/src/php-src/sapi/fuzzer/fuzzer-exif.c

Source (jump to first uncovered line)
/*
   +----------------------------------------------------------------------+
   | Copyright (c) The PHP Group                                          |
   +----------------------------------------------------------------------+
   | This source file is subject to version 3.01 of the PHP license,      |
   | that is bundled with this package in the file LICENSE, and is        |
   | available through the world-wide-web at the following url:           |
   | https://www.php.net/license/3_01.txt                                 |
   | If you did not receive a copy of the PHP license and are unable to   |
   | obtain it through the world-wide-web, please send a note to          |
   | license@php.net so we can mail you a copy immediately.               |
   +----------------------------------------------------------------------+
   | Authors: Stanislav Malyshev <stas@php.net>                           |
   +----------------------------------------------------------------------+
 */

#include "fuzzer.h"

#include "Zend/zend.h"
#include <main/php_config.h>
#include "main/php_main.h"
#include "ext/standard/php_var.h"

#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>

#include "fuzzer-sapi.h"

int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
#ifdef HAVE_EXIF
  php_stream *stream;
  zval stream_zv;

  if (Size > 256 * 1024) {
    /* Large inputs have a large impact on fuzzer performance,
     * but are unlikely to be necessary to reach new codepaths. */
    return 0;
  }

  if (fuzzer_request_startup() == FAILURE) {
    return 0;
  }

  stream = php_stream_memory_create(TEMP_STREAM_DEFAULT);
  php_stream_write(stream, (const char *) Data, Size);
  php_stream_to_zval(stream, &stream_zv);

  fuzzer_call_php_func_zval("exif_read_data", 1, &stream_zv);

  zval_ptr_dtor(&stream_zv);

  /* cleanup */
  php_request_shutdown(NULL);

  return 0;
#else
  fprintf(stderr, "\n\nERROR:\nPHP built without EXIF, recompile with --enable-exif to use this fuzzer\n");
  exit(1);
#endif
}

int LLVMFuzzerInitialize(int *argc, char ***argv) {
  fuzzer_init_php(NULL);

  /* fuzzer_shutdown_php(); */
  return 0;
}


Line	Count	Source (jump to first uncovered line)
1		/*
2		+----------------------------------------------------------------------+
3		\| Copyright (c) The PHP Group \|
4		+----------------------------------------------------------------------+
5		\| This source file is subject to version 3.01 of the PHP license, \|
6		\| that is bundled with this package in the file LICENSE, and is \|
7		\| available through the world-wide-web at the following url: \|
8		\| https://www.php.net/license/3_01.txt \|
9		\| If you did not receive a copy of the PHP license and are unable to \|
10		\| obtain it through the world-wide-web, please send a note to \|
11		\| license@php.net so we can mail you a copy immediately. \|
12		+----------------------------------------------------------------------+
13		\| Authors: Stanislav Malyshev <stas@php.net> \|
14		+----------------------------------------------------------------------+
15		*/
16
17		#include "fuzzer.h"
18
19		#include "Zend/zend.h"
20		#include <main/php_config.h>
21		#include "main/php_main.h"
22		#include "ext/standard/php_var.h"
23
24		#include <stdio.h>
25		#include <stdint.h>
26		#include <stdlib.h>
27		#include <sys/types.h>
28		#include <sys/stat.h>
29		#include <fcntl.h>
30
31		#include "fuzzer-sapi.h"
32
33	6.11k	int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
34	6.11k	#ifdef HAVE_EXIF
35	6.11k	php_stream *stream;
36	6.11k	zval stream_zv;
37
38	6.11k	if (Size > 256 * 1024) {
39		/* Large inputs have a large impact on fuzzer performance,
40		* but are unlikely to be necessary to reach new codepaths. */
41	4	return 0;
42	4	}
43
44	6.11k	if (fuzzer_request_startup() == FAILURE) {
45	0	return 0;
46	0	}
47
48	6.11k	stream = php_stream_memory_create(TEMP_STREAM_DEFAULT);
49	6.11k	php_stream_write(stream, (const char *) Data, Size);
50	6.11k	php_stream_to_zval(stream, &stream_zv);
51
52	6.11k	fuzzer_call_php_func_zval("exif_read_data", 1, &stream_zv);
53
54	6.11k	zval_ptr_dtor(&stream_zv);
55
56		/* cleanup */
57	6.11k	php_request_shutdown(NULL);
58
59	6.11k	return 0;
60		#else
61		fprintf(stderr, "\n\nERROR:\nPHP built without EXIF, recompile with --enable-exif to use this fuzzer\n");
62		exit(1);
63		#endif
64	6.11k	}
65
66	12	int LLVMFuzzerInitialize(int argc, char **argv) {
67	12	fuzzer_init_php(NULL);
68
69		/* fuzzer_shutdown_php(); */
70	12	return 0;
71	12	}
72

Coverage Report

Created: 2025-06-13 06:43