xref: /PHP-8.0/sapi/fuzzer/config.m4 (revision c29838c5)
1AC_MSG_CHECKING(for clang fuzzer SAPI)
2
3PHP_ARG_ENABLE([fuzzer],,
4  [AS_HELP_STRING([--enable-fuzzer],
5    [Build PHP as clang fuzzing test module (for developers)])],
6  [no],
7  [no])
8
9PHP_ARG_ENABLE([fuzzer-msan],,
10  [AS_HELP_STRING([--enable-fuzzer-msan],
11    [Enable msan instead of asan/ubsan when fuzzing])],
12  [no],
13  [no])
14
15dnl For newer clang versions see https://llvm.org/docs/LibFuzzer.html#fuzzer-usage
16dnl for relevant flags.
17
18dnl Macro to define fuzzing target
19dnl PHP_FUZZER_TARGET(name, target-var)
20dnl
21AC_DEFUN([PHP_FUZZER_TARGET], [
22  PHP_FUZZER_BINARIES="$PHP_FUZZER_BINARIES $SAPI_FUZZER_PATH/php-fuzz-$1"
23  PHP_SUBST($2)
24  PHP_ADD_SOURCES_X([sapi/fuzzer],[fuzzer-$1.c],[],$2)
25  $2="[$]$2 $FUZZER_COMMON_OBJS"
26])
27
28if test "$PHP_FUZZER" != "no"; then
29  AC_MSG_RESULT([yes])
30  dnl Don't use PHP_REQUIRE_CXX() to avoid unnecessarily pulling in -lstdc++
31  AC_PROG_CXX
32  AC_PROG_CXXCPP
33  PHP_ADD_MAKEFILE_FRAGMENT($abs_srcdir/sapi/fuzzer/Makefile.frag)
34  SAPI_FUZZER_PATH=sapi/fuzzer
35  PHP_SUBST(SAPI_FUZZER_PATH)
36  if test -z "$LIB_FUZZING_ENGINE"; then
37    FUZZING_LIB="-fsanitize=fuzzer"
38    FUZZING_CC="$CC"
39    AX_CHECK_COMPILE_FLAG([-fsanitize=fuzzer-no-link], [
40      CFLAGS="$CFLAGS -fsanitize=fuzzer-no-link"
41      CXXFLAGS="$CXXFLAGS -fsanitize=fuzzer-no-link"
42
43      if test "$PHP_FUZZER_MSAN" = "yes"; then
44        CFLAGS="$CFLAGS -fsanitize=memory -fsanitize-memory-track-origins"
45        CXXFLAGS="$CXXFLAGS -fsanitize=memory -fsanitize-memory-track-origins"
46      else
47        CFLAGS="$CFLAGS -fsanitize=address"
48        CXXFLAGS="$CXXFLAGS -fsanitize=address"
49
50        dnl Don't include -fundefined in CXXFLAGS, because that would also require linking
51        dnl with a C++ compiler.
52        dnl Disable object-size sanitizer, because it is incompatible with our zend_function
53        dnl union, and this can't be easily fixed.
54        dnl We need to specify -fno-sanitize-recover=undefined here, otherwise ubsan warnings
55        dnl will not be considered failures by the fuzzer.
56        CFLAGS="$CFLAGS -fsanitize=undefined -fno-sanitize=object-size -fno-sanitize-recover=undefined"
57      fi
58    ],[
59      AC_MSG_ERROR(Compiler doesn't support -fsanitize=fuzzer-no-link)
60    ])
61  else
62    FUZZING_LIB="$LIB_FUZZING_ENGINE"
63    FUZZING_CC="$CXX -stdlib=libc++"
64  fi
65  PHP_SUBST(FUZZING_LIB)
66  PHP_SUBST(FUZZING_CC)
67
68  dnl PHP_SELECT_SAPI(fuzzer-parser, program, $FUZZER_SOURCES, , '$(SAPI_FUZZER_PATH)')
69
70  PHP_ADD_BUILD_DIR([sapi/fuzzer])
71  PHP_FUZZER_BINARIES=""
72  PHP_BINARIES="$PHP_BINARIES fuzzer"
73  PHP_INSTALLED_SAPIS="$PHP_INSTALLED_SAPIS fuzzer"
74
75  PHP_ADD_SOURCES_X([sapi/fuzzer], [fuzzer-sapi.c], [], FUZZER_COMMON_OBJS)
76
77  PHP_FUZZER_TARGET([parser], PHP_FUZZER_PARSER_OBJS)
78  PHP_FUZZER_TARGET([execute], PHP_FUZZER_EXECUTE_OBJS)
79  PHP_FUZZER_TARGET([unserialize], PHP_FUZZER_UNSERIALIZE_OBJS)
80  PHP_FUZZER_TARGET([unserializehash], PHP_FUZZER_UNSERIALIZEHASH_OBJS)
81  PHP_FUZZER_TARGET([json], PHP_FUZZER_JSON_OBJS)
82
83  if test -n "$enable_exif" && test "$enable_exif" != "no"; then
84    PHP_FUZZER_TARGET([exif], PHP_FUZZER_EXIF_OBJS)
85  fi
86  if test -n "$enable_mbstring" && test "$enable_mbstring" != "no"; then
87    PHP_FUZZER_TARGET([mbstring], PHP_FUZZER_MBSTRING_OBJS)
88  fi
89
90  PHP_SUBST(PHP_FUZZER_BINARIES)
91fi
92
93AC_MSG_RESULT($PHP_FUZZER)
94