Coverage Report

Created: 2025-06-13 06:43

/src/php-src/sapi/fuzzer/fuzzer-exif.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
   +----------------------------------------------------------------------+
3
   | Copyright (c) The PHP Group                                          |
4
   +----------------------------------------------------------------------+
5
   | This source file is subject to version 3.01 of the PHP license,      |
6
   | that is bundled with this package in the file LICENSE, and is        |
7
   | available through the world-wide-web at the following url:           |
8
   | https://www.php.net/license/3_01.txt                                 |
9
   | If you did not receive a copy of the PHP license and are unable to   |
10
   | obtain it through the world-wide-web, please send a note to          |
11
   | license@php.net so we can mail you a copy immediately.               |
12
   +----------------------------------------------------------------------+
13
   | Authors: Stanislav Malyshev <stas@php.net>                           |
14
   +----------------------------------------------------------------------+
15
 */
16
17
#include "fuzzer.h"
18
19
#include "Zend/zend.h"
20
#include <main/php_config.h>
21
#include "main/php_main.h"
22
#include "ext/standard/php_var.h"
23
24
#include <stdio.h>
25
#include <stdint.h>
26
#include <stdlib.h>
27
#include <sys/types.h>
28
#include <sys/stat.h>
29
#include <fcntl.h>
30
31
#include "fuzzer-sapi.h"
32
33
6.11k
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
34
6.11k
#ifdef HAVE_EXIF
35
6.11k
  php_stream *stream;
36
6.11k
  zval stream_zv;
37
38
6.11k
  if (Size > 256 * 1024) {
39
    /* Large inputs have a large impact on fuzzer performance,
40
     * but are unlikely to be necessary to reach new codepaths. */
41
4
    return 0;
42
4
  }
43
44
6.11k
  if (fuzzer_request_startup() == FAILURE) {
45
0
    return 0;
46
0
  }
47
48
6.11k
  stream = php_stream_memory_create(TEMP_STREAM_DEFAULT);
49
6.11k
  php_stream_write(stream, (const char *) Data, Size);
50
6.11k
  php_stream_to_zval(stream, &stream_zv);
51
52
6.11k
  fuzzer_call_php_func_zval("exif_read_data", 1, &stream_zv);
53
54
6.11k
  zval_ptr_dtor(&stream_zv);
55
56
  /* cleanup */
57
6.11k
  php_request_shutdown(NULL);
58
59
6.11k
  return 0;
60
#else
61
  fprintf(stderr, "\n\nERROR:\nPHP built without EXIF, recompile with --enable-exif to use this fuzzer\n");
62
  exit(1);
63
#endif
64
6.11k
}
65
66
12
int LLVMFuzzerInitialize(int *argc, char ***argv) {
67
12
  fuzzer_init_php(NULL);
68
69
  /* fuzzer_shutdown_php(); */
70
12
  return 0;
71
12
}
72