diff options
Diffstat (limited to 'sapi/fuzzer/fuzzer-json.c')
-rw-r--r-- | sapi/fuzzer/fuzzer-json.c | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/sapi/fuzzer/fuzzer-json.c b/sapi/fuzzer/fuzzer-json.c new file mode 100644 index 0000000000..0c619a22b9 --- /dev/null +++ b/sapi/fuzzer/fuzzer-json.c @@ -0,0 +1,73 @@ +/* + +----------------------------------------------------------------------+ + | PHP Version 7 | + +----------------------------------------------------------------------+ + | Copyright (c) The PHP Group | + +----------------------------------------------------------------------+ + | This source file is subject to version 3.01 of the PHP license, | + | that is bundled with this package in the file LICENSE, and is | + | available through the world-wide-web at the following url: | + | http://www.php.net/license/3_01.txt | + | If you did not receive a copy of the PHP license and are unable to | + | obtain it through the world-wide-web, please send a note to | + | license@php.net so we can mail you a copy immediately. | + +----------------------------------------------------------------------+ + | Authors: Johannes Schlüter <johanes@php.net> | + | Stanislav Malyshev <stas@php.net> | + +----------------------------------------------------------------------+ + */ + + + +#include "fuzzer.h" + +#include "Zend/zend.h" +#include "main/php_config.h" +#include "main/php_main.h" + +#include <stdio.h> +#include <stdint.h> +#include <stdlib.h> + +#include "fuzzer-sapi.h" + +#ifdef HAVE_JSON +#include "ext/json/php_json_parser.h" +#endif + +int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { +#ifdef HAVE_JSON + char *data = malloc(Size+1); + memcpy(data, Data, Size); + data[Size] = '\0'; + + if (php_request_startup()==FAILURE) { + php_module_shutdown(); + return 0; + } + + for (int option = 0; option <=1; ++option) { + zval result; + php_json_parser parser; + php_json_parser_init(&parser, &result, data, Size, option, 10); + php_json_yyparse(&parser); + + ZVAL_UNDEF(&result); + } + + php_request_shutdown(NULL); + + free(data); +#else + fprintf(stderr, "\n\nERROR:\nPHP built without JSON, recompile with --enable-json to use this fuzzer\n"); + exit(1); +#endif + return 0; +} + +int LLVMFuzzerInitialize(int *argc, char ***argv) { + fuzzer_init_php(); + + /* fuzzer_shutdown_php(); */ + return 0; +} |