1 /*
2 +----------------------------------------------------------------------+
3 | Copyright (c) The PHP Group |
4 +----------------------------------------------------------------------+
5 | This source file is subject to version 3.01 of the PHP license, |
6 | that is bundled with this package in the file LICENSE, and is |
7 | available through the world-wide-web at the following url: |
8 | https://www.php.net/license/3_01.txt |
9 | If you did not receive a copy of the PHP license and are unable to |
10 | obtain it through the world-wide-web, please send a note to |
11 | license@php.net so we can mail you a copy immediately. |
12 +----------------------------------------------------------------------+
13 | Authors: Johannes Schlüter <johanes@php.net> |
14 +----------------------------------------------------------------------+
15 */
16
17
18 #include "fuzzer.h"
19
20 #include "Zend/zend.h"
21 #include "main/php_config.h"
22 #include "main/php_main.h"
23
24 #include <stdio.h>
25 #include <stdint.h>
26 #include <stdlib.h>
27
28 #include "fuzzer-sapi.h"
29
30 #include "ext/standard/php_var.h"
31
LLVMFuzzerTestOneInput(const uint8_t * Data,size_t Size)32 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
33 unsigned char *orig_data = malloc(Size+1);
34 memcpy(orig_data, Data, Size);
35 orig_data[Size] = '\0';
36
37 if (fuzzer_request_startup() == FAILURE) {
38 return 0;
39 }
40
41 fuzzer_setup_dummy_frame();
42
43 {
44 const unsigned char *data = orig_data;
45 zval result;
46 ZVAL_UNDEF(&result);
47
48 php_unserialize_data_t var_hash;
49 PHP_VAR_UNSERIALIZE_INIT(var_hash);
50 php_var_unserialize(&result, (const unsigned char **) &data, data + Size, &var_hash);
51 PHP_VAR_UNSERIALIZE_DESTROY(var_hash);
52
53 zval_ptr_dtor(&result);
54 }
55
56 free(orig_data);
57
58 fuzzer_request_shutdown();
59 return 0;
60 }
61
LLVMFuzzerInitialize(int * argc,char *** argv)62 int LLVMFuzzerInitialize(int *argc, char ***argv) {
63 fuzzer_init_php(NULL);
64
65 /* fuzzer_shutdown_php(); */
66 return 0;
67 }
68
