diff options
author | Nikita Popov <nikita.ppv@gmail.com> | 2019-09-13 15:15:46 +0200 |
---|---|---|
committer | Nikita Popov <nikita.ppv@gmail.com> | 2019-09-16 16:04:10 +0200 |
commit | c4e2ca607f49d37564aaf34f5a48c5e59aca12a6 (patch) | |
tree | 9efd9c787f0f37f77e9da6d8dac1dfdb275ec4af /sapi/fuzzer/fuzzer-parser.c | |
parent | 41f45647f90a44514fd18b16fdcec5cceebf1635 (diff) | |
download | php-git-c4e2ca607f49d37564aaf34f5a48c5e59aca12a6.tar.gz |
Various improvements to fuzzer SAPIs
Diffstat (limited to 'sapi/fuzzer/fuzzer-parser.c')
-rw-r--r-- | sapi/fuzzer/fuzzer-parser.c | 42 |
1 files changed, 6 insertions, 36 deletions
diff --git a/sapi/fuzzer/fuzzer-parser.c b/sapi/fuzzer/fuzzer-parser.c index eb1e03b6e8..ac2a1a8f2b 100644 --- a/sapi/fuzzer/fuzzer-parser.c +++ b/sapi/fuzzer/fuzzer-parser.c @@ -23,56 +23,26 @@ #include <ext/standard/info.h> #include <ext/standard/php_var.h> #include <main/php_variables.h> -#ifdef JO0 -#include <ext/standard/php_smart_str.h> -#endif #include "fuzzer.h" - #include "fuzzer-sapi.h" -int fuzzer_do_parse(zend_file_handle *file_handle, char *filename) -{ - int retval = FAILURE; /* failure by default */ - - SG(options) |= SAPI_OPTION_NO_CHDIR; - SG(request_info).argc=0; - SG(request_info).argv=NULL; - - if (php_request_startup(TSRMLS_C)==FAILURE) { - php_module_shutdown(TSRMLS_C); - return FAILURE; - } - - SG(headers_sent) = 1; - SG(request_info).no_headers = 1; - php_register_variable("PHP_SELF", filename, NULL TSRMLS_CC); - - zend_first_try { - zend_compile_file(file_handle, ZEND_REQUIRE); - //retval = php_execute_script(file_handle TSRMLS_CC); - } zend_end_try(); - - php_request_shutdown((void *) 0); - - return (retval == SUCCESS) ? SUCCESS : FAILURE; -} - -int fuzzer_do_request_d(char *filename, char *data, size_t data_len); - int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { char *s = malloc(Size+1); memcpy(s, Data, Size); s[Size] = '\0'; - fuzzer_do_request_d("fuzzer.php", Data, Size); - //fuzzer_do_parse(&file_handle, "fuzzer.php"); + fuzzer_do_request_from_buffer("fuzzer.php", s, Size); - free(s); + /* Do not free s: fuzzer_do_request_from_buffer() takes ownership of the allocation. */ return 0; } int LLVMFuzzerInitialize(int *argc, char ***argv) { + /* Compilation will often trigger fatal errors. + * Use tracked allocation mode to avoid leaks in that case. */ + putenv("USE_TRACKED_ALLOC=1"); + fuzzer_init_php(); /* fuzzer_shutdown_php(); */ |