/src/php-src/sapi/fuzzer/fuzzer-json.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | +----------------------------------------------------------------------+ |
3 | | | Copyright (c) The PHP Group | |
4 | | +----------------------------------------------------------------------+ |
5 | | | This source file is subject to version 3.01 of the PHP license, | |
6 | | | that is bundled with this package in the file LICENSE, and is | |
7 | | | available through the world-wide-web at the following url: | |
8 | | | https://www.php.net/license/3_01.txt | |
9 | | | If you did not receive a copy of the PHP license and are unable to | |
10 | | | obtain it through the world-wide-web, please send a note to | |
11 | | | license@php.net so we can mail you a copy immediately. | |
12 | | +----------------------------------------------------------------------+ |
13 | | | Authors: Johannes Schlüter <johanes@php.net> | |
14 | | | Stanislav Malyshev <stas@php.net> | |
15 | | +----------------------------------------------------------------------+ |
16 | | */ |
17 | | |
18 | | #include "fuzzer.h" |
19 | | |
20 | | #include "Zend/zend.h" |
21 | | #include <main/php_config.h> |
22 | | #include "main/php_main.h" |
23 | | |
24 | | #include <stdio.h> |
25 | | #include <stdint.h> |
26 | | #include <stdlib.h> |
27 | | |
28 | | #include "fuzzer-sapi.h" |
29 | | #include "ext/json/php_json_parser.h" |
30 | | |
31 | 6.66k | int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { |
32 | | |
33 | 6.66k | if (fuzzer_request_startup() == FAILURE){ |
34 | 0 | return 0; |
35 | 0 | } |
36 | | |
37 | 6.66k | char *data = malloc(Size + 1); |
38 | 6.66k | memcpy(data, Data, Size); |
39 | 6.66k | data[Size] = '\0'; |
40 | | |
41 | 19.9k | for (int option = 0; option <=1; ++option) { |
42 | 13.3k | zval result; |
43 | 13.3k | php_json_parser parser; |
44 | 13.3k | php_json_parser_init(&parser, &result, data, Size, option, 10); |
45 | 13.3k | if (php_json_yyparse(&parser) == SUCCESS) { |
46 | 3.77k | zval_ptr_dtor(&result); |
47 | 3.77k | } |
48 | 13.3k | } |
49 | | |
50 | 6.66k | php_request_shutdown(NULL); |
51 | | |
52 | 6.66k | free(data); |
53 | 6.66k | return 0; |
54 | 6.66k | } |
55 | | |
56 | 12 | int LLVMFuzzerInitialize(int *argc, char ***argv) { |
57 | 12 | fuzzer_init_php(NULL); |
58 | | |
59 | | /* fuzzer_shutdown_php(); */ |
60 | 12 | return 0; |
61 | 12 | } |