summaryrefslogtreecommitdiff
path: root/sapi/fuzzer
Commit message (Collapse)AuthorAgeFilesLines
* Free static variables in execute fuzzerNikita Popov2021-03-261-0/+1
| | | | Fixes a leak in the seed corpus.
* Change Zend Stream API to use zend_string* instead of char*.Dmitry Stogov2021-03-161-0/+2
| | | | | This allows to eliminate re-calculation of string lenght and hash value. See the detailed list of changes in UPGRADING.INTERNALS.
* Replace zend_bool uses with boolNikita Popov2021-01-152-2/+2
| | | | | | | We're starting to see a mix between uses of zend_bool and bool. Replace all usages with the standard bool type everywhere. Of course, zend_bool is retained as an alias.
* Fuzzer: Gracefully handle hashes that cannot be serializedNikita Popov2021-01-111-1/+7
|
* Add additional entries to unserialize corpusNikita Popov2020-11-303-0/+3
| | | | These are useful to seed typed property fuzzing.
* Fix mbstring fuzzerNikita Popov2020-09-111-1/+3
| | | | | mb_ereg can throw now, so we need a dummy frame and need to free the exception afterwards.
* Reduce input size limit in execute fuzzerNikita Popov2020-09-072-2/+2
| | | | | We only have 4 Zend test cases > 8k. Large inputs tend to just make things slower.
* Avoid large eval inputs in fuzzerNikita Popov2020-09-071-2/+17
| | | | | | While we limit the size of the main compilation input, the size of eval inputs was not limited. This could result in stack overflows, e.g. oss-fuzz #25464.
* Disable InfiniteIterator class while fuzzingNikita Popov2020-09-041-0/+2
| | | | | The combination of LimitIterator and InfiniteIterator can cause effectively infinite loops that bypass the executor step limit.
* Extend function blacklist in execute fuzzerNikita Popov2020-09-021-1/+3
| | | | Add pfsockopen and stream_socket_server.
* Fix execute fuzzer on i386Nikita Popov2020-08-281-1/+5
| | | | Opcode handlers use the FASTCALL calling convention...
* Fix typoNikita Popov2020-08-271-1/+1
| | | | This was supposed to include the header, not the C file...
* Generate execute corpus in generate_all.phpNikita Popov2020-08-273-1/+5
| | | | And add crypt() to the function blacklist, it can be very slow.
* Add experimental "execute" fuzzerNikita Popov2020-08-277-58/+160
| | | | | | | This is an end-to-end fuzzer that executes arbitrary PHP code. We replace the executor with a finite-step executor to avoid getting stuck in loops or recursion.
* Extract some common fuzzer codeNikita Popov2020-06-305-53/+45
|
* Add unserializehash fuzzer.Eddie Kohler2020-06-305-0/+127
| | | | | | | Unlike the straight unserialize fuzzer, this runs only on HashContexts, and it does an update and finalize on the contexts it creates. Co-authored-by: Nikita Popov <nikic@php.net>
* Update fuzzer readmeNikita Popov2020-06-121-1/+2
| | | | | Drop --enable-json flag and make it more obvious that clang needs to be used.
* Constify char * arguments of APIstwosee2020-06-081-1/+1
| | | | Closes GH-5676.
* Remove json checks in fuzzer SAPINikita Popov2020-05-292-12/+1
| | | | JSON is now always enabled
* Create memory stream in exif fuzzerNikita Popov2020-02-191-1/+1
| | | | | | At least one segfault observed because temp file creation failed. Switch to using a memory stream, which should be more robust, and more efficient for that matter.
* Fix #78880: Spelling error reportChristoph M. Becker2019-12-211-1/+1
| | | | | | | We fix the most often occuring typos according to a recent codespell report[1] in tests, code comments and documentation. [1] <https://fossies.org/linux/test/php-src-master-f8f48ce.191129.tar.gz/codespell.html>.
* Further reduce parse depth limit in mbstring fuzzerNikita Popov2019-12-141-1/+1
| | | | | Depth limit of 1024 still causes optimize_node stack overflows when running under asan.
* Limit parse depth in mbstring fuzzerNikita Popov2019-12-131-0/+4
| | | | | The default depth of 4096 is large enough to cause optimize_node stack overflows under asan. Reduce to 1024.
* Reduce size limit in parser fuzzerNikita Popov2019-11-072-1/+3
| | | | | Avoid stack overflows during compilation of deeply nested expressions.
* Reduce oniguruma retry limit in fuzzerNikita Popov2019-11-021-2/+2
| | | | | | | | | For some patterns matching may take quite long even at retry limit 100000 and it seems that this is not easy to fix on the oniguruma side. Reduce the retry limit by another factor of 10 in hope of reducing timeouts.
* Use php stream in exif fuzzerNikita Popov2019-10-101-9/+8
| | | | | | This has the main benefit that we don't go through the realpath cache, which will cause leak checking to be disabled.
* Reduce oniguruma limits in fuzzing sapiNikita Popov2019-10-081-1/+4
| | | | | | The defaults are fairly conservative and may still take quite a bit to match a single expression. Reduce them by a factor of 10x to speed up fuzzing.
* Fix regex in generate_parser_corpus.phpFabien Villepinte2019-10-021-1/+1
| | | | | | | The next section after --FILE-- is not necessarily --EXPECT--. Accept any section. Closes GH-4770.
* Limit input size in exif fuzzerNikita Popov2019-10-011-0/+6
| | | | Probably still too much...
* Add --enable-fuzzer-msan flagNikita Popov2019-10-011-9/+25
| | | | To build fuzzers with memory sanitizer.
* Pass mode to open() in exif fuzzerNikita Popov2019-09-301-1/+1
| | | | | Funny how despite all those sanitizers running, nothing ever caught this...
* Make fuzzing sapi i386 compatibleNikita Popov2019-09-271-2/+4
| | | | | | * Avoid an unnecessary -lstdc++ dependency. It's not going to be used in the end anyway, and is an unnecessary hassle to set up. * Use $LIB_FUZZING_ENGINE instead of hardcoding -lFuzzingEngine.
* Limit max length for parser fuzzerNikita Popov2019-09-262-2/+8
| | | | | | | | | We're getting some very large inputs (~500KB) on OSS-Fuzz, which slot down performance a lot. Let's try limiting this, starting with a still fairly large value of 64KB. Also remove the max_execution_time limit, so that slow test cases cause a genuine libfuzzer timeout and we may investigate them.
* Remove mention of PHP major version in Copyright headersGabriel Caruso2019-09-258-16/+0
| | | | Closes GH-4732.
* Add new entries for exif and unserialize fuzzing corpusNikita Popov2019-09-249-0/+5
|
* Change instructions to use oniguruma from gitNikita Popov2019-09-181-6/+5
| | | | | | Some bugs are already fixed there. [ci skip]
* Add instructions for building an instrumented libonigNikita Popov2019-09-181-0/+17
| | | | [ci skip]
* Move scripts out of corpus/ directoryNikita Popov2019-09-164-6/+6
|
* Various improvements to fuzzer SAPIsNikita Popov2019-09-1624-100/+308
|
* Add fuzzer SAPIs to the coreStanislav Malyshev2019-09-16123-0/+936
View Lorry Controller Status