/src/php-src/sapi/fuzzer/fuzzer-unserialize.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | +----------------------------------------------------------------------+ |
3 | | | Copyright (c) The PHP Group | |
4 | | +----------------------------------------------------------------------+ |
5 | | | This source file is subject to version 3.01 of the PHP license, | |
6 | | | that is bundled with this package in the file LICENSE, and is | |
7 | | | available through the world-wide-web at the following url: | |
8 | | | https://www.php.net/license/3_01.txt | |
9 | | | If you did not receive a copy of the PHP license and are unable to | |
10 | | | obtain it through the world-wide-web, please send a note to | |
11 | | | license@php.net so we can mail you a copy immediately. | |
12 | | +----------------------------------------------------------------------+ |
13 | | | Authors: Johannes Schlüter <johanes@php.net> | |
14 | | +----------------------------------------------------------------------+ |
15 | | */ |
16 | | |
17 | | |
18 | | #include "fuzzer.h" |
19 | | |
20 | | #include "Zend/zend.h" |
21 | | #include <main/php_config.h> |
22 | | #include "main/php_main.h" |
23 | | |
24 | | #include <stdio.h> |
25 | | #include <stdint.h> |
26 | | #include <stdlib.h> |
27 | | |
28 | | #include "fuzzer-sapi.h" |
29 | | |
30 | | #include "ext/standard/php_var.h" |
31 | | |
32 | 65.4k | int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { |
33 | | |
34 | 65.4k | if (fuzzer_request_startup() == FAILURE) { |
35 | 0 | return 0; |
36 | 0 | } |
37 | | |
38 | 65.4k | unsigned char *orig_data = malloc(Size+1); |
39 | 65.4k | memcpy(orig_data, Data, Size); |
40 | 65.4k | orig_data[Size] = '\0'; |
41 | | |
42 | 65.4k | fuzzer_setup_dummy_frame(); |
43 | | |
44 | 65.4k | { |
45 | 65.4k | const unsigned char *data = orig_data; |
46 | 65.4k | zval result; |
47 | 65.4k | ZVAL_UNDEF(&result); |
48 | | |
49 | 65.4k | php_unserialize_data_t var_hash; |
50 | 65.4k | PHP_VAR_UNSERIALIZE_INIT(var_hash); |
51 | 65.4k | php_var_unserialize(&result, (const unsigned char **) &data, data + Size, &var_hash); |
52 | 65.4k | PHP_VAR_UNSERIALIZE_DESTROY(var_hash); |
53 | | |
54 | 65.4k | zval_ptr_dtor(&result); |
55 | 65.4k | } |
56 | | |
57 | 65.4k | free(orig_data); |
58 | | |
59 | 65.4k | fuzzer_request_shutdown(); |
60 | 65.4k | return 0; |
61 | 65.4k | } |
62 | | |
63 | 12 | int LLVMFuzzerInitialize(int *argc, char ***argv) { |
64 | 12 | fuzzer_init_php(NULL); |
65 | | |
66 | | /* fuzzer_shutdown_php(); */ |
67 | 12 | return 0; |
68 | 12 | } |