High level conclusions

Fuzzers reach 11.38% of cyclomatic complexity.

Fuzzers reach 13.67% of all functions.

Reachability and coverage overview

Functions statically reachable by fuzzers

353 / 2581

Cyclomatic complexity statically reachable by fuzzers

2408 / 21143

Runtime code coverage of functions

300 / 2581

The following table shows data about each function in the project. The functions included in this table correspond to all functions that exist in the executables of the fuzzers. As such, there may be functions that are from third-party libraries.

For further technical details on the meaning of columns in the below table, please see the Glossary .

Func name	Functions filename	Args	Function call depth	Reached by Fuzzers	Runtime reached by Fuzzers	Combined reached by Fuzzers	Fuzzers runtime hit	Func lines hit %	I Count	BB Count	Cyclomatic complexity	Functions reached	Reached by functions	Accumulated cyclomatic complexity	Undiscovered complexity

Fuzzer: parse_packet_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	1	0.60%
gold	[1:9]	4	2.42%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	1	0.60%
lawngreen	50+	159	96.3%
All colors	165	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
1	4	regional_create_custom_large_object	call site: 00004	abort

Runtime coverage analysis

Covered functions

54

Functions that are reachable but not covered

20

Reachable functions

74

Percentage of reachable functions covered

72.97%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
parse_packet_fuzzer.c	1
util/regional.c	5
sldns/sbuffer.c	1
util/data/msgparse.c	25
./sldns/sbuffer.h	17
util/data/dname.c	3
util/storage/lookup3.c	1
sldns/rrdef.c	1

Fuzzer: fuzz_3_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	5	1.79%
gold	[1:9]	8	2.86%
yellow	[10:29]	13	4.65%
greenyellow	[30:49]	13	4.65%
lawngreen	50+	240	86.0%
All colors	279	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
2	76	sldns_bget_token_par	call site: 00076	sldns_bskipcs
1	1	LLVMFuzzerTestOneInput	call site: 00001	sldns_str2wire_dname_buf_rel
1	179	sldns_str2wire_wks_buf	call site: 00179	tolower
1	237	sldns_str2wire_ipseckey_buf	call site: 00237	sldns_buffer_position

Runtime coverage analysis

Covered functions

74

Functions that are reachable but not covered

21

Reachable functions

95

Percentage of reachable functions covered

77.89%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
fuzz_3.c	1
sldns/str2wire.c	37
sldns/parseutil.c	14
./sldns/sbuffer.h	14
compat/strlcpy.c	1
sldns/sbuffer.c	1
sldns/parse.c	4
sldns/rrdef.c	2

Fuzzer: fuzz_1_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	336	52.4%
gold	[1:9]	10	1.56%
yellow	[10:29]	6	0.93%
greenyellow	[30:49]	6	0.93%
lawngreen	50+	283	44.1%
All colors	641	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
197	420	scrub_sanitize	call site: 00420	store_rrset
30	4	log_init	call site: 00004	log_vmsg
25	392	scrub_sanitize	call site: 00392	msgparse_rrset_remove_rr
12	297	scrub_normalize	call site: 00297	parse_get_cname_target
11	251	scrub_message	call site: 00251	log_info
10	377	scrub_sanitize_rr_length	call site: 00377	log_nametypeclass
9	51	log_init	call site: 00051	log_err
6	63	log_init	call site: 00063	log_err
6	370	scrub_sanitize_rr_length	call site: 00370	log_err
5	317	scrub_normalize	call site: 00317	shorten_rrset
4	632	scrub_sanitize	call site: 00632	store_rrset
3	44	log_init	call site: 00044	log_vmsg

Runtime coverage analysis

Covered functions

89

Functions that are reachable but not covered

104

Reachable functions

193

Percentage of reachable functions covered

46.11%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
fuzz_1.c	1
util/log.c	7
sldns/sbuffer.c	3
./sldns/sbuffer.h	19
util/regional.c	10
util/data/msgparse.c	27
util/data/dname.c	12
util/storage/lookup3.c	1
sldns/rrdef.c	1
util/data/msgreply.c	7
iterator/iter_scrub.c	20
util/net_help.c	4
sldns/parseutil.c	1
util/module.c	1
compat/strlcpy.c	1
iterator/iter_priv.c	3
util/storage/dnstree.c	2
util/rbtree.c	1
util/fptr_wlist.c	7
util/alloc.c	6
util/data/packed_rrset.c	3
services/cache/rrset.c	3
util/storage/slabhash.c	3
util/storage/lruhash.c	11

Fuzzer: fuzz_2_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	27	5.28%
gold	[1:9]	2	0.39%
yellow	[10:29]	9	1.76%
greenyellow	[30:49]	2	0.39%
lawngreen	50+	471	92.1%
All colors	511	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
8	316	sldns_wire2str_rr_scan	call site: 00316	sldns_wire2str_type_print
4	381	sldns_wire2str_type_scan	call site: 00381	sldns_wire2str_class_scan
3	97	sldns_wire2str_wks_scan	call site: 00097	sldns_str_print
2	11	sldns_wire2str_edns_subnet_print	call site: 00011	print_hex_buf
2	18	sldns_wire2str_edns_subnet_print	call site: 00018	print_hex_buf
1	93	sldns_wire2str_wks_scan	call site: 00093	sldns_str_print
1	105	sldns_wire2str_loc_scan	call site: 00105	sldns_str_print
1	167	sldns_wire2str_header_scan	call site: 00167	sldns_str_print
1	246	sldns_wire2str_edns_scan	call site: 00246	print_remainder_hex
1	248	sldns_wire2str_edns_scan	call site: 00248	print_remainder_hex
1	342	sldns_wire2str_rdata_scan	call site: 00342	sldns_wire2str_rdata_unknown_scan
1	370	sldns_wire2str_rdf_scan	call site: 00370	sldns_wire2str_b32_ext_scan

Runtime coverage analysis

Covered functions

98

Functions that are reachable but not covered

14

Reachable functions

112

Percentage of reachable functions covered

87.5%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
fuzz_2.c	1
sldns/wire2str.c	81
./sldns/sbuffer.h	2
sldns/parseutil.c	10
sldns/rrdef.c	4
sldns/keyraw.c	2

Fuzzer: fuzz_4_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	290	38.5%
gold	[1:9]	10	1.32%
yellow	[10:29]	6	0.79%
greenyellow	[30:49]	9	1.19%
lawngreen	50+	438	58.1%
All colors	753	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
41	629	lruhash_insert	call site: 00629	table_grow
30	4	log_init	call site: 00004	log_vmsg
28	718	LLVMFuzzerTestOneInput	call site: 00718	ub_event_del
25	473	scrub_sanitize	call site: 00473	msgparse_rrset_remove_rr
12	379	scrub_normalize	call site: 00379	parse_get_cname_target
11	333	scrub_message	call site: 00333	log_info
11	504	alloc_special_obtain	call site: 00504	alloc_get_id
11	587	lruhash_lookup	call site: 00587	ub_packed_rrset_parsedelete
10	458	scrub_sanitize_rr_length	call site: 00458	log_nametypeclass
9	51	log_init	call site: 00051	log_err
8	673	lruhash_insert	call site: 00673	rrset_update_id
7	143	alloc_special_release	call site: 00143	pushintosuper

Runtime coverage analysis

Covered functions

145

Functions that are reachable but not covered

94

Reachable functions

239

Percentage of reachable functions covered

60.67%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
fuzz_4.c	1
util/log.c	7
sldns/sbuffer.c	3
./sldns/sbuffer.h	19
util/regional.c	10
util/netevent.c	3
util/ub_event.c	6
util/mini_event.c	5
util/rbtree.c	12
util/alloc.c	10
services/cache/rrset.c	6
util/storage/slabhash.c	6
util/storage/lruhash.c	15
util/data/packed_rrset.c	8
util/data/dname.c	13
util/data/msgparse.c	27
util/storage/lookup3.c	1
sldns/rrdef.c	1
util/data/msgreply.c	7
iterator/iter_scrub.c	20
util/net_help.c	4
sldns/parseutil.c	1
util/module.c	1
compat/strlcpy.c	1
iterator/iter_priv.c	3
util/storage/dnstree.c	2
util/fptr_wlist.c	7

Optimal target analysis

Remaining optimal interesting functions

The following table shows a list of functions that are optimal targets. Optimal targets are identified by finding the functions that in combination, yield a high code coverage.

Func name	Functions filename	Arg count	Args	Function depth	hitcount	instr count	bb count	cyclomatic complexity	Reachable functions	Incoming references	total cyclomatic complexity	Unreached complexity
ub_resolve_async	/src/unbound/libunbound/libunbound.c	7	['N/A', 'N/A', 'int', 'int', 'N/A', 'N/A', 'N/A']	27	0	439	86	23	1356	0	9046	6936
iter_operate	/src/unbound/iterator/iterator.c	4	['N/A', 'int', 'int', 'N/A']	17	0	221	34	14	882	0	6366	2962
config_read	/src/unbound/util/config_file.c	3	['N/A', 'N/A', 'N/A']	7	0	253	41	17	113	2	1559	1376
auth_zones_notify	/src/unbound/services/authzone.c	10	['N/A', 'N/A', 'N/A', 'size_t', 'short', 'N/A', 'int', 'int', 'int', 'N/A']	43	0	182	33	9	1077	0	7516	1212
val_operate	/src/unbound/validator/validator.c	4	['N/A', 'int', 'int', 'N/A']	24	0	350	48	20	857	0	6033	971
val_init	/src/unbound/validator/validator.c	2	['N/A', 'int']	16	0	141	24	8	417	0	2683	622
ub_ctx_set_option	/src/unbound/libunbound/libunbound.c	3	['N/A', 'N/A', 'N/A']	6	0	135	28	8	62	0	852	554

Implementing fuzzers that target the above functions will improve reachability such that it becomes:

Functions statically reachable by fuzzers

1913 / 2581

Cyclomatic complexity statically reachable by fuzzers

16780 / 21143

All functions overview

If you implement fuzzers for these functions, the status of all functions in the project will be:

Func name	Functions filename	Args	Function call depth	Reached by Fuzzers	Runtime reached by Fuzzers	Combined reached by Fuzzers	Fuzzers runtime hit	Func lines hit %	I Count	BB Count	Cyclomatic complexity	Functions reached	Reached by functions	Accumulated cyclomatic complexity	Undiscovered complexity

This sections provides heuristics that can be used as input to a fuzz engine when running a given fuzz target. The current focus is on providing input that is usable by libFuzzer.

parse_packet_fuzzer.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['regional_create_custom_large_object']

fuzz_3.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['sldns_bget_token_par', 'LLVMFuzzerTestOneInput', 'sldns_str2wire_wks_buf', 'sldns_str2wire_ipseckey_buf']

fuzz_1.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['scrub_sanitize', 'log_init', 'scrub_normalize', 'scrub_message', 'scrub_sanitize_rr_length']

fuzz_2.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['sldns_wire2str_rr_scan', 'sldns_wire2str_type_scan', 'sldns_wire2str_wks_scan', 'sldns_wire2str_edns_subnet_print', 'sldns_wire2str_loc_scan', 'sldns_wire2str_header_scan', 'sldns_wire2str_edns_scan']

fuzz_4.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['lruhash_insert', 'log_init', 'LLVMFuzzerTestOneInput', 'scrub_sanitize', 'scrub_normalize', 'scrub_message', 'alloc_special_obtain', 'lruhash_lookup', 'scrub_sanitize_rr_length']

This section shows analysis of runtime coverage data.

For futher technical details on how this section is generated, please see the Glossary .

Complex functions with low coverage

Func name	Function total lines	Lines covered at runtime	percentage covered	Reached by fuzzers
parse_section	73	40	54.79%	['fuzz_4_fuzzer', 'parse_packet_fuzzer', 'fuzz_1_fuzzer']
hashlittle	144	58	40.27%	['fuzz_4_fuzzer', 'parse_packet_fuzzer', 'fuzz_1_fuzzer']
priv_rrset_bad	59	3	5.084%	['fuzz_4_fuzzer', 'fuzz_1_fuzzer']
sldns_rr_tcttl_scan	31	16	51.61%	['fuzz_2_fuzzer']
rrset_cache_update	34	14	41.17%	['fuzz_4_fuzzer', 'fuzz_1_fuzzer']
alloc_special_obtain	31	17	54.83%	['fuzz_4_fuzzer', 'fuzz_1_fuzzer']
get_rrset_trust	31	11	35.48%	['fuzz_4_fuzzer', 'fuzz_1_fuzzer']

This section shows which files and directories are considered in this report. The main reason for showing this is fuzz introspector may include more code in the reasoning than is desired. This section helps identify if too many files/directories are included, e.g. third party code, which may be irrelevant for the threat model. In the event too much is included, fuzz introspector supports a configuration file that can exclude data from the report. See the following link for more information on how to create a config file: link

Files in report

Source file	Reached by	Covered by
	[]	[]
/src/unbound/sldns/parseutil.c	['fuzz_3_fuzzer', 'fuzz_1_fuzzer', 'fuzz_2_fuzzer', 'fuzz_4_fuzzer']	['fuzz_3_fuzzer', 'fuzz_2_fuzzer']
/src/unbound/validator/validator.c	[]	[]
/src/unbound/validator/val_secalgo.c	[]	[]
/src/unbound/./util/configlexer.lex	[]	[]
/src/unbound/validator/val_sigcrypt.c	[]	[]
/src/unbound/util/tube.c	[]	[]
/src/unbound/util/netevent.c	['fuzz_4_fuzzer']	['fuzz_4_fuzzer']
/src/unbound/services/outside_network.c	[]	[]
/src/unbound/util/data/dname.c	['parse_packet_fuzzer', 'fuzz_1_fuzzer', 'fuzz_4_fuzzer']	['parse_packet_fuzzer', 'fuzz_1_fuzzer', 'fuzz_4_fuzzer']
/src/unbound/compat/strlcpy.c	['fuzz_3_fuzzer', 'fuzz_1_fuzzer', 'fuzz_4_fuzzer']	['fuzz_3_fuzzer']
/src/unbound/fuzz_4.c	['fuzz_4_fuzzer']	['fuzz_4_fuzzer']
/src/unbound/util/configparser.c	[]	[]
/src/unbound/util/edns.c	[]	[]
/src/unbound/iterator/iter_fwd.c	[]	[]
/src/unbound/compat/strlcat.c	[]	[]
/src/unbound/./sldns/sbuffer.h	['parse_packet_fuzzer', 'fuzz_3_fuzzer', 'fuzz_1_fuzzer', 'fuzz_2_fuzzer', 'fuzz_4_fuzzer']	[]
/src/unbound/util/proxy_protocol.c	[]	[]
/src/unbound/util/rfc_1982.c	[]	[]
/src/unbound/./util/configparser.y	[]	[]
/src/unbound/util/log.c	['fuzz_1_fuzzer', 'fuzz_4_fuzzer']	['fuzz_1_fuzzer', 'fuzz_4_fuzzer']
/src/unbound/libunbound/context.c	[]	[]
/src/unbound/iterator/iterator.c	[]	[]
/src/unbound/iterator/iter_priv.c	['fuzz_1_fuzzer', 'fuzz_4_fuzzer']	['fuzz_1_fuzzer', 'fuzz_4_fuzzer']
/src/unbound/validator/val_nsec3.c	[]	[]
/src/unbound/util/storage/lruhash.c	['fuzz_1_fuzzer', 'fuzz_4_fuzzer']	['fuzz_4_fuzzer']
/src/unbound/util/net_help.c	['fuzz_1_fuzzer', 'fuzz_4_fuzzer']	['fuzz_1_fuzzer', 'fuzz_4_fuzzer']
/src/unbound/util/data/msgparse.c	['parse_packet_fuzzer', 'fuzz_1_fuzzer', 'fuzz_4_fuzzer']	['parse_packet_fuzzer', 'fuzz_1_fuzzer', 'fuzz_4_fuzzer']
/src/unbound/util/alloc.c	['fuzz_1_fuzzer', 'fuzz_4_fuzzer']	['fuzz_4_fuzzer']
/src/unbound/validator/val_anchor.c	[]	[]
/src/unbound/compat/chacha_private.h	[]	[]
/src/unbound/util/timeval_func.c	[]	[]
/src/unbound/services/cache/infra.c	[]	[]
/src/unbound/util/tcp_conn_limit.c	[]	[]
/src/unbound/util/timehist.c	[]	[]
/src/unbound/sldns/wire2str.c	['fuzz_2_fuzzer']	['fuzz_2_fuzzer']
/src/unbound/util/module.c	['fuzz_1_fuzzer', 'fuzz_4_fuzzer']	['fuzz_1_fuzzer', 'fuzz_4_fuzzer']
/src/unbound/util/rtt.c	[]	[]
/src/unbound/iterator/iter_utils.c	[]	[]
/src/unbound/services/outbound_list.c	[]	[]
/src/unbound/libunbound/libunbound.c	[]	[]
/src/unbound/services/cache/rrset.c	['fuzz_1_fuzzer', 'fuzz_4_fuzzer']	['fuzz_4_fuzzer']
/src/unbound/services/localzone.c	[]	[]
/src/unbound/fuzz_1.c	['fuzz_1_fuzzer']	['fuzz_1_fuzzer']
/src/unbound/parse_packet_fuzzer.c	['parse_packet_fuzzer']	['parse_packet_fuzzer']
/src/unbound/compat/arc4_lock.c	[]	[]
/src/unbound/util/data/packed_rrset.c	['fuzz_1_fuzzer', 'fuzz_4_fuzzer']	['fuzz_4_fuzzer']
/src/unbound/sldns/str2wire.c	['fuzz_3_fuzzer']	['fuzz_3_fuzzer']
/src/unbound/libunbound/libworker.c	[]	[]
/src/unbound/iterator/iter_delegpt.c	[]	[]
/src/unbound/validator/val_kentry.c	[]	[]
/src/unbound/validator/val_nsec.c	[]	[]
/src/unbound/util/fptr_wlist.c	['fuzz_1_fuzzer', 'fuzz_4_fuzzer']	['fuzz_4_fuzzer']
/src/unbound/validator/autotrust.c	[]	[]
/src/unbound/iterator/iter_resptype.c	[]	[]
/src/unbound/compat/arc4random_uniform.c	[]	[]
/src/unbound/iterator/iter_scrub.c	['fuzz_1_fuzzer', 'fuzz_4_fuzzer']	['fuzz_1_fuzzer', 'fuzz_4_fuzzer']
/src/unbound/dns64/dns64.c	[]	[]
/src/unbound/services/modstack.c	[]	[]
/src/unbound/validator/val_neg.c	[]	[]
/src/unbound/util/random.c	[]	[]
/src/unbound/services/cache/dns.c	[]	[]
/src/unbound/sldns/parse.c	['fuzz_3_fuzzer']	['fuzz_3_fuzzer']
/src/unbound/util/locks.c	[]	[]
/src/unbound/util/storage/dnstree.c	['fuzz_1_fuzzer', 'fuzz_4_fuzzer']	[]
/src/unbound/util/data/msgreply.c	['fuzz_1_fuzzer', 'fuzz_4_fuzzer']	['fuzz_1_fuzzer', 'fuzz_4_fuzzer']
/src/unbound/iterator/iter_hints.c	[]	[]
/src/unbound/sldns/sbuffer.c	['parse_packet_fuzzer', 'fuzz_3_fuzzer', 'fuzz_1_fuzzer', 'fuzz_4_fuzzer']	['parse_packet_fuzzer', 'fuzz_3_fuzzer', 'fuzz_1_fuzzer', 'fuzz_4_fuzzer']
/src/unbound/services/rpz.c	[]	[]
/src/unbound/util/storage/lookup3.c	['parse_packet_fuzzer', 'fuzz_1_fuzzer', 'fuzz_4_fuzzer']	['parse_packet_fuzzer', 'fuzz_1_fuzzer', 'fuzz_4_fuzzer']
/src/unbound/respip/respip.c	[]	[]
/src/unbound/util/siphash.c	[]	[]
/src/unbound/services/listen_dnsport.c	[]	[]
/src/unbound/iterator/iter_donotq.c	[]	[]
/src/unbound/util/mini_event.c	['fuzz_4_fuzzer']	['fuzz_4_fuzzer']
/src/unbound/sldns/rrdef.c	['parse_packet_fuzzer', 'fuzz_3_fuzzer', 'fuzz_1_fuzzer', 'fuzz_2_fuzzer', 'fuzz_4_fuzzer']	['parse_packet_fuzzer', 'fuzz_3_fuzzer', 'fuzz_1_fuzzer', 'fuzz_2_fuzzer', 'fuzz_4_fuzzer']
/src/unbound/util/storage/slabhash.c	['fuzz_1_fuzzer', 'fuzz_4_fuzzer']	['fuzz_4_fuzzer']
/src/unbound/util/data/msgencode.c	[]	[]
/src/unbound/services/view.c	[]	[]
/src/unbound/compat/arc4random.c	[]	[]
/src/unbound/util/config_file.c	[]	[]
/src/unbound/services/authzone.c	[]	[]
/src/unbound/services/mesh.c	[]	[]
/src/unbound/util/regional.c	['parse_packet_fuzzer', 'fuzz_1_fuzzer', 'fuzz_4_fuzzer']	['parse_packet_fuzzer', 'fuzz_1_fuzzer', 'fuzz_4_fuzzer']
/src/unbound/util/ub_event.c	['fuzz_4_fuzzer']	['fuzz_4_fuzzer']
/src/unbound/fuzz_3.c	['fuzz_3_fuzzer']	['fuzz_3_fuzzer']
/src/unbound/validator/val_utils.c	[]	[]
/src/unbound/	[]	[]
/src/unbound/validator/val_kcache.c	[]	[]
/src/unbound/fuzz_2.c	['fuzz_2_fuzzer']	['fuzz_2_fuzzer']
/src/unbound/sldns/keyraw.c	['fuzz_2_fuzzer']	['fuzz_2_fuzzer']
/src/unbound/util/rbtree.c	['fuzz_1_fuzzer', 'fuzz_4_fuzzer']	['fuzz_4_fuzzer']

Directories in report

Directory
/src/unbound/services/
/src/unbound/./sldns/
/src/unbound/services/cache/
/src/unbound/dns64/
/src/unbound/./util/
/src/unbound/respip/
/src/unbound/validator/
/src/unbound/sldns/
/src/unbound/util/storage/
/src/unbound/compat/
/src/unbound/iterator/
/src/unbound/libunbound/
/src/unbound/util/
/src/unbound/
/src/unbound/util/data/