diff options
| -rw-r--r-- | sapi/fuzzer/README.md | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/sapi/fuzzer/README.md b/sapi/fuzzer/README.md index b07428f041..166be746ea 100644 --- a/sapi/fuzzer/README.md +++ b/sapi/fuzzer/README.md @@ -48,3 +48,20 @@ mkdir ./my-parser-corpus sapi/fuzzer/php-fuzz-parser -merge=1 ./my-parser-corpus sapi/fuzzer/corpus/parser sapi/fuzzer/php-fuzz-parser -only_ascii=1 ./my-parser-corpus ``` + +For the mbstring fuzzer, you may want to build the libonig dependency with instrumentation. At this time, libonig is not clean under ubsan, so only the fuzzer and address sanitizers may be used. + +```sh +mkdir libonig +pushd libonig +wget -O - https://github.com/kkos/oniguruma/releases/download/v6.9.3/onig-6.9.3.tar.gz \ + | tar -xz --strip-components=1 +./configure CC=clang CFLAGS="-fsanitize=fuzzer-no-link,address -O2 -g" +make +popd + +export ONIG_CFLAGS="-I$PWD/libonig/src" +export ONIG_LIBS="-L$PWD/libonig/src/.libs -l:libonig.a" +``` + +This will link an instrumented libonig statically into the PHP binary. |