Fuzz introspector: vlc-demux-libfuzzer
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
5982 6035 2 :

['vlc_object_Log', 'vlm_New']

11705 29898 libvlc_InternalInit call site: 00000 /src/vlc/src/libvlc.c:272
5723 5723 2 :

['free', 'intf_InsertItem']

5723 7299 libvlc_InternalInit call site: 00000 /src/vlc/src/libvlc.c:310
5416 5416 3 :

['free', 'libvlc_InternalAddIntf', 'strtok_r']

5416 5416 libvlc_AddInterfaces call site: 00000 /src/vlc/src/libvlc.c:107
1554 1554 22 :

['free', '__isoc99_sscanf', 'vlc_atof_c.1731', 'GetDWLE.1732', 'strncasecmp', 'vlc_meta_Set', 'xiph_ParseCueSheet', 'malloc', 'strdup', 'abort', 'vlc_meta_New', 'getChapterEntry', 'vlc_meta_Get', 'strncmp', 'EnsureUTF8', 'vlc_meta_AddExtra', 'realloc', 'strstr', 'vlc_tick_from_seci', 'vlc_b64_decode_binary', 'ParseFlacPicture', 'strchr']

1554 1554 vorbis_ParseComment call site: 00000 /src/vlc/modules/demux/xiph_metadata.c:362
930 954 7 :

['MakeExtradata', 'ReadWEBVTT', 'calloc', 'es_format_Clean', 'es_format_Init', 'webvtt_CloseDemux', 'es_out_Add.5853']

930 954 webvtt_OpenDemux call site: 00000 /src/vlc/modules/demux/webvtt.c:651
566 573 15 :

['var_InheritFloat.2568', 'free', 'vlc_input_title_New.2533', 'MP4_BoxDumpStructure', 'MatchPureImage', 'realloc', 'malloc', 'strdup', 'calloc', 'vlc_seekpoint_New.2528', 'abort', 'NextAtom', 'MP4_BoxGetRoot', 'vlc_tick_from_secf', 'es_format_Init']

566 573 OpenHEIF call site: 00000 /src/vlc/modules/demux/mp4/heif.c:813
440 440 3 :

['free', 'libvlc_threads_deinit', 'libvlc_InternalDestroy']

440 440 libvlc_new call site: 00000 /src/vlc/lib/core.c:68
209 209 1 :

['DemuxDecodeXds']

209 231 DemuxRecCc call site: 00000 /src/vlc/modules/demux/ty.c:1020
171 171 4 :

['input_item_node_Delete', 'input_item_node_Create', 'vlc_stream_ReadDir', 'es_out_Control.11570']

171 171 demux_Demux call site: 00197 /src/vlc/src/input/demux.c:212
128 128 1 :

['check_sync_pes']

144 212 DemuxRecAudio call site: 00000 /src/vlc/modules/demux/ty.c:822
102 316 8 :

['date_Init', 'vlc_object_Log', 'Mpeg4ReadAudioSpecificConfig', 'ChannelConfigurationToVLC', 'malloc', 'AOTtoAACProfile', 'bs_init.8202', 'block_BytestreamInit.8182']

102 316 OpenPacketizer call site: 00000 /src/vlc/modules/packetizer/mpeg4audio.c:241
75 156 3 :

['vlc_mutex_unlock', 'vlc_cond_broadcast', 'vlc_mutex_lock']

75 156 TriggerCallback call site: 00000 /src/vlc/src/misc/variables.c:241

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 libvlc_demux_process_memory [function] [call site] 00001
2 vlc_stream_MemoryNew [function] [call site] 00002
3 vlc_stream_CustomNew [function] [call site] 00003
4 vlc_custom_create [function] [call site] 00004
5 __assert_fail [call site] 00005
5 calloc [call site] 00006
5 vlc_object_init [function] [call site] 00007
6 vlc_mutex_init [function] [call site] 00008
7 vlc_mutex_init_common [function] [call site] 00009
3 vlc_stream_Private [function] [call site] 00010
3 Read [function] [call site] 00011
4 vlc_stream_Private [function] [call site] 00012
3 Seek [function] [call site] 00013
4 vlc_stream_Private [function] [call site] 00014
3 Control [function] [call site] 00015
4 vlc_stream_Private [function] [call site] 00016
4 vlc_object_Log [function] [call site] 00017
5 vlc_object_vaLog [function] [call site] 00018
6 vlc_object_typename [function] [call site] 00019
6 vlc_vaLog [function] [call site] 00020
7 strrchr [call site] 00021
7 strchr [call site] 00022
7 vlc_thread_id [function] [call site] 00023
8 syscall [call site] 00024
7 vlc_vaLogCallback [function] [call site] 00025
8 vlc_savecancel [function] [call site] 00026
9 pthread_setcancelstate [call site] 00027
9 vlc_thread_fatal [function] [call site] 00028
10 vlc_savecancel [function] [call site] 00029
10 vlc_thread_id [function] [call site] 00030
10 fprintf [call site] 00031
10 vlc_trace [function] [call site] 00032
11 fprintf [call site] 00033
11 fflush [call site] 00034
11 backtrace [call site] 00035
11 backtrace_symbols_fd [call site] 00036
11 fsync [call site] 00037
10 perror [call site] 00038
10 vlc_restorecancel [function] [call site] 00039
11 pthread_setcancelstate [call site] 00040
11 vlc_thread_fatal [function] [call site] 00041
12 abort [call site] 00042
11 vlc_thread_fatal [function] [call site] 00043
8 vlc_restorecancel [function] [call site] 00044
4 vlc_object_Log [function] [call site] 00045
2 fprintf [call site] 00046
2 demux_process_stream [function] [call site] 00047
3 test_es_out_create [function] [call site] 00048
4 fprintf [call site] 00049
3 demux_New [function] [call site] 00050
4 demux_NewAdvanced [function] [call site] 00051
5 strchr [call site] 00052
5 __errno_location [call site] 00053
5 vlc_stream_CustomNew [function] [call site] 00054
5 demux_DestroyDemux [function] [call site] 00055
6 vlc_stream_Private [function] [call site] 00056
6 module_unneed [function] [call site] 00057
7 module_get_capability [function] [call site] 00058
7 vlc_object_Log [function] [call site] 00059
7 var_Destroy [function] [call site] 00060
8 __assert_fail [call site] 00061
8 Lookup [function] [call site] 00062
9 vlc_mutex_lock [function] [call site] 00063
10 vlc_mutex_trylock [function] [call site] 00064
11 vlc_mutex_held [function] [call site] 00065
12 vlc_thread_id [function] [call site] 00066
11 vlc_mutex_held [function] [call site] 00067
11 __assert_fail [call site] 00068
11 vlc_thread_id [function] [call site] 00069
10 vlc_savecancel [function] [call site] 00070
10 vlc_atomic_wait [function] [call site] 00071
11 vlc_futex_wait [function] [call site] 00072
12 sys_futex [function] [call site] 00073
13 syscall [call site] 00074
10 vlc_restorecancel [function] [call site] 00075
10 vlc_thread_id [function] [call site] 00076
9 tfind [call site] 00077
9 varcmp [function] [call site] 00078
10 __assert_fail [call site] 00079
10 strcmp [call site] 00080
8 vlc_object_Log [function] [call site] 00081
8 __assert_fail [call site] 00082
8 tdelete [call site] 00083
8 varcmp [function] [call site] 00084
8 __assert_fail [call site] 00085
8 vlc_mutex_unlock [function] [call site] 00086
9 vlc_mutex_held [function] [call site] 00087
9 __assert_fail [call site] 00088
9 vlc_atomic_notify_one [function] [call site] 00089
10 vlc_futex_wake [function] [call site] 00090
11 sys_futex [function] [call site] 00091
9 __assert_fail [call site] 00092
8 Destroy [function] [call site] 00093
9 __assert_fail [call site] 00094
7 vlc_objres_clear [function] [call site] 00095
8 vlc_objres_pop [function] [call site] 00096
9 vlc_obj_res [function] [call site] 00097
6 __assert_fail [call site] 00098
6 vlc_stream_Delete [function] [call site] 00099
7 stream_CommonDelete [function] [call site] 00100
8 vlc_iconv_close [function] [call site] 00101
9 iconv_close [call site] 00102
8 vlc_frame_Release [function] [call site] 00103
9 vlc_frame_Check [function] [call site] 00104
10 __assert_fail [call site] 00105
10 __assert_fail [call site] 00106
10 __assert_fail [call site] 00107
10 __assert_fail [call site] 00108
9 vlc_ancillary_array_Clear [function] [call site] 00109
10 vlc_ancillary_Release [function] [call site] 00110
11 vlc_atomic_rc_dec [function] [call site] 00111
12 __assert_fail [call site] 00112
8 vlc_frame_Release [function] [call site] 00113
8 vlc_object_delete [function] [call site] 00114
9 vlc_object_deinit [function] [call site] 00115
10 __assert_fail [call site] 00116
10 vlc_savecancel [function] [call site] 00117
10 var_DestroyAll [function] [call site] 00118
11 tdestroy [call site] 00119
11 CleanupVar [function] [call site] 00120
12 Destroy [function] [call site] 00121
10 vlc_restorecancel [function] [call site] 00122
5 __assert_fail [call site] 00123
5 vlc_stream_Private [function] [call site] 00124
5 input_GetItem [function] [call site] 00125
6 __assert_fail [call site] 00126
6 input_priv [function] [call site] 00127
5 strdup [call site] 00128
5 strdup [call site] 00129
5 vlc_uri2path [function] [call site] 00130
6 strstr [call site] 00131
6 memchr [call site] 00132
6 strcspn [call site] 00133
6 strndup [call site] 00134
6 vlc_uri_decode [function] [call site] 00135
7 hex_to_char [function] [call site] 00136
7 hex_to_char [function] [call site] 00137
6 strncasecmp [call site] 00138
6 strncasecmp [call site] 00139
6 strlen [call site] 00140
6 strncasecmp [call site] 00141
6 strtol [call site] 00142
6 strdup [call site] 00143
6 strdup [call site] 00144
6 strdup [call site] 00145
6 asprintf [call site] 00146
5 vlc_object_Log [function] [call site] 00147
5 strcasecmp [call site] 00148
5 stream_MimeType [function] [call site] 00149
6 stream_ContentType [function] [call site] 00150
7 vlc_stream_GetContentType [function] [call site] 00151
8 vlc_stream_Control [function] [call site] 00152
9 vlc_stream_vaControl [function] [call site] 00153
10 vlc_frame_Release [function] [call site] 00154
10 vlc_frame_Release [function] [call site] 00155
10 __assert_fail [call site] 00156
6 strcspn [call site] 00157
5 demux_NameFromMimeType [function] [call site] 00158
6 bsearch [call site] 00159
6 demux_mapping_cmp [function] [call site] 00160
7 vlc_ascii_strcasecmp [function] [call site] 00161
8 vlc_ascii_tolower [function] [call site] 00162
8 vlc_ascii_tolower [function] [call site] 00163
5 strcasecmp [call site] 00164
5 vlc_ascii_strcasecmp [function] [call site] 00165
5 asprintf [call site] 00166
5 vlc_object_logger [function] [call site] 00167
5 vlc_module_load [function] [call site] 00168
6 vlc_module_match [function] [call site] 00169
7 module_list_cap [function] [call site] 00170
8 __assert_fail [call site] 00171
8 tfind [call site] 00172
8 vlc_modcap_cmp [function] [call site] 00173
9 strcmp [call site] 00174
7 strcspn [call site] 00175
7 strncasecmp [call site] 00176
7 strncasecmp [call site] 00177
7 module_match_name [function] [call site] 00178
8 strncasecmp [call site] 00179
7 __assert_fail [call site] 00180
7 module_get_score [function] [call site] 00181
7 __assert_fail [call site] 00182
6 vlc_Log [function] [call site] 00183
7 vlc_vaLog [function] [call site] 00184
6 vlc_module_map [function] [call site] 00185
7 vlc_plugin_Map [function] [call site] 00186
6 module_get_object [function] [call site] 00187
6 vlc_Log [function] [call site] 00188
6 vlc_Log [function] [call site] 00189
5 demux_Probe [function] [call site] 00190
6 vlc_stream_Tell [function] [call site] 00191
6 vlc_object_Log [function] [call site] 00192
6 vlc_objres_clear [function] [call site] 00193
5 stream_CommonDelete [function] [call site] 00194
3 es_out_Delete [function] [call site] 00195
3 vlc_stream_Delete [function] [call site] 00196
3 demux_Demux [function] [call site] 00197
4 input_item_node_Create [function] [call site] 00198
5 __assert_fail [call site] 00199
5 input_item_Hold [function] [call site] 00200
6 vlc_atomic_rc_inc [function] [call site] 00201
7 __assert_fail [call site] 00202
4 vlc_stream_ReadDir [function] [call site] 00203
5 __assert_fail [call site] 00204
4 input_item_node_Delete [function] [call site] 00205
5 input_item_node_Delete [function] [call site] 00206
6 input_item_Release [function] [call site] 00207
7 vlc_atomic_rc_dec [function] [call site] 00208
7 vlc_event_manager_fini [function] [call site] 00209
7 vlc_meta_Delete [function] [call site] 00210
8 vlc_dictionary_clear [function] [call site] 00211
8 vlc_meta_FreeExtraKey [function] [call site] 00212
7 es_format_Clean [function] [call site] 00213
8 __assert_fail [call site] 00214
8 video_format_Clean [function] [call site] 00215
8 es_format_Init [function] [call site] 00216
9 video_format_Init [function] [call site] 00217
10 vlc_viewpoint_init [function] [call site] 00218
7 vlc_epg_Delete [function] [call site] 00219
8 vlc_epg_Clean [function] [call site] 00220
9 vlc_epg_event_Delete [function] [call site] 00221
10 vlc_epg_event_Clean [function] [call site] 00222
7 vlc_list_it_start [function] [call site] 00223
7 info_category_Delete [function] [call site] 00224
8 vlc_list_first_or_null [function] [call site] 00225
9 vlc_list_is_empty [function] [call site] 00226
8 vlc_list_remove [function] [call site] 00227
8 info_Delete [function] [call site] 00228
4 es_out_Control [function] [call site] 00229
5 es_out_vaControl [function] [call site] 00230
4 input_item_node_Delete [function] [call site] 00231
3 demux_test_and_clear_flags [function] [call site] 00232
4 demux_Control [function] [call site] 00233
5 demux_vaControl [function] [call site] 00234
6 __assert_fail [call site] 00235
3 demux_get_title_list [function] [call site] 00236
4 demux_Control [function] [call site] 00237
4 vlc_input_title_Delete [function] [call site] 00238
5 vlc_seekpoint_Delete [function] [call site] 00239
3 demux_test_and_clear_flags [function] [call site] 00240
3 demux_get_meta [function] [call site] 00241
4 vlc_meta_New [function] [call site] 00242
5 vlc_dictionary_init [function] [call site] 00243
6 calloc [call site] 00244
4 demux_Control [function] [call site] 00245
4 demux_Control [function] [call site] 00246
4 vlc_meta_Delete [function] [call site] 00247
3 demux_Control [function] [call site] 00248
3 demux_Control [function] [call site] 00249
3 demux_Control [function] [call site] 00250
3 demux_Control [function] [call site] 00251
3 demux_Delete [function] [call site] 00252
4 vlc_stream_Delete [function] [call site] 00253
3 es_out_Delete [function] [call site] 00254