption.cc:362
252 474 6 :

['adler32', 'fixedtables', 'inflate_fast', 'inflate_table', 'crc32', 'updatewindow']

252 474 inflate call site: 00000 /src/zlib/inflate.c:817
70 70 2 :

['j16init_upsampler', 'j16init_color_deconverter']

159 208 master_selection call site: 00000 /src/libjpeg-turbo/jdmaster.c:618
70 70 2 :

['j12init_color_deconverter', 'j12init_upsampler']

159 208 master_selection call site: 00000 /src/libjpeg-turbo/jdmaster.c:625
44 127879 11 :

['QPDF::interpretCF(std::__1::shared_ptr , QPDFObjectHandle)', 'QPDFObjectHandle::isNameAndEquals(std::__1::basic_string , std::__1::allocator > const&) const', 'QPDFObjectHandle::getKey(std::__1::basic_string , std::__1::allocator > const&) const', 'QPDFObjectHandle::getArrayNItems() const', 'QPDFObjectHandle::isArray() const', 'QPDFObjectHandle::isDictionary() const', 'QPDFObjectHandle::~QPDFObjectHandle()', 'QPDFObjectHandle::isName() const', 'QPDFObjectHandle::isDictionaryOfType(std::__1::basic_string , std::__1::allocator > const&, std::__1::basic_string , std::__1::allocator > const&) const', 'QPDFObjectHandle::getArrayItem(int) const', 'std::__1::basic_string , std::__1::allocator >::operator=[abi:v180000](char const*)']

44 128292 QPDF::decryptStream(std::__1::shared_ptr ,std::__1::shared_ptr ,QPDF&,Pipeline*&,QPDFObjGenconst&,QPDFObjectHandle&,std::__1::unique_ptr >&) call site: 00000 /src/qpdf/libqpdf/QPDF_encryption.cc:1067
44 44 1 :

['QPDFObjectHandle QPDFParser::withDescription , std::__1::allocator > const&>(std::__1::basic_string , std::__1::allocator > const&)']

44 98 QPDFParser::parse(bool&,bool) call site: 00000 /src/qpdf/libqpdf/QPDFParser.cc:99

Runtime coverage analysis

Covered functions
1115
Functions that are reachable but not covered
272
Reachable functions
1574
Percentage of reachable functions covered
82.72%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/qpdf/fuzz/qpdf_crypt_fuzzer.cc 9
/src/qpdf/libqpdf/Buffer.cc 5
/src/qpdf/libqpdf/Pl_Discard.cc 2
/src/qpdf/libqpdf/Pipeline.cc 8
/src/qpdf/include/qpdf/Buffer.hh 1
/src/qpdf/libqpdf/Pl_DCT.cc 3
/src/qpdf/libqpdf/Pl_PNGFilter.cc 2
/src/qpdf/libqpdf/Pl_TIFFPredictor.cc 1
/src/qpdf/libqpdf/Pl_Flate.cc 4
/src/qpdf/libqpdf/BufferInputSource.cc 2
/src/qpdf/include/qpdf/InputSource.hh 8
/src/qpdf/include/qpdf/QIntC.hh 27
/usr/local/bin/../include/c++/v1/stdexcept 3
/src/qpdf/libqpdf/QPDF.cc 75
/src/qpdf/include/qpdf/QPDF.hh 37
/src/qpdf/libqpdf/InputSource.cc 5
/src/qpdf/include/qpdf/QTC.hh 1
/src/qpdf/libqpdf/QPDFExc.cc 2
/src/qpdf/include/qpdf/QPDFExc.hh 2
/src/qpdf/libqpdf/QPDFTokenizer.cc 34
/src/qpdf/include/qpdf/QUtil.hh 5
/src/qpdf/include/qpdf/QPDFTokenizer.hh 13
/src/qpdf/libqpdf/QUtil.cc 20
/src/qpdf/include/qpdf/QPDFObjGen.hh 11
/src/qpdf/include/qpdf/QPDFXRefEntry.hh 2
/src/qpdf/libqpdf/qpdf/QPDFParser.hh 1
/src/qpdf/libqpdf/QPDFParser.cc 26
/src/qpdf/libqpdf/QPDFLogger.cc 8
/src/qpdf/include/qpdf/QPDFObjectHandle_future.hh 15
/src/qpdf/libqpdf/QPDF_Null.cc 4
/src/qpdf/libqpdf/qpdf/QPDFValue.hh 10
/src/qpdf/libqpdf/QPDFValue.cc 2
/src/qpdf/libqpdf/qpdf/QPDFObject_private.hh 21
/src/qpdf/libqpdf/QPDF_Integer.cc 3
/src/qpdf/libqpdf/QPDF_Unresolved.cc 2
/src/qpdf/libqpdf/QPDF_Array.cc 10
/src/qpdf/libqpdf/QPDFObjectHandle.cc 72
/src/qpdf/libqpdf/QPDFObjGen.cc 2
/src/qpdf/libqpdf/QPDFXRefEntry.cc 4
/src/qpdf/libqpdf/QPDF_Stream.cc 10
/src/qpdf/libqpdf/QPDF_Bool.cc 2
/src/qpdf/libqpdf/QPDF_Real.cc 4
/src/qpdf/libqpdf/QPDF_Name.cc 3
/src/qpdf/libqpdf/QPDF_Operator.cc 2
/src/qpdf/libqpdf/QPDF_String.cc 2
/src/qpdf/libqpdf/QPDF_Dictionary.cc 9
/src/qpdf/libqpdf/Pl_OStream.cc 2
/src/qpdf/include/qpdf/Pipeline.hh 1
/src/qpdf/libqpdf/qpdf/QPDF_Array.hh 1
/src/qpdf/libqpdf/Pl_Buffer.cc 5
/src/qpdf/include/qpdf/Pl_Buffer.hh 1
/src/qpdf/libqpdf/Pl_Count.cc 6
/src/qpdf/libqpdf/QPDF_encryption.cc 48
/src/qpdf/libqpdf/MD5.cc 6
/src/qpdf/libqpdf/QPDFCryptoProvider.cc 6
/src/qpdf/include/qpdf/QPDFCryptoProvider.hh 1
/src/qpdf/libqpdf/qpdf/MD5.hh 1
/src/qpdf/libqpdf/ContentNormalizer.cc 2
/src/qpdf/libqpdf/QPDF_pages.cc 4
/src/qpdf/libqpdf/QPDF_optimization.cc 9
/src/qpdf/libqpdf/RC4.cc 2
/src/qpdf/libqpdf/qpdf/RC4.hh 1
/src/qpdf/libqpdf/Pl_SHA2.cc 4
/src/qpdf/libqpdf/Pl_AES_PDF.cc 7
/src/qpdf/libqpdf/CryptoRandomDataProvider.cc 1
/src/qpdf/libqpdf/qpdf/CryptoRandomDataProvider.hh 1
/src/qpdf/include/qpdf/RandomDataProvider.hh 1
/src/qpdf/libqpdf/qpdf/Pl_AES_PDF.hh 1
/src/qpdf/libqpdf/qpdf/Pl_SHA2.hh 1
/src/qpdf/libqpdf/QPDFWriter.cc 65
/src/qpdf/libqpdf/qpdf/QPDF_String.hh 1
/src/qpdf/libqpdf/qpdf/ObjTable.hh 17
/src/qpdf/libqpdf/qpdf/QPDFWriter_private.hh 1
/src/qpdf/libqpdf/QPDF_linearization.cc 17
/src/qpdf/libqpdf/QPDFSystemError.cc 2
/src/qpdf/include/qpdf/QPDFSystemError.hh 1
/src/qpdf/libqpdf/Pl_StdioFile.cc 2
/src/qpdf/libqpdf/Pl_MD5.cc 4
/src/qpdf/include/qpdf/QPDFWriter.hh 1
/src/qpdf/libqpdf/Pl_RC4.cc 1
/src/qpdf/libqpdf/BitWriter.cc 4
/src/qpdf/libqpdf/qpdf/bits_functions.hh 1

Fuzzer: qpdf_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 512 15.5%
gold [1:9] 71 2.15%
yellow [10:29] 48 1.45%
greenyellow [30:49] 38 1.15%
lawngreen 50+ 2624 79.6%
All colors 3293 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
116781 127879 11 :

['QPDF::interpretCF(std::__1::shared_ptr , QPDFObjectHandle)', 'QPDFObjectHandle::isNameAndEquals(std::__1::basic_string , std::__1::allocator > const&) const', 'QPDFObjectHandle::getKey(std::__1::basic_string , std::__1::allocator > const&) const', 'QPDFObjectHandle::getArrayNItems() const', 'QPDFObjectHandle::isArray() const', 'QPDFObjectHandle::isDictionary() const', 'QPDFObjectHandle::~QPDFObjectHandle()', 'QPDFObjectHandle::isName() const', 'QPDFObjectHandle::isDictionaryOfType(std::__1::basic_string , std::__1::allocator > const&, std::__1::basic_string , std::__1::allocator > const&) const', 'QPDFObjectHandle::getArrayItem(int) const', 'std::__1::basic_string , std::__1::allocator >::operator=[abi:v180000](char const*)']

116781 128292 QPDF::decryptStream(std::__1::shared_ptr ,std::__1::shared_ptr ,QPDF&,Pipeline*&,QPDFObjGenconst&,QPDFObjectHandle&,std::__1::unique_ptr >&) call site: 00000 /src/qpdf/libqpdf/QPDF_encryption.cc:1067
16680 22308 16 :

['std::__1::basic_string , std::__1::allocator > std::__1::operator+[abi:v180000] , std::__1::allocator >(std::__1::basic_string , std::__1::allocator >&&, char const*)', 'QPDFObjectHandle::hasKey(std::__1::basic_string , std::__1::allocator > const&) const', 'std::__1::basic_string , std::__1::allocator > std::__1::operator+[abi:v180000] , std::__1::allocator >(std::__1::basic_string , std::__1::allocator >&&, std::__1::basic_string , std::__1::allocator >&&)', 'QPDFObjectHandle::getKey(std::__1::basic_string , std::__1::allocator > const&) const', 'std::__1::shared_ptr ::operator->[abi:v180000]() const', 'std::__1::to_string(long long)', 'Pl_Count::Pl_Count(char const*, Pipeline*)', 'QPDFObjectHandle::newInteger(long long)', 'std::runtime_error::runtime_error(std::__1::basic_string , std::__1::allocator > const&)', 'QPDFObjGen::unparse(char) const', 'Pl_Count::getCount() const', 'std::__1::basic_string , std::__1::allocator > std::__1::operator+[abi:v180000] , std::__1::allocator >(char const*, std::__1::basic_string , std::__1::allocator >&&)', 'QPDFObjectHandle::StreamDataProvider::supportsRetry()', 'QPDFObjectHandle::getIntValue() const', 'Pl_Count::~Pl_Count()', 'QPDFObjectHandle::replaceKey(std::__1::basic_string , std::__1::allocator > const&, QPDFObjectHandle const&)']

16694 22583 QPDF_Stream::pipeStreamData(Pipeline*,bool*,int,qpdf_stream_decode_level_e,bool,bool) call site: 00000 /src/qpdf/libqpdf/QPDF_Stream.cc:575
11134 27812 4 :

['QPDFObjectHandle::getArrayItem(int)', 'QPDFObjectHandle::isNameAndEquals(std::__1::basic_string , std::__1::allocator > const&)', 'QPDFObjectHandle::eraseItem(int)', 'QPDFObjectHandle::getArrayNItems()']

11158 62981 QPDFWriter::unparseObject(QPDFObjectHandle,int,int,unsignedlong,bool) call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:1461
6295 6295 1 :

['QPDFWriter::copyEncryptionParameters(QPDF&)']

12151 35467 QPDFWriter::doWriteSetup() call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:2125
5711 5711 1 :

['QPDFWriter::enqueueObjectsPCLm()']

5719 26039 QPDFWriter::writeStandard() call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:3010
5638 11198 5 :

['QPDFObjectHandle::makeDirect(bool)', 'std::__1::basic_string , std::__1::allocator >::~basic_string()', '_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC2B7v180000ILi0EEEPKc', 'QPDFObjectHandle::replaceKey(std::__1::basic_string , std::__1::allocator > const&, QPDFObjectHandle const&)', 'QTC::TC(char const*, char const*, int)']

5650 11210 QPDFWriter::prepareFileForWrite() call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:2067
5564 5568 10 :

['std::__1::shared_ptr ::operator->[abi:v180000]() const', 'QPDFObjectHandle::QPDFObjectHandle(QPDFObjectHandle const&)', 'QTC::TC(char const*, char const*, int)', 'std::__1::__wrap_iter ::operator++[abi:v180000]()', 'bool std::__1::operator!=[abi:v180000] (std::__1::__wrap_iter const&, std::__1::__wrap_iter const&)', 'std::__1::vector >::~vector[abi:v180000]()', 'std::__1::vector >::end[abi:v180000]()', 'QPDF::getAllObjects()', 'std::__1::vector >::begin[abi:v180000]()', 'std::__1::__wrap_iter ::operator*[abi:v180000]() const']

5580 44649 QPDFWriter::enqueueObjectsStandard() call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:2916
768 768 1 :

['Pl_DCT::compress(void*, Buffer*)']

797 802 Pl_DCT::finish() call site: 00000 /src/qpdf/libqpdf/Pl_DCT.cc:155
695 695 1 :

['QPDF::compute_encryption_O_U(char const*, char const*, int, int, int, int, bool, std::__1::basic_string , std::__1::allocator > const&, std::__1::basic_string , std::__1::allocator >&, std::__1::basic_string , std::__1::allocator >&)']

695 1477 QPDFWriter::setEncryptionParameters(charconst*,charconst*,int,int,int,std::__1::set ,std::__1::allocator >&) call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:626
443 443 1 :

['QPDF::recover_encryption_key_with_password(std::__1::basic_string , std::__1::allocator > const&, QPDF::EncryptionData const&)']

443 443 QPDF::compute_encryption_key(std::__1::basic_string ,std::__1::allocator >const&,QPDF::EncryptionDataconst&) call site: 00000 /src/qpdf/libqpdf/QPDF_encryption.cc:362
252 474 6 :

['adler32', 'fixedtables', 'inflate_fast', 'inflate_table', 'crc32', 'updatewindow']

252 474 inflate call site: 00000 /src/zlib/inflate.c:817
102 119 5 :

['BitStream::BitStream(unsigned char const*, unsigned long)', 'BitWriter::writeBitsSigned(long long, unsigned long)', 'BitStream::getBitsSigned(unsigned long)', 'BitWriter::BitWriter(Pipeline*)', 'BitWriter::flush()']

102 119 Pl_TIFFPredictor::processRow() call site: 00000 /src/qpdf/libqpdf/Pl_TIFFPredictor.cc:76

Runtime coverage analysis

Covered functions
1175
Functions that are reachable but not covered
232
Reachable functions
1576
Percentage of reachable functions covered
85.28%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/qpdf/fuzz/qpdf_fuzzer.cc 9
/src/qpdf/libqpdf/Buffer.cc 7
/src/qpdf/libqpdf/Pl_Discard.cc 2
/src/qpdf/libqpdf/Pipeline.cc 8
/src/qpdf/include/qpdf/Buffer.hh 1
/src/qpdf/libqpdf/Pl_DCT.cc 3
/src/qpdf/libqpdf/Pl_PNGFilter.cc 2
/src/qpdf/libqpdf/Pl_TIFFPredictor.cc 1
/src/qpdf/libqpdf/Pl_Flate.cc 4
/src/qpdf/libqpdf/BufferInputSource.cc 2
/src/qpdf/include/qpdf/InputSource.hh 8
/src/qpdf/include/qpdf/QIntC.hh 27
/usr/local/bin/../include/c++/v1/stdexcept 3
/src/qpdf/libqpdf/QPDF.cc 75
/src/qpdf/include/qpdf/QPDF.hh 37
/src/qpdf/libqpdf/InputSource.cc 5
/src/qpdf/include/qpdf/QTC.hh 1
/src/qpdf/libqpdf/QPDFExc.cc 2
/src/qpdf/include/qpdf/QPDFExc.hh 2
/src/qpdf/libqpdf/QPDFTokenizer.cc 34
/src/qpdf/include/qpdf/QUtil.hh 5
/src/qpdf/include/qpdf/QPDFTokenizer.hh 13
/src/qpdf/libqpdf/QUtil.cc 20
/src/qpdf/include/qpdf/QPDFObjGen.hh 11
/src/qpdf/include/qpdf/QPDFXRefEntry.hh 2
/src/qpdf/libqpdf/qpdf/QPDFParser.hh 1
/src/qpdf/libqpdf/QPDFParser.cc 26
/src/qpdf/libqpdf/QPDFLogger.cc 8
/src/qpdf/include/qpdf/QPDFObjectHandle.hh 14
/src/qpdf/libqpdf/QPDF_Null.cc 4
/src/qpdf/libqpdf/qpdf/QPDFValue.hh 10
/src/qpdf/libqpdf/QPDFValue.cc 2
/src/qpdf/libqpdf/qpdf/QPDFObject_private.hh 21
/src/qpdf/libqpdf/QPDF_Integer.cc 3
/src/qpdf/libqpdf/QPDF_Unresolved.cc 2
/src/qpdf/libqpdf/QPDF_Array.cc 10
/src/qpdf/libqpdf/QPDFObjectHandle.cc 72
/src/qpdf/libqpdf/QPDFObjGen.cc 2
/src/qpdf/libqpdf/QPDFXRefEntry.cc 4
/src/qpdf/libqpdf/QPDF_Stream.cc 10
/src/qpdf/libqpdf/QPDF_Bool.cc 2
/src/qpdf/libqpdf/QPDF_Real.cc 4
/src/qpdf/libqpdf/QPDF_Name.cc 3
/src/qpdf/libqpdf/QPDF_Operator.cc 2
/src/qpdf/libqpdf/QPDF_String.cc 2
/src/qpdf/libqpdf/QPDF_Dictionary.cc 9
/src/qpdf/libqpdf/Pl_OStream.cc 2
/src/qpdf/include/qpdf/Pipeline.hh 1
/src/qpdf/libqpdf/qpdf/QPDF_Array.hh 1
/src/qpdf/libqpdf/Pl_Buffer.cc 5
/src/qpdf/include/qpdf/Pl_Buffer.hh 1
/src/qpdf/libqpdf/Pl_Count.cc 6
/src/qpdf/libqpdf/QPDF_encryption.cc 48
/src/qpdf/libqpdf/MD5.cc 6
/src/qpdf/libqpdf/QPDFCryptoProvider.cc 6
/src/qpdf/include/qpdf/QPDFCryptoProvider.hh 1
/src/qpdf/libqpdf/qpdf/MD5.hh 1
/src/qpdf/libqpdf/ContentNormalizer.cc 2
/src/qpdf/libqpdf/QPDF_pages.cc 4
/src/qpdf/libqpdf/QPDF_optimization.cc 9
/src/qpdf/libqpdf/RC4.cc 2
/src/qpdf/libqpdf/qpdf/RC4.hh 1
/src/qpdf/libqpdf/Pl_SHA2.cc 4
/src/qpdf/libqpdf/Pl_AES_PDF.cc 7
/src/qpdf/libqpdf/CryptoRandomDataProvider.cc 1
/src/qpdf/libqpdf/qpdf/CryptoRandomDataProvider.hh 1
/src/qpdf/include/qpdf/RandomDataProvider.hh 1
/src/qpdf/libqpdf/qpdf/Pl_AES_PDF.hh 1
/src/qpdf/libqpdf/qpdf/Pl_SHA2.hh 1
/src/qpdf/libqpdf/QPDFWriter.cc 67
/src/qpdf/libqpdf/qpdf/QPDF_String.hh 1
/src/qpdf/libqpdf/qpdf/ObjTable.hh 17
/src/qpdf/libqpdf/qpdf/QPDFWriter_private.hh 1
/src/qpdf/libqpdf/QPDF_linearization.cc 17
/src/qpdf/libqpdf/QPDFSystemError.cc 2
/src/qpdf/include/qpdf/QPDFSystemError.hh 1
/src/qpdf/libqpdf/Pl_StdioFile.cc 2
/src/qpdf/libqpdf/Pl_MD5.cc 4
/src/qpdf/include/qpdf/QPDFWriter.hh 1
/src/qpdf/libqpdf/Pl_RC4.cc 1
/src/qpdf/libqpdf/BitWriter.cc 4
/src/qpdf/libqpdf/qpdf/bits_functions.hh 1

Fuzzer: future_qpdf_crypt_insecure_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 1476 44.9%
gold [1:9] 74 2.25%
yellow [10:29] 35 1.06%
greenyellow [30:49] 13 0.39%
lawngreen 50+ 1689 51.3%
All colors 3287 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
33363 33456 28 :

['std::__1::basic_string , std::__1::allocator >::c_str[abi:v180000]() const', 'MD5::digest(unsigned char*)', 'std::__1::basic_string , std::__1::allocator >::basic_string[abi:v180000]()', 'std::logic_error::logic_error(char const*)', 'std::__1::basic_string , std::__1::allocator >::operator+=[abi:v180000](char const*)', 'QPDFObjectHandle::getKey(std::__1::basic_string , std::__1::allocator > const&)', '__cxa_free_exception', 'QTC::TC(char const*, char const*, int)', '__cxa_allocate_exception', 'MD5::~MD5()', 'std::__1::set , std::__1::allocator >, std::__1::less , std::__1::allocator > >, std::__1::allocator , std::__1::allocator > > >::begin[abi:v180000]()', 'MD5::MD5()', 'QPDFObjectHandle::isString()', 'std::__1::__tree_const_iterator , std::__1::allocator >, std::__1::__tree_node , std::__1::allocator >, void*>*, long>::operator*[abi:v180000]() const', 'QPDFObjectHandle::getKeys()', 'MD5::encodeString(char const*)', '_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC2B7v180000ILi0EEEPKc', 'std::__1::basic_string , std::__1::allocator >::operator+=[abi:v180000](std::__1::basic_string , std::__1::allocator > const&)', 'QPDFObjectHandle::getStringValue()', 'std::__1::to_string(long)', '__cxa_throw', 'std::__1::set , std::__1::allocator >, std::__1::less , std::__1::allocator > >, std::__1::allocator , std::__1::allocator > > >::~set[abi:v180000]()', 'std::__1::operator!=[abi:v180000](std::__1::__tree_const_iterator , std::__1::allocator >, std::__1::__tree_node , std::__1::allocator >, void*>*, long> const&, std::__1::__tree_const_iterator , std::__1::allocator >, std::__1::__tree_node , std::__1::allocator >, void*>*, long> const&)', 'QUtil::get_current_time()', 'std::__1::set , std::__1::allocator >, std::__1::less , std::__1::allocator > >, std::__1::allocator , std::__1::allocator > > >::end[abi:v180000]()', 'QPDFObjectHandle::hasKey(std::__1::basic_string , std::__1::allocator > const&)', 'std::__1::__tree_const_iterator , std::__1::allocator >, std::__1::__tree_node , std::__1::allocator >, void*>*, long>::operator++[abi:v180000]()', 'std::__1::basic_string , std::__1::allocator >::basic_string[abi:v180000](char const*, unsigned long)']

33375 39032 QPDFWriter::generateID() call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:1834
16651 27758 8 :

['std::__1::basic_string , std::__1::allocator > std::__1::operator+[abi:v180000] , std::__1::allocator >(std::__1::basic_string , std::__1::allocator >&&, char const*)', 'QPDFObjectHandle::isInteger()', 'QPDFObjectHandle::parse(std::__1::basic_string , std::__1::allocator > const&, std::__1::basic_string , std::__1::allocator > const&)', 'std::__1::basic_string , std::__1::allocator > std::__1::operator+[abi:v180000] , std::__1::allocator >(std::__1::basic_string , std::__1::allocator >&&, std::__1::basic_string , std::__1::allocator >&&)', 'std::__1::basic_string , std::__1::allocator > std::__1::operator+ , std::__1::allocator >(char const*, std::__1::basic_string , std::__1::allocator > const&)', 'QPDFObjectHandle::getIntValue()', 'QPDFObjectHandle::isDictionary()', 'QPDFObjectHandle::replaceKey(std::__1::basic_string , std::__1::allocator > const&, QPDFObjectHandle const&)']

127827 201901 QPDFWriter::unparseObject(QPDFObjectHandle,int,int,unsignedlong,bool) call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:1415
8150 8150 1 :

['QPDFWriter::writeLinearized()']

8152 8184 QPDFWriter::write() call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:2231
6776 6776 1 :

['QPDFWriter::writeObjectStream(QPDFObjectHandle)']

6780 6782 QPDFWriter::writeObject(QPDFObjectHandle,int) call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:1763
6295 6295 1 :

['QPDFWriter::copyEncryptionParameters(QPDF&)']

17938 35467 QPDFWriter::doWriteSetup() call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:2125
5726 5726 5 :

['std::__1::shared_ptr ::~shared_ptr[abi:v180000]()', 'std::__1::shared_ptr ::~shared_ptr[abi:v180000]()', 'QPDF::decryptStream(std::__1::shared_ptr , std::__1::shared_ptr , QPDF&, Pipeline*&, QPDFObjGen const&, QPDFObjectHandle&, std::__1::unique_ptr >&)', 'std::__1::shared_ptr ::shared_ptr[abi:v180000](std::__1::shared_ptr const&)', 'std::__1::shared_ptr ::shared_ptr[abi:v180000](std::__1::shared_ptr const&)']

5752 6426 QPDF::pipeStreamData(std::__1::shared_ptr ,std::__1::shared_ptr ,QPDF&,QPDFObjGenconst&,longlong,unsignedlong,QPDFObjectHandle,Pipeline*,bool,bool) call site: 00000 /src/qpdf/libqpdf/QPDF.cc:2720
5711 5711 1 :

['QPDFWriter::enqueueObjectsPCLm()']

12623 26039 QPDFWriter::writeStandard() call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:3010
5638 11198 5 :

['QPDFObjectHandle::makeDirect(bool)', 'std::__1::basic_string , std::__1::allocator >::~basic_string()', '_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC2B7v180000ILi0EEEPKc', 'QPDFObjectHandle::replaceKey(std::__1::basic_string , std::__1::allocator > const&, QPDFObjectHandle const&)', 'QTC::TC(char const*, char const*, int)']

5650 11210 QPDFWriter::prepareFileForWrite() call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:2067
5597 5597 2 :

['QPDFObjectHandle::replaceKeyAndGetNew(std::__1::basic_string , std::__1::allocator > const&, QPDFObjectHandle const&)', 'QPDFObjectHandle::newDictionary()']

133430 207510 QPDFWriter::unparseObject(QPDFObjectHandle,int,int,unsignedlong,bool) call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:1398
5564 5568 10 :

['std::__1::shared_ptr ::operator->[abi:v180000]() const', 'QPDFObjectHandle::QPDFObjectHandle(QPDFObjectHandle const&)', 'QTC::TC(char const*, char const*, int)', 'std::__1::__wrap_iter ::operator++[abi:v180000]()', 'bool std::__1::operator!=[abi:v180000] (std::__1::__wrap_iter const&, std::__1::__wrap_iter const&)', 'std::__1::vector >::~vector[abi:v180000]()', 'std::__1::vector >::end[abi:v180000]()', 'QPDF::getAllObjects()', 'std::__1::vector >::begin[abi:v180000]()', 'std::__1::__wrap_iter ::operator*[abi:v180000]() const']

22261 44649 QPDFWriter::enqueueObjectsStandard() call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:2916
5561 5561 5 :

['std::__1::set , std::__1::allocator >, std::__1::less , std::__1::allocator > >, std::__1::allocator , std::__1::allocator > > >::size[abi:v180000]() const', 'std::__1::set , std::__1::allocator >, std::__1::less , std::__1::allocator > >, std::__1::allocator , std::__1::allocator > > >::count[abi:v180000](std::__1::basic_string , std::__1::allocator > const&) const', 'QPDFObjectHandle::getKeys()', 'std::__1::set , std::__1::allocator >, std::__1::less , std::__1::allocator > >, std::__1::allocator , std::__1::allocator > > >::erase[abi:v180000](std::__1::basic_string , std::__1::allocator > const&)', 'std::__1::set , std::__1::allocator >, std::__1::less , std::__1::allocator > >, std::__1::allocator , std::__1::allocator > > >::~set[abi:v180000]()']

138993 218636 QPDFWriter::unparseObject(QPDFObjectHandle,int,int,unsignedlong,bool) call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:1384
5555 5731 4 :

['QPDFObjectHandle::getStringValue()', 'QPDF_String::unparse(bool)', 'QPDF_String::~QPDF_String()', 'QPDF_String::QPDF_String(std::__1::basic_string , std::__1::allocator > const&)']

5555 5733 QPDFWriter::unparseObject(QPDFObjectHandle,int,int,unsignedlong,bool) call site: 00000 /src/qpdf/libqpdf/QPDFWriter.cc:1592

Runtime coverage analysis

Covered functions
950
Functions that are reachable but not covered
502
Reachable functions
1574
Percentage of reachable functions covered
68.11%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/qpdf/fuzz/qpdf_crypt_insecure_fuzzer.cc 9
/src/qpdf/libqpdf/Buffer.cc 7
/src/qpdf/libqpdf/Pl_Discard.cc 2
/src/qpdf/libqpdf/Pipeline.cc 8
/src/qpdf/include/qpdf/Buffer.hh 1
/src/qpdf/libqpdf/Pl_DCT.cc 3
/src/qpdf/libqpdf/Pl_PNGFilter.cc 2
/src/qpdf/libqpdf/Pl_TIFFPredictor.cc 1
/src/qpdf/libqpdf/Pl_Flate.cc 4
/src/qpdf/libqpdf/BufferInputSource.cc 2
/src/qpdf/include/qpdf/InputSource.hh 8
/src/qpdf/include/qpdf/QIntC.hh 27
/usr/local/bin/../include/c++/v1/stdexcept 3
/src/qpdf/libqpdf/QPDF.cc 75
/src/qpdf/include/qpdf/QPDF.hh 37
/src/qpdf/libqpdf/InputSource.cc 5
/src/qpdf/include/qpdf/QTC.hh 1
/src/qpdf/libqpdf/QPDFExc.cc 2
/src/qpdf/include/qpdf/QPDFExc.hh 2
/src/qpdf/libqpdf/QPDFTokenizer.cc 34
/src/qpdf/include/qpdf/QUtil.hh 5
/src/qpdf/include/qpdf/QPDFTokenizer.hh 13
/src/qpdf/libqpdf/QUtil.cc 20
/src/qpdf/include/qpdf/QPDFObjGen.hh 11
/src/qpdf/include/qpdf/QPDFXRefEntry.hh 2
/src/qpdf/libqpdf/qpdf/QPDFParser.hh 1
/src/qpdf/libqpdf/QPDFParser.cc 26
/src/qpdf/libqpdf/QPDFLogger.cc 8
/src/qpdf/include/qpdf/QPDFObjectHandle_future.hh 15
/src/qpdf/libqpdf/QPDF_Null.cc 4
/src/qpdf/libqpdf/qpdf/QPDFValue.hh 10
/src/qpdf/libqpdf/QPDFValue.cc 2
/src/qpdf/libqpdf/qpdf/QPDFObject_private.hh 21
/src/qpdf/libqpdf/QPDF_Integer.cc 3
/src/qpdf/libqpdf/QPDF_Unresolved.cc 2
/src/qpdf/libqpdf/QPDF_Array.cc 10
/src/qpdf/libqpdf/QPDFObjectHandle.cc 72
/src/qpdf/libqpdf/QPDFObjGen.cc 2
/src/qpdf/libqpdf/QPDFXRefEntry.cc 4
/src/qpdf/libqpdf/QPDF_Stream.cc 10
/src/qpdf/libqpdf/QPDF_Bool.cc 2
/src/qpdf/libqpdf/QPDF_Real.cc 4
/src/qpdf/libqpdf/QPDF_Name.cc 3
/src/qpdf/libqpdf/QPDF_Operator.cc 2
/src/qpdf/libqpdf/QPDF_String.cc 2
/src/qpdf/libqpdf/QPDF_Dictionary.cc 9
/src/qpdf/libqpdf/Pl_OStream.cc 2
/src/qpdf/include/qpdf/Pipeline.hh 1
/src/qpdf/libqpdf/qpdf/QPDF_Array.hh 1
/src/qpdf/libqpdf/Pl_Buffer.cc 5
/src/qpdf/include/qpdf/Pl_Buffer.hh 1
/src/qpdf/libqpdf/Pl_Count.cc 6
/src/qpdf/libqpdf/QPDF_encryption.cc 48
/src/qpdf/libqpdf/MD5.cc 6
/src/qpdf/libqpdf/QPDFCryptoProvider.cc 6
/src/qpdf/include/qpdf/QPDFCryptoProvider.hh 1
/src/qpdf/libqpdf/qpdf/MD5.hh 1
/src/qpdf/libqpdf/ContentNormalizer.cc 2
/src/qpdf/libqpdf/QPDF_pages.cc 4
/src/qpdf/libqpdf/QPDF_optimization.cc 9
/src/qpdf/libqpdf/RC4.cc 2
/src/qpdf/libqpdf/qpdf/RC4.hh 1
/src/qpdf/libqpdf/Pl_SHA2.cc 4
/src/qpdf/libqpdf/Pl_AES_PDF.cc 7
/src/qpdf/libqpdf/CryptoRandomDataProvider.cc 1
/src/qpdf/libqpdf/qpdf/CryptoRandomDataProvider.hh 1
/src/qpdf/include/qpdf/RandomDataProvider.hh 1
/src/qpdf/libqpdf/qpdf/Pl_AES_PDF.hh 1
/src/qpdf/libqpdf/qpdf/Pl_SHA2.hh 1
/src/qpdf/libqpdf/QPDFWriter.cc 65
/src/qpdf/libqpdf/qpdf/QPDF_String.hh 1
/src/qpdf/libqpdf/qpdf/ObjTable.hh 17
/src/qpdf/libqpdf/qpdf/QPDFWriter_private.hh 1
/src/qpdf/libqpdf/QPDF_linearization.cc 17
/src/qpdf/libqpdf/QPDFSystemError.cc 2
/src/qpdf/include/qpdf/QPDFSystemError.hh 1
/src/qpdf/libqpdf/Pl_StdioFile.cc 2
/src/qpdf/libqpdf/Pl_MD5.cc 4
/src/qpdf/include/qpdf/QPDFWriter.hh 1
/src/qpdf/libqpdf/Pl_RC4.cc 1
/src/qpdf/libqpdf/BitWriter.cc 4
/src/qpdf/libqpdf/qpdf/bits_functions.hh 1

Analyses and suggestions

Optimal target analysis

Remaining optimal interesting functions

The following table shows a list of functions that are optimal targets. Optimal targets are identified by finding the functions that in combination, yield a high code coverage.

Func name Functions filename Arg count Args Function depth hitcount instr count bb count cyclomatic complexity Reachable functions Incoming references total cyclomatic complexity Unreached complexity
QPDF::showLinearizationData() /src/qpdf/libqpdf/QPDF_linearization.cc 1 ['N/A'] 31 0 94 17 12 1036 0 7219 1472
QPDFPageObjectHelper::flattenRotation(QPDFAcroFormDocumentHelper*) /src/qpdf/libqpdf/QPDFPageObjectHelper.cc 2 ['N/A', 'N/A'] 31 0 978 160 121 1305 0 8582 1406
encode_mcu_huff /src/libjpeg-turbo/jchuff.c 2 ['N/A', 'N/A'] 3 0 232 33 14 7 0 595 595
QPDF::JSONReactor::dictionaryItem(std::__1::basic_string ,std::__1::allocator >const&,JSONconst&) /src/qpdf/libqpdf/QPDF_json.cc 3 ['N/A', 'N/A', 'N/A'] 24 0 1452 301 282 1050 0 6393 568
QPDFFormFieldObjectHelper::setRadioButtonValue(QPDFObjectHandle) /src/qpdf/libqpdf/QPDFFormFieldObjectHelper.cc 2 ['N/A', 'N/A'] 26 0 868 196 170 921 3 5985 342
NNTreeIterator::split(QPDFObjectHandle,std::__1::__list_iterator ) /src/qpdf/libqpdf/NNTree.cc 3 ['N/A', 'N/A', 'N/A'] 32 0 784 135 87 932 1 6037 339
JSON::checkSchemaInternal(JSON::JSON_value*,JSON::JSON_value*,unsignedlong,std::__1::list ,std::__1::allocator >,std::__1::allocator ,std::__1::allocator >>>&,std::__1::basic_string ,std::__1::allocator >) /src/qpdf/libqpdf/JSON.cc 5 ['N/A', 'N/A', 'size_t', 'N/A', 'N/A'] 2 0 1112 199 164 5 3 332 328

Implementing fuzzers that target the above functions will improve reachability such that it becomes:

Functions statically reachable by fuzzers
52.0%
1533 / 2963
Cyclomatic complexity statically reachable by fuzzers
67.0%
22689 / 33995

All functions overview

If you implement fuzzers for these functions, the status of all functions in the project will be:

Func name Functions filename Args Function call depth Reached by Fuzzers Fuzzers runtime hit Func lines hit % I Count BB Count Cyclomatic complexity Functions reached Reached by functions Accumulated cyclomatic complexity Undiscovered complexity

Fuzz engine guidance

This sections provides heuristics that can be used as input to a fuzz engine when running a given fuzz target. The current focus is on providing input that is usable by libFuzzer.

/src/qpdf/fuzz/hex_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['FuzzHelper::doChecks()', 'FuzzHelper::doChecks()', 'Pl_ASCIIHexDecoder::flush()', 'FuzzHelper::doChecks()']

/src/qpdf/fuzz/runlength_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['FuzzHelper::doChecks()', 'FuzzHelper::doChecks()', 'FuzzHelper::doChecks()', 'Pl_RunLength::finish()', 'Pl_Discard::~Pl_Discard()']

/src/qpdf/fuzz/lzw_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['unsigned int QIntC::to_uint(unsigned long const&)', 'FuzzHelper::doChecks()', 'FuzzHelper::doChecks()', 'Pl_LZWDecoder::handleCode(unsigned int)', 'Pl_LZWDecoder::getFirstChar(unsigned int)', 'Pl_LZWDecoder::handleCode(unsigned int)', 'Pl_LZWDecoder::addToTable(unsigned char)', 'Pl_LZWDecoder::addToTable(unsigned char)', 'Pl_LZWDecoder::handleCode(unsigned int)']

/src/qpdf/fuzz/lzw_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['unsigned int QIntC::to_uint(unsigned long const&)', 'FuzzHelper::doChecks()', 'FuzzHelper::doChecks()', 'Pl_LZWDecoder::handleCode(unsigned int)', 'Pl_LZWDecoder::getFirstChar(unsigned int)', 'Pl_LZWDecoder::handleCode(unsigned int)', 'Pl_LZWDecoder::addToTable(unsigned char)', 'Pl_LZWDecoder::addToTable(unsigned char)', 'Pl_LZWDecoder::handleCode(unsigned int)']

/src/qpdf/fuzz/ascii85_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['FuzzHelper::doChecks()', 'FuzzHelper::doChecks()', 'Pl_ASCII85Decoder::flush()', 'FuzzHelper::doChecks()']

/src/qpdf/fuzz/flate_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['deflate', 'deflateResetKeep', 'deflateReset', 'unsigned long QIntC::to_size(unsigned int const&)', '_tr_flush_block', 'read_buf', 'Pl_Flate::finish()', 'Pl_Flate::finish()']

/src/qpdf/fuzz/ascii85_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['FuzzHelper::doChecks()', 'FuzzHelper::doChecks()', 'Pl_ASCII85Decoder::flush()', 'FuzzHelper::doChecks()']

/src/qpdf/fuzz/pngpredictor_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['FuzzHelper::doChecks()', 'Pl_PNGFilter::write(unsigned char const*, unsigned long)', 'FuzzHelper::doChecks()']

/src/qpdf/fuzz/tiffpredictor_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['FuzzHelper::doChecks()', 'unsigned int QIntC::to_uint(unsigned long const&)', 'BitStream::getBitsSigned(unsigned long)', 'BitWriter::writeBits(unsigned long long, unsigned long)', 'FuzzHelper::doChecks()', 'Pl_TIFFPredictor::processRow()', 'FuzzHelper::run()']

/src/qpdf/fuzz/flate_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['deflate', 'deflateResetKeep', 'deflateReset', 'unsigned long QIntC::to_size(unsigned int const&)', '_tr_flush_block', 'read_buf', 'Pl_Flate::finish()', 'Pl_Flate::finish()']

/src/qpdf/fuzz/tiffpredictor_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['FuzzHelper::doChecks()', 'unsigned int QIntC::to_uint(unsigned long const&)', 'BitStream::getBitsSigned(unsigned long)', 'BitWriter::writeBits(unsigned long long, unsigned long)', 'FuzzHelper::doChecks()', 'Pl_TIFFPredictor::processRow()', 'FuzzHelper::run()']

/src/qpdf/fuzz/dct_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['init_simd', 'std_huff_tables', 'master_selection', 'unsigned int QIntC::to_uint(int const&)', 'jinit_memory_mgr', 'jpeg_core_output_dimensions', 'jpeg_calc_output_dimensions', 'FuzzHelper::doChecks()', 'Pl_DCT::finish()', 'Pl_Buffer::write(unsigned char const*, unsigned long)']

/src/qpdf/fuzz/pngpredictor_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['FuzzHelper::doChecks()', 'Pl_PNGFilter::write(unsigned char const*, unsigned long)', 'FuzzHelper::doChecks()']

/src/qpdf/fuzz/runlength_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['FuzzHelper::doChecks()', 'FuzzHelper::doChecks()', 'FuzzHelper::doChecks()', 'Pl_RunLength::finish()', 'Pl_Discard::~Pl_Discard()']

/src/qpdf/fuzz/json_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['QPDF::initializeEncryption()', 'QPDF_Dictionary::replaceKey(std::__1::basic_string, std::__1::allocator > const&, QPDFObjectHandle)', 'QPDFObjectHandle::newInteger(long long)', 'QPDFObjectHandle::newNull()', 'QPDFObjectHandle::getIntValue() const', 'QPDFObjectHandle::getIntValueAsInt() const', 'QPDF_Array::checkOwnership(QPDFObjectHandle const&) const', 'QPDFObjectHandle::asStreamWithAssert() const', 'QPDF_Stream::create(QPDF*, QPDFObjGen const&, QPDFObjectHandle, long long, unsigned long)', 'QPDF::read_xref(long long)']

/src/qpdf/fuzz/hex_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['FuzzHelper::doChecks()', 'FuzzHelper::doChecks()', 'Pl_ASCIIHexDecoder::flush()', 'FuzzHelper::doChecks()']

/src/qpdf/fuzz/qpdf_pages_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['QPDF::initializeEncryption()', 'unsigned int QIntC::to_uint(unsigned long const&)', 'QPDFObjectHandle::isDictionaryOfType(std::__1::basic_string, std::__1::allocator > const&, std::__1::basic_string, std::__1::allocator > const&)', '(anonymous namespace)::JSONParser::getToken()', 'QPDF::pipeStreamData(QPDFObjGen const&, long long, unsigned long, QPDFObjectHandle, Pipeline*, bool, bool)', 'QPDFObjectHandle::isMatrix()', 'QPDFAnnotationObjectHelper::getPageContentForAppearance(std::__1::basic_string, std::__1::allocator > const&, int, int, int)', '(anonymous namespace)::JSONParser::getToken()', 'QPDF::read_xrefTable(long long)', 'QPDFPageDocumentHelper::flattenAnnotationsForPage(QPDFPageObjectHelper&, QPDFObjectHandle&, QPDFAcroFormDocumentHelper&, int, int)']

/src/qpdf/fuzz/json_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['QPDF::initializeEncryption()', 'QPDF_Dictionary::replaceKey(std::__1::basic_string, std::__1::allocator > const&, QPDFObjectHandle)', 'QPDFObjectHandle::newInteger(long long)', 'QPDFObjectHandle::newNull()', 'QPDFObjectHandle::getIntValue()', 'QPDFObjectHandle::getIntValueAsInt()', 'QPDF_Array::checkOwnership(QPDFObjectHandle const&) const', 'QPDFObjectHandle::asStreamWithAssert() const', 'QPDF_Stream::create(QPDF*, QPDFObjGen const&, QPDFObjectHandle, long long, unsigned long)', 'QPDF::read_xref(long long)']

/src/qpdf/fuzz/qpdf_outlines_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['unsigned int QIntC::to_uint(unsigned long const&)', 'QPDF::initializeEncryption()', 'QPDFObjectHandle::isDictionaryOfType(std::__1::basic_string, std::__1::allocator > const&, std::__1::basic_string, std::__1::allocator > const&) const', 'QPDF::initializeEncryption()', 'NNTreeIterator::increment(bool)', 'QPDF::pipeStreamData(QPDFObjGen const&, long long, unsigned long, QPDFObjectHandle, Pipeline*, bool, bool)', 'QPDF_Stream::pipeStreamData(Pipeline*, bool*, int, qpdf_stream_decode_level_e, bool, bool)', 'NNTreeImpl::findInternal(QPDFObjectHandle, bool)', 'QPDFObjectHandle::hasKey(std::__1::basic_string, std::__1::allocator > const&) const', 'QPDF::initializeEncryption()']

/src/qpdf/fuzz/qpdf_pages_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['QPDF::initializeEncryption()', 'unsigned int QIntC::to_uint(unsigned long const&)', 'QPDFObjectHandle::isDictionaryOfType(std::__1::basic_string, std::__1::allocator > const&, std::__1::basic_string, std::__1::allocator > const&) const', '(anonymous namespace)::JSONParser::getToken()', 'QPDF::pipeStreamData(QPDFObjGen const&, long long, unsigned long, QPDFObjectHandle, Pipeline*, bool, bool)', 'QPDFAnnotationObjectHelper::getPageContentForAppearance(std::__1::basic_string, std::__1::allocator > const&, int, int, int)', '(anonymous namespace)::JSONParser::getToken()', '(anonymous namespace)::JSONParser::handleToken()', 'QPDF_Array::at(int) const', 'QPDFObjectHandle::hasKey(std::__1::basic_string, std::__1::allocator > const&) const']

/src/qpdf/fuzz/dct_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['init_simd', 'std_huff_tables', 'master_selection', 'unsigned int QIntC::to_uint(int const&)', 'jinit_memory_mgr', 'jpeg_core_output_dimensions', 'jpeg_calc_output_dimensions', 'FuzzHelper::doChecks()', 'Pl_DCT::finish()', 'Pl_Buffer::write(unsigned char const*, unsigned long)']

/src/qpdf/fuzz/qpdf_outlines_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['QPDF::interpretCF(std::__1::shared_ptr, QPDFObjectHandle)', 'NNTreeIterator::increment(bool)', 'QPDF::pipeStreamData(QPDFObjGen const&, long long, unsigned long, QPDFObjectHandle, Pipeline*, bool, bool)', 'QPDF_Stream::pipeStreamData(Pipeline*, bool*, int, qpdf_stream_decode_level_e, bool, bool)', 'compute_U_value_R3(std::__1::basic_string, std::__1::allocator > const&, QPDF::EncryptionData const&)', 'NNTreeImpl::findInternal(QPDFObjectHandle, bool)', 'QPDFObjectHandle::hasKey(std::__1::basic_string, std::__1::allocator > const&)', 'QPDF::compute_data_key(std::__1::basic_string, std::__1::allocator > const&, int, int, bool, int, int)', 'QPDF::read_xrefTable(long long)', 'check_owner_password(std::__1::basic_string, std::__1::allocator >&, std::__1::basic_string, std::__1::allocator > const&, QPDF::EncryptionData const&)']

/src/qpdf/fuzz/qpdf_crypt_insecure_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['QPDFWriter::prepareFileForWrite()', 'QPDFWriter::writeEncryptionDictionary()', 'ObjTable::large_element(unsigned long)', 'QPDFWriter::writeObject(QPDFObjectHandle, int)', 'QPDFWriter::write()', 'QPDFWriter::writeObject(QPDFObjectHandle, int)', 'Pl_Count::finish()', 'QPDFWriter::writeStandard()', 'QPDFWriter::prepareFileForWrite()', 'QPDFWriter::closeObject(int)']

/src/qpdf/fuzz/qpdf_lin_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['QPDF::initializeEncryption()', 'unsigned int QIntC::to_uint(unsigned long const&)', 'QPDFWriter::write()', 'ObjTable::large_element(unsigned long)', 'QPDFWriter::generateID()', 'QPDFObjectHandle::isDictionaryOfType(std::__1::basic_string, std::__1::allocator > const&, std::__1::basic_string, std::__1::allocator > const&) const', 'QPDFWriter::prepareFileForWrite()', 'QPDFWriter::setMinimumPDFVersion(std::__1::basic_string, std::__1::allocator > const&, int)', 'QPDFWriter::unparseObject(QPDFObjectHandle, int, int, unsigned long, bool)', 'QPDFWriter::writeLinearized()']

/src/qpdf/fuzz/qpdf_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['QPDFWriter::writeStandard()', 'QPDFWriter::generateID()', 'QPDFWriter::setEncryptionParametersInternal(int, int, int, int, std::__1::basic_string, std::__1::allocator > const&, std::__1::basic_string, std::__1::allocator > const&, std::__1::basic_string, std::__1::allocator > const&, std::__1::basic_string, std::__1::allocator > const&, std::__1::basic_string, std::__1::allocator > const&, std::__1::basic_string, std::__1::allocator > const&, std::__1::basic_string, std::__1::allocator > const&, std::__1::basic_string, std::__1::allocator > const&)', 'QPDFWriter::writeLinearized()', 'QPDFWriter::setEncryptionParameters(char const*, char const*, int, int, int, std::__1::set, std::__1::allocator >&)', 'QPDFWriter::preserveObjectStreams()', 'QPDF::decryptStream(std::__1::shared_ptr, std::__1::shared_ptr, QPDF&, Pipeline*&, QPDFObjGen const&, QPDFObjectHandle&, std::__1::unique_ptr >&)', 'compute_U_value_R3(std::__1::basic_string, std::__1::allocator > const&, QPDF::EncryptionData const&)', 'QPDFWriter::unparseObject(QPDFObjectHandle, int, int, unsigned long, bool)', 'QPDFObjectHandle::hasKey(std::__1::basic_string, std::__1::allocator > const&) const']

/src/qpdf/fuzz/qpdf_lin_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['QPDF::initializeEncryption()', 'unsigned int QIntC::to_uint(unsigned long const&)', 'QPDFWriter::write()', 'ObjTable::large_element(unsigned long)', 'QPDFWriter::generateID()', 'QPDFObjectHandle::isDictionaryOfType(std::__1::basic_string, std::__1::allocator > const&, std::__1::basic_string, std::__1::allocator > const&)', 'QPDFObjectHandle::shallowCopy()', 'QPDFWriter::setMinimumPDFVersion(std::__1::basic_string, std::__1::allocator > const&, int)', 'QPDFWriter::unparseObject(QPDFObjectHandle, int, int, unsigned long, bool)', 'QPDFWriter::writeLinearized()']

/src/qpdf/fuzz/qpdf_crypt_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['QPDF::initializeEncryption()', 'QPDFWriter::write()', 'compute_Perms_value_V5_clear(std::__1::basic_string, std::__1::allocator > const&, QPDF::EncryptionData const&, unsigned char*)', 'QPDFWriter::write()', 'QPDFObjectHandle::isDictionaryOfType(std::__1::basic_string, std::__1::allocator > const&, std::__1::basic_string, std::__1::allocator > const&)', 'QPDFWriter::prepareFileForWrite()', 'QPDFWriter::generateID()', 'QPDFWriter::writeLinearized()', 'QPDFWriter::preserveObjectStreams()', 'hash_V5(std::__1::basic_string, std::__1::allocator > const&, std::__1::basic_string, std::__1::allocator > const&, std::__1::basic_string, std::__1::allocator > const&, QPDF::EncryptionData const&)']

/src/qpdf/fuzz/qpdf_crypt_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['QPDFWriter::write()', 'QPDFWriter::write()', 'QPDFWriter::prepareFileForWrite()', 'QPDF::interpretCF(std::__1::shared_ptr, QPDFObjectHandle)', 'QPDFObjectHandle::isOrHasName(std::__1::basic_string, std::__1::allocator > const&) const', 'QPDFWriter::generateID()', 'QPDFWriter::writeLinearized()', 'QPDFWriter::preserveObjectStreams()', 'QPDFWriter::pushDiscardFilter(QPDFWriter::PipelinePopper&)', 'QPDF_Dictionary::create(std::__1::map, std::__1::allocator >, QPDFObjectHandle, std::__1::less, std::__1::allocator > >, std::__1::allocator, std::__1::allocator > const, QPDFObjectHandle> > > const&)']

/src/qpdf/fuzz/qpdf_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['QPDFWriter::writeStandard()', 'QPDFWriter::prepareFileForWrite()', 'QPDFWriter::generateID()', 'QPDF::interpretCF(std::__1::shared_ptr, QPDFObjectHandle)', 'QPDFWriter::setEncryptionParametersInternal(int, int, int, int, std::__1::basic_string, std::__1::allocator > const&, std::__1::basic_string, std::__1::allocator > const&, std::__1::basic_string, std::__1::allocator > const&, std::__1::basic_string, std::__1::allocator > const&, std::__1::basic_string, std::__1::allocator > const&, std::__1::basic_string, std::__1::allocator > const&, std::__1::basic_string, std::__1::allocator > const&, std::__1::basic_string, std::__1::allocator > const&)', 'QPDFWriter::writeLinearized()', 'QPDFWriter::setEncryptionParameters(char const*, char const*, int, int, int, std::__1::set, std::__1::allocator >&)', 'QPDFWriter::preserveObjectStreams()', 'QPDFWriter::unparseObject(QPDFObjectHandle, int, int, unsigned long, bool)', 'QPDF_Dictionary::create(std::__1::map, std::__1::allocator >, QPDFObjectHandle, std::__1::less, std::__1::allocator > >, std::__1::allocator, std::__1::allocator > const, QPDFObjectHandle> > > const&)']

/src/qpdf/fuzz/qpdf_crypt_insecure_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['QPDFWriter::prepareFileForWrite()', 'QPDFWriter::writeEncryptionDictionary()', 'QPDF::initializeEncryption()', 'unsigned int QIntC::to_uint(unsigned long const&)', 'ObjTable::large_element(unsigned long)', 'QPDFWriter::writeObject(QPDFObjectHandle, int)', 'QPDFWriter::write()', 'QPDFWriter::writeObject(QPDFObjectHandle, int)', 'QPDFObjectHandle::isDictionaryOfType(std::__1::basic_string, std::__1::allocator > const&, std::__1::basic_string, std::__1::allocator > const&) const', 'Pl_Count::finish()']

Runtime coverage analysis

This section shows analysis of runtime coverage data.

For futher technical details on how this section is generated, please see the Glossary .

Complex functions with low coverage

Func name Function total lines Lines covered at runtime percentage covered Reached by fuzzers
Pl_Flate::checkError(charconst*,int) 35 17 48.57% ['flate_fuzzer', 'future_flate_fuzzer']
deflate 257 74 28.79% ['flate_fuzzer', 'future_flate_fuzzer']
jpeg_consume_input 31 17 54.83% ['future_dct_fuzzer', 'dct_fuzzer']
output_pass_setup 40 10 25.0% ['future_dct_fuzzer', 'dct_fuzzer']
ycc_rgb_convert 36 8 22.22% []
jpeg_resync_to_restart 34 6 17.64% []
jpeg_core_output_dimensions 130 32 24.61% ['future_dct_fuzzer', 'dct_fuzzer']
use_merged_upsample 38 6 15.78% ['future_dct_fuzzer', 'dct_fuzzer']
start_pass_dpost 36 14 38.88% []
access_virt_sarray 59 31 52.54% []
QPDFAnnotationObjectHelper::getPageContentForAppearance(std::__1::basic_string ,std::__1::allocator >const&,int,int,int) 71 38 53.52% ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer']
QPDFWriter::interpretR3EncryptionParameters(std::__1::set ,std::__1::allocator >&,charconst*,charconst*,bool,bool,bool,bool,bool,bool,qpdf_r3_print_e,qpdf_r3_modify_e) 40 16 40.0% ['qpdf_crypt_insecure_fuzzer', 'future_qpdf_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']

Files and Directories in report

This section shows which files and directories are considered in this report. The main reason for showing this is fuzz introspector may include more code in the reasoning than is desired. This section helps identify if too many files/directories are included, e.g. third party code, which may be irrelevant for the threat model. In the event too much is included, fuzz introspector supports a configuration file that can exclude data from the report. See the following link for more information on how to create a config file: link

Files in report

Source file Reached by Covered by
[] []
/src/qpdf/libqpdf/qpdf/SF_ASCIIHexDecode.hh [] []
/src/qpdf/libqpdf/Pl_Count.cc ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/libjpeg-turbo/jfdctint.c [] []
/src/qpdf/libqpdf/QPDFMatrix.cc ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer'] ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer']
/src/qpdf/libqpdf/Pl_String.cc ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer'] ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer']
/src/qpdf/include/qpdf/QPDFMatrix.hh [] []
/src/qpdf/libqpdf/qpdf/ContentNormalizer.hh [] []
/src/qpdf/libqpdf/QPDF.cc ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/libqpdf/AES_PDF_native.cc [] []
/src/qpdf/libqpdf/QPDF_Bool.cc ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/libjpeg-turbo/jdphuff.c ['future_dct_fuzzer', 'dct_fuzzer'] ['future_dct_fuzzer', 'dct_fuzzer']
/src/qpdf/libqpdf/qpdf/QPDF_Bool.hh [] []
/src/qpdf/libqpdf/qpdf/QPDF_InlineImage.hh [] []
/src/qpdf/libqpdf/SecureRandomDataProvider.cc [] []
/src/qpdf/libqpdf/Pl_Base64.cc [] []
/src/qpdf/libqpdf/qpdf/QPDF_Operator.hh [] []
/src/qpdf/libqpdf/Pl_Concatenate.cc [] []
/usr/local/bin/../include/c++/v1/__exception/exception.h [] []
/src/qpdf/libqpdf/Pipeline.cc ['future_hex_fuzzer', 'runlength_fuzzer', 'lzw_fuzzer', 'future_lzw_fuzzer', 'ascii85_fuzzer', 'flate_fuzzer', 'future_ascii85_fuzzer', 'future_pngpredictor_fuzzer', 'tiffpredictor_fuzzer', 'future_flate_fuzzer', 'future_tiffpredictor_fuzzer', 'future_dct_fuzzer', 'pngpredictor_fuzzer', 'future_runlength_fuzzer', 'future_json_fuzzer', 'hex_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'dct_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_hex_fuzzer', 'runlength_fuzzer', 'lzw_fuzzer', 'future_lzw_fuzzer', 'ascii85_fuzzer', 'flate_fuzzer', 'future_ascii85_fuzzer', 'future_pngpredictor_fuzzer', 'tiffpredictor_fuzzer', 'future_flate_fuzzer', 'future_tiffpredictor_fuzzer', 'future_dct_fuzzer', 'pngpredictor_fuzzer', 'future_runlength_fuzzer', 'future_json_fuzzer', 'hex_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'dct_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/libqpdf/QPDFAcroFormDocumentHelper.cc ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer'] ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer']
/src/qpdf/libqpdf/MD5.cc ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/libjpeg-turbo/simd/x86_64/jsimd.c ['future_dct_fuzzer', 'dct_fuzzer'] ['future_dct_fuzzer', 'dct_fuzzer']
/src/libjpeg-turbo/jfdctflt.c [] []
/src/qpdf/libqpdf/qpdf/SecureRandomDataProvider.hh [] []
/src/qpdf/libqpdf/qpdf/NNTree.hh ['qpdf_pages_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer'] ['qpdf_pages_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer']
/src/qpdf/fuzz/qpdf_lin_fuzzer.cc ['future_qpdf_lin_fuzzer', 'qpdf_lin_fuzzer'] ['future_qpdf_lin_fuzzer', 'qpdf_lin_fuzzer']
/src/qpdf/include/qpdf/QPDFPageDocumentHelper.hh ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer'] ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer']
/src/libjpeg-turbo/jdcolor.c ['future_dct_fuzzer', 'dct_fuzzer'] ['future_dct_fuzzer', 'dct_fuzzer']
/src/qpdf/include/qpdf/QPDFAnnotationObjectHelper.hh ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer'] ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer']
/src/zlib/deflate.c ['flate_fuzzer', 'future_flate_fuzzer'] ['flate_fuzzer', 'future_flate_fuzzer']
/src/qpdf/libqpdf/Pl_SHA2.cc ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer']
/src/qpdf/include/qpdf/QPDFOutlineDocumentHelper.hh ['qpdf_pages_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer'] ['qpdf_pages_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer']
/src/libjpeg-turbo/jidctfst.c [] []
/src/libjpeg-turbo/jdlossls.c ['future_dct_fuzzer', 'dct_fuzzer'] ['future_dct_fuzzer', 'dct_fuzzer']
/src/qpdf/libqpdf/ContentNormalizer.cc ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_qpdf_fuzzer', 'qpdf_fuzzer']
/src/qpdf/include/qpdf/QPDFPageLabelDocumentHelper.hh ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer'] ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer']
/src/libjpeg-turbo/jdarith.c ['future_dct_fuzzer', 'dct_fuzzer'] ['future_dct_fuzzer', 'dct_fuzzer']
/src/qpdf/include/qpdf/QPDFObjectHandle.hh ['qpdf_pages_fuzzer', 'json_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'qpdf_fuzzer'] ['qpdf_pages_fuzzer', 'json_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'qpdf_fuzzer']
/src/libjpeg-turbo/jdapimin.c ['future_dct_fuzzer', 'dct_fuzzer'] ['future_dct_fuzzer', 'dct_fuzzer']
/src/qpdf/libqpdf/Pl_RC4.cc ['qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['qpdf_crypt_insecure_fuzzer', 'future_qpdf_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/libjpeg-turbo/jcapistd.c ['future_dct_fuzzer', 'dct_fuzzer'] []
/src/qpdf/libqpdf/QPDFOutlineDocumentHelper.cc ['qpdf_pages_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer'] ['qpdf_pages_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer']
/src/qpdf/include/qpdf/QPDFObjGen.hh ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/libjpeg-turbo/jmemnobs.c ['future_dct_fuzzer', 'dct_fuzzer'] ['future_dct_fuzzer', 'dct_fuzzer']
/src/qpdf/include/qpdf/JSON.hh ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_pages_fuzzer'] ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_pages_fuzzer']
/src/qpdf/libqpdf/qpdf/Pl_AES_PDF.hh ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer']
/src/zlib/crc32.c ['flate_fuzzer', 'future_flate_fuzzer'] []
/src/qpdf/libqpdf/QPDFCryptoProvider.cc ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/fuzz/qpdf_fuzzer.cc ['future_qpdf_fuzzer', 'qpdf_fuzzer'] ['future_qpdf_fuzzer', 'qpdf_fuzzer']
/src/libjpeg-turbo/jdmerge.c ['future_dct_fuzzer', 'dct_fuzzer'] ['future_dct_fuzzer', 'dct_fuzzer']
/src/qpdf/libqpdf/MD5_native.cc [] []
/src/qpdf/libqpdf/QUtil.cc ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/include/qpdf/QPDFOutlineObjectHelper.hh ['qpdf_pages_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer'] ['qpdf_pages_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer']
/src/qpdf/fuzz/hex_fuzzer.cc ['future_hex_fuzzer', 'hex_fuzzer'] ['future_hex_fuzzer', 'hex_fuzzer']
/src/libjpeg-turbo/jcmaster.c ['future_dct_fuzzer', 'dct_fuzzer'] []
/src/qpdf/libqpdf/qpdf/SF_DCTDecode.hh [] []
/src/libjpeg-turbo/jcprepct.c ['future_dct_fuzzer', 'dct_fuzzer'] []
/src/qpdf/libqpdf/QPDF_Destroyed.cc ['future_json_fuzzer', 'json_fuzzer'] ['future_json_fuzzer', 'json_fuzzer']
/src/qpdf/libqpdf/QPDF_String.cc ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/libqpdf/QPDFFormFieldObjectHelper.cc ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer'] ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer']
/src/qpdf/libqpdf/QPDFObjectHelper.cc ['qpdf_pages_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer'] ['qpdf_pages_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer']
/src/qpdf/libqpdf/QPDF_Integer.cc ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/fuzz/tiffpredictor_fuzzer.cc ['tiffpredictor_fuzzer', 'future_tiffpredictor_fuzzer'] ['tiffpredictor_fuzzer', 'future_tiffpredictor_fuzzer']
/src/libjpeg-turbo/jcdctmgr.c ['future_dct_fuzzer', 'dct_fuzzer'] []
/src/libjpeg-turbo/jquant2.c ['future_dct_fuzzer', 'dct_fuzzer'] []
/usr/local/bin/../include/c++/v1/optional [] []
/src/qpdf/libqpdf/SF_FlateLzwDecode.cc [] []
/src/libjpeg-turbo/jdmainct.h [] []
/src/libjpeg-turbo/jdlhuff.c ['future_dct_fuzzer', 'dct_fuzzer'] ['future_dct_fuzzer', 'dct_fuzzer']
/src/libjpeg-turbo/jddiffct.c ['future_dct_fuzzer', 'dct_fuzzer'] ['future_dct_fuzzer', 'dct_fuzzer']
/src/qpdf/libqpdf/QPDF_encryption.cc ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/libqpdf/Pl_QPDFTokenizer.cc ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer'] ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer']
/src/qpdf/libqpdf/QPDFPageDocumentHelper.cc ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer'] ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer']
/src/qpdf/fuzz/qpdf_crypt_insecure_fuzzer.cc ['qpdf_crypt_insecure_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['qpdf_crypt_insecure_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/libqpdf/qpdf/QPDF_Name.hh [] []
/src/qpdf/libqpdf/qpdf/QPDF_String.hh ['qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/libqpdf/QPDFSystemError.cc ['qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] []
/src/zlib/inflate.c ['flate_fuzzer', 'future_flate_fuzzer'] []
/src/qpdf/libqpdf/qpdf/JSON_writer.hh ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer'] ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer']
/src/libjpeg-turbo/jstdhuff.c ['future_dct_fuzzer', 'dct_fuzzer'] ['future_dct_fuzzer', 'dct_fuzzer']
/src/qpdf/libqpdf/qpdf/Pl_TIFFPredictor.hh ['tiffpredictor_fuzzer', 'future_tiffpredictor_fuzzer'] ['tiffpredictor_fuzzer', 'future_tiffpredictor_fuzzer']
/src/qpdf/include/qpdf/QPDFExc.hh ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/libjpeg-turbo/jdinput.c ['future_dct_fuzzer', 'dct_fuzzer'] ['future_dct_fuzzer', 'dct_fuzzer']
/src/qpdf/include/qpdf/QPDFStreamFilter.hh [] []
/src/libjpeg-turbo/jdhuff.c ['future_dct_fuzzer', 'dct_fuzzer'] ['future_dct_fuzzer', 'dct_fuzzer']
/src/libjpeg-turbo/jdmainct.c ['future_dct_fuzzer', 'dct_fuzzer'] ['future_dct_fuzzer', 'dct_fuzzer']
/src/qpdf/libqpdf/qpdf/bits_functions.hh ['tiffpredictor_fuzzer', 'future_tiffpredictor_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['tiffpredictor_fuzzer', 'future_tiffpredictor_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer']
/src/libjpeg-turbo/jdapistd.c ['future_dct_fuzzer', 'dct_fuzzer'] ['future_dct_fuzzer', 'dct_fuzzer']
/usr/local/bin/../include/c++/v1/variant [] []
/src/qpdf/libqpdf/qpdf/QPDF_Null.hh [] []
/src/qpdf/libqpdf/QPDFAnnotationObjectHelper.cc ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer'] ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer']
/src/qpdf/libqpdf/RC4_native.cc [] []
/src/libjpeg-turbo/jfdctfst.c [] []
/src/qpdf/include/qpdf/Pl_RunLength.hh [] []
/src/zlib/inftrees.c ['flate_fuzzer', 'future_flate_fuzzer'] []
/src/qpdf/include/qpdf/QPDFPageObjectHelper.hh ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer'] ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer']
/usr/local/bin/../include/c++/v1/stdexcept ['lzw_fuzzer', 'future_lzw_fuzzer', 'flate_fuzzer', 'tiffpredictor_fuzzer', 'future_flate_fuzzer', 'future_tiffpredictor_fuzzer', 'future_dct_fuzzer', 'future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'dct_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] []
/src/qpdf/libqpdf/ResourceFinder.cc [] []
/src/qpdf/libqpdf/qpdf/MD5.hh ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] []
/src/qpdf/libqpdf/qpdf/QPDFCrypto_native.hh [] []
/src/qpdf/libqpdf/Pl_TIFFPredictor.cc ['tiffpredictor_fuzzer', 'future_tiffpredictor_fuzzer', 'qpdf_pages_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['tiffpredictor_fuzzer', 'future_tiffpredictor_fuzzer', 'qpdf_pages_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/libqpdf/BitWriter.cc ['tiffpredictor_fuzzer', 'future_tiffpredictor_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['tiffpredictor_fuzzer', 'future_tiffpredictor_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer']
/src/qpdf/include/qpdf/QPDFFormFieldObjectHelper.hh ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer'] ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer']
/src/qpdf/libqpdf/Pl_AES_PDF.cc ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer']
/src/qpdf/libqpdf/qpdf/Pl_LZWDecoder.hh ['lzw_fuzzer', 'future_lzw_fuzzer'] ['lzw_fuzzer', 'future_lzw_fuzzer']
/src/qpdf/libqpdf/Pl_ASCII85Decoder.cc ['ascii85_fuzzer', 'future_ascii85_fuzzer'] ['ascii85_fuzzer', 'future_ascii85_fuzzer']
/src/qpdf/libqpdf/QPDFTokenizer.cc ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/libqpdf/qpdf/QPDFParser.hh ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/libqpdf/QPDFObjectHandle.cc ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/fuzz/runlength_fuzzer.cc ['runlength_fuzzer', 'future_runlength_fuzzer'] ['runlength_fuzzer', 'future_runlength_fuzzer']
/src/qpdf/libqpdf/qpdf/SF_RunLengthDecode.hh [] []
/src/qpdf/libqpdf/QPDF_Unresolved.cc ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['qpdf_pages_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/include/qpdf/QPDF.hh ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/libqpdf/Pl_LZWDecoder.cc ['lzw_fuzzer', 'future_lzw_fuzzer'] ['lzw_fuzzer', 'future_lzw_fuzzer']
/src/qpdf/include/qpdf/QPDFObjectHandle_future.hh ['future_json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'future_qpdf_crypt_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'future_qpdf_crypt_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/libqpdf/BitStream.cc ['tiffpredictor_fuzzer', 'future_tiffpredictor_fuzzer'] ['tiffpredictor_fuzzer', 'future_tiffpredictor_fuzzer']
/src/libjpeg-turbo/jchuff.c ['future_dct_fuzzer', 'dct_fuzzer'] []
/src/libjpeg-turbo/jddctmgr.c ['future_dct_fuzzer', 'dct_fuzzer'] ['future_dct_fuzzer', 'dct_fuzzer']
/src/qpdf/libqpdf/qpdf/QPDF_Unresolved.hh [] []
/src/qpdf/libqpdf/QPDF_Real.cc ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/libqpdf/qpdf/RC4.hh ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] []
/src/libjpeg-turbo/jcarith.c ['future_dct_fuzzer', 'dct_fuzzer'] []
/src/qpdf/libqpdf/NNTree.cc ['qpdf_pages_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer'] ['qpdf_pages_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer']
/src/qpdf/libqpdf/BufferInputSource.cc ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/libqpdf/QPDF_pages.cc ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['qpdf_pages_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/libqpdf/QPDF_Stream.cc ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/libqpdf/PDFVersion.cc [] []
/src/qpdf/libqpdf/Buffer.cc ['lzw_fuzzer', 'future_lzw_fuzzer', 'future_dct_fuzzer', 'future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'dct_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['lzw_fuzzer', 'future_lzw_fuzzer', 'future_dct_fuzzer', 'future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'dct_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/include/qpdf/QIntC.hh ['lzw_fuzzer', 'future_lzw_fuzzer', 'flate_fuzzer', 'tiffpredictor_fuzzer', 'future_flate_fuzzer', 'future_tiffpredictor_fuzzer', 'future_dct_fuzzer', 'future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'dct_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['lzw_fuzzer', 'future_lzw_fuzzer', 'flate_fuzzer', 'tiffpredictor_fuzzer', 'future_flate_fuzzer', 'future_tiffpredictor_fuzzer', 'future_dct_fuzzer', 'future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'dct_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/libjpeg-turbo/jclhuff.c ['future_dct_fuzzer', 'dct_fuzzer'] []
/src/qpdf/include/qpdf/Pl_Buffer.hh ['future_dct_fuzzer', 'future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'dct_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_dct_fuzzer', 'qpdf_pages_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'dct_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/libqpdf/QPDFStreamFilter.cc [] []
/src/qpdf/include/qpdf/QPDFAcroFormDocumentHelper.hh ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer'] ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer']
/src/qpdf/fuzz/dct_fuzzer.cc ['future_dct_fuzzer', 'dct_fuzzer'] ['future_dct_fuzzer', 'dct_fuzzer']
/src/libjpeg-turbo/jcapimin.c ['future_dct_fuzzer', 'dct_fuzzer'] []
/src/libjpeg-turbo/jcparam.c ['future_dct_fuzzer', 'dct_fuzzer'] []
/src/libjpeg-turbo/jccolor.c ['future_dct_fuzzer', 'dct_fuzzer'] []
/src/qpdf/include/qpdf/QPDFCryptoImpl.hh [] []
/src/qpdf/libqpdf/Pl_RunLength.cc ['runlength_fuzzer', 'future_runlength_fuzzer'] ['runlength_fuzzer', 'future_runlength_fuzzer']
/src/qpdf/libqpdf/QPDF_linearization.cc ['qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer']
/src/qpdf/libqpdf/QPDF_Reserved.cc [] []
/src/libjpeg-turbo/jerror.c ['future_dct_fuzzer', 'dct_fuzzer'] ['future_dct_fuzzer', 'dct_fuzzer']
/src/qpdf/libqpdf/QPDFCrypto_native.cc [] []
/src/qpdf/libqpdf/QPDFOutlineObjectHelper.cc ['qpdf_pages_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer'] ['qpdf_pages_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer']
/src/libjpeg-turbo/jdcoefct.h [] []
/src/qpdf/libqpdf/qpdf/QPDF_Destroyed.hh [] []
/src/qpdf/libqpdf/sph/sph_types.h [] []
/src/qpdf/include/qpdf/QTC.hh ['future_hex_fuzzer', 'runlength_fuzzer', 'lzw_fuzzer', 'future_lzw_fuzzer', 'ascii85_fuzzer', 'future_ascii85_fuzzer', 'future_pngpredictor_fuzzer', 'tiffpredictor_fuzzer', 'future_tiffpredictor_fuzzer', 'pngpredictor_fuzzer', 'future_runlength_fuzzer', 'future_json_fuzzer', 'hex_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_hex_fuzzer', 'lzw_fuzzer', 'future_lzw_fuzzer', 'ascii85_fuzzer', 'future_ascii85_fuzzer', 'future_pngpredictor_fuzzer', 'tiffpredictor_fuzzer', 'future_tiffpredictor_fuzzer', 'pngpredictor_fuzzer', 'future_json_fuzzer', 'hex_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/libqpdf/QPDFObject.cc ['future_json_fuzzer', 'json_fuzzer'] ['future_json_fuzzer', 'json_fuzzer']
/src/qpdf/libqpdf/qpdf/QPDF_Integer.hh [] []
/src/libjpeg-turbo/jclossls.c ['future_dct_fuzzer', 'dct_fuzzer'] []
/src/qpdf/libqpdf/Pl_PNGFilter.cc ['future_pngpredictor_fuzzer', 'pngpredictor_fuzzer', 'qpdf_pages_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_pngpredictor_fuzzer', 'pngpredictor_fuzzer', 'qpdf_pages_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/fuzz/json_fuzzer.cc ['future_json_fuzzer', 'json_fuzzer'] ['future_json_fuzzer', 'json_fuzzer']
/src/qpdf/include/qpdf/QPDFSystemError.hh ['qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] []
/src/qpdf/libqpdf/qpdf/SF_ASCII85Decode.hh [] []
/src/libjpeg-turbo/jcomapi.c ['future_dct_fuzzer', 'dct_fuzzer'] ['future_dct_fuzzer', 'dct_fuzzer']
/src/libjpeg-turbo/jcphuff.c ['future_dct_fuzzer', 'dct_fuzzer'] []
/src/zlib/adler32.c ['flate_fuzzer', 'future_flate_fuzzer'] ['flate_fuzzer', 'future_flate_fuzzer']
/src/qpdf/libqpdf/QPDFValue.cc ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/libqpdf/QPDFLogger.cc ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/include/qpdf/QPDFNumberTreeObjectHelper.hh ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer'] ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer']
/src/qpdf/libqpdf/qpdf/ObjTable.hh ['qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/include/qpdf/Buffer.hh ['lzw_fuzzer', 'future_lzw_fuzzer', 'future_dct_fuzzer', 'future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'dct_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] []
/src/qpdf/libqpdf/QPDFWriter.cc ['qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/libqpdf/sph/md_helper.c [] []
/src/libjpeg-turbo/jidctred.c [] []
/src/qpdf/libqpdf/qpdf/QPDF_Real.hh [] []
/src/qpdf/include/qpdf/QPDFXRefEntry.hh ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['qpdf_pages_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/libqpdf/QPDFNumberTreeObjectHelper.cc ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer'] ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer']
/src/qpdf/libqpdf/qpdf/SF_FlateLzwDecode.hh [] []
/src/libjpeg-turbo/jcmainct.c ['future_dct_fuzzer', 'dct_fuzzer'] []
/src/qpdf/libqpdf/qpdf/ResourceFinder.hh [] []
/src/qpdf/include/qpdf/Pl_DCT.hh [] []
/src/qpdf/libqpdf/qpdf/Pl_RC4.hh [] []
/src/libjpeg-turbo/jdmarker.c ['future_dct_fuzzer', 'dct_fuzzer'] ['future_dct_fuzzer', 'dct_fuzzer']
/src/qpdf/libqpdf/sha2big.c [] []
/src/qpdf/include/qpdf/QPDFObjectHelper.hh ['qpdf_pages_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer'] ['qpdf_pages_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer']
/src/qpdf/libqpdf/qpdf/Pl_Base64.hh [] []
/src/qpdf/libqpdf/QPDFParser.cc ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/libqpdf/qpdf/QPDF_Reserved.hh [] []
/src/qpdf/libqpdf/Pl_Buffer.cc ['future_dct_fuzzer', 'future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'dct_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_dct_fuzzer', 'qpdf_pages_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'dct_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/libqpdf/qpdf/Pl_ASCIIHexDecoder.hh ['future_hex_fuzzer', 'hex_fuzzer'] []
/src/qpdf/libqpdf/QPDFObjGen.cc ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/libqpdf/QPDF_optimization.cc ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['qpdf_pages_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/fuzz/flate_fuzzer.cc ['flate_fuzzer', 'future_flate_fuzzer'] ['flate_fuzzer', 'future_flate_fuzzer']
/src/qpdf/include/qpdf/QPDFLogger.hh [] []
/src/qpdf/include/qpdf/QPDFWriter.hh ['qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/libqpdf/qpdf/Pl_PNGFilter.hh ['future_pngpredictor_fuzzer', 'pngpredictor_fuzzer'] ['future_pngpredictor_fuzzer', 'pngpredictor_fuzzer']
/src/qpdf/libqpdf/Pl_DCT.cc ['future_dct_fuzzer', 'qpdf_pages_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'dct_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_dct_fuzzer', 'qpdf_pages_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'dct_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/libjpeg-turbo/jcmarker.c ['future_dct_fuzzer', 'dct_fuzzer'] []
/src/qpdf/fuzz/lzw_fuzzer.cc ['lzw_fuzzer', 'future_lzw_fuzzer'] ['lzw_fuzzer', 'future_lzw_fuzzer']
/src/libjpeg-turbo/jcsample.c ['future_dct_fuzzer', 'dct_fuzzer'] []
/src/libjpeg-turbo/jmemmgr.c ['future_dct_fuzzer', 'dct_fuzzer'] ['future_dct_fuzzer', 'dct_fuzzer']
/src/qpdf/libqpdf/QPDF_Name.cc ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/libqpdf/qpdf/CryptoRandomDataProvider.hh ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] []
/src/qpdf/libqpdf/Pl_StdioFile.cc ['qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] []
/src/qpdf/libqpdf/QPDFXRefEntry.cc ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['qpdf_pages_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/libqpdf/qpdf/QPDF_Array.hh ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/libqpdf/SHA2_native.cc [] []
/src/qpdf/fuzz/qpdf_outlines_fuzzer.cc ['future_qpdf_outlines_fuzzer', 'qpdf_outlines_fuzzer'] ['future_qpdf_outlines_fuzzer', 'qpdf_outlines_fuzzer']
/src/libjpeg-turbo/jccoefct.c ['future_dct_fuzzer', 'dct_fuzzer'] []
/src/qpdf/libqpdf/CryptoRandomDataProvider.cc ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer']
/src/libjpeg-turbo/jdsample.c ['future_dct_fuzzer', 'dct_fuzzer'] ['future_dct_fuzzer', 'dct_fuzzer']
/src/qpdf/libqpdf/Pl_Discard.cc ['future_hex_fuzzer', 'runlength_fuzzer', 'lzw_fuzzer', 'future_lzw_fuzzer', 'ascii85_fuzzer', 'flate_fuzzer', 'future_ascii85_fuzzer', 'future_pngpredictor_fuzzer', 'tiffpredictor_fuzzer', 'future_flate_fuzzer', 'future_tiffpredictor_fuzzer', 'future_dct_fuzzer', 'pngpredictor_fuzzer', 'future_runlength_fuzzer', 'future_json_fuzzer', 'hex_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'dct_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_hex_fuzzer', 'runlength_fuzzer', 'lzw_fuzzer', 'future_lzw_fuzzer', 'ascii85_fuzzer', 'flate_fuzzer', 'future_ascii85_fuzzer', 'future_pngpredictor_fuzzer', 'tiffpredictor_fuzzer', 'future_flate_fuzzer', 'future_tiffpredictor_fuzzer', 'future_dct_fuzzer', 'pngpredictor_fuzzer', 'future_runlength_fuzzer', 'future_json_fuzzer', 'hex_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'dct_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/include/qpdf/InputSource.hh ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/libqpdf/qpdf/QPDFObject_private.hh ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/libqpdf/QPDFExc.cc ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/libqpdf/OffsetInputSource.cc [] []
/src/qpdf/fuzz/qpdf_pages_fuzzer.cc ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer'] ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer']
/src/libjpeg-turbo/jquant1.c ['future_dct_fuzzer', 'dct_fuzzer'] []
/src/qpdf/libqpdf/rijndael.cc [] []
/src/qpdf/libqpdf/QPDFPageObjectHelper.cc ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer'] ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer']
/src/qpdf/include/qpdf/QPDFDocumentHelper.hh ['qpdf_pages_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer'] ['qpdf_pages_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer']
/src/qpdf/libqpdf/JSON.cc ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_pages_fuzzer'] ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_pages_fuzzer']
/src/libjpeg-turbo/jdmaster.c ['future_dct_fuzzer', 'dct_fuzzer'] ['future_dct_fuzzer', 'dct_fuzzer']
/src/qpdf/libqpdf/qpdf/QPDF_Dictionary.hh [] []
/src/qpdf/libqpdf/QPDF_InlineImage.cc [] []
/src/qpdf/include/qpdf/RandomDataProvider.hh ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer']
/src/qpdf/libqpdf/sha2.c [] []
/src/libjpeg-turbo/jidctint.c [] []
/src/qpdf/fuzz/ascii85_fuzzer.cc ['ascii85_fuzzer', 'future_ascii85_fuzzer'] ['ascii85_fuzzer', 'future_ascii85_fuzzer']
/src/qpdf/include/qpdf/QUtil.hh ['flate_fuzzer', 'future_pngpredictor_fuzzer', 'future_flate_fuzzer', 'pngpredictor_fuzzer', 'future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['flate_fuzzer', 'future_pngpredictor_fuzzer', 'future_flate_fuzzer', 'pngpredictor_fuzzer', 'future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/libqpdf/RC4.cc ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/libqpdf/QPDF_Array.cc ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/libqpdf/qpdf/Pl_SHA2.hh ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer']
/src/qpdf/fuzz/pngpredictor_fuzzer.cc ['future_pngpredictor_fuzzer', 'pngpredictor_fuzzer'] ['future_pngpredictor_fuzzer', 'pngpredictor_fuzzer']
/src/qpdf/libqpdf/qpdf/QPDFWriter_private.hh ['qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer']
/src/qpdf/libqpdf/qpdf/QPDFValue.hh ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/libqpdf/FileInputSource.cc [] []
/src/zlib/trees.c ['flate_fuzzer', 'future_flate_fuzzer'] ['flate_fuzzer', 'future_flate_fuzzer']
/src/libjpeg-turbo/jcinit.c ['future_dct_fuzzer', 'dct_fuzzer'] []
/src/qpdf/include/qpdf/QPDFTokenizer.hh ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/libjpeg-turbo/jdpostct.c ['future_dct_fuzzer', 'dct_fuzzer'] ['future_dct_fuzzer', 'dct_fuzzer']
/src/qpdf/libqpdf/qpdf/OffsetInputSource.hh [] []
/src/zlib/zutil.c [] []
/src/qpdf/libqpdf/QPDF_Operator.cc ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer']
/src/qpdf/libqpdf/InputSource.cc ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/libqpdf/qpdf/Pl_MD5.hh [] []
/src/qpdf/libqpdf/qpdf/Pl_ASCII85Decoder.hh ['ascii85_fuzzer', 'future_ascii85_fuzzer'] []
/src/qpdf/libqpdf/QPDFDocumentHelper.cc ['qpdf_pages_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer'] ['qpdf_pages_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer']
/src/qpdf/libqpdf/Pl_ASCIIHexDecoder.cc ['future_hex_fuzzer', 'hex_fuzzer'] ['future_hex_fuzzer', 'hex_fuzzer']
/src/libjpeg-turbo/jutils.c ['future_dct_fuzzer', 'dct_fuzzer'] ['future_dct_fuzzer', 'dct_fuzzer']
/src/qpdf/include/qpdf/Pipeline.hh ['future_hex_fuzzer', 'runlength_fuzzer', 'lzw_fuzzer', 'future_lzw_fuzzer', 'ascii85_fuzzer', 'flate_fuzzer', 'future_ascii85_fuzzer', 'future_pngpredictor_fuzzer', 'tiffpredictor_fuzzer', 'future_flate_fuzzer', 'future_tiffpredictor_fuzzer', 'future_dct_fuzzer', 'pngpredictor_fuzzer', 'future_runlength_fuzzer', 'future_json_fuzzer', 'hex_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'dct_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_hex_fuzzer', 'runlength_fuzzer', 'lzw_fuzzer', 'future_lzw_fuzzer', 'ascii85_fuzzer', 'flate_fuzzer', 'future_ascii85_fuzzer', 'future_pngpredictor_fuzzer', 'tiffpredictor_fuzzer', 'future_flate_fuzzer', 'future_tiffpredictor_fuzzer', 'future_dct_fuzzer', 'pngpredictor_fuzzer', 'future_runlength_fuzzer', 'future_json_fuzzer', 'hex_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'dct_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/include/qpdf/QPDFNameTreeObjectHelper.hh ['qpdf_pages_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer'] ['qpdf_pages_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer']
/src/libjpeg-turbo/jdcoefct.c ['future_dct_fuzzer', 'dct_fuzzer'] ['future_dct_fuzzer', 'dct_fuzzer']
/src/qpdf/libqpdf/QPDF_Dictionary.cc ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/libqpdf/QPDF_Null.cc ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/libjpeg-turbo/jcdiffct.c ['future_dct_fuzzer', 'dct_fuzzer'] []
/src/qpdf/libqpdf/QPDF_json.cc ['future_json_fuzzer', 'json_fuzzer'] ['future_json_fuzzer', 'json_fuzzer']
/src/qpdf/libqpdf/Pl_MD5.cc ['qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_fuzzer']
/src/qpdf/libqpdf/qpdf/AES_PDF_native.hh [] []
/src/qpdf/libqpdf/qpdf/QPDF_Stream.hh [] []
/src/qpdf/libqpdf/Pl_OStream.cc ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/include/qpdf/QPDFCryptoProvider.hh ['future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/libqpdf/Pl_Flate.cc ['flate_fuzzer', 'future_flate_fuzzer', 'future_json_fuzzer', 'qpdf_pages_fuzzer', 'json_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer'] ['flate_fuzzer', 'future_flate_fuzzer', 'qpdf_pages_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer', 'qpdf_crypt_insecure_fuzzer', 'future_qpdf_lin_fuzzer', 'future_qpdf_fuzzer', 'qpdf_lin_fuzzer', 'qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer', 'qpdf_fuzzer', 'future_qpdf_crypt_insecure_fuzzer']
/src/qpdf/fuzz/qpdf_crypt_fuzzer.cc ['qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer'] ['qpdf_crypt_fuzzer', 'future_qpdf_crypt_fuzzer']
/src/qpdf/libqpdf/QPDFPageLabelDocumentHelper.cc ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer'] ['qpdf_pages_fuzzer', 'future_qpdf_pages_fuzzer']
/src/qpdf/libqpdf/QPDFNameTreeObjectHelper.cc ['qpdf_pages_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer'] ['qpdf_pages_fuzzer', 'future_qpdf_outlines_fuzzer', 'future_qpdf_pages_fuzzer', 'qpdf_outlines_fuzzer']
/src/libjpeg-turbo/jidctflt.c [] []
/src/qpdf/include/qpdf/Pl_QPDFTokenizer.hh [] []
/src/zlib/inffast.c ['flate_fuzzer', 'future_flate_fuzzer'] []

Directories in report

Directory
/usr/local/bin/../include/c++/v1/__exception/
/usr/local/bin/../include/c++/v1/
/src/qpdf/libqpdf/
/src/qpdf/libqpdf/qpdf/
/src/qpdf/libqpdf/sph/
/src/qpdf/include/qpdf/
/src/zlib/
/src/libjpeg-turbo/
/src/qpdf/fuzz/
/src/libjpeg-turbo/simd/x86_64/

Metadata section

This sections shows the raw data that is used to produce this report. This is mainly used for further processing and developer debugging.

Fuzzer Calltree file Program data file Coverage file
future_hex_fuzzer fuzzerLogFile-0-aXT2tGFHnw.data fuzzerLogFile-0-aXT2tGFHnw.data.yaml future_hex_fuzzer.covreport
runlength_fuzzer fuzzerLogFile-0-91BbnzDium.data fuzzerLogFile-0-91BbnzDium.data.yaml runlength_fuzzer.covreport
lzw_fuzzer fuzzerLogFile-0-GESj9eNK1e.data fuzzerLogFile-0-GESj9eNK1e.data.yaml lzw_fuzzer.covreport
future_lzw_fuzzer fuzzerLogFile-0-3d3G9XB9lE.data fuzzerLogFile-0-3d3G9XB9lE.data.yaml future_lzw_fuzzer.covreport
ascii85_fuzzer fuzzerLogFile-0-KregFcp08X.data fuzzerLogFile-0-KregFcp08X.data.yaml ascii85_fuzzer.covreport
flate_fuzzer fuzzerLogFile-0-T4DMD36jg2.data fuzzerLogFile-0-T4DMD36jg2.data.yaml flate_fuzzer.covreport
future_ascii85_fuzzer fuzzerLogFile-0-g6JIEynJWq.data fuzzerLogFile-0-g6JIEynJWq.data.yaml future_ascii85_fuzzer.covreport
future_pngpredictor_fuzzer fuzzerLogFile-0-faoX46z2k7.data fuzzerLogFile-0-faoX46z2k7.data.yaml future_pngpredictor_fuzzer.covreport
tiffpredictor_fuzzer fuzzerLogFile-0-KAYqnqrVpz.data fuzzerLogFile-0-KAYqnqrVpz.data.yaml tiffpredictor_fuzzer.covreport
future_flate_fuzzer fuzzerLogFile-0-2ELY6kYIPj.data fuzzerLogFile-0-2ELY6kYIPj.data.yaml future_flate_fuzzer.covreport
future_tiffpredictor_fuzzer fuzzerLogFile-0-6EokfI5JkP.data fuzzerLogFile-0-6EokfI5JkP.data.yaml future_tiffpredictor_fuzzer.covreport
future_dct_fuzzer fuzzerLogFile-0-Sk1GdVfPhO.data fuzzerLogFile-0-Sk1GdVfPhO.data.yaml future_dct_fuzzer.covreport
pngpredictor_fuzzer fuzzerLogFile-0-TPesU1hzZX.data fuzzerLogFile-0-TPesU1hzZX.data.yaml pngpredictor_fuzzer.covreport
future_runlength_fuzzer fuzzerLogFile-0-zXLC9bKtWE.data fuzzerLogFile-0-zXLC9bKtWE.data.yaml future_runlength_fuzzer.covreport
future_json_fuzzer fuzzerLogFile-0-J3a28yi7yu.data fuzzerLogFile-0-J3a28yi7yu.data.yaml future_json_fuzzer.covreport
hex_fuzzer fuzzerLogFile-0-NjTAZ5Sizm.data fuzzerLogFile-0-NjTAZ5Sizm.data.yaml hex_fuzzer.covreport
qpdf_pages_fuzzer fuzzerLogFile-0-nGqVjaNJPu.data fuzzerLogFile-0-nGqVjaNJPu.data.yaml qpdf_pages_fuzzer.covreport
json_fuzzer fuzzerLogFile-0-TyoedpEk9Z.data fuzzerLogFile-0-TyoedpEk9Z.data.yaml json_fuzzer.covreport
future_qpdf_outlines_fuzzer fuzzerLogFile-0-nvjnAwRe8m.data fuzzerLogFile-0-nvjnAwRe8m.data.yaml future_qpdf_outlines_fuzzer.covreport
future_qpdf_pages_fuzzer fuzzerLogFile-0-99FPMiH8kb.data fuzzerLogFile-0-99FPMiH8kb.data.yaml future_qpdf_pages_fuzzer.covreport
dct_fuzzer fuzzerLogFile-0-tsy9PTin4w.data fuzzerLogFile-0-tsy9PTin4w.data.yaml dct_fuzzer.covreport
qpdf_outlines_fuzzer fuzzerLogFile-0-xZfEE7jVvf.data fuzzerLogFile-0-xZfEE7jVvf.data.yaml qpdf_outlines_fuzzer.covreport
qpdf_crypt_insecure_fuzzer fuzzerLogFile-0-nxLz4VbQtU.data fuzzerLogFile-0-nxLz4VbQtU.data.yaml qpdf_crypt_insecure_fuzzer.covreport
future_qpdf_lin_fuzzer fuzzerLogFile-0-rOcHsoFTjA.data fuzzerLogFile-0-rOcHsoFTjA.data.yaml future_qpdf_lin_fuzzer.covreport
future_qpdf_fuzzer fuzzerLogFile-0-Wo31QBEBri.data fuzzerLogFile-0-Wo31QBEBri.data.yaml future_qpdf_fuzzer.covreport
qpdf_lin_fuzzer fuzzerLogFile-0-IXj7KsBiDV.data fuzzerLogFile-0-IXj7KsBiDV.data.yaml qpdf_lin_fuzzer.covreport
qpdf_crypt_fuzzer fuzzerLogFile-0-m3OinkVGcE.data fuzzerLogFile-0-m3OinkVGcE.data.yaml qpdf_crypt_fuzzer.covreport
future_qpdf_crypt_fuzzer fuzzerLogFile-0-ZRuZ0TyBln.data fuzzerLogFile-0-ZRuZ0TyBln.data.yaml future_qpdf_crypt_fuzzer.covreport
qpdf_fuzzer fuzzerLogFile-0-ipkGyDMAte.data fuzzerLogFile-0-ipkGyDMAte.data.yaml qpdf_fuzzer.covreport
future_qpdf_crypt_insecure_fuzzer fuzzerLogFile-0-y5l9CNe8Er.data fuzzerLogFile-0-y5l9CNe8Er.data.yaml future_qpdf_crypt_insecure_fuzzer.covreport