More radare 2 (6/?): functions call graph

I'm investigating on a CVE concerning a well known library that
is part of our dependency tree at $dayjob.

Anything calling the vulnerable function is to be considered
vulnerable, so I wanted to obtain a call graph of the function.
An IDE would probably be able to figure that out for me, but I
don't use one.  On the other hand I'm learning Radare2 these
days, so why not using it?

Visualize global call graph: agC
    ag supports a number of graph visualization options.
    graphviz dot visualized from within r2:
        [...]> agCd | xdot -
    same but from shell:
        $ r2 -Aqc agCd ./package/usr/lib/lib....so | xdot -

Visualize xref graph: agx @ addr
    The displayed xrefs are addresses because r2 will not list
    the name of the calling function, but the address of the
    calling site within functions.
    This is not very useful for our needs, so the global call
    graph mentioned above is more practical.

While figuring out the call graph from the source code might be
more natural, the binary analysis approach has the advantage of
taking in account the compile-time configuration.
This is effective In many software packages such as Busybox,
U-Boot, Linux (kernel) and mbedTLS many features can be disabled
in the build system.