Limit parse depth in mbstring fuzzer

The default depth of 4096 is large enough to cause optimize_node stack overflows under asan. Reduce to 1024.
author: Nikita Popov <nikita.ppv@gmail.com> 2019-12-13 16:09:28 +0100
committer: Nikita Popov <nikita.ppv@gmail.com> 2019-12-13 16:09:28 +0100
commit: 9de4f87aca69b41aa0b26b5f426517b53ec87514 (patch)
tree: d113424d8575168f73a99407d55f657e91c4a200 /sapi/fuzzer
parent: a40a69fdd058cdcb7da5d4527ea6c7dd261417b7 (diff)
download: php-git-9de4f87aca69b41aa0b26b5f426517b53ec87514.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/sapi/fuzzer/fuzzer-mbstring.c b/sapi/fuzzer/fuzzer-mbstring.c
index 3ec0c42c4e..5821024ec3 100644
--- a/sapi/fuzzer/fuzzer-mbstring.c
+++ b/sapi/fuzzer/fuzzer-mbstring.c
@@ -20,6 +20,7 @@
 #include "Zend/zend.h"
 #include "main/php_config.h"
 #include "main/php_main.h"
+#include "oniguruma.h"
 
 #include <stdio.h>
 #include <stdint.h>
@@ -67,6 +68,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 int LLVMFuzzerInitialize(int *argc, char ***argv) {
 	fuzzer_init_php();
 
+	/* The default parse depth limit allows stack overflows under asan. */
+	onig_set_parse_depth_limit(1024);
+
 	/* fuzzer_shutdown_php(); */
 	return 0;
 }
author	Nikita Popov <nikita.ppv@gmail.com>	2019-12-13 16:09:28 +0100
committer	Nikita Popov <nikita.ppv@gmail.com>	2019-12-13 16:09:28 +0100
commit	9de4f87aca69b41aa0b26b5f426517b53ec87514 (patch)
tree	d113424d8575168f73a99407d55f657e91c4a200 /sapi/fuzzer
parent	a40a69fdd058cdcb7da5d4527ea6c7dd261417b7 (diff)
download	php-git-9de4f87aca69b41aa0b26b5f426517b53ec87514.tar.gz