diff options
| -rw-r--r-- | sapi/fuzzer/README.md | 3 | ||||
| -rw-r--r-- | sapi/fuzzer/fuzzer-sapi.c | 2 | ||||
| -rw-r--r-- | sapi/fuzzer/generate_all.php | 1 |
3 files changed, 5 insertions, 1 deletions
diff --git a/sapi/fuzzer/README.md b/sapi/fuzzer/README.md index 710a10f053..f79baa6c00 100644 --- a/sapi/fuzzer/README.md +++ b/sapi/fuzzer/README.md @@ -25,7 +25,8 @@ When running `make` it creates these binaries in `sapi/fuzzer/`: * `php-fuzz-unserializehash`: Fuzzing unserialize() for HashContext objects * `php-fuzz-json`: Fuzzing JSON parser (requires --enable-json) * `php-fuzz-exif`: Fuzzing `exif_read_data()` function (requires --enable-exif) -* `php-fuzz-mbstring`: fuzzing `mb_ereg[i]()` (requires --enable-mbstring) +* `php-fuzz-mbstring`: Fuzzing `mb_ereg[i]()` (requires --enable-mbstring) +* `php-fuzz-execute`: Fuzzing the executor Some fuzzers have a seed corpus in `sapi/fuzzer/corpus`. You can use it as follows: diff --git a/sapi/fuzzer/fuzzer-sapi.c b/sapi/fuzzer/fuzzer-sapi.c index ff81073744..93d7d09e6e 100644 --- a/sapi/fuzzer/fuzzer-sapi.c +++ b/sapi/fuzzer/fuzzer-sapi.c @@ -50,6 +50,8 @@ const char HARDCODED_INI[] = ",chgrp,chmod,chown,copy,file_put_contents,lchgrp,lchown,link,mkdir" ",move_uploaded_file,rename,rmdir,symlink,tempname,touch,unlink,fopen" ",fsockopen,stream_socket_pair,stream_socket_client" + /* crypt() can be very slow. */ + ",crypt" /* openlog() has a known memory-management issue. */ ",openlog" ; diff --git a/sapi/fuzzer/generate_all.php b/sapi/fuzzer/generate_all.php index eef2ddf243..589781b004 100644 --- a/sapi/fuzzer/generate_all.php +++ b/sapi/fuzzer/generate_all.php @@ -2,3 +2,4 @@ require __DIR__ . '/generate_unserialize_dict.php'; require __DIR__ . '/generate_unserializehash_corpus.php'; require __DIR__ . '/generate_parser_corpus.php'; +require __DIR__ . '/generate_execute_corpus.php'; |