summaryrefslogtreecommitdiff
path: root/sapi/fuzzer/fuzzer-parser.c
diff options
context:
space:
mode:
authorNikita Popov <nikita.ppv@gmail.com>2019-09-13 15:15:46 +0200
committerNikita Popov <nikita.ppv@gmail.com>2019-09-16 16:04:10 +0200
commitc4e2ca607f49d37564aaf34f5a48c5e59aca12a6 (patch)
tree9efd9c787f0f37f77e9da6d8dac1dfdb275ec4af /sapi/fuzzer/fuzzer-parser.c
parent41f45647f90a44514fd18b16fdcec5cceebf1635 (diff)
downloadphp-git-c4e2ca607f49d37564aaf34f5a48c5e59aca12a6.tar.gz
Various improvements to fuzzer SAPIs
Diffstat (limited to 'sapi/fuzzer/fuzzer-parser.c')
-rw-r--r--sapi/fuzzer/fuzzer-parser.c42
1 files changed, 6 insertions, 36 deletions
diff --git a/sapi/fuzzer/fuzzer-parser.c b/sapi/fuzzer/fuzzer-parser.c
index eb1e03b6e8..ac2a1a8f2b 100644
--- a/sapi/fuzzer/fuzzer-parser.c
+++ b/sapi/fuzzer/fuzzer-parser.c
@@ -23,56 +23,26 @@
#include <ext/standard/info.h>
#include <ext/standard/php_var.h>
#include <main/php_variables.h>
-#ifdef JO0
-#include <ext/standard/php_smart_str.h>
-#endif
#include "fuzzer.h"
-
#include "fuzzer-sapi.h"
-int fuzzer_do_parse(zend_file_handle *file_handle, char *filename)
-{
- int retval = FAILURE; /* failure by default */
-
- SG(options) |= SAPI_OPTION_NO_CHDIR;
- SG(request_info).argc=0;
- SG(request_info).argv=NULL;
-
- if (php_request_startup(TSRMLS_C)==FAILURE) {
- php_module_shutdown(TSRMLS_C);
- return FAILURE;
- }
-
- SG(headers_sent) = 1;
- SG(request_info).no_headers = 1;
- php_register_variable("PHP_SELF", filename, NULL TSRMLS_CC);
-
- zend_first_try {
- zend_compile_file(file_handle, ZEND_REQUIRE);
- //retval = php_execute_script(file_handle TSRMLS_CC);
- } zend_end_try();
-
- php_request_shutdown((void *) 0);
-
- return (retval == SUCCESS) ? SUCCESS : FAILURE;
-}
-
-int fuzzer_do_request_d(char *filename, char *data, size_t data_len);
-
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
char *s = malloc(Size+1);
memcpy(s, Data, Size);
s[Size] = '\0';
- fuzzer_do_request_d("fuzzer.php", Data, Size);
- //fuzzer_do_parse(&file_handle, "fuzzer.php");
+ fuzzer_do_request_from_buffer("fuzzer.php", s, Size);
- free(s);
+ /* Do not free s: fuzzer_do_request_from_buffer() takes ownership of the allocation. */
return 0;
}
int LLVMFuzzerInitialize(int *argc, char ***argv) {
+ /* Compilation will often trigger fatal errors.
+ * Use tracked allocation mode to avoid leaks in that case. */
+ putenv("USE_TRACKED_ALLOC=1");
+
fuzzer_init_php();
/* fuzzer_shutdown_php(); */
View Lorry Controller Status