/src/php-src/sapi/fuzzer/fuzzer-exif.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | +----------------------------------------------------------------------+ |
3 | | | Copyright (c) The PHP Group | |
4 | | +----------------------------------------------------------------------+ |
5 | | | This source file is subject to version 3.01 of the PHP license, | |
6 | | | that is bundled with this package in the file LICENSE, and is | |
7 | | | available through the world-wide-web at the following url: | |
8 | | | https://www.php.net/license/3_01.txt | |
9 | | | If you did not receive a copy of the PHP license and are unable to | |
10 | | | obtain it through the world-wide-web, please send a note to | |
11 | | | license@php.net so we can mail you a copy immediately. | |
12 | | +----------------------------------------------------------------------+ |
13 | | | Authors: Stanislav Malyshev <stas@php.net> | |
14 | | +----------------------------------------------------------------------+ |
15 | | */ |
16 | | |
17 | | #include "fuzzer.h" |
18 | | |
19 | | #include "Zend/zend.h" |
20 | | #include <main/php_config.h> |
21 | | #include "main/php_main.h" |
22 | | #include "ext/standard/php_var.h" |
23 | | |
24 | | #include <stdio.h> |
25 | | #include <stdint.h> |
26 | | #include <stdlib.h> |
27 | | #include <sys/types.h> |
28 | | #include <sys/stat.h> |
29 | | #include <fcntl.h> |
30 | | |
31 | | #include "fuzzer-sapi.h" |
32 | | |
33 | 6.11k | int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { |
34 | 6.11k | #ifdef HAVE_EXIF |
35 | 6.11k | php_stream *stream; |
36 | 6.11k | zval stream_zv; |
37 | | |
38 | 6.11k | if (Size > 256 * 1024) { |
39 | | /* Large inputs have a large impact on fuzzer performance, |
40 | | * but are unlikely to be necessary to reach new codepaths. */ |
41 | 4 | return 0; |
42 | 4 | } |
43 | | |
44 | 6.11k | if (fuzzer_request_startup() == FAILURE) { |
45 | 0 | return 0; |
46 | 0 | } |
47 | | |
48 | 6.11k | stream = php_stream_memory_create(TEMP_STREAM_DEFAULT); |
49 | 6.11k | php_stream_write(stream, (const char *) Data, Size); |
50 | 6.11k | php_stream_to_zval(stream, &stream_zv); |
51 | | |
52 | 6.11k | fuzzer_call_php_func_zval("exif_read_data", 1, &stream_zv); |
53 | | |
54 | 6.11k | zval_ptr_dtor(&stream_zv); |
55 | | |
56 | | /* cleanup */ |
57 | 6.11k | php_request_shutdown(NULL); |
58 | | |
59 | 6.11k | return 0; |
60 | | #else |
61 | | fprintf(stderr, "\n\nERROR:\nPHP built without EXIF, recompile with --enable-exif to use this fuzzer\n"); |
62 | | exit(1); |
63 | | #endif |
64 | 6.11k | } |
65 | | |
66 | 12 | int LLVMFuzzerInitialize(int *argc, char ***argv) { |
67 | 12 | fuzzer_init_php(NULL); |
68 | | |
69 | | /* fuzzer_shutdown_php(); */ |
70 | 12 | return 0; |
71 | 12 | } |
72 | | |