Fuzz introspector
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues
Project coverage
Per-fuzzer coverage

Table of contents

Project overview: wuffs
High level conclusions
Reachability and coverage overview
Fuzzers overview
Project functions overview
Fuzzer details
Fuzzer: bzip2_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: cbor_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: zlib_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: targa_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: gif_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: pixel_swizzler_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: bmp_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: jpeg_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: json_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: png_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: xz_fuzzer
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Analyses and suggestions
Optimal target analysis
Remaining optimal interesting functions
All functions overview
Fuzz engine guidance
/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c
Dictionary
Fuzzer function priority
/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c
Dictionary
Fuzzer function priority
/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c
Dictionary
Fuzzer function priority
/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c
Dictionary
Fuzzer function priority
/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c
Dictionary
Fuzzer function priority
/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c
Dictionary
Fuzzer function priority
/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c
Dictionary
Fuzzer function priority
/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c
Dictionary
Fuzzer function priority
/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c
Dictionary
Fuzzer function priority
/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c
Dictionary
Fuzzer function priority
/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c
Dictionary
Fuzzer function priority
Runtime coverage analysis
Complex functions with low coverage
Files and Directories in report
Files in report
Directories in report
Metadata section
Report generation date: 2025-07-11

Project overview: wuffs

High level conclusions

Reachability and coverage overview

Functions statically reachable by fuzzers
26.0%
304 / 1153
Cyclomatic complexity statically reachable by fuzzers
40.0%
4006 / 10085
Runtime code coverage of functions
56.0%
640 / 1153

Warning: The number of runtime covered functions are larger than the number of reachable functions. This means that Fuzz Introspector found there are more functions covered at runtime than what is considered reachable based on the static analysis. This is a limitation in the analysis as anything covered at runtime is by definition reachable by the fuzzers.
This is likely due to a limitation in the static analysis. In this case, the count of functions covered at runtime is the true value, which means this is what should be considered "achieved" by the fuzzer.

Use the project functions table below to query all functions that were not covered at runtime.

Fuzzers overview

Fuzzer Fuzzer filename Functions Reached Functions unreached Fuzzer depth Files reached Basic blocks reached Cyclomatic complexity Details
bzip2_fuzzer /src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c 35 340 7 3 776 291 fuzzlib.c
cbor_fuzzer /src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c 47 332 7 3 741 326 fuzzlib.c
zlib_fuzzer /src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c 57 356 10 4 1187 459 fuzzlib.c
targa_fuzzer /src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c 44 352 6 4 350 177 fuzzlib.c
gif_fuzzer /src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c 46 379 6 4 375 188 fuzzlib.c
pixel_swizzler_fuzzer /src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c 55 306 7 4 1242 850 fuzzlib.c
bmp_fuzzer /src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c 44 364 6 4 350 177 fuzzlib.c
jpeg_fuzzer /src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c 44 397 6 4 350 177 fuzzlib.c
json_fuzzer /src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c 199 377 9 3 3305 1259 fuzzlib.c
png_fuzzer /src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c 48 463 6 4 444 218 fuzzlib.c
xz_fuzzer /src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c 93 360 10 4 2757 996 fuzzlib.c

Project functions overview

The following table shows data about each function in the project. The functions included in this table correspond to all functions that exist in the executables of the fuzzers. As such, there may be functions that are from third-party libraries.

For further technical details on the meaning of columns in the below table, please see the Glossary .

Func name Functions filename Args Function call depth Reached by Fuzzers Runtime reached by Fuzzers Combined reached by Fuzzers Fuzzers runtime hit Func lines hit % I Count BB Count Cyclomatic complexity Functions reached Reached by functions Accumulated cyclomatic complexity Undiscovered complexity

Fuzzer details

Fuzzer: bzip2_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 22 16.7%
gold [1:9] 14 10.6%
yellow [10:29] 17 12.9%
greenyellow [30:49] 5 3.81%
lawngreen 50+ 73 55.7%
All colors 131 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
0 0 None 2 258 fuzz call site: 00013 /src/wuffs/fuzz/c/std/bzip2_fuzzer.c:90
0 0 None 0 244 wuffs_bzip2__decoder__transform_io call site: 00022 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:37289
0 0 None 0 240 wuffs_bzip2__decoder__transform_io call site: 00024 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:37298
0 0 None 0 86 wuffs_bzip2__decoder__prepare_block call site: 00044 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:37614
0 0 None 0 20 wuffs_bzip2__decoder__decode_huffman_slow call site: 00091 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:38540
0 0 None 0 10 wuffs_bzip2__decoder__read_code_lengths call site: 00062 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:37929
0 0 None 0 8 wuffs_bzip2__decoder__initialize call site: 00007 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:37137
0 0 None 0 6 wuffs_bzip2__decoder__set_quirk call site: 00015 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:37229
0 0 None 0 6 wuffs_bzip2__decoder__flush_fast call site: 00104 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:38203
0 0 None 0 6 wuffs_bzip2__decoder__flush_slow call site: 00109 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:38284
0 0 None 0 4 wuffs_bzip2__decoder__initialize call site: 00010 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:37148
0 0 None 0 2 wuffs_bzip2__decoder__initialize call site: 00008 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:37140

Runtime coverage analysis

Covered functions
31
Functions that are reachable but not covered
4
Reachable functions
35
Percentage of reachable functions covered
88.57%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c 5
/src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c 26
/src/wuffs/fuzz/c/std/bzip2_fuzzer.c 1

Fuzzer: cbor_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 21 15.1%
gold [1:9] 2 1.43%
yellow [10:29] 1 0.71%
greenyellow [30:49] 1 0.71%
lawngreen 50+ 114 82.0%
All colors 139 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
0 0 None 3 44 fuzz_one_token call site: 00112 /src/wuffs/fuzz/c/std/cbor_fuzzer.c:119
0 0 None 0 294 fuzz_complex call site: 00019 /src/wuffs/fuzz/c/std/cbor_fuzzer.c:265
0 0 None 0 194 fuzz_simple call site: 00126 /src/wuffs/fuzz/c/std/cbor_fuzzer.c:376
0 0 None 0 158 wuffs_cbor__decoder__decode_tokens call site: 00025 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:38823
0 0 None 0 154 wuffs_cbor__decoder__decode_tokens call site: 00027 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:38832
0 0 None 0 150 wuffs_cbor__decoder__decode_tokens call site: 00030 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:38869
0 0 None 0 8 wuffs_cbor__decoder__initialize call site: 00013 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:38695
0 0 None 0 6 wuffs_cbor__decoder__decode_tokens call site: 00092 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:39268
0 0 None 0 4 wuffs_cbor__decoder__initialize call site: 00016 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:38706
0 0 None 0 4 wuffs_cbor__decoder__decode_tokens call site: 00041 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:38968
0 0 None 0 4 wuffs_cbor__decoder__decode_tokens call site: 00058 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:39065
0 0 None 0 4 wuffs_cbor__decoder__decode_tokens call site: 00079 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:39130

Runtime coverage analysis

Covered functions
42
Functions that are reachable but not covered
5
Reachable functions
47
Percentage of reachable functions covered
89.36%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c 6
/src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c 32
/src/wuffs/fuzz/c/std/cbor_fuzzer.c 6

Fuzzer: zlib_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 85 36.1%
gold [1:9] 11 4.68%
yellow [10:29] 12 5.10%
greenyellow [30:49] 5 2.12%
lawngreen 50+ 122 51.9%
All colors 235 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
4 23 7 :

['wuffs_private_impl__io_writer__limited_copy_u32_from_history_8_byte_chunks_fast', 'wuffs_base__peek_u64le__no_bounds_check', 'wuffs_base__make_slice_u8_ij', 'wuffs_private_impl__io_writer__limited_copy_u32_from_history_8_byte_chunks_distance_1_fast', 'wuffs_base__poke_u8__no_bounds_check', 'wuffs_private_impl__io_writer__limited_copy_u32_from_slice', 'wuffs_private_impl__io_writer__limited_copy_u32_from_history_fast']

4 47 wuffs_deflate__decoder__decode_huffman_bmi2 call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:42711
4 15 4 :

['wuffs_private_impl__io_writer__limited_copy_u32_from_slice', 'wuffs_base__make_slice_u8_ij', 'wuffs_private_impl__io_writer__limited_copy_u32_from_history', 'wuffs_base__status__is_suspension']

4 53 wuffs_deflate__decoder__decode_huffman_slow call site: 00164 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:43508
2 2 1 :

['wuffs_base__empty_slice_u8']

2 2 wuffs_base__slice_u8__subslice_j call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:1938
2 2 1 :

['wuffs_base__empty_slice_u8']

2 2 wuffs_base__slice_u8__subslice_i call site: 00192 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:1927
2 2 1 :

['wuffs_base__empty_slice_u8']

2 2 wuffs_private_impl__io__since call site: 00181 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:18386
0 8 1 :

['wuffs_base__slice_u8__subslice_i']

0 23 wuffs_deflate__decoder__add_history call site: 00191 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:41481
0 2 1 :

['wuffs_base__make_status']

0 2 wuffs_deflate__decoder__decode_huffman_bmi2 call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:42752
0 0 None 4 55 wuffs_deflate__decoder__decode_huffman_slow call site: 00148 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:43281
0 0 None 4 51 wuffs_deflate__decoder__decode_huffman_bmi2 call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:42592
0 0 None 0 390 wuffs_zlib__decoder__transform_io call site: 00037 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:67220
0 0 None 0 386 wuffs_zlib__decoder__transform_io call site: 00039 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:67229
0 0 None 0 371 wuffs_zlib__decoder__do_transform_io call site: 00046 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:67304

Runtime coverage analysis

Covered functions
58
Functions that are reachable but not covered
9
Reachable functions
57
Percentage of reachable functions covered
84.21%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c 5
/src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c 45
/src/wuffs/fuzz/c/std/zlib_fuzzer.c 1
/usr/local/lib/clang/18/include/cpuid.h 3

Fuzzer: targa_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 35 40.2%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 1 1.14%
lawngreen 50+ 51 58.6%
All colors 87 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2 2 1 :

['wuffs_base__empty_range_ii_u64']

2 2 wuffs_targa__decoder__workbuf_len call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:77348
0 93 2 :

['wuffs_targa__decoder__do_decode_image_config', 'wuffs_base__status__is_suspension']

0 101 wuffs_targa__decoder__do_decode_frame_config call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:76717
0 10 5 :

['wuffs_base__frame_config__set', 'wuffs_base__make_rect_ie_u32', 'wuffs_base__pixel_format__default_background_color', 'wuffs_base__make_pixel_format', 'wuffs_base__u64__sat_add']

0 12 wuffs_targa__decoder__do_decode_frame_config call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:76729
0 2 1 :

['wuffs_base__make_status']

0 4 wuffs_targa__decoder__decode_frame_config call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:76663
0 2 1 :

['wuffs_base__make_pixel_format']

0 2 wuffs_base__pixel_buffer__pixel_format call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:5855
0 2 1 :

['wuffs_base__empty_slice_u8']

0 2 wuffs_base__slice_u8__subslice_i call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:1927
0 2 1 :

['wuffs_base__empty_slice_u8']

0 2 wuffs_private_impl__io__since call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:18386
0 0 None 87 271 wuffs_base__pixel_swizzler__prepare call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:31011
0 0 None 4 4 wuffs_base__image_decoder__frame_dirty_rect call site: 00064 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:19593
0 0 None 4 4 wuffs_base__image_decoder__workbuf_len call site: 00029 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:19860
0 0 None 2 4 wuffs_targa__decoder__frame_dirty_rect call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:77184
0 0 None 2 4 wuffs_targa__decoder__workbuf_len call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:77345

Runtime coverage analysis

Covered functions
82
Functions that are reachable but not covered
7
Reachable functions
44
Percentage of reachable functions covered
84.09%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c 5
/src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c 34
/src/wuffs/fuzz/c/std/targa_fuzzer.c 1
/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib_image_decoder.c 1

Fuzzer: gif_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 37 38.5%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 59 61.4%
All colors 96 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
36 194 8 :

['wuffs_gif__decoder__skip_frame', 'wuffs_base__frame_config__set', 'wuffs_base__u32__min', 'wuffs_base__peek_u8__no_bounds_check', 'wuffs_base__make_rect_ie_u32', 'wuffs_gif__decoder__decode_up_to_id_part1', 'wuffs_base__status__is_suspension', 'wuffs_private_impl__u64__sat_add_indirect']

36 200 wuffs_gif__decoder__do_decode_frame_config call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:46703
2 2 1 :

['wuffs_base__empty_range_ii_u64']

2 2 wuffs_gif__decoder__workbuf_len call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:46544
0 197 1 :

['wuffs_gif__decoder__do_decode_image_config']

0 359 wuffs_gif__decoder__do_decode_frame_config call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:46686
0 4 1 :

['wuffs_private_impl__u64__sat_add_indirect']

0 34 wuffs_gif__decoder__decode_up_to_id_part1 call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:47089
0 4 1 :

['wuffs_private_impl__u64__sat_add_indirect']

0 4 wuffs_gif__decoder__decode_up_to_id_part1 call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:47106
0 2 1 :

['wuffs_base__u64__sat_add']

0 166 wuffs_gif__decoder__do_decode_frame_config call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:46698
0 2 1 :

['wuffs_base__make_status']

0 2 wuffs_gif__decoder__do_decode_image_config call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:46184
0 2 1 :

['wuffs_base__make_pixel_format']

0 2 wuffs_base__pixel_buffer__pixel_format call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:5855
0 2 1 :

['wuffs_base__empty_slice_u8']

0 2 wuffs_base__slice_u8__subslice_i call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:1927
0 2 1 :

['wuffs_base__empty_slice_u8']

0 2 wuffs_base__slice_u8__subslice_j call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:1938
0 2 1 :

['wuffs_base__empty_slice_u8']

0 2 wuffs_base__slice_u8__subslice_ij call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:1951
0 0 None 228 271 wuffs_base__pixel_swizzler__prepare call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:31011

Runtime coverage analysis

Covered functions
101
Functions that are reachable but not covered
6
Reachable functions
46
Percentage of reachable functions covered
86.96%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c 5
/src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c 35
/src/wuffs/fuzz/c/std/gif_fuzzer.c 2
/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib_image_decoder.c 1

Fuzzer: pixel_swizzler_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 23 14.1%
gold [1:9] 13 7.97%
yellow [10:29] 0 0.0%
greenyellow [30:49] 2 1.22%
lawngreen 50+ 125 76.6%
All colors 163 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
0 0 None 0 271 wuffs_base__pixel_swizzler__prepare call site: 00012 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:31011
0 0 None 0 137 wuffs_base__pixel_swizzler__swizzle_ycck call site: 00103 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:32480
0 0 None 0 80 wuffs_base__pixel_buffer__set_color_u32_at call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:24202
0 0 None 0 35 wuffs_base__pixel_swizzler__swizzle_ycck call site: 00142 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:32697
0 0 None 0 35 wuffs_base__pixel_swizzler__swizzle_ycck call site: 00146 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:32708
0 0 None 0 20 wuffs_base__pixel_buffer__set_from_slice call site: 00080 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:5750
0 0 None 0 18 wuffs_base__pixel_buffer__set_from_slice call site: 00081 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:5754
0 0 None 0 6 wuffs_base__pixel_config__pixbuf_len call site: 00075 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:5181
0 0 None 0 2 wuffs_base__pixel_buffer__set_color_u32_at call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:24205
0 0 None 0 2 wuffs_base__pixel_buffer__set_color_u32_at call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:24210
0 0 None 0 2 wuffs_base__pixel_swizzler__prepare call site: 00014 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:31073
0 0 None 0 2 wuffs_base__pixel_swizzler__prepare call site: 00016 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:31081

Runtime coverage analysis

Covered functions
239
Functions that are reachable but not covered
10
Reachable functions
55
Percentage of reachable functions covered
81.82%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c 5
/src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c 36
/src/wuffs/fuzz/c/std/pixel_swizzler_fuzzer.c 5
/usr/local/lib/clang/18/include/cpuid.h 3

Fuzzer: bmp_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 35 40.2%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 52 59.7%
All colors 87 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2 2 1 :

['wuffs_base__empty_range_ii_u64']

2 2 wuffs_bmp__decoder__workbuf_len call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:36797
0 208 2 :

['wuffs_base__status__is_suspension', 'wuffs_bmp__decoder__do_decode_image_config']

0 216 wuffs_bmp__decoder__do_decode_frame_config call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:35553
0 10 5 :

['wuffs_base__frame_config__set', 'wuffs_base__make_rect_ie_u32', 'wuffs_base__pixel_format__default_background_color', 'wuffs_base__make_pixel_format', 'wuffs_base__u64__sat_add']

0 12 wuffs_bmp__decoder__do_decode_frame_config call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:35565
0 2 1 :

['wuffs_base__make_status']

0 4 wuffs_bmp__decoder__decode_frame_config call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:35499
0 2 1 :

['wuffs_base__status__is_suspension']

0 2 wuffs_bmp__decoder__do_decode_image_config call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:35352
0 2 1 :

['wuffs_base__make_pixel_format']

0 2 wuffs_base__pixel_buffer__pixel_format call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:5855
0 2 1 :

['wuffs_base__empty_slice_u8']

0 2 wuffs_base__slice_u8__subslice_i call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:1927
0 0 None 87 271 wuffs_base__pixel_swizzler__prepare call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:31011
0 0 None 24 144 wuffs_bmp__decoder__swizzle_rle call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:36186
0 0 None 8 74 wuffs_bmp__decoder__swizzle_low_bit_depth call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:36428
0 0 None 8 74 wuffs_bmp__decoder__swizzle_low_bit_depth call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:36432
0 0 None 8 46 wuffs_bmp__decoder__swizzle_bitfields call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:36344

Runtime coverage analysis

Covered functions
104
Functions that are reachable but not covered
7
Reachable functions
44
Percentage of reachable functions covered
84.09%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c 5
/src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c 34
/src/wuffs/fuzz/c/std/bmp_fuzzer.c 1
/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib_image_decoder.c 1

Fuzzer: jpeg_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 34 39.0%
gold [1:9] 1 1.14%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 52 59.7%
All colors 87 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
2 2 1 :

['wuffs_base__empty_range_ii_u64']

2 2 wuffs_jpeg__decoder__workbuf_len call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:56390
0 263 2 :

['wuffs_base__status__is_suspension', 'wuffs_jpeg__decoder__do_decode_image_config']

0 267 wuffs_jpeg__decoder__do_decode_frame_config call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:54398
0 12 1 :

['wuffs_base__make_slice_u8_ij']

0 143 wuffs_jpeg__decoder__swizzle_colorful call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:56093
0 6 3 :

['wuffs_base__make_rect_ie_u32', 'wuffs_base__u64__sat_add', 'wuffs_base__frame_config__set']

0 8 wuffs_jpeg__decoder__do_decode_frame_config call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:54410
0 2 1 :

['wuffs_base__make_status']

0 4 wuffs_jpeg__decoder__decode_frame_config call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:54346
0 2 1 :

['wuffs_base__empty_slice_u8']

0 2 wuffs_base__slice_u8__subslice_i call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:1927
0 2 1 :

['wuffs_base__make_pixel_format']

0 2 wuffs_base__pixel_buffer__pixel_format call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:5855
0 2 1 :

['wuffs_base__empty_slice_u8']

0 2 wuffs_private_impl__table_u8__row_u32 call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:18291
0 2 1 :

['wuffs_base__empty_slice_u8']

0 2 wuffs_base__slice_u8__subslice_ij call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:1951
0 0 None 107 271 wuffs_base__pixel_swizzler__prepare call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:31011
0 0 None 58 80 wuffs_base__pixel_buffer__set_color_u32_at call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:24202
0 0 None 8 54 wuffs_jpeg__decoder__swizzle_gray call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:56046

Runtime coverage analysis

Covered functions
146
Functions that are reachable but not covered
7
Reachable functions
44
Percentage of reachable functions covered
84.09%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c 5
/src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c 34
/src/wuffs/fuzz/c/std/jpeg_fuzzer.c 1
/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib_image_decoder.c 1

Fuzzer: json_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 53 11.9%
gold [1:9] 4 0.90%
yellow [10:29] 11 2.48%
greenyellow [30:49] 7 1.58%
lawngreen 50+ 368 83.0%
All colors 443 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
42 42 1 :

['wuffs_private_impl__parse_number_f64_special']

42 42 wuffs_base__parse_number_f64 call site: 00342 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:22572
2 2 1 :

['intentional_segfault()']

2 2 Callbacks::Done(wuffs_aux::DecodeJsonResult&,wuffs_aux::sync_io::Input&,wuffs_base__io_buffer__struct&) call site: 00000 /src/wuffs/fuzz/c/std/json_fuzzer.cc:463
0 461 13 :

['wuffs_base__peek_u8__no_bounds_check(unsigned char const*)', 'wuffs_base__peek_u32le__no_bounds_check(unsigned char const*)', 'wuffs_json__decoder__decode_inf_nan(wuffs_json__decoder__struct*, wuffs_base__token_buffer__struct*, wuffs_base__io_buffer__struct*)', 'wuffs_base__peek_u48le__no_bounds_check(unsigned char const*)', 'wuffs_base__peek_u24le__no_bounds_check(unsigned char const*)', 'wuffs_base__make_token(unsigned long)', 'wuffs_base__peek_u64le__no_bounds_check(unsigned char const*)', 'wuffs_json__decoder__decode_comment(wuffs_json__decoder__struct*, wuffs_base__token_buffer__struct*, wuffs_base__io_buffer__struct*)', 'wuffs_private_impl__io_reader__match7(unsigned char const*, unsigned char const*, wuffs_base__io_buffer__struct*, unsigned long)', 'wuffs_base__status__is_suspension(wuffs_base__status__struct const*)', 'wuffs_base__peek_u16le__no_bounds_check(unsigned char const*)', 'wuffs_json__decoder__decode_number(wuffs_json__decoder__struct*, wuffs_base__io_buffer__struct*)', 'wuffs_json__decoder__decode_trailer(wuffs_json__decoder__struct*, wuffs_base__token_buffer__struct*, wuffs_base__io_buffer__struct*)']

0 553 wuffs_json__decoder__decode_tokens call site: 00126 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:59042
0 4 2 :

['wuffs_base__status__is_suspension(wuffs_base__status__struct const*)', 'wuffs_base__make_status(char const*)']

0 4 wuffs_json__decoder__decode_leading(wuffs_json__decoder__struct*,wuffs_base__token_buffer__struct*,wuffs_base__io_buffer__struct*) call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:59671
0 0 None 138 232 wuffs_base__parse_number_f64 call site: 00331 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:22437
0 0 None 134 228 wuffs_base__parse_number_f64 call site: 00333 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:22467
0 0 None 110 204 wuffs_base__parse_number_f64 call site: 00327 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:22384
0 0 None 110 204 wuffs_base__parse_number_f64 call site: 00328 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:22415
0 0 None 110 204 wuffs_base__parse_number_f64 call site: 00329 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:22418
0 0 None 110 204 wuffs_base__parse_number_f64 call site: 00336 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:22495
0 0 None 4 1989 wuffs_aux::DecodeJson(wuffs_aux::DecodeJsonCallbacks&,wuffs_aux::sync_io::Input&,wuffs_aux::DecodeJsonArgQuirks,wuffs_aux::DecodeJsonArgJsonPointer) call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:90016
0 0 None 4 8 wuffs_aux::DecodeJson(wuffs_aux::DecodeJsonCallbacks&,wuffs_aux::sync_io::Input&,wuffs_aux::DecodeJsonArgQuirks,wuffs_aux::DecodeJsonArgJsonPointer) call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:90061

Runtime coverage analysis

Covered functions
102
Functions that are reachable but not covered
24
Reachable functions
199
Percentage of reachable functions covered
87.94%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c 6
/src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c 89
/src/wuffs/fuzz/c/std/json_fuzzer.cc 9

Fuzzer: png_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 50 43.8%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 64 56.1%
All colors 114 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
37 37 1 :

['wuffs_png__decoder__decode_chrm']

37 43 wuffs_png__decoder__decode_other_chunk call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:70338
16 16 1 :

['wuffs_png__decoder__decode_gama']

16 22 wuffs_png__decoder__decode_other_chunk call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:70374
16 16 1 :

['wuffs_png__decoder__decode_iccp']

16 22 wuffs_png__decoder__decode_other_chunk call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:70393
12 12 1 :

['wuffs_png__decoder__decode_exif']

12 18 wuffs_png__decoder__decode_other_chunk call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:70293
12 12 1 :

['wuffs_png__decoder__decode_srgb']

12 18 wuffs_png__decoder__decode_other_chunk call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:70412
10 10 1 :

['wuffs_zlib__decoder__set_quirk']

10 1177 wuffs_png__decoder__do_decode_frame call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:72497
2 2 1 :

['wuffs_base__empty_range_ii_u64']

2 2 wuffs_png__decoder__workbuf_len call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:73666
0 2 1 :

['wuffs_base__empty_slice_u8']

0 2 wuffs_base__slice_u8__subslice_j call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:1938
0 2 1 :

['wuffs_base__empty_slice_u8']

0 2 wuffs_base__slice_u8__subslice_i call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:1927
0 2 1 :

['wuffs_base__make_status']

0 2 wuffs_deflate__decoder__decode_huffman_bmi2 call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:42752
0 2 1 :

['wuffs_base__empty_slice_u8']

0 2 wuffs_private_impl__io__since call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:18386
0 2 1 :

['wuffs_base__make_pixel_format']

0 2 wuffs_base__pixel_buffer__pixel_format call site: 00000 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:5855

Runtime coverage analysis

Covered functions
180
Functions that are reachable but not covered
7
Reachable functions
48
Percentage of reachable functions covered
85.42%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c 5
/src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c 38
/src/wuffs/fuzz/c/std/png_fuzzer.c 1
/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib_image_decoder.c 1

Fuzzer: xz_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 124 23.2%
gold [1:9] 50 9.36%
yellow [10:29] 27 5.05%
greenyellow [30:49] 23 4.30%
lawngreen 50+ 310 58.0%
All colors 534 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
4 4 1 :

['wuffs_private_impl__u32__sat_sub_indirect']

4 10 wuffs_lzma__decoder__set_quirk call site: 00106 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:62458
0 2 1 :

['wuffs_base__empty_slice_u8']

0 2 wuffs_base__slice_u8__subslice_ij call site: 00377 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:1951
0 2 1 :

['wuffs_base__empty_slice_u8']

0 2 wuffs_base__slice_u8__subslice_j call site: 00385 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:1938
0 2 1 :

['wuffs_base__empty_slice_u8']

0 2 wuffs_private_impl__io__since call site: 00129 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:18386
0 2 1 :

['wuffs_base__empty_slice_u8']

0 2 wuffs_base__slice_u8__subslice_i call site: 00272 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:1927
0 0 None 4 18 wuffs_lzma__decoder__set_quirk call site: 00103 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:62439
0 0 None 2 670 wuffs_lzma__decoder__do_transform_io call site: 00162 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:62667
0 0 None 2 670 wuffs_lzma__decoder__do_transform_io call site: 00162 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:62694
0 0 None 2 670 wuffs_lzma__decoder__do_transform_io call site: 00173 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:62790
0 0 None 2 670 wuffs_lzma__decoder__do_transform_io call site: 00183 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:62844
0 0 None 2 670 wuffs_lzma__decoder__do_transform_io call site: 00189 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:62893
0 0 None 2 670 wuffs_lzma__decoder__do_transform_io call site: 00191 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c:62923

Runtime coverage analysis

Covered functions
96
Functions that are reachable but not covered
9
Reachable functions
93
Percentage of reachable functions covered
90.32%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c 5
/src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c 82
/src/wuffs/fuzz/c/std/xz_fuzzer.c 1
/usr/local/lib/clang/18/include/cpuid.h 2

Analyses and suggestions

Optimal target analysis

Remaining optimal interesting functions

The following table shows a list of functions that are optimal targets. Optimal targets are identified by finding the functions that in combination, yield a high code coverage.

Func name Functions filename Arg count Args Function depth hitcount instr count bb count cyclomatic complexity Reachable functions Incoming references total cyclomatic complexity Unreached complexity
wuffs_png__decoder__decode_frame /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c 7 ['N/A', 'N/A', 'N/A', 'char', 'N/A', 'size_t', 'N/A'] 10 0 280 43 14 101 0 1663 586
wuffs_jpeg__decoder__decode_frame /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c 7 ['N/A', 'N/A', 'N/A', 'char', 'N/A', 'size_t', 'N/A'] 6 0 412 62 21 91 0 1342 548
wuffs_gif__decoder__decode_frame /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c 7 ['N/A', 'N/A', 'N/A', 'char', 'N/A', 'size_t', 'N/A'] 8 0 280 43 14 72 0 1102 394
wuffs_bmp__decoder__decode_frame /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c 7 ['N/A', 'N/A', 'N/A', 'char', 'N/A', 'size_t', 'N/A'] 5 0 280 43 14 60 0 1084 385
wuffs_targa__decoder__decode_frame /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c 7 ['N/A', 'N/A', 'N/A', 'char', 'N/A', 'size_t', 'N/A'] 5 0 280 43 14 43 0 853 172
wuffs_base__render_number_f64 /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c 5 ['N/A', 'size_t', 'double', 'int', 'int'] 4 0 384 52 17 19 0 150 146
wuffs_png__decoder__tell_me_more /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c 4 ['N/A', 'N/A', 'N/A', 'N/A'] 9 0 266 43 14 56 0 579 139
wuffs_base__pixel_buffer__set_color_u32_fill_rect /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c 4 ['N/A', 'size_t', 'size_t', 'int'] 3 0 261 33 7 35 0 115 74
wuffs_aux::private_impl::HandleMetadata(wuffs_aux::private_impl::ErrorMessagesconst&,wuffs_aux::sync_io::Input&,wuffs_base__io_buffer__struct&,wuffs_aux::sync_io::DynIOBuffer&,wuffs_base__status__struct(*)(void*,wuffs_base__io_buffer__struct*,wuffs_base__more_information__struct*,wuffs_base__io_buffer__struct*),void*,std::__1::basic_string ,std::__1::allocator >(*)(void*,wuffs_base__more_information__structconst*,wuffs_base__slice_u8),void*) /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c 9 ['N/A', 'N/A', 'N/A', 'N/A', 'N/A', 'N/A', 'N/A', 'N/A', 'N/A'] 4 0 472 70 10 63 0 97 68
wuffs_private_impl__high_prec_dec__parse /src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c 4 ['N/A', 'N/A', 'size_t', 'int'] 1 0 993 202 63 2 1 68 63

Implementing fuzzers that target the above functions will improve reachability such that it becomes:

Functions statically reachable by fuzzers
41.0%
470 / 1153
Cyclomatic complexity statically reachable by fuzzers
65.0%
6579 / 10085

All functions overview

If you implement fuzzers for these functions, the status of all functions in the project will be:

Func name Functions filename Args Function call depth Reached by Fuzzers Runtime reached by Fuzzers Combined reached by Fuzzers Fuzzers runtime hit Func lines hit % I Count BB Count Cyclomatic complexity Functions reached Reached by functions Accumulated cyclomatic complexity Undiscovered complexity

Fuzz engine guidance

This sections provides heuristics that can be used as input to a fuzz engine when running a given fuzz target. The current focus is on providing input that is usable by libFuzzer.

/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['fuzz', 'wuffs_bzip2__decoder__transform_io', 'llvmFuzzerTestOneInput', 'wuffs_bzip2__decoder__set_quirk', 'wuffs_bzip2__decoder__do_transform_io', 'wuffs_bzip2__decoder__decode_huffman_fast']

/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['fuzz_complex', 'llvmFuzzerTestOneInput', 'wuffs_cbor__decoder__decode_tokens', 'wuffs_base__utf_8__longest_valid_prefix']

/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['wuffs_deflate__decoder__init_huff', 'fuzz', 'wuffs_zlib__decoder__initialize', 'wuffs_zlib__decoder__do_transform_io', 'wuffs_deflate__decoder__decode_blocks', 'wuffs_deflate__decoder__decode_huffman_slow']

/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['fuzz', 'fuzz_image_decoder', 'wuffs_base__pixel_buffer__set_from_slice', 'llvmFuzzerTestOneInput']

/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['fuzz', 'fuzz_image_decoder', 'wuffs_base__pixel_buffer__set_from_slice', 'set_quirks', 'llvmFuzzerTestOneInput']

/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['wuffs_base__pixel_buffer__set_from_slice', 'fuzz_swizzle_ycck', 'wuffs_base__pixel_swizzler__swizzle_ycck', 'llvmFuzzerTestOneInput', 'fuzz_swizzle_interleaved_from_slice', 'wuffs_base__pixel_swizzler__prepare', 'wuffs_base__cpu_arch__have_x86_sse42']

/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['fuzz', 'fuzz_image_decoder', 'wuffs_base__pixel_buffer__set_from_slice', 'llvmFuzzerTestOneInput']

/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['fuzz', 'fuzz_image_decoder', 'wuffs_base__pixel_buffer__set_from_slice', 'llvmFuzzerTestOneInput']

/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['wuffs_base__parse_number_f64', 'wuffs_json__decoder__alloc', 'wuffs_json__decoder__struct::decode_tokens(wuffs_base__token_buffer__struct*, wuffs_base__io_buffer__struct*, wuffs_base__slice_u8)', 'wuffs_json__decoder__struct::set_quirk(unsigned int, unsigned long)', 'wuffs_json__decoder__decode_tokens', 'wuffs_aux::(anonymous namespace)::DecodeJson_WalkJsonPointerFragment(wuffs_base__token_buffer__struct&, wuffs_base__status__struct&, std::__1::unique_ptr&, wuffs_base__io_buffer__struct*, std::__1::basic_string, std::__1::allocator >&, unsigned long&, wuffs_aux::sync_io::Input&, std::__1::basic_string, std::__1::allocator >&)', 'wuffs_private_impl__high_prec_dec__parse(wuffs_private_impl__high_prec_dec__struct*, wuffs_base__slice_u8, unsigned int)', 'llvmFuzzerTestOneInput(unsigned char const*, unsigned long)', 'llvmFuzzerTestOneInput(unsigned char const*, unsigned long)']

/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['fuzz', 'wuffs_png__decoder__initialize', 'wuffs_zlib__decoder__initialize', 'fuzz_image_decoder', 'wuffs_base__pixel_buffer__set_from_slice']

/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['wuffs_lzma__decoder__do_transform_io', 'wuffs_xz__decoder__decode_block_header_sans_padding', 'fuzz', 'wuffs_xz__decoder__initialize', 'wuffs_xz__decoder__do_transform_io']

Runtime coverage analysis

This section shows analysis of runtime coverage data.

For futher technical details on how this section is generated, please see the Glossary .

Complex functions with low coverage

Func name Function total lines Lines covered at runtime percentage covered Reached by fuzzers
wuffs_targa__decoder__decode_frame_config 52 28 53.84% ['targa_fuzzer']
wuffs_bmp__decoder__decode_frame_config 52 28 53.84% ['bmp_fuzzer']
wuffs_jpeg__decoder__decode_frame_config 52 28 53.84% ['jpeg_fuzzer']
wuffs_base__parse_number_u64 131 58 44.27% ['json_fuzzer']
wuffs_lzma__decoder__set_quirk 46 24 52.17% ['xz_fuzzer']

Files and Directories in report

This section shows which files and directories are considered in this report. The main reason for showing this is fuzz introspector may include more code in the reasoning than is desired. This section helps identify if too many files/directories are included, e.g. third party code, which may be irrelevant for the threat model. In the event too much is included, fuzz introspector supports a configuration file that can exclude data from the report. See the following link for more information on how to create a config file: link

Files in report

Source file Reached by Covered by
[] []
/src/wuffs/fuzz/c/std/zlib_fuzzer.c ['zlib_fuzzer'] ['zlib_fuzzer']
/usr/local/lib/clang/18/include/cpuid.h ['zlib_fuzzer', 'pixel_swizzler_fuzzer', 'xz_fuzzer'] []
/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib.c ['bzip2_fuzzer', 'cbor_fuzzer', 'zlib_fuzzer', 'targa_fuzzer', 'gif_fuzzer', 'pixel_swizzler_fuzzer', 'bmp_fuzzer', 'jpeg_fuzzer', 'json_fuzzer', 'png_fuzzer', 'xz_fuzzer'] []
/usr/local/bin/../include/c++/v1/stdexcept [] []
/src/wuffs/fuzz/c/std/json_fuzzer.cc ['json_fuzzer'] ['json_fuzzer']
/src/wuffs/fuzz/c/std/pixel_swizzler_fuzzer.c ['pixel_swizzler_fuzzer'] ['pixel_swizzler_fuzzer']
/src/wuffs/fuzz/c/std/jpeg_fuzzer.c ['jpeg_fuzzer'] ['jpeg_fuzzer']
/src/wuffs/fuzz/c/std/png_fuzzer.c ['png_fuzzer'] ['png_fuzzer']
/src/wuffs/fuzz/c/std/../fuzzlib/fuzzlib_image_decoder.c ['targa_fuzzer', 'gif_fuzzer', 'bmp_fuzzer', 'jpeg_fuzzer', 'png_fuzzer'] []
/usr/local/bin/../include/c++/v1/string [] []
/src/wuffs/fuzz/c/std/xz_fuzzer.c ['xz_fuzzer'] ['xz_fuzzer']
/src/wuffs/fuzz/c/std/bmp_fuzzer.c ['bmp_fuzzer'] ['bmp_fuzzer']
/src/wuffs/fuzz/c/std/bzip2_fuzzer.c ['bzip2_fuzzer'] ['bzip2_fuzzer']
/src/wuffs/fuzz/c/std/targa_fuzzer.c ['targa_fuzzer'] ['targa_fuzzer']
/src/wuffs/fuzz/c/std/cbor_fuzzer.c ['cbor_fuzzer'] ['cbor_fuzzer']
/src/wuffs/fuzz/c/std/../../../release/c/wuffs-unsupported-snapshot.c ['bzip2_fuzzer', 'cbor_fuzzer', 'zlib_fuzzer', 'targa_fuzzer', 'gif_fuzzer', 'pixel_swizzler_fuzzer', 'bmp_fuzzer', 'jpeg_fuzzer', 'json_fuzzer', 'png_fuzzer', 'xz_fuzzer'] []
/src/wuffs/fuzz/c/std/gif_fuzzer.c ['gif_fuzzer'] ['gif_fuzzer']

Directories in report

Directory
/src/wuffs/fuzz/c/std/../../../release/c/
/src/wuffs/fuzz/c/std/
/src/wuffs/fuzz/c/std/../fuzzlib/
/usr/local/bin/../include/c++/v1/
/usr/local/lib/clang/18/include/

Metadata section

This sections shows the raw data that is used to produce this report. This is mainly used for further processing and developer debugging.

Fuzzer Calltree file Program data file Coverage file
bzip2_fuzzer fuzzerLogFile-0-Urp0Sow6Mu.data fuzzerLogFile-0-Urp0Sow6Mu.data.yaml bzip2_fuzzer.covreport
cbor_fuzzer fuzzerLogFile-0-Grfv0szpv8.data fuzzerLogFile-0-Grfv0szpv8.data.yaml cbor_fuzzer.covreport
zlib_fuzzer fuzzerLogFile-0-LpB9A3L9sh.data fuzzerLogFile-0-LpB9A3L9sh.data.yaml zlib_fuzzer.covreport
targa_fuzzer fuzzerLogFile-0-1aABYUYl4C.data fuzzerLogFile-0-1aABYUYl4C.data.yaml targa_fuzzer.covreport
gif_fuzzer fuzzerLogFile-0-psDt1ksuRx.data fuzzerLogFile-0-psDt1ksuRx.data.yaml gif_fuzzer.covreport
pixel_swizzler_fuzzer fuzzerLogFile-0-7U0rdmoi8k.data fuzzerLogFile-0-7U0rdmoi8k.data.yaml pixel_swizzler_fuzzer.covreport
bmp_fuzzer fuzzerLogFile-0-0P3ToZJ77t.data fuzzerLogFile-0-0P3ToZJ77t.data.yaml bmp_fuzzer.covreport
jpeg_fuzzer fuzzerLogFile-0-2vEbw7ObOu.data fuzzerLogFile-0-2vEbw7ObOu.data.yaml jpeg_fuzzer.covreport
json_fuzzer fuzzerLogFile-0-XMoCRw1jD1.data fuzzerLogFile-0-XMoCRw1jD1.data.yaml json_fuzzer.covreport
png_fuzzer fuzzerLogFile-0-ssA2gGmwTg.data fuzzerLogFile-0-ssA2gGmwTg.data.yaml png_fuzzer.covreport
xz_fuzzer fuzzerLogFile-0-3bNFpj75x4.data fuzzerLogFile-0-3bNFpj75x4.data.yaml xz_fuzzer.covreport