Coverage Report

Created: 2025-06-13 06:43

/src/php-src/sapi/fuzzer/fuzzer-unserialize.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
   +----------------------------------------------------------------------+
3
   | Copyright (c) The PHP Group                                          |
4
   +----------------------------------------------------------------------+
5
   | This source file is subject to version 3.01 of the PHP license,      |
6
   | that is bundled with this package in the file LICENSE, and is        |
7
   | available through the world-wide-web at the following url:           |
8
   | https://www.php.net/license/3_01.txt                                 |
9
   | If you did not receive a copy of the PHP license and are unable to   |
10
   | obtain it through the world-wide-web, please send a note to          |
11
   | license@php.net so we can mail you a copy immediately.               |
12
   +----------------------------------------------------------------------+
13
   | Authors: Johannes Schlüter <johanes@php.net>                         |
14
   +----------------------------------------------------------------------+
15
 */
16
17
18
#include "fuzzer.h"
19
20
#include "Zend/zend.h"
21
#include <main/php_config.h>
22
#include "main/php_main.h"
23
24
#include <stdio.h>
25
#include <stdint.h>
26
#include <stdlib.h>
27
28
#include "fuzzer-sapi.h"
29
30
#include "ext/standard/php_var.h"
31
32
65.4k
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
33
34
65.4k
  if (fuzzer_request_startup() == FAILURE) {
35
0
    return 0;
36
0
  }
37
38
65.4k
  unsigned char *orig_data = malloc(Size+1);
39
65.4k
  memcpy(orig_data, Data, Size);
40
65.4k
  orig_data[Size] = '\0';
41
42
65.4k
  fuzzer_setup_dummy_frame();
43
44
65.4k
  {
45
65.4k
    const unsigned char *data = orig_data;
46
65.4k
    zval result;
47
65.4k
    ZVAL_UNDEF(&result);
48
49
65.4k
    php_unserialize_data_t var_hash;
50
65.4k
    PHP_VAR_UNSERIALIZE_INIT(var_hash);
51
65.4k
    php_var_unserialize(&result, (const unsigned char **) &data, data + Size, &var_hash);
52
65.4k
    PHP_VAR_UNSERIALIZE_DESTROY(var_hash);
53
54
65.4k
    zval_ptr_dtor(&result);
55
65.4k
  }
56
57
65.4k
  free(orig_data);
58
59
65.4k
  fuzzer_request_shutdown();
60
65.4k
  return 0;
61
65.4k
}
62
63
12
int LLVMFuzzerInitialize(int *argc, char ***argv) {
64
12
  fuzzer_init_php(NULL);
65
66
  /* fuzzer_shutdown_php(); */
67
12
  return 0;
68
12
}