Coverage Report

Created: 2026-06-02 06:40

next uncovered line (L), next uncovered region (R), next uncovered branch (B)
/src/php-src/sapi/fuzzer/fuzzer-function-jit.c
Line
Count
Source
1
/*
2
   +----------------------------------------------------------------------+
3
   | Copyright © The PHP Group and Contributors.                          |
4
   +----------------------------------------------------------------------+
5
   | This source file is subject to the Modified BSD License that is      |
6
   | bundled with this package in the file LICENSE, and is available      |
7
   | through the World Wide Web at <https://www.php.net/license/>.        |
8
   |                                                                      |
9
   | SPDX-License-Identifier: BSD-3-Clause                                |
10
   +----------------------------------------------------------------------+
11
   | Authors: Nikita Popov <nikic@php.net>                                |
12
   +----------------------------------------------------------------------+
13
 */
14
15
#include "fuzzer-execute-common.h"
16
17
16.0k
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
18
16.0k
  if (Size > MAX_SIZE) {
19
    /* Large inputs have a large impact on fuzzer performance,
20
     * but are unlikely to be necessary to reach new codepaths. */
21
2
    return 0;
22
2
  }
23
24
16.0k
  zend_string *jit_option = ZSTR_INIT_LITERAL("opcache.jit", 1);
25
26
  /* First run without JIT to determine whether we bail out. We should not run JITed code if
27
   * we bail out here, as the JIT code may loop infinitely. */
28
16.0k
  steps_left = MAX_STEPS;
29
16.0k
  bailed_out = false;
30
16.0k
  zend_alter_ini_entry_chars(
31
16.0k
    jit_option, "off", sizeof("off")-1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
32
16.0k
  fuzzer_do_request_from_buffer(
33
16.0k
    FILE_NAME, (const char *) Data, Size, /* execute */ 1, opcache_invalidate);
34
35
16.0k
  if (!bailed_out) {
36
9.65k
    steps_left = MAX_STEPS;
37
9.65k
    zend_alter_ini_entry_chars(jit_option,
38
9.65k
      "function", sizeof("function")-1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
39
9.65k
    zend_execute_ex = orig_execute_ex;
40
9.65k
    fuzzer_do_request_from_buffer(
41
9.65k
      FILE_NAME, (const char *) Data, Size, /* execute */ 1, opcache_invalidate);
42
9.65k
    zend_execute_ex = fuzzer_execute_ex;
43
9.65k
  }
44
45
16.0k
  zend_string_release(jit_option);
46
47
16.0k
  return 0;
48
16.0k
}
49
50
2
int LLVMFuzzerInitialize(int *argc, char ***argv) {
51
2
  char ini_buf[512];
52
2
  snprintf(ini_buf, sizeof(ini_buf),
53
2
    "opcache.validate_timestamps=0\n"
54
2
    "opcache.file_update_protection=0\n"
55
2
    "opcache.jit_buffer_size=128M\n"
56
2
    "opcache.protect_memory=1\n");
57
58
2
  create_file();
59
2
  fuzzer_init_php_for_execute(ini_buf);
60
2
  return 0;
61
2
}