xref: /php-src/sapi/fuzzer/fuzzer-mbregex.c (revision 11accb5c)
1 /*
2    +----------------------------------------------------------------------+
3    | Copyright (c) The PHP Group                                          |
4    +----------------------------------------------------------------------+
5    | This source file is subject to version 3.01 of the PHP license,      |
6    | that is bundled with this package in the file LICENSE, and is        |
7    | available through the world-wide-web at the following url:           |
8    | https://www.php.net/license/3_01.txt                                 |
9    | If you did not receive a copy of the PHP license and are unable to   |
10    | obtain it through the world-wide-web, please send a note to          |
11    | license@php.net so we can mail you a copy immediately.               |
12    +----------------------------------------------------------------------+
13    | Authors: Stanislav Malyshev <stas@php.net>                           |
14    +----------------------------------------------------------------------+
15  */
16 
17 
18 #include "fuzzer.h"
19 
20 #include "Zend/zend.h"
21 #include <main/php_config.h>
22 #include "main/php_main.h"
23 #include "oniguruma.h"
24 
25 #include <stdio.h>
26 #include <stdint.h>
27 #include <stdlib.h>
28 
29 #include "fuzzer-sapi.h"
30 
LLVMFuzzerTestOneInput(const uint8_t * Data,size_t Size)31 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
32 #ifdef HAVE_MBREGEX
33 	char *args[2];
34 	char *data = malloc(Size+1);
35 	memcpy(data, Data, Size);
36 	data[Size] = '\0';
37 
38 	if (fuzzer_request_startup() == FAILURE) {
39 		return 0;
40 	}
41 
42 	fuzzer_setup_dummy_frame();
43 
44 	args[0] = data;
45 	args[1] = "test123";
46 	fuzzer_call_php_func("mb_ereg", 2, args);
47 
48 	args[0] = data;
49 	args[1] = "test123";
50 	fuzzer_call_php_func("mb_eregi", 2, args);
51 
52 	args[0] = data;
53 	args[1] = data;
54 	fuzzer_call_php_func("mb_ereg", 2, args);
55 
56 	args[0] = data;
57 	args[1] = data;
58 	fuzzer_call_php_func("mb_eregi", 2, args);
59 
60 	fuzzer_request_shutdown();
61 
62 	free(data);
63 #else
64 	fprintf(stderr, "\n\nERROR:\nPHP built without mbstring, recompile with --enable-mbstring to use this fuzzer\n");
65 	exit(1);
66 #endif
67 	return 0;
68 }
69 
LLVMFuzzerInitialize(int * argc,char *** argv)70 int LLVMFuzzerInitialize(int *argc, char ***argv) {
71 	fuzzer_init_php(NULL);
72 
73 	/* The default parse depth limit allows stack overflows under asan. */
74 	onig_set_parse_depth_limit(512);
75 
76 	/* fuzzer_shutdown_php(); */
77 	return 0;
78 }
79