Coverage Report

Created: 2025-06-13 06:43

/src/php-src/sapi/fuzzer/fuzzer-json.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
   +----------------------------------------------------------------------+
3
   | Copyright (c) The PHP Group                                          |
4
   +----------------------------------------------------------------------+
5
   | This source file is subject to version 3.01 of the PHP license,      |
6
   | that is bundled with this package in the file LICENSE, and is        |
7
   | available through the world-wide-web at the following url:           |
8
   | https://www.php.net/license/3_01.txt                                 |
9
   | If you did not receive a copy of the PHP license and are unable to   |
10
   | obtain it through the world-wide-web, please send a note to          |
11
   | license@php.net so we can mail you a copy immediately.               |
12
   +----------------------------------------------------------------------+
13
   | Authors: Johannes Schlüter <johanes@php.net>                         |
14
   |          Stanislav Malyshev <stas@php.net>                           |
15
   +----------------------------------------------------------------------+
16
 */
17
18
#include "fuzzer.h"
19
20
#include "Zend/zend.h"
21
#include <main/php_config.h>
22
#include "main/php_main.h"
23
24
#include <stdio.h>
25
#include <stdint.h>
26
#include <stdlib.h>
27
28
#include "fuzzer-sapi.h"
29
#include "ext/json/php_json_parser.h"
30
31
6.66k
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
32
33
6.66k
  if (fuzzer_request_startup() == FAILURE){
34
0
    return 0;
35
0
  }
36
37
6.66k
  char *data = malloc(Size + 1);
38
6.66k
  memcpy(data, Data, Size);
39
6.66k
  data[Size] = '\0';
40
41
19.9k
  for (int option = 0; option <=1; ++option) {
42
13.3k
    zval result;
43
13.3k
    php_json_parser parser;
44
13.3k
    php_json_parser_init(&parser, &result, data, Size, option, 10);
45
13.3k
    if (php_json_yyparse(&parser) == SUCCESS) {
46
3.77k
      zval_ptr_dtor(&result);
47
3.77k
    }
48
13.3k
  }
49
50
6.66k
  php_request_shutdown(NULL);
51
52
6.66k
  free(data);
53
6.66k
  return 0;
54
6.66k
}
55
56
12
int LLVMFuzzerInitialize(int *argc, char ***argv) {
57
12
  fuzzer_init_php(NULL);
58
59
  /* fuzzer_shutdown_php(); */
60
12
  return 0;
61
12
}