Open bshastry opened 5 years ago
What are the following functions not covered? What can we do to cover them?
DGifGetPixel()
DGifExtensionToGCB()
DGifSavedExtensionToGCB()
DGifGetCode()
DGifGetLZCodes()
and these functions in gifalloc.c
GifUnionColorMap
GifApplyTranslation
FreeLastSavedImage
GifMakeSavedImage
Why is the following code segment uncovered? What can we do to cover it?
1187 | 8 | if (GifFile->ExtensionBlocks) {
-- | -- | --
1188 | 0 | sp->ExtensionBlocks = GifFile->ExtensionBlocks;
1189 | 0 | sp->ExtensionBlockCount = GifFile->ExtensionBlockCount;
1190 | 0 |
1191 | 0 | GifFile->ExtensionBlocks = NULL;
1192 | 0 | GifFile->ExtensionBlockCount = 0;
1193 | 0 | }
Regarding file opening: Current non proto fuzzer also misses file opening functions, since it passes the data directly to gif now.
I could spot the following differences (lines covered by nonproto by not covered by proto)
211 | 143 | if (strncmp(GIF_STAMP, Buf, GIF_VERSION_POS) != 0) {
-- | -- | --
212 | 1 | if (Error != NULL)
213 | 1 | *Error = D_GIF_ERR_NOT_GIF_FILE;
214 | 1 | free((char *)Private);
215 | 1 | free((char *)GifFile);
216 | 1 | return NULL;
217 | 1 | }
The reason this is not covered by proto is that we always write the correct header.
if (InternalRead(GifFile, Buf, 3) != 3) {
--
259 | 1 | GifFile->Error = D_GIF_ERR_READ_FAILED;
260 | 1 | GifFreeMapObject(GifFile->SColorMap);
261 | 1 | GifFile->SColorMap = NULL;
262 | 1 | return GIF_ERROR;
263 | 1 | }
The reason we don't cover this is because we always have sufficient header data.
/* Setup the colormap */
--
384 | 288 | if (GifFile->Image.ColorMap) {
385 | 6 | GifFreeMapObject(GifFile->Image.ColorMap);
386 | 6 | GifFile->Image.ColorMap = NULL;
387 | 6 | }
Not sure why we don't cover this.
575 | 331 | if (InternalRead(GifFile, &Buf, 1) != 1) {
-- | -- | --
576 | 1 | GifFile->Error = D_GIF_ERR_READ_FAILED;
577 | 1 | return GIF_ERROR;
578 | 1 | }
I think this has to do with insufficient extension data.
1187 | 8 | if (GifFile->ExtensionBlocks) {
-- | -- | --
1188 | 0 | sp->ExtensionBlocks = GifFile->ExtensionBlocks;
1189 | 0 | sp->ExtensionBlockCount = GifFile->ExtensionBlockCount;
1190 | 0 |
1191 | 0 | GifFile->ExtensionBlocks = NULL;
1192 | 0 | GifFile->ExtensionBlockCount = 0;
1193 | 0 | }
Dunno why not.
After the m_hasLCT
reset (bug fix), we now cover
383 | 226 | /* Setup the colormap */
-- | -- | --
384 | 226 | if (GifFile->Image.ColorMap) {
385 | 6 | GifFreeMapObject(GifFile->Image.ColorMap);
386 | 6 | GifFile->Image.ColorMap = NULL;
387 | 6 | }
And we now also cover
81 | if (GifFile->ExtensionBlocks) {
-- | --
1188 | 11 | sp->ExtensionBlocks = GifFile->ExtensionBlocks;
1189 | 11 | sp->ExtensionBlockCount = GifFile->ExtensionBlockCount;
1190 | 11 |
1191 | 11 | GifFile->ExtensionBlocks = NULL;
1192 | 11 | GifFile->ExtensionBlockCount = 0;
1193 | 11 | }
Why are the following source files in libgif.a not covered
Easy to add functions from gif_font.c
for the harness
GifDrawBox
GifDrawRectangle
GifDrawBoxedText8x8
GifDrawText8x8
This requires qualitative analysis of coverage data.
Which source lines of code are not covered by proto in comparison to nonproto fuzzer? Why?
What can we do to improve proto coverage?