diff options
author | Nikita Popov <nikita.ppv@gmail.com> | 2019-12-13 16:09:28 +0100 |
---|---|---|
committer | Nikita Popov <nikita.ppv@gmail.com> | 2019-12-13 16:09:28 +0100 |
commit | 9de4f87aca69b41aa0b26b5f426517b53ec87514 (patch) | |
tree | d113424d8575168f73a99407d55f657e91c4a200 /sapi/fuzzer | |
parent | a40a69fdd058cdcb7da5d4527ea6c7dd261417b7 (diff) | |
download | php-git-9de4f87aca69b41aa0b26b5f426517b53ec87514.tar.gz |
Limit parse depth in mbstring fuzzer
The default depth of 4096 is large enough to cause optimize_node
stack overflows under asan. Reduce to 1024.
Diffstat (limited to 'sapi/fuzzer')
-rw-r--r-- | sapi/fuzzer/fuzzer-mbstring.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/sapi/fuzzer/fuzzer-mbstring.c b/sapi/fuzzer/fuzzer-mbstring.c index 3ec0c42c4e..5821024ec3 100644 --- a/sapi/fuzzer/fuzzer-mbstring.c +++ b/sapi/fuzzer/fuzzer-mbstring.c @@ -20,6 +20,7 @@ #include "Zend/zend.h" #include "main/php_config.h" #include "main/php_main.h" +#include "oniguruma.h" #include <stdio.h> #include <stdint.h> @@ -67,6 +68,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { int LLVMFuzzerInitialize(int *argc, char ***argv) { fuzzer_init_php(); + /* The default parse depth limit allows stack overflows under asan. */ + onig_set_parse_depth_limit(1024); + /* fuzzer_shutdown_php(); */ return 0; } |