diff options
| author | Nikita Popov <nikita.ppv@gmail.com> | 2019-11-07 20:47:04 +0100 |
|---|---|---|
| committer | Nikita Popov <nikita.ppv@gmail.com> | 2019-11-07 21:20:34 +0100 |
| commit | 11649a6d779997fac59f487c76dd361cdefe73fb (patch) | |
| tree | 2e8c9ca6156ec08b42b8b16bd79fc2ebe9556c83 | |
| parent | ab6b412a0b6f4c6cae5820a50d1d3756ea26cd0c (diff) | |
| download | php-git-11649a6d779997fac59f487c76dd361cdefe73fb.tar.gz | |
Reduce size limit in parser fuzzer
Avoid stack overflows during compilation of deeply nested
expressions.
| -rw-r--r-- | sapi/fuzzer/fuzzer-parser.c | 2 | ||||
| -rw-r--r-- | sapi/fuzzer/generate_parser_corpus.php | 2 |
2 files changed, 3 insertions, 1 deletions
diff --git a/sapi/fuzzer/fuzzer-parser.c b/sapi/fuzzer/fuzzer-parser.c index 155bd991cc..19f685f967 100644 --- a/sapi/fuzzer/fuzzer-parser.c +++ b/sapi/fuzzer/fuzzer-parser.c @@ -27,7 +27,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { char *s; - if (Size > 64 * 1024) { + if (Size > 32 * 1024) { /* Large inputs have a large impact on fuzzer performance, * but are unlikely to be necessary to reach new codepaths. */ return 0; diff --git a/sapi/fuzzer/generate_parser_corpus.php b/sapi/fuzzer/generate_parser_corpus.php index 39cd605438..699c121901 100644 --- a/sapi/fuzzer/generate_parser_corpus.php +++ b/sapi/fuzzer/generate_parser_corpus.php @@ -9,11 +9,13 @@ $it = new RecursiveIteratorIterator( $corpusDir = __DIR__ . '/corpus/parser'; @mkdir($corpusDir); +$maxLen = 32 * 1024; foreach ($it as $file) { if (!preg_match('/\.phpt$/', $file)) continue; $code = file_get_contents($file); if (!preg_match('/--FILE--\R(.*?)\R--([_A-Z]+)--/s', $code, $matches)) continue; $code = $matches[1]; + if (strlen($code) > $maxLen) continue; $outFile = str_replace($testsDir, '', $file); $outFile = str_replace('/', '_', $outFile); |