/src/php-src/sapi/fuzzer/fuzzer-json.c

Source (jump to first uncovered line)
/*
   +----------------------------------------------------------------------+
   | Copyright (c) The PHP Group                                          |
   +----------------------------------------------------------------------+
   | This source file is subject to version 3.01 of the PHP license,      |
   | that is bundled with this package in the file LICENSE, and is        |
   | available through the world-wide-web at the following url:           |
   | https://www.php.net/license/3_01.txt                                 |
   | If you did not receive a copy of the PHP license and are unable to   |
   | obtain it through the world-wide-web, please send a note to          |
   | license@php.net so we can mail you a copy immediately.               |
   +----------------------------------------------------------------------+
   | Authors: Johannes Schlüter <johanes@php.net>                         |
   |          Stanislav Malyshev <stas@php.net>                           |
   +----------------------------------------------------------------------+
 */

#include "fuzzer.h"

#include "Zend/zend.h"
#include <main/php_config.h>
#include "main/php_main.h"

#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>

#include "fuzzer-sapi.h"
#include "ext/json/php_json_parser.h"

int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {

  if (fuzzer_request_startup() == FAILURE){
    return 0;
  }

  char *data = malloc(Size + 1);
  memcpy(data, Data, Size);
  data[Size] = '\0';

  for (int option = 0; option <=1; ++option) {
    zval result;
    php_json_parser parser;
    php_json_parser_init(&parser, &result, data, Size, option, 10);
    if (php_json_yyparse(&parser) == SUCCESS) {
      zval_ptr_dtor(&result);
    }
  }

  php_request_shutdown(NULL);

  free(data);
  return 0;
}

int LLVMFuzzerInitialize(int *argc, char ***argv) {
  fuzzer_init_php(NULL);

  /* fuzzer_shutdown_php(); */
  return 0;
}

Line	Count	Source (jump to first uncovered line)
1		/*
2		+----------------------------------------------------------------------+
3		\| Copyright (c) The PHP Group \|
4		+----------------------------------------------------------------------+
5		\| This source file is subject to version 3.01 of the PHP license, \|
6		\| that is bundled with this package in the file LICENSE, and is \|
7		\| available through the world-wide-web at the following url: \|
8		\| https://www.php.net/license/3_01.txt \|
9		\| If you did not receive a copy of the PHP license and are unable to \|
10		\| obtain it through the world-wide-web, please send a note to \|
11		\| license@php.net so we can mail you a copy immediately. \|
12		+----------------------------------------------------------------------+
13		\| Authors: Johannes Schlüter <johanes@php.net> \|
14		\| Stanislav Malyshev <stas@php.net> \|
15		+----------------------------------------------------------------------+
16		*/
17
18		#include "fuzzer.h"
19
20		#include "Zend/zend.h"
21		#include <main/php_config.h>
22		#include "main/php_main.h"
23
24		#include <stdio.h>
25		#include <stdint.h>
26		#include <stdlib.h>
27
28		#include "fuzzer-sapi.h"
29		#include "ext/json/php_json_parser.h"
30
31	6.66k	int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
32
33	6.66k	if (fuzzer_request_startup() == FAILURE){
34	0	return 0;
35	0	}
36
37	6.66k	char *data = malloc(Size + 1);
38	6.66k	memcpy(data, Data, Size);
39	6.66k	data[Size] = '\0';
40
41	19.9k	for (int option = 0; option <=1; ++option) {
42	13.3k	zval result;
43	13.3k	php_json_parser parser;
44	13.3k	php_json_parser_init(&parser, &result, data, Size, option, 10);
45	13.3k	if (php_json_yyparse(&parser) == SUCCESS) {
46	3.77k	zval_ptr_dtor(&result);
47	3.77k	}
48	13.3k	}
49
50	6.66k	php_request_shutdown(NULL);
51
52	6.66k	free(data);
53	6.66k	return 0;
54	6.66k	}
55
56	12	int LLVMFuzzerInitialize(int argc, char **argv) {
57	12	fuzzer_init_php(NULL);
58
59		/* fuzzer_shutdown_php(); */
60	12	return 0;
61	12	}

Coverage Report

Created: 2025-06-13 06:43