/src/php-src/sapi/fuzzer/fuzzer-execute-common.h
Line | Count | Source |
1 | | /* |
2 | | +----------------------------------------------------------------------+ |
3 | | | Copyright (c) The PHP Group | |
4 | | +----------------------------------------------------------------------+ |
5 | | | This source file is subject to version 3.01 of the PHP license, | |
6 | | | that is bundled with this package in the file LICENSE, and is | |
7 | | | available through the world-wide-web at the following url: | |
8 | | | https://www.php.net/license/3_01.txt | |
9 | | | If you did not receive a copy of the PHP license and are unable to | |
10 | | | obtain it through the world-wide-web, please send a note to | |
11 | | | license@php.net so we can mail you a copy immediately. | |
12 | | +----------------------------------------------------------------------+ |
13 | | | Authors: Nikita Popov <nikic@php.net> | |
14 | | +----------------------------------------------------------------------+ |
15 | | */ |
16 | | |
17 | | #include <main/php.h> |
18 | | |
19 | | #if defined(__FreeBSD__) |
20 | | # include <sys/sysctl.h> |
21 | | #endif |
22 | | |
23 | | #include "fuzzer.h" |
24 | | #include "fuzzer-sapi.h" |
25 | | #include "zend_exceptions.h" |
26 | | #include "zend_vm.h" |
27 | | |
28 | 262k | #define FILE_NAME "/tmp/fuzzer.php" |
29 | 309k | #define MAX_STEPS 1000 |
30 | 917k | #define MAX_SIZE (8 * 1024) |
31 | 9.98M | #define ZEND_VM_ENTER_BIT 1ULL |
32 | | |
33 | | static uint32_t steps_left; |
34 | | static bool bailed_out = false; |
35 | | |
36 | 13.0k | static zend_always_inline void fuzzer_bailout(void) { |
37 | 13.0k | bailed_out = true; |
38 | 13.0k | zend_bailout(); |
39 | 13.0k | } fuzzer-tracing-jit.c:fuzzer_bailout Line | Count | Source | 36 | 5.81k | static zend_always_inline void fuzzer_bailout(void) { | 37 | 5.81k | bailed_out = true; | 38 | 5.81k | zend_bailout(); | 39 | 5.81k | } |
fuzzer-function-jit.c:fuzzer_bailout Line | Count | Source | 36 | 6.91k | static zend_always_inline void fuzzer_bailout(void) { | 37 | 6.91k | bailed_out = true; | 38 | 6.91k | zend_bailout(); | 39 | 6.91k | } |
fuzzer-execute.c:fuzzer_bailout Line | Count | Source | 36 | 274 | static zend_always_inline void fuzzer_bailout(void) { | 37 | 274 | bailed_out = true; | 38 | 274 | zend_bailout(); | 39 | 274 | } |
|
40 | | |
41 | 10.8M | static zend_always_inline void fuzzer_step(void) { |
42 | 10.8M | if (--steps_left == 0) { |
43 | | /* Reset steps before bailing out, so code running after bailout (e.g. in |
44 | | * destructors) will get another MAX_STEPS, rather than UINT32_MAX steps. */ |
45 | 4.46k | steps_left = MAX_STEPS; |
46 | 4.46k | fuzzer_bailout(); |
47 | 4.46k | } |
48 | 10.8M | } fuzzer-tracing-jit.c:fuzzer_step Line | Count | Source | 41 | 4.86M | static zend_always_inline void fuzzer_step(void) { | 42 | 4.86M | if (--steps_left == 0) { | 43 | | /* Reset steps before bailing out, so code running after bailout (e.g. in | 44 | | * destructors) will get another MAX_STEPS, rather than UINT32_MAX steps. */ | 45 | 1.89k | steps_left = MAX_STEPS; | 46 | 1.89k | fuzzer_bailout(); | 47 | 1.89k | } | 48 | 4.86M | } |
fuzzer-function-jit.c:fuzzer_step Line | Count | Source | 41 | 5.69M | static zend_always_inline void fuzzer_step(void) { | 42 | 5.69M | if (--steps_left == 0) { | 43 | | /* Reset steps before bailing out, so code running after bailout (e.g. in | 44 | | * destructors) will get another MAX_STEPS, rather than UINT32_MAX steps. */ | 45 | 2.32k | steps_left = MAX_STEPS; | 46 | 2.32k | fuzzer_bailout(); | 47 | 2.32k | } | 48 | 5.69M | } |
fuzzer-execute.c:fuzzer_step Line | Count | Source | 41 | 344k | static zend_always_inline void fuzzer_step(void) { | 42 | 344k | if (--steps_left == 0) { | 43 | | /* Reset steps before bailing out, so code running after bailout (e.g. in | 44 | | * destructors) will get another MAX_STEPS, rather than UINT32_MAX steps. */ | 45 | 248 | steps_left = MAX_STEPS; | 46 | 248 | fuzzer_bailout(); | 47 | 248 | } | 48 | 344k | } |
|
49 | | |
50 | | static void (*orig_execute_ex)(zend_execute_data *execute_data); |
51 | | |
52 | 330k | static void fuzzer_execute_ex(zend_execute_data *execute_data) { |
53 | | |
54 | 330k | #ifdef ZEND_CHECK_STACK_LIMIT |
55 | 330k | if (UNEXPECTED(zend_call_stack_overflowed(EG(stack_limit)))) { |
56 | 0 | zend_call_stack_size_error(); |
57 | | /* No opline was executed before exception */ |
58 | 0 | EG(opline_before_exception) = NULL; |
59 | | /* Fall through to handle exception below. */ |
60 | 0 | } |
61 | 330k | #endif /* ZEND_CHECK_STACK_LIMIT */ |
62 | | |
63 | 330k | const zend_op *opline = EX(opline); |
64 | | |
65 | 10.1M | while (1) { |
66 | 9.87M | fuzzer_step(); |
67 | 9.87M | opline = ((zend_vm_opcode_handler_func_t) zend_get_opcode_handler_func(opline))(execute_data, opline); |
68 | 9.87M | if ((uintptr_t) opline & ZEND_VM_ENTER_BIT) { |
69 | 108k | opline = (const zend_op *) ((uintptr_t) opline & ~ZEND_VM_ENTER_BIT); |
70 | 108k | if (opline) { |
71 | 0 | execute_data = EG(current_execute_data); |
72 | 108k | } else { |
73 | 108k | return; |
74 | 108k | } |
75 | 108k | } |
76 | 9.87M | } |
77 | 330k | } fuzzer-tracing-jit.c:fuzzer_execute_ex Line | Count | Source | 52 | 134k | static void fuzzer_execute_ex(zend_execute_data *execute_data) { | 53 | | | 54 | 134k | #ifdef ZEND_CHECK_STACK_LIMIT | 55 | 134k | if (UNEXPECTED(zend_call_stack_overflowed(EG(stack_limit)))) { | 56 | 0 | zend_call_stack_size_error(); | 57 | | /* No opline was executed before exception */ | 58 | 0 | EG(opline_before_exception) = NULL; | 59 | | /* Fall through to handle exception below. */ | 60 | 0 | } | 61 | 134k | #endif /* ZEND_CHECK_STACK_LIMIT */ | 62 | | | 63 | 134k | const zend_op *opline = EX(opline); | 64 | | | 65 | 4.47M | while (1) { | 66 | 4.37M | fuzzer_step(); | 67 | 4.37M | opline = ((zend_vm_opcode_handler_func_t) zend_get_opcode_handler_func(opline))(execute_data, opline); | 68 | 4.37M | if ((uintptr_t) opline & ZEND_VM_ENTER_BIT) { | 69 | 33.7k | opline = (const zend_op *) ((uintptr_t) opline & ~ZEND_VM_ENTER_BIT); | 70 | 33.7k | if (opline) { | 71 | 0 | execute_data = EG(current_execute_data); | 72 | 33.7k | } else { | 73 | 33.7k | return; | 74 | 33.7k | } | 75 | 33.7k | } | 76 | 4.37M | } | 77 | 134k | } |
fuzzer-function-jit.c:fuzzer_execute_ex Line | Count | Source | 52 | 155k | static void fuzzer_execute_ex(zend_execute_data *execute_data) { | 53 | | | 54 | 155k | #ifdef ZEND_CHECK_STACK_LIMIT | 55 | 155k | if (UNEXPECTED(zend_call_stack_overflowed(EG(stack_limit)))) { | 56 | 0 | zend_call_stack_size_error(); | 57 | | /* No opline was executed before exception */ | 58 | 0 | EG(opline_before_exception) = NULL; | 59 | | /* Fall through to handle exception below. */ | 60 | 0 | } | 61 | 155k | #endif /* ZEND_CHECK_STACK_LIMIT */ | 62 | | | 63 | 155k | const zend_op *opline = EX(opline); | 64 | | | 65 | 5.29M | while (1) { | 66 | 5.18M | fuzzer_step(); | 67 | 5.18M | opline = ((zend_vm_opcode_handler_func_t) zend_get_opcode_handler_func(opline))(execute_data, opline); | 68 | 5.18M | if ((uintptr_t) opline & ZEND_VM_ENTER_BIT) { | 69 | 40.6k | opline = (const zend_op *) ((uintptr_t) opline & ~ZEND_VM_ENTER_BIT); | 70 | 40.6k | if (opline) { | 71 | 0 | execute_data = EG(current_execute_data); | 72 | 40.6k | } else { | 73 | 40.6k | return; | 74 | 40.6k | } | 75 | 40.6k | } | 76 | 5.18M | } | 77 | 155k | } |
fuzzer-execute.c:fuzzer_execute_ex Line | Count | Source | 52 | 40.5k | static void fuzzer_execute_ex(zend_execute_data *execute_data) { | 53 | | | 54 | 40.5k | #ifdef ZEND_CHECK_STACK_LIMIT | 55 | 40.5k | if (UNEXPECTED(zend_call_stack_overflowed(EG(stack_limit)))) { | 56 | 0 | zend_call_stack_size_error(); | 57 | | /* No opline was executed before exception */ | 58 | 0 | EG(opline_before_exception) = NULL; | 59 | | /* Fall through to handle exception below. */ | 60 | 0 | } | 61 | 40.5k | #endif /* ZEND_CHECK_STACK_LIMIT */ | 62 | | | 63 | 40.5k | const zend_op *opline = EX(opline); | 64 | | | 65 | 324k | while (1) { | 66 | 317k | fuzzer_step(); | 67 | 317k | opline = ((zend_vm_opcode_handler_func_t) zend_get_opcode_handler_func(opline))(execute_data, opline); | 68 | 317k | if ((uintptr_t) opline & ZEND_VM_ENTER_BIT) { | 69 | 33.8k | opline = (const zend_op *) ((uintptr_t) opline & ~ZEND_VM_ENTER_BIT); | 70 | 33.8k | if (opline) { | 71 | 0 | execute_data = EG(current_execute_data); | 72 | 33.8k | } else { | 73 | 33.8k | return; | 74 | 33.8k | } | 75 | 33.8k | } | 76 | 317k | } | 77 | 40.5k | } |
|
78 | | |
79 | | static zend_op_array *(*orig_compile_string)( |
80 | | zend_string *source_string, const char *filename, zend_compile_position position); |
81 | | |
82 | | static zend_op_array *fuzzer_compile_string( |
83 | 4.02k | zend_string *str, const char *filename, zend_compile_position position) { |
84 | 4.02k | if (ZSTR_LEN(str) > MAX_SIZE) { |
85 | | /* Avoid compiling huge inputs via eval(). */ |
86 | 6 | fuzzer_bailout(); |
87 | 6 | } |
88 | | |
89 | 4.02k | return orig_compile_string(str, filename, position); |
90 | 4.02k | } fuzzer-tracing-jit.c:fuzzer_compile_string Line | Count | Source | 83 | 2.17k | zend_string *str, const char *filename, zend_compile_position position) { | 84 | 2.17k | if (ZSTR_LEN(str) > MAX_SIZE) { | 85 | | /* Avoid compiling huge inputs via eval(). */ | 86 | 2 | fuzzer_bailout(); | 87 | 2 | } | 88 | | | 89 | 2.17k | return orig_compile_string(str, filename, position); | 90 | 2.17k | } |
fuzzer-function-jit.c:fuzzer_compile_string Line | Count | Source | 83 | 1.81k | zend_string *str, const char *filename, zend_compile_position position) { | 84 | 1.81k | if (ZSTR_LEN(str) > MAX_SIZE) { | 85 | | /* Avoid compiling huge inputs via eval(). */ | 86 | 4 | fuzzer_bailout(); | 87 | 4 | } | 88 | | | 89 | 1.81k | return orig_compile_string(str, filename, position); | 90 | 1.81k | } |
fuzzer-execute.c:fuzzer_compile_string Line | Count | Source | 83 | 37 | zend_string *str, const char *filename, zend_compile_position position) { | 84 | 37 | if (ZSTR_LEN(str) > MAX_SIZE) { | 85 | | /* Avoid compiling huge inputs via eval(). */ | 86 | 0 | fuzzer_bailout(); | 87 | 0 | } | 88 | | | 89 | 37 | return orig_compile_string(str, filename, position); | 90 | 37 | } |
|
91 | | |
92 | | static void (*orig_execute_internal)(zend_execute_data *execute_data, zval *return_value); |
93 | | |
94 | 1.01M | static void fuzzer_execute_internal(zend_execute_data *execute_data, zval *return_value) { |
95 | 1.01M | fuzzer_step(); |
96 | | |
97 | 1.01M | uint32_t num_args = ZEND_CALL_NUM_ARGS(execute_data); |
98 | 2.39M | for (uint32_t i = 0; i < num_args; i++) { |
99 | | /* Some internal functions like preg_replace() may be slow on large inputs. |
100 | | * Limit the maximum size of string inputs. */ |
101 | 1.37M | zval *arg = ZEND_CALL_VAR_NUM(execute_data, i); |
102 | 1.37M | if (Z_TYPE_P(arg) == IS_STRING && Z_STRLEN_P(arg) > MAX_SIZE) { |
103 | 8.54k | fuzzer_bailout(); |
104 | 8.54k | } |
105 | 1.37M | } |
106 | | |
107 | 1.01M | orig_execute_internal(execute_data, return_value); |
108 | 1.01M | } fuzzer-tracing-jit.c:fuzzer_execute_internal Line | Count | Source | 94 | 485k | static void fuzzer_execute_internal(zend_execute_data *execute_data, zval *return_value) { | 95 | 485k | fuzzer_step(); | 96 | | | 97 | 485k | uint32_t num_args = ZEND_CALL_NUM_ARGS(execute_data); | 98 | 1.15M | for (uint32_t i = 0; i < num_args; i++) { | 99 | | /* Some internal functions like preg_replace() may be slow on large inputs. | 100 | | * Limit the maximum size of string inputs. */ | 101 | 668k | zval *arg = ZEND_CALL_VAR_NUM(execute_data, i); | 102 | 668k | if (Z_TYPE_P(arg) == IS_STRING && Z_STRLEN_P(arg) > MAX_SIZE) { | 103 | 3.92k | fuzzer_bailout(); | 104 | 3.92k | } | 105 | 668k | } | 106 | | | 107 | 485k | orig_execute_internal(execute_data, return_value); | 108 | 485k | } |
fuzzer-function-jit.c:fuzzer_execute_internal Line | Count | Source | 94 | 506k | static void fuzzer_execute_internal(zend_execute_data *execute_data, zval *return_value) { | 95 | 506k | fuzzer_step(); | 96 | | | 97 | 506k | uint32_t num_args = ZEND_CALL_NUM_ARGS(execute_data); | 98 | 1.18M | for (uint32_t i = 0; i < num_args; i++) { | 99 | | /* Some internal functions like preg_replace() may be slow on large inputs. | 100 | | * Limit the maximum size of string inputs. */ | 101 | 679k | zval *arg = ZEND_CALL_VAR_NUM(execute_data, i); | 102 | 679k | if (Z_TYPE_P(arg) == IS_STRING && Z_STRLEN_P(arg) > MAX_SIZE) { | 103 | 4.58k | fuzzer_bailout(); | 104 | 4.58k | } | 105 | 679k | } | 106 | | | 107 | 506k | orig_execute_internal(execute_data, return_value); | 108 | 506k | } |
fuzzer-execute.c:fuzzer_execute_internal Line | Count | Source | 94 | 26.8k | static void fuzzer_execute_internal(zend_execute_data *execute_data, zval *return_value) { | 95 | 26.8k | fuzzer_step(); | 96 | | | 97 | 26.8k | uint32_t num_args = ZEND_CALL_NUM_ARGS(execute_data); | 98 | 52.7k | for (uint32_t i = 0; i < num_args; i++) { | 99 | | /* Some internal functions like preg_replace() may be slow on large inputs. | 100 | | * Limit the maximum size of string inputs. */ | 101 | 25.8k | zval *arg = ZEND_CALL_VAR_NUM(execute_data, i); | 102 | 25.8k | if (Z_TYPE_P(arg) == IS_STRING && Z_STRLEN_P(arg) > MAX_SIZE) { | 103 | 26 | fuzzer_bailout(); | 104 | 26 | } | 105 | 25.8k | } | 106 | | | 107 | 26.8k | orig_execute_internal(execute_data, return_value); | 108 | 26.8k | } |
|
109 | | |
110 | 6 | static void fuzzer_init_php_for_execute(const char *extra_ini) { |
111 | | /* Compilation will often trigger fatal errors. |
112 | | * Use tracked allocation mode to avoid leaks in that case. */ |
113 | 6 | putenv("USE_TRACKED_ALLOC=1"); |
114 | | |
115 | | /* Just like other SAPIs, ignore SIGPIPEs. */ |
116 | 6 | signal(SIGPIPE, SIG_IGN); |
117 | | |
118 | 6 | fuzzer_init_php(extra_ini); |
119 | | |
120 | 6 | orig_execute_ex = zend_execute_ex; |
121 | 6 | zend_execute_ex = fuzzer_execute_ex; |
122 | 6 | orig_execute_internal = zend_execute_internal ? zend_execute_internal : execute_internal; |
123 | 6 | zend_execute_internal = fuzzer_execute_internal; |
124 | 6 | orig_compile_string = zend_compile_string; |
125 | 6 | zend_compile_string = fuzzer_compile_string; |
126 | 6 | } fuzzer-tracing-jit.c:fuzzer_init_php_for_execute Line | Count | Source | 110 | 2 | static void fuzzer_init_php_for_execute(const char *extra_ini) { | 111 | | /* Compilation will often trigger fatal errors. | 112 | | * Use tracked allocation mode to avoid leaks in that case. */ | 113 | 2 | putenv("USE_TRACKED_ALLOC=1"); | 114 | | | 115 | | /* Just like other SAPIs, ignore SIGPIPEs. */ | 116 | 2 | signal(SIGPIPE, SIG_IGN); | 117 | | | 118 | 2 | fuzzer_init_php(extra_ini); | 119 | | | 120 | 2 | orig_execute_ex = zend_execute_ex; | 121 | 2 | zend_execute_ex = fuzzer_execute_ex; | 122 | 2 | orig_execute_internal = zend_execute_internal ? zend_execute_internal : execute_internal; | 123 | 2 | zend_execute_internal = fuzzer_execute_internal; | 124 | 2 | orig_compile_string = zend_compile_string; | 125 | 2 | zend_compile_string = fuzzer_compile_string; | 126 | 2 | } |
fuzzer-function-jit.c:fuzzer_init_php_for_execute Line | Count | Source | 110 | 2 | static void fuzzer_init_php_for_execute(const char *extra_ini) { | 111 | | /* Compilation will often trigger fatal errors. | 112 | | * Use tracked allocation mode to avoid leaks in that case. */ | 113 | 2 | putenv("USE_TRACKED_ALLOC=1"); | 114 | | | 115 | | /* Just like other SAPIs, ignore SIGPIPEs. */ | 116 | 2 | signal(SIGPIPE, SIG_IGN); | 117 | | | 118 | 2 | fuzzer_init_php(extra_ini); | 119 | | | 120 | 2 | orig_execute_ex = zend_execute_ex; | 121 | 2 | zend_execute_ex = fuzzer_execute_ex; | 122 | 2 | orig_execute_internal = zend_execute_internal ? zend_execute_internal : execute_internal; | 123 | 2 | zend_execute_internal = fuzzer_execute_internal; | 124 | 2 | orig_compile_string = zend_compile_string; | 125 | 2 | zend_compile_string = fuzzer_compile_string; | 126 | 2 | } |
fuzzer-execute.c:fuzzer_init_php_for_execute Line | Count | Source | 110 | 2 | static void fuzzer_init_php_for_execute(const char *extra_ini) { | 111 | | /* Compilation will often trigger fatal errors. | 112 | | * Use tracked allocation mode to avoid leaks in that case. */ | 113 | 2 | putenv("USE_TRACKED_ALLOC=1"); | 114 | | | 115 | | /* Just like other SAPIs, ignore SIGPIPEs. */ | 116 | 2 | signal(SIGPIPE, SIG_IGN); | 117 | | | 118 | 2 | fuzzer_init_php(extra_ini); | 119 | | | 120 | 2 | orig_execute_ex = zend_execute_ex; | 121 | 2 | zend_execute_ex = fuzzer_execute_ex; | 122 | 2 | orig_execute_internal = zend_execute_internal ? zend_execute_internal : execute_internal; | 123 | 2 | zend_execute_internal = fuzzer_execute_internal; | 124 | 2 | orig_compile_string = zend_compile_string; | 125 | 2 | zend_compile_string = fuzzer_compile_string; | 126 | 2 | } |
|
127 | | |
128 | 4 | ZEND_ATTRIBUTE_UNUSED static void create_file(void) { |
129 | | /* For opcache_invalidate() to work, the dummy file name used for fuzzing needs to |
130 | | * actually exist. */ |
131 | 4 | FILE *f = fopen(FILE_NAME, "w"); |
132 | 4 | fclose(f); |
133 | 4 | } fuzzer-tracing-jit.c:create_file Line | Count | Source | 128 | 2 | ZEND_ATTRIBUTE_UNUSED static void create_file(void) { | 129 | | /* For opcache_invalidate() to work, the dummy file name used for fuzzing needs to | 130 | | * actually exist. */ | 131 | 2 | FILE *f = fopen(FILE_NAME, "w"); | 132 | 2 | fclose(f); | 133 | 2 | } |
fuzzer-function-jit.c:create_file Line | Count | Source | 128 | 2 | ZEND_ATTRIBUTE_UNUSED static void create_file(void) { | 129 | | /* For opcache_invalidate() to work, the dummy file name used for fuzzing needs to | 130 | | * actually exist. */ | 131 | 2 | FILE *f = fopen(FILE_NAME, "w"); | 132 | 2 | fclose(f); | 133 | 2 | } |
Unexecuted instantiation: fuzzer-execute.c:create_file |
134 | | |
135 | 73.8k | ZEND_ATTRIBUTE_UNUSED static void opcache_invalidate(void) { |
136 | 73.8k | steps_left = MAX_STEPS; |
137 | 73.8k | zend_exception_save(); |
138 | 73.8k | zval retval, args[2]; |
139 | 73.8k | zend_function *fn = zend_hash_str_find_ptr(CG(function_table), ZEND_STRL("opcache_invalidate")); |
140 | 73.8k | ZEND_ASSERT(fn != NULL); |
141 | | |
142 | 73.8k | ZVAL_STRING(&args[0], FILE_NAME); |
143 | 73.8k | ZVAL_TRUE(&args[1]); |
144 | 73.8k | zend_call_known_function(fn, NULL, NULL, &retval, 2, args, NULL); |
145 | 73.8k | ZEND_ASSERT(Z_TYPE(retval) == IS_TRUE); |
146 | 73.8k | zval_ptr_dtor(&args[0]); |
147 | 73.8k | zval_ptr_dtor(&retval); |
148 | 73.8k | zend_exception_restore(); |
149 | 73.8k | } fuzzer-tracing-jit.c:opcache_invalidate Line | Count | Source | 135 | 38.5k | ZEND_ATTRIBUTE_UNUSED static void opcache_invalidate(void) { | 136 | 38.5k | steps_left = MAX_STEPS; | 137 | 38.5k | zend_exception_save(); | 138 | 38.5k | zval retval, args[2]; | 139 | 38.5k | zend_function *fn = zend_hash_str_find_ptr(CG(function_table), ZEND_STRL("opcache_invalidate")); | 140 | 38.5k | ZEND_ASSERT(fn != NULL); | 141 | | | 142 | 38.5k | ZVAL_STRING(&args[0], FILE_NAME); | 143 | 38.5k | ZVAL_TRUE(&args[1]); | 144 | 38.5k | zend_call_known_function(fn, NULL, NULL, &retval, 2, args, NULL); | 145 | 38.5k | ZEND_ASSERT(Z_TYPE(retval) == IS_TRUE); | 146 | 38.5k | zval_ptr_dtor(&args[0]); | 147 | 38.5k | zval_ptr_dtor(&retval); | 148 | 38.5k | zend_exception_restore(); | 149 | 38.5k | } |
fuzzer-function-jit.c:opcache_invalidate Line | Count | Source | 135 | 35.3k | ZEND_ATTRIBUTE_UNUSED static void opcache_invalidate(void) { | 136 | 35.3k | steps_left = MAX_STEPS; | 137 | 35.3k | zend_exception_save(); | 138 | 35.3k | zval retval, args[2]; | 139 | 35.3k | zend_function *fn = zend_hash_str_find_ptr(CG(function_table), ZEND_STRL("opcache_invalidate")); | 140 | 35.3k | ZEND_ASSERT(fn != NULL); | 141 | | | 142 | 35.3k | ZVAL_STRING(&args[0], FILE_NAME); | 143 | 35.3k | ZVAL_TRUE(&args[1]); | 144 | 35.3k | zend_call_known_function(fn, NULL, NULL, &retval, 2, args, NULL); | 145 | 35.3k | ZEND_ASSERT(Z_TYPE(retval) == IS_TRUE); | 146 | 35.3k | zval_ptr_dtor(&args[0]); | 147 | 35.3k | zval_ptr_dtor(&retval); | 148 | 35.3k | zend_exception_restore(); | 149 | 35.3k | } |
Unexecuted instantiation: fuzzer-execute.c:opcache_invalidate |