/src/php-src/sapi/fuzzer/fuzzer-json.c

Source
/*
   +----------------------------------------------------------------------+
   | Copyright © The PHP Group and Contributors.                          |
   +----------------------------------------------------------------------+
   | This source file is subject to the Modified BSD License that is      |
   | bundled with this package in the file LICENSE, and is available      |
   | through the World Wide Web at <https://www.php.net/license/>.        |
   |                                                                      |
   | SPDX-License-Identifier: BSD-3-Clause                                |
   +----------------------------------------------------------------------+
   | Authors: Johannes Schlüter <johanes@php.net>                         |
   |          Stanislav Malyshev <stas@php.net>                           |
   +----------------------------------------------------------------------+
 */

#include "fuzzer.h"

#include "Zend/zend.h"
#include <main/php_config.h>
#include "main/php_main.h"

#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>

#include "fuzzer-sapi.h"
#include "ext/json/php_json_parser.h"

int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {

  if (fuzzer_request_startup() == FAILURE){
    return 0;
  }

  char *data = malloc(Size + 1);
  memcpy(data, Data, Size);
  data[Size] = '\0';

  for (int option = 0; option <=1; ++option) {
    zval result;
    php_json_parser parser;
    php_json_parser_init(&parser, &result, data, Size, option, 10);
    if (php_json_yyparse(&parser) == SUCCESS) {
      zval_ptr_dtor(&result);
    }
  }

  php_request_shutdown(NULL);

  free(data);
  return 0;
}

int LLVMFuzzerInitialize(int *argc, char ***argv) {
  fuzzer_init_php(NULL);

  /* fuzzer_shutdown_php(); */
  return 0;
}

Line	Count	Source
1		/*
2		+----------------------------------------------------------------------+
3		\| Copyright © The PHP Group and Contributors. \|
4		+----------------------------------------------------------------------+
5		\| This source file is subject to the Modified BSD License that is \|
6		\| bundled with this package in the file LICENSE, and is available \|
7		\| through the World Wide Web at <https://www.php.net/license/>. \|
8		\| \|
9		\| SPDX-License-Identifier: BSD-3-Clause \|
10		+----------------------------------------------------------------------+
11		\| Authors: Johannes Schlüter <johanes@php.net> \|
12		\| Stanislav Malyshev <stas@php.net> \|
13		+----------------------------------------------------------------------+
14		*/
15
16		#include "fuzzer.h"
17
18		#include "Zend/zend.h"
19		#include <main/php_config.h>
20		#include "main/php_main.h"
21
22		#include <stdio.h>
23		#include <stdint.h>
24		#include <stdlib.h>
25
26		#include "fuzzer-sapi.h"
27		#include "ext/json/php_json_parser.h"
28
29	6.77k	int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
30
31	6.77k	if (fuzzer_request_startup() == FAILURE){
32	0	return 0;
33	0	}
34
35	6.77k	char *data = malloc(Size + 1);
36	6.77k	memcpy(data, Data, Size);
37	6.77k	data[Size] = '\0';
38
39	20.3k	for (int option = 0; option <=1; ++option) {
40	13.5k	zval result;
41	13.5k	php_json_parser parser;
42	13.5k	php_json_parser_init(&parser, &result, data, Size, option, 10);
43	13.5k	if (php_json_yyparse(&parser) == SUCCESS) {
44	3.82k	zval_ptr_dtor(&result);
45	3.82k	}
46	13.5k	}
47
48	6.77k	php_request_shutdown(NULL);
49
50	6.77k	free(data);
51	6.77k	return 0;
52	6.77k	}
53
54	2	int LLVMFuzzerInitialize(int argc, char **argv) {
55	2	fuzzer_init_php(NULL);
56
57		/* fuzzer_shutdown_php(); */
58	2	return 0;
59	2	}

Coverage Report

Created: 2026-06-02 06:36