/src/php-src/sapi/fuzzer/fuzzer-execute-common.h
Line | Count | Source |
1 | | /* |
2 | | +----------------------------------------------------------------------+ |
3 | | | Copyright © The PHP Group and Contributors. | |
4 | | +----------------------------------------------------------------------+ |
5 | | | This source file is subject to the Modified BSD License that is | |
6 | | | bundled with this package in the file LICENSE, and is available | |
7 | | | through the World Wide Web at <https://www.php.net/license/>. | |
8 | | | | |
9 | | | SPDX-License-Identifier: BSD-3-Clause | |
10 | | +----------------------------------------------------------------------+ |
11 | | | Authors: Nikita Popov <nikic@php.net> | |
12 | | +----------------------------------------------------------------------+ |
13 | | */ |
14 | | |
15 | | #include <main/php.h> |
16 | | |
17 | | #if defined(__FreeBSD__) |
18 | | # include <sys/sysctl.h> |
19 | | #endif |
20 | | |
21 | | #include "fuzzer.h" |
22 | | #include "fuzzer-sapi.h" |
23 | | #include "zend_exceptions.h" |
24 | | #include "zend_vm.h" |
25 | | |
26 | 209k | #define FILE_NAME "/tmp/fuzzer.php" |
27 | 246k | #define MAX_STEPS 1000 |
28 | 745k | #define MAX_SIZE (8 * 1024) |
29 | 8.72M | #define ZEND_VM_ENTER_BIT 1ULL |
30 | | |
31 | | static uint32_t steps_left; |
32 | | static bool bailed_out = false; |
33 | | |
34 | 11.6k | static zend_always_inline void fuzzer_bailout(void) { |
35 | 11.6k | bailed_out = true; |
36 | 11.6k | zend_bailout(); |
37 | 11.6k | } fuzzer-tracing-jit.c:fuzzer_bailout Line | Count | Source | 34 | 4.97k | static zend_always_inline void fuzzer_bailout(void) { | 35 | 4.97k | bailed_out = true; | 36 | 4.97k | zend_bailout(); | 37 | 4.97k | } |
fuzzer-function-jit.c:fuzzer_bailout Line | Count | Source | 34 | 6.47k | static zend_always_inline void fuzzer_bailout(void) { | 35 | 6.47k | bailed_out = true; | 36 | 6.47k | zend_bailout(); | 37 | 6.47k | } |
fuzzer-execute.c:fuzzer_bailout Line | Count | Source | 34 | 220 | static zend_always_inline void fuzzer_bailout(void) { | 35 | 220 | bailed_out = true; | 36 | 220 | zend_bailout(); | 37 | 220 | } |
|
38 | | |
39 | 9.48M | static zend_always_inline void fuzzer_step(void) { |
40 | 9.48M | if (--steps_left == 0) { |
41 | | /* Reset steps before bailing out, so code running after bailout (e.g. in |
42 | | * destructors) will get another MAX_STEPS, rather than UINT32_MAX steps. */ |
43 | 3.12k | steps_left = MAX_STEPS; |
44 | 3.12k | fuzzer_bailout(); |
45 | 3.12k | } |
46 | 9.48M | } fuzzer-tracing-jit.c:fuzzer_step Line | Count | Source | 39 | 4.13M | static zend_always_inline void fuzzer_step(void) { | 40 | 4.13M | if (--steps_left == 0) { | 41 | | /* Reset steps before bailing out, so code running after bailout (e.g. in | 42 | | * destructors) will get another MAX_STEPS, rather than UINT32_MAX steps. */ | 43 | 1.20k | steps_left = MAX_STEPS; | 44 | 1.20k | fuzzer_bailout(); | 45 | 1.20k | } | 46 | 4.13M | } |
fuzzer-function-jit.c:fuzzer_step Line | Count | Source | 39 | 5.06M | static zend_always_inline void fuzzer_step(void) { | 40 | 5.06M | if (--steps_left == 0) { | 41 | | /* Reset steps before bailing out, so code running after bailout (e.g. in | 42 | | * destructors) will get another MAX_STEPS, rather than UINT32_MAX steps. */ | 43 | 1.70k | steps_left = MAX_STEPS; | 44 | 1.70k | fuzzer_bailout(); | 45 | 1.70k | } | 46 | 5.06M | } |
fuzzer-execute.c:fuzzer_step Line | Count | Source | 39 | 294k | static zend_always_inline void fuzzer_step(void) { | 40 | 294k | if (--steps_left == 0) { | 41 | | /* Reset steps before bailing out, so code running after bailout (e.g. in | 42 | | * destructors) will get another MAX_STEPS, rather than UINT32_MAX steps. */ | 43 | 210 | steps_left = MAX_STEPS; | 44 | 210 | fuzzer_bailout(); | 45 | 210 | } | 46 | 294k | } |
|
47 | | |
48 | | static void (*orig_execute_ex)(zend_execute_data *execute_data); |
49 | | |
50 | 234k | static void fuzzer_execute_ex(zend_execute_data *execute_data) { |
51 | | |
52 | 234k | #ifdef ZEND_CHECK_STACK_LIMIT |
53 | 234k | if (UNEXPECTED(zend_call_stack_overflowed(EG(stack_limit)))) { |
54 | 0 | zend_call_stack_size_error(); |
55 | | /* No opline was executed before exception */ |
56 | 0 | EG(opline_before_exception) = NULL; |
57 | | /* Fall through to handle exception below. */ |
58 | 0 | } |
59 | 234k | #endif /* ZEND_CHECK_STACK_LIMIT */ |
60 | | |
61 | 234k | const zend_op *opline = EX(opline); |
62 | | |
63 | 8.73M | while (1) { |
64 | 8.60M | fuzzer_step(); |
65 | 8.60M | opline = ((zend_vm_opcode_handler_func_t) zend_get_opcode_handler_func(opline))(execute_data, opline); |
66 | 8.60M | if ((uintptr_t) opline & ZEND_VM_ENTER_BIT) { |
67 | 112k | opline = (const zend_op *) ((uintptr_t) opline & ~ZEND_VM_ENTER_BIT); |
68 | 112k | if (opline) { |
69 | 0 | execute_data = EG(current_execute_data); |
70 | 112k | } else { |
71 | 112k | return; |
72 | 112k | } |
73 | 112k | } |
74 | 8.60M | } |
75 | 234k | } fuzzer-tracing-jit.c:fuzzer_execute_ex Line | Count | Source | 50 | 93.5k | static void fuzzer_execute_ex(zend_execute_data *execute_data) { | 51 | | | 52 | 93.5k | #ifdef ZEND_CHECK_STACK_LIMIT | 53 | 93.5k | if (UNEXPECTED(zend_call_stack_overflowed(EG(stack_limit)))) { | 54 | 0 | zend_call_stack_size_error(); | 55 | | /* No opline was executed before exception */ | 56 | 0 | EG(opline_before_exception) = NULL; | 57 | | /* Fall through to handle exception below. */ | 58 | 0 | } | 59 | 93.5k | #endif /* ZEND_CHECK_STACK_LIMIT */ | 60 | | | 61 | 93.5k | const zend_op *opline = EX(opline); | 62 | | | 63 | 3.76M | while (1) { | 64 | 3.71M | fuzzer_step(); | 65 | 3.71M | opline = ((zend_vm_opcode_handler_func_t) zend_get_opcode_handler_func(opline))(execute_data, opline); | 66 | 3.71M | if ((uintptr_t) opline & ZEND_VM_ENTER_BIT) { | 67 | 36.8k | opline = (const zend_op *) ((uintptr_t) opline & ~ZEND_VM_ENTER_BIT); | 68 | 36.8k | if (opline) { | 69 | 0 | execute_data = EG(current_execute_data); | 70 | 36.8k | } else { | 71 | 36.8k | return; | 72 | 36.8k | } | 73 | 36.8k | } | 74 | 3.71M | } | 75 | 93.5k | } |
fuzzer-function-jit.c:fuzzer_execute_ex Line | Count | Source | 50 | 99.2k | static void fuzzer_execute_ex(zend_execute_data *execute_data) { | 51 | | | 52 | 99.2k | #ifdef ZEND_CHECK_STACK_LIMIT | 53 | 99.2k | if (UNEXPECTED(zend_call_stack_overflowed(EG(stack_limit)))) { | 54 | 0 | zend_call_stack_size_error(); | 55 | | /* No opline was executed before exception */ | 56 | 0 | EG(opline_before_exception) = NULL; | 57 | | /* Fall through to handle exception below. */ | 58 | 0 | } | 59 | 99.2k | #endif /* ZEND_CHECK_STACK_LIMIT */ | 60 | | | 61 | 99.2k | const zend_op *opline = EX(opline); | 62 | | | 63 | 4.68M | while (1) { | 64 | 4.62M | fuzzer_step(); | 65 | 4.62M | opline = ((zend_vm_opcode_handler_func_t) zend_get_opcode_handler_func(opline))(execute_data, opline); | 66 | 4.62M | if ((uintptr_t) opline & ZEND_VM_ENTER_BIT) { | 67 | 40.9k | opline = (const zend_op *) ((uintptr_t) opline & ~ZEND_VM_ENTER_BIT); | 68 | 40.9k | if (opline) { | 69 | 0 | execute_data = EG(current_execute_data); | 70 | 40.9k | } else { | 71 | 40.9k | return; | 72 | 40.9k | } | 73 | 40.9k | } | 74 | 4.62M | } | 75 | 99.2k | } |
fuzzer-execute.c:fuzzer_execute_ex Line | Count | Source | 50 | 41.8k | static void fuzzer_execute_ex(zend_execute_data *execute_data) { | 51 | | | 52 | 41.8k | #ifdef ZEND_CHECK_STACK_LIMIT | 53 | 41.8k | if (UNEXPECTED(zend_call_stack_overflowed(EG(stack_limit)))) { | 54 | 0 | zend_call_stack_size_error(); | 55 | | /* No opline was executed before exception */ | 56 | 0 | EG(opline_before_exception) = NULL; | 57 | | /* Fall through to handle exception below. */ | 58 | 0 | } | 59 | 41.8k | #endif /* ZEND_CHECK_STACK_LIMIT */ | 60 | | | 61 | 41.8k | const zend_op *opline = EX(opline); | 62 | | | 63 | 278k | while (1) { | 64 | 271k | fuzzer_step(); | 65 | 271k | opline = ((zend_vm_opcode_handler_func_t) zend_get_opcode_handler_func(opline))(execute_data, opline); | 66 | 271k | if ((uintptr_t) opline & ZEND_VM_ENTER_BIT) { | 67 | 34.3k | opline = (const zend_op *) ((uintptr_t) opline & ~ZEND_VM_ENTER_BIT); | 68 | 34.3k | if (opline) { | 69 | 0 | execute_data = EG(current_execute_data); | 70 | 34.3k | } else { | 71 | 34.3k | return; | 72 | 34.3k | } | 73 | 34.3k | } | 74 | 271k | } | 75 | 41.8k | } |
|
76 | | |
77 | | static zend_op_array *(*orig_compile_string)( |
78 | | zend_string *source_string, const char *filename, zend_compile_position position); |
79 | | |
80 | | static zend_op_array *fuzzer_compile_string( |
81 | 4.71k | zend_string *str, const char *filename, zend_compile_position position) { |
82 | 4.71k | if (ZSTR_LEN(str) > MAX_SIZE) { |
83 | | /* Avoid compiling huge inputs via eval(). */ |
84 | 6 | fuzzer_bailout(); |
85 | 6 | } |
86 | | |
87 | 4.71k | return orig_compile_string(str, filename, position); |
88 | 4.71k | } fuzzer-tracing-jit.c:fuzzer_compile_string Line | Count | Source | 81 | 2.72k | zend_string *str, const char *filename, zend_compile_position position) { | 82 | 2.72k | if (ZSTR_LEN(str) > MAX_SIZE) { | 83 | | /* Avoid compiling huge inputs via eval(). */ | 84 | 2 | fuzzer_bailout(); | 85 | 2 | } | 86 | | | 87 | 2.72k | return orig_compile_string(str, filename, position); | 88 | 2.72k | } |
fuzzer-function-jit.c:fuzzer_compile_string Line | Count | Source | 81 | 1.95k | zend_string *str, const char *filename, zend_compile_position position) { | 82 | 1.95k | if (ZSTR_LEN(str) > MAX_SIZE) { | 83 | | /* Avoid compiling huge inputs via eval(). */ | 84 | 4 | fuzzer_bailout(); | 85 | 4 | } | 86 | | | 87 | 1.95k | return orig_compile_string(str, filename, position); | 88 | 1.95k | } |
fuzzer-execute.c:fuzzer_compile_string Line | Count | Source | 81 | 38 | zend_string *str, const char *filename, zend_compile_position position) { | 82 | 38 | if (ZSTR_LEN(str) > MAX_SIZE) { | 83 | | /* Avoid compiling huge inputs via eval(). */ | 84 | 0 | fuzzer_bailout(); | 85 | 0 | } | 86 | | | 87 | 38 | return orig_compile_string(str, filename, position); | 88 | 38 | } |
|
89 | | |
90 | | static void (*orig_execute_internal)(zend_execute_data *execute_data, zval *return_value); |
91 | | |
92 | 880k | static void fuzzer_execute_internal(zend_execute_data *execute_data, zval *return_value) { |
93 | 880k | fuzzer_step(); |
94 | | |
95 | 880k | uint32_t num_args = ZEND_CALL_NUM_ARGS(execute_data); |
96 | 1.98M | for (uint32_t i = 0; i < num_args; i++) { |
97 | | /* Some internal functions like preg_replace() may be slow on large inputs. |
98 | | * Limit the maximum size of string inputs. */ |
99 | 1.10M | zval *arg = ZEND_CALL_VAR_NUM(execute_data, i); |
100 | 1.10M | if (Z_TYPE_P(arg) == IS_STRING && Z_STRLEN_P(arg) > MAX_SIZE) { |
101 | 8.54k | fuzzer_bailout(); |
102 | 8.54k | } |
103 | 1.10M | } |
104 | | |
105 | 880k | orig_execute_internal(execute_data, return_value); |
106 | 880k | } fuzzer-tracing-jit.c:fuzzer_execute_internal Line | Count | Source | 92 | 420k | static void fuzzer_execute_internal(zend_execute_data *execute_data, zval *return_value) { | 93 | 420k | fuzzer_step(); | 94 | | | 95 | 420k | uint32_t num_args = ZEND_CALL_NUM_ARGS(execute_data); | 96 | 964k | for (uint32_t i = 0; i < num_args; i++) { | 97 | | /* Some internal functions like preg_replace() may be slow on large inputs. | 98 | | * Limit the maximum size of string inputs. */ | 99 | 544k | zval *arg = ZEND_CALL_VAR_NUM(execute_data, i); | 100 | 544k | if (Z_TYPE_P(arg) == IS_STRING && Z_STRLEN_P(arg) > MAX_SIZE) { | 101 | 3.76k | fuzzer_bailout(); | 102 | 3.76k | } | 103 | 544k | } | 104 | | | 105 | 420k | orig_execute_internal(execute_data, return_value); | 106 | 420k | } |
fuzzer-function-jit.c:fuzzer_execute_internal Line | Count | Source | 92 | 436k | static void fuzzer_execute_internal(zend_execute_data *execute_data, zval *return_value) { | 93 | 436k | fuzzer_step(); | 94 | | | 95 | 436k | uint32_t num_args = ZEND_CALL_NUM_ARGS(execute_data); | 96 | 973k | for (uint32_t i = 0; i < num_args; i++) { | 97 | | /* Some internal functions like preg_replace() may be slow on large inputs. | 98 | | * Limit the maximum size of string inputs. */ | 99 | 536k | zval *arg = ZEND_CALL_VAR_NUM(execute_data, i); | 100 | 536k | if (Z_TYPE_P(arg) == IS_STRING && Z_STRLEN_P(arg) > MAX_SIZE) { | 101 | 4.76k | fuzzer_bailout(); | 102 | 4.76k | } | 103 | 536k | } | 104 | | | 105 | 436k | orig_execute_internal(execute_data, return_value); | 106 | 436k | } |
fuzzer-execute.c:fuzzer_execute_internal Line | Count | Source | 92 | 23.5k | static void fuzzer_execute_internal(zend_execute_data *execute_data, zval *return_value) { | 93 | 23.5k | fuzzer_step(); | 94 | | | 95 | 23.5k | uint32_t num_args = ZEND_CALL_NUM_ARGS(execute_data); | 96 | 45.3k | for (uint32_t i = 0; i < num_args; i++) { | 97 | | /* Some internal functions like preg_replace() may be slow on large inputs. | 98 | | * Limit the maximum size of string inputs. */ | 99 | 21.8k | zval *arg = ZEND_CALL_VAR_NUM(execute_data, i); | 100 | 21.8k | if (Z_TYPE_P(arg) == IS_STRING && Z_STRLEN_P(arg) > MAX_SIZE) { | 101 | 10 | fuzzer_bailout(); | 102 | 10 | } | 103 | 21.8k | } | 104 | | | 105 | 23.5k | orig_execute_internal(execute_data, return_value); | 106 | 23.5k | } |
|
107 | | |
108 | 6 | static void fuzzer_init_php_for_execute(const char *extra_ini) { |
109 | | /* Compilation will often trigger fatal errors. |
110 | | * Use tracked allocation mode to avoid leaks in that case. */ |
111 | 6 | putenv("USE_TRACKED_ALLOC=1"); |
112 | | |
113 | | /* Just like other SAPIs, ignore SIGPIPEs. */ |
114 | 6 | signal(SIGPIPE, SIG_IGN); |
115 | | |
116 | 6 | fuzzer_init_php(extra_ini); |
117 | | |
118 | 6 | orig_execute_ex = zend_execute_ex; |
119 | 6 | zend_execute_ex = fuzzer_execute_ex; |
120 | 6 | orig_execute_internal = zend_execute_internal ? zend_execute_internal : execute_internal; |
121 | 6 | zend_execute_internal = fuzzer_execute_internal; |
122 | 6 | orig_compile_string = zend_compile_string; |
123 | 6 | zend_compile_string = fuzzer_compile_string; |
124 | 6 | } fuzzer-tracing-jit.c:fuzzer_init_php_for_execute Line | Count | Source | 108 | 2 | static void fuzzer_init_php_for_execute(const char *extra_ini) { | 109 | | /* Compilation will often trigger fatal errors. | 110 | | * Use tracked allocation mode to avoid leaks in that case. */ | 111 | 2 | putenv("USE_TRACKED_ALLOC=1"); | 112 | | | 113 | | /* Just like other SAPIs, ignore SIGPIPEs. */ | 114 | 2 | signal(SIGPIPE, SIG_IGN); | 115 | | | 116 | 2 | fuzzer_init_php(extra_ini); | 117 | | | 118 | 2 | orig_execute_ex = zend_execute_ex; | 119 | 2 | zend_execute_ex = fuzzer_execute_ex; | 120 | 2 | orig_execute_internal = zend_execute_internal ? zend_execute_internal : execute_internal; | 121 | 2 | zend_execute_internal = fuzzer_execute_internal; | 122 | 2 | orig_compile_string = zend_compile_string; | 123 | 2 | zend_compile_string = fuzzer_compile_string; | 124 | 2 | } |
fuzzer-function-jit.c:fuzzer_init_php_for_execute Line | Count | Source | 108 | 2 | static void fuzzer_init_php_for_execute(const char *extra_ini) { | 109 | | /* Compilation will often trigger fatal errors. | 110 | | * Use tracked allocation mode to avoid leaks in that case. */ | 111 | 2 | putenv("USE_TRACKED_ALLOC=1"); | 112 | | | 113 | | /* Just like other SAPIs, ignore SIGPIPEs. */ | 114 | 2 | signal(SIGPIPE, SIG_IGN); | 115 | | | 116 | 2 | fuzzer_init_php(extra_ini); | 117 | | | 118 | 2 | orig_execute_ex = zend_execute_ex; | 119 | 2 | zend_execute_ex = fuzzer_execute_ex; | 120 | 2 | orig_execute_internal = zend_execute_internal ? zend_execute_internal : execute_internal; | 121 | 2 | zend_execute_internal = fuzzer_execute_internal; | 122 | 2 | orig_compile_string = zend_compile_string; | 123 | 2 | zend_compile_string = fuzzer_compile_string; | 124 | 2 | } |
fuzzer-execute.c:fuzzer_init_php_for_execute Line | Count | Source | 108 | 2 | static void fuzzer_init_php_for_execute(const char *extra_ini) { | 109 | | /* Compilation will often trigger fatal errors. | 110 | | * Use tracked allocation mode to avoid leaks in that case. */ | 111 | 2 | putenv("USE_TRACKED_ALLOC=1"); | 112 | | | 113 | | /* Just like other SAPIs, ignore SIGPIPEs. */ | 114 | 2 | signal(SIGPIPE, SIG_IGN); | 115 | | | 116 | 2 | fuzzer_init_php(extra_ini); | 117 | | | 118 | 2 | orig_execute_ex = zend_execute_ex; | 119 | 2 | zend_execute_ex = fuzzer_execute_ex; | 120 | 2 | orig_execute_internal = zend_execute_internal ? zend_execute_internal : execute_internal; | 121 | 2 | zend_execute_internal = fuzzer_execute_internal; | 122 | 2 | orig_compile_string = zend_compile_string; | 123 | 2 | zend_compile_string = fuzzer_compile_string; | 124 | 2 | } |
|
125 | | |
126 | 4 | ZEND_ATTRIBUTE_UNUSED static void create_file(void) { |
127 | | /* For opcache_invalidate() to work, the dummy file name used for fuzzing needs to |
128 | | * actually exist. */ |
129 | 4 | FILE *f = fopen(FILE_NAME, "w"); |
130 | 4 | fclose(f); |
131 | 4 | } fuzzer-tracing-jit.c:create_file Line | Count | Source | 126 | 2 | ZEND_ATTRIBUTE_UNUSED static void create_file(void) { | 127 | | /* For opcache_invalidate() to work, the dummy file name used for fuzzing needs to | 128 | | * actually exist. */ | 129 | 2 | FILE *f = fopen(FILE_NAME, "w"); | 130 | 2 | fclose(f); | 131 | 2 | } |
fuzzer-function-jit.c:create_file Line | Count | Source | 126 | 2 | ZEND_ATTRIBUTE_UNUSED static void create_file(void) { | 127 | | /* For opcache_invalidate() to work, the dummy file name used for fuzzing needs to | 128 | | * actually exist. */ | 129 | 2 | FILE *f = fopen(FILE_NAME, "w"); | 130 | 2 | fclose(f); | 131 | 2 | } |
Unexecuted instantiation: fuzzer-execute.c:create_file |
132 | | |
133 | 56.9k | ZEND_ATTRIBUTE_UNUSED static void opcache_invalidate(void) { |
134 | 56.9k | steps_left = MAX_STEPS; |
135 | 56.9k | zend_object *exception = EG(exception); |
136 | 56.9k | EG(exception) = NULL; |
137 | 56.9k | zval retval, args[2]; |
138 | 56.9k | zend_function *fn = zend_hash_str_find_ptr(CG(function_table), ZEND_STRL("opcache_invalidate")); |
139 | 56.9k | ZEND_ASSERT(fn != NULL); |
140 | | |
141 | 56.9k | ZVAL_STRING(&args[0], FILE_NAME); |
142 | 56.9k | ZVAL_TRUE(&args[1]); |
143 | 56.9k | zend_call_known_function(fn, NULL, NULL, &retval, 2, args, NULL); |
144 | 56.9k | ZEND_ASSERT(Z_TYPE(retval) == IS_TRUE); |
145 | 56.9k | zval_ptr_dtor(&args[0]); |
146 | 56.9k | zval_ptr_dtor(&retval); |
147 | 56.9k | EG(exception) = exception; |
148 | 56.9k | } fuzzer-tracing-jit.c:opcache_invalidate Line | Count | Source | 133 | 31.2k | ZEND_ATTRIBUTE_UNUSED static void opcache_invalidate(void) { | 134 | 31.2k | steps_left = MAX_STEPS; | 135 | 31.2k | zend_object *exception = EG(exception); | 136 | 31.2k | EG(exception) = NULL; | 137 | 31.2k | zval retval, args[2]; | 138 | 31.2k | zend_function *fn = zend_hash_str_find_ptr(CG(function_table), ZEND_STRL("opcache_invalidate")); | 139 | 31.2k | ZEND_ASSERT(fn != NULL); | 140 | | | 141 | 31.2k | ZVAL_STRING(&args[0], FILE_NAME); | 142 | 31.2k | ZVAL_TRUE(&args[1]); | 143 | 31.2k | zend_call_known_function(fn, NULL, NULL, &retval, 2, args, NULL); | 144 | 31.2k | ZEND_ASSERT(Z_TYPE(retval) == IS_TRUE); | 145 | 31.2k | zval_ptr_dtor(&args[0]); | 146 | 31.2k | zval_ptr_dtor(&retval); | 147 | 31.2k | EG(exception) = exception; | 148 | 31.2k | } |
fuzzer-function-jit.c:opcache_invalidate Line | Count | Source | 133 | 25.7k | ZEND_ATTRIBUTE_UNUSED static void opcache_invalidate(void) { | 134 | 25.7k | steps_left = MAX_STEPS; | 135 | 25.7k | zend_object *exception = EG(exception); | 136 | 25.7k | EG(exception) = NULL; | 137 | 25.7k | zval retval, args[2]; | 138 | 25.7k | zend_function *fn = zend_hash_str_find_ptr(CG(function_table), ZEND_STRL("opcache_invalidate")); | 139 | 25.7k | ZEND_ASSERT(fn != NULL); | 140 | | | 141 | 25.7k | ZVAL_STRING(&args[0], FILE_NAME); | 142 | 25.7k | ZVAL_TRUE(&args[1]); | 143 | 25.7k | zend_call_known_function(fn, NULL, NULL, &retval, 2, args, NULL); | 144 | 25.7k | ZEND_ASSERT(Z_TYPE(retval) == IS_TRUE); | 145 | 25.7k | zval_ptr_dtor(&args[0]); | 146 | 25.7k | zval_ptr_dtor(&retval); | 147 | 25.7k | EG(exception) = exception; | 148 | 25.7k | } |
Unexecuted instantiation: fuzzer-execute.c:opcache_invalidate |