1 /*
2 +----------------------------------------------------------------------+
3 | Copyright (c) The PHP Group |
4 +----------------------------------------------------------------------+
5 | This source file is subject to version 3.01 of the PHP license, |
6 | that is bundled with this package in the file LICENSE, and is |
7 | available through the world-wide-web at the following url: |
8 | https://www.php.net/license/3_01.txt |
9 | If you did not receive a copy of the PHP license and are unable to |
10 | obtain it through the world-wide-web, please send a note to |
11 | license@php.net so we can mail you a copy immediately. |
12 +----------------------------------------------------------------------+
13 | Authors: Stanislav Malyshev <stas@php.net> |
14 +----------------------------------------------------------------------+
15 */
16
17 #include "fuzzer.h"
18
19 #include "Zend/zend.h"
20 #include "main/php_config.h"
21 #include "main/php_main.h"
22 #include "ext/standard/php_var.h"
23
24 #include <stdio.h>
25 #include <stdint.h>
26 #include <stdlib.h>
27 #include <sys/types.h>
28 #include <sys/stat.h>
29 #include <fcntl.h>
30
31 #include "fuzzer-sapi.h"
32
LLVMFuzzerTestOneInput(const uint8_t * Data,size_t Size)33 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
34 #if HAVE_EXIF
35 php_stream *stream;
36 zval stream_zv;
37
38 if (Size > 256 * 1024) {
39 /* Large inputs have a large impact on fuzzer performance,
40 * but are unlikely to be necessary to reach new codepaths. */
41 return 0;
42 }
43
44 if (fuzzer_request_startup() == FAILURE) {
45 return 0;
46 }
47
48 stream = php_stream_memory_create(TEMP_STREAM_DEFAULT);
49 php_stream_write(stream, (const char *) Data, Size);
50 php_stream_to_zval(stream, &stream_zv);
51
52 fuzzer_call_php_func_zval("exif_read_data", 1, &stream_zv);
53
54 zval_ptr_dtor(&stream_zv);
55
56 /* cleanup */
57 php_request_shutdown(NULL);
58
59 return 0;
60 #else
61 fprintf(stderr, "\n\nERROR:\nPHP built without EXIF, recompile with --enable-exif to use this fuzzer\n");
62 exit(1);
63 #endif
64 }
65
LLVMFuzzerInitialize(int * argc,char *** argv)66 int LLVMFuzzerInitialize(int *argc, char ***argv) {
67 fuzzer_init_php(NULL);
68
69 /* fuzzer_shutdown_php(); */
70 return 0;
71 }
72
73
