xref: /PHP-8.4/sapi/fuzzer/fuzzer-json.c (revision 11accb5c)
1 /*
2    +----------------------------------------------------------------------+
3    | Copyright (c) The PHP Group                                          |
4    +----------------------------------------------------------------------+
5    | This source file is subject to version 3.01 of the PHP license,      |
6    | that is bundled with this package in the file LICENSE, and is        |
7    | available through the world-wide-web at the following url:           |
8    | https://www.php.net/license/3_01.txt                                 |
9    | If you did not receive a copy of the PHP license and are unable to   |
10    | obtain it through the world-wide-web, please send a note to          |
11    | license@php.net so we can mail you a copy immediately.               |
12    +----------------------------------------------------------------------+
13    | Authors: Johannes Schlüter <johanes@php.net>                         |
14    |          Stanislav Malyshev <stas@php.net>                           |
15    +----------------------------------------------------------------------+
16  */
17 
18 
19 
20 #include "fuzzer.h"
21 
22 #include "Zend/zend.h"
23 #include <main/php_config.h>
24 #include "main/php_main.h"
25 
26 #include <stdio.h>
27 #include <stdint.h>
28 #include <stdlib.h>
29 
30 #include "fuzzer-sapi.h"
31 #include "ext/json/php_json_parser.h"
32 
LLVMFuzzerTestOneInput(const uint8_t * Data,size_t Size)33 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
34 	char *data = malloc(Size+1);
35 	memcpy(data, Data, Size);
36 	data[Size] = '\0';
37 
38 	if (fuzzer_request_startup() == FAILURE) {
39 		return 0;
40 	}
41 
42 	for (int option = 0; option <=1; ++option) {
43 		zval result;
44 		php_json_parser parser;
45 		php_json_parser_init(&parser, &result, data, Size, option, 10);
46 		if (php_json_yyparse(&parser) == SUCCESS) {
47 			zval_ptr_dtor(&result);
48 		}
49 	}
50 
51 	php_request_shutdown(NULL);
52 
53 	free(data);
54 	return 0;
55 }
56 
LLVMFuzzerInitialize(int * argc,char *** argv)57 int LLVMFuzzerInitialize(int *argc, char ***argv) {
58 	fuzzer_init_php(NULL);
59 
60 	/* fuzzer_shutdown_php(); */
61 	return 0;
62 }
63