From 1fe47ad233b45f3313e8942c3190fd5ca03952f0 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Tue, 24 Sep 2019 12:34:30 +0200
Subject: [PATCH] Add new entries for exif and unserialize fuzzing corpus

---
 .../exif/duplicate_copyright_tag_leak.tiff       | Bin 0 -> 9397 bytes
 .../exif/tag_with_illegal_zero_components.jpeg   | Bin 0 -> 43 bytes
 .../fuzzer/corpus/exif/temporary_buffer_leak.jpg | Bin 0 -> 46 bytes
 .../corpus/exif/zero_length_makernote_leak.tiff  | Bin 0 -> 164 bytes
 sapi/fuzzer/corpus/unserialize/int_min_iv        |   1 +
 sapi/fuzzer/corpus/unserialize/leak_17628        |   1 +
 sapi/fuzzer/corpus/unserialize/leak_17639        |   1 +
 sapi/fuzzer/corpus/unserialize/leak_17646        |   1 +
 .../unserialize/splobjectstorage_negative_count  |   1 +
 9 files changed, 5 insertions(+)
 create mode 100644 sapi/fuzzer/corpus/exif/duplicate_copyright_tag_leak.tiff
 create mode 100644 sapi/fuzzer/corpus/exif/tag_with_illegal_zero_components.jpeg
 create mode 100644 sapi/fuzzer/corpus/exif/temporary_buffer_leak.jpg
 create mode 100644 sapi/fuzzer/corpus/exif/zero_length_makernote_leak.tiff
 create mode 100644 sapi/fuzzer/corpus/unserialize/int_min_iv
 create mode 100644 sapi/fuzzer/corpus/unserialize/leak_17628
 create mode 100644 sapi/fuzzer/corpus/unserialize/leak_17639
 create mode 100644 sapi/fuzzer/corpus/unserialize/leak_17646
 create mode 100644 sapi/fuzzer/corpus/unserialize/splobjectstorage_negative_count

diff --git a/sapi/fuzzer/corpus/exif/duplicate_copyright_tag_leak.tiff b/sapi/fuzzer/corpus/exif/duplicate_copyright_tag_leak.tiff
new file mode 100644
index 0000000000000000000000000000000000000000..48c7fe61ff0cd580ac582899205291206801f23f
GIT binary patch
literal 9397
zcmeHNPiP!v6#sp**>pFxaW=FBL}aNom6+09O%pAMiMGgUce{rkDn)3EU0KjXu;3rM
z#HJz9>z=gOLoeb%5cIAG@ho`CNeKnpLuduHEsf^$_vX*eOm=3oSvPeH^H^ry_uiZD
zz3<Py_vU?5D2yTnz`!Fa2}KNjKy|6l!uPV-kIVDPo5C3)M}3~e6$3aze6eoeOVYpC
z1$;W6K#F(oX#<U?t-j>xD}_*Xca|3X>X20PmO8!dK$GToB1vt{12QlM6Ud*fo+tl5
zfj5qIm|jD$d%>pGBJqz9D?o6%9v2&Yt7CKRS(dfHb$czWm89i<S&_2W_XshOmKC*E
z&Kjs`ntFK!j{(IZMzv=9|AOCd-MSs6yVhXbXkeWqyPZcl73t1<>9r?M^_oH5u;*GN
z*u5Y0D=8ITnnt!*@Y4i;=sv(koq_hnK&!omyGd>7`~T+%v-06EqG=v|zgkHkoYyPV
zlLyMP@13ijd*i^1A2i!kH_e=xBP1o55d_}~KrLYTQN2P34%BK>mw;iFwx}f51XQg?
z4lfL+u>Jo?#tj2_s#JLOcnOJwa2@!=<!=4nJj5sp`(_MaCIAeIULuQiNJN0BU91ma
zfw&rU?b<CIN}X9k-B8F#9&sTX3KbhdJLgkWWOv?q*N%p!+s~B|i}oh3?=-kj4YV@j
zp_R&N0KP$8EZS2pmz}lvkf;MUIQnwbWJb^*Sl6717?6-7J@YmDq1ZK>=Jw<*VT%&s
zn!`kUjTXD+h!u%&&91kMU34oKeY*U%>$1y%;N<%KQ5T86dy&JFX%RO9LB!YCOYk)<
zG+>f6rlut#_85pwP6*sa%U0X!``F9hQckiBsDx$JPu~NlW)BafRxKNOc}1D~pN3d1
zQi=&if^Wx6R<d}a0XQK&Sc#q_VvszIK|S;QyU<Urvu|MFATODZe)yXWDHHTt)Z}aI
z62dPOnC1x#DnqITSSKTMalkTfkP^Ex2GXQorS2g$3iS!FZ->6OhaL5ku2^N*pR$J`
zLmF0+Z0Xb1wZ-LjfEVv^PF)v(ix&<NjyXu?l7wZ@))r;Av73(FbolP-CN**kcTGum
zy>veI(pe{|KqXE^+S;Y@9`D&qB#@RwG}fBwc7;spW-N?d+N5SCMKh^MIaRZbnb!qo
zW0HB1p2h?>)K#{u+^gs)29G!-4{NrgQ%cK>F3kcWD~TIwi7iq<cQ%UEnc26_pBc-t
zBFK_9E83;w$4*SQHA#WO;>IcBq<B;0pP(*G%-76_+sky_VYW3Md0FD?)99w}Pp&uh
z-qfP7vwp@18}50V!jQ4kO53zPtnp_d^_PhLCKu;buq{8;j!+y;JACJ9=dT)j8aca&
zJ<WscY3Os>J+Am}YoM2-<@NH9Jn2at&3a!UB#<`j??PCp2z>nEg(+Rt#o3t^Io_(N
zVIFhwx0T~FS2q9b`1r)+_;_yenaSL9hYsZ@^5c!8wWbt7;-sT8_(tw)wR9JA7R+yi
z&HcATjE^a{l3Tx?=)KC_F9LX7YFGPcrC!Up=o&C4r7IFFn49~oQt?e!ILbr{_;pCW
z6e-DJue~|$>aPg$y@_G;X$6-#m8WzHFErBiJM!@fH;<-v3sTO!IW;o3aOQC3CN;7C
O`W)o2Q9xbZfqwzYCVbui

literal 0
HcmV?d00001

diff --git a/sapi/fuzzer/corpus/exif/tag_with_illegal_zero_components.jpeg b/sapi/fuzzer/corpus/exif/tag_with_illegal_zero_components.jpeg
new file mode 100644
index 0000000000000000000000000000000000000000..c000b938df5e536aa9cadf9544245d71079f4999
GIT binary patch
literal 43
rcmex=;~|5FYei-n1B0(GgBAk=1CIg_0BHsWAqGY!CI&7L6C?%z*Wm_U

literal 0
HcmV?d00001

diff --git a/sapi/fuzzer/corpus/exif/temporary_buffer_leak.jpg b/sapi/fuzzer/corpus/exif/temporary_buffer_leak.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..c9f7ce821feffedf597fa3936b509d7cbbe49699
GIT binary patch
literal 46
scmex=;~|5BYei-n1B0(GgBAk=0|x_Rd**)yAWIR585AJkKZyDd032BgzyJUM

literal 0
HcmV?d00001

diff --git a/sapi/fuzzer/corpus/exif/zero_length_makernote_leak.tiff b/sapi/fuzzer/corpus/exif/zero_length_makernote_leak.tiff
new file mode 100644
index 0000000000000000000000000000000000000000..f1541b39b62b76f624100fab37f8abe9ee60cef8
GIT binary patch
literal 164
zcmebD)MDUZU|`^6=wy&u$_!+EXJKH-Y-M1O0J80YxMq^W3kM*r0L1)^Ouxi|bT1Ht
z03kJxPd)t42vqlufr%lrogpv!KdT_fw*Lu?{~7;-OsE5je`OHtVNg&|VDQb%%g-rE
V)KT#E_w#giRPgom^Y;mH1OP=qB3J+b

literal 0
HcmV?d00001

diff --git a/sapi/fuzzer/corpus/unserialize/int_min_iv b/sapi/fuzzer/corpus/unserialize/int_min_iv
new file mode 100644
index 00000000000..6900dce0884
--- /dev/null
+++ b/sapi/fuzzer/corpus/unserialize/int_min_iv
@@ -0,0 +1 @@
+i:-9223372036854775808;
diff --git a/sapi/fuzzer/corpus/unserialize/leak_17628 b/sapi/fuzzer/corpus/unserialize/leak_17628
new file mode 100644
index 00000000000..45fd8644db7
--- /dev/null
+++ b/sapi/fuzzer/corpus/unserialize/leak_17628
@@ -0,0 +1 @@
+a:2:{i:0;O:19:"SplDoublyLinkedList":8:
i:0;i:04;i:965556;a:6:{i:0;R:04;S:1:"a";i:2;i:961;a:8:{i:0;i:04;i:0;i:0026;i:0;a:2:{i:0;O:13:"RegexIterator":1: i:6176;a:8:{i:0;i:04;S:1:"a";i:2;i:96140012;s:1:"a";i:0;i:91755555500000016742;i:8;a:8:{i:0;i:048;i:2;d:0000800000001000000000000014000000000000000000000040400000004000000516742;i:9;a:8:{i:0;i:048;i:2;d:0000800000001000000000000000000000000000002;i:04;a:9:{i:5;R:11;s:4:"m000";O:9:"Eepictxon":85:{i:5;R:2;s:4:"m000";O:9:"Eepictxon":8:0i:-012;s:1:"a";i:0;i:96170026;i:0;i:04;S:1:"a";i:2;i:9617006;a:7:{i:6;a:7:{i:0;a:9:{i:5;R:1;s:4:"m000";O:9:"Eepictxon":86:{i:5;R:2;s:4:"m000";O:9:"Eepictxon":8:0i:-01400;a:8:{i:0;i:04;i:0;i:0026;i:0;a:2:{i:0;a:2:{i:0;O:19:"SplDoublyLinkedList":8:
i:0;86:{i:5;R:2;on":8:0i:-0140012;s:1:"a";i:0;i:96170026;i:0;i:04;S:1:"a";i:2;i:9617006;a:7:{i:07006;a:7:{i:0;a:9:{i:5;R:1;s:4:"m000";O
\ No newline at end of file
diff --git a/sapi/fuzzer/corpus/unserialize/leak_17639 b/sapi/fuzzer/corpus/unserialize/leak_17639
new file mode 100644
index 00000000000..fb8625a700f
--- /dev/null
+++ b/sapi/fuzzer/corpus/unserialize/leak_17639
@@ -0,0 +1 @@
+a:7:{i:6;i:0;S:1:" ";i:1;i:6;a:8:{i:0;i:4;S:1:" ";i:2;i:9;R:4;S:1:" ";a:2:{i:5;O:13:"RegexIterator":1  i:7;a:8:{i:0;a:7:{i:0;R:10;
\ No newline at end of file
diff --git a/sapi/fuzzer/corpus/unserialize/leak_17646 b/sapi/fuzzer/corpus/unserialize/leak_17646
new file mode 100644
index 00000000000..ac7969e6836
--- /dev/null
+++ b/sapi/fuzzer/corpus/unserialize/leak_17646
@@ -0,0 +1 @@
+O:13:"RegexIter\tor":3:{S:1:"x";a:9:{i:04;R:1;i:5312;O:13:"RegexIterator":53;„i:08032617006;a:7:{i:0;R:04;S:1:"a";i:2;i:5312;O:13:"RegexIterator":53;„i:080326170;O:1:"0":2:1s:1:"1";i:0;i:0;O:13:"Liž’’’terator":2:{i:0;a:6:{i:0;O:1:"0":2:1s:1:"1";i:0;i:1;r:9;}s:1:"1";i:0;i:11111101111110;O:1:"0":4:1s:1:"0";a:6:{i:0;a:2:{i:0;O:10:"ValueError":4:{i:0;O:10:"ValueError":2:{i:0;O:10:"ValueError":4:{i:Error":4:a:7:{s:2:"c{i:0;";a:7:{S:O:
\ No newline at end of file
diff --git a/sapi/fuzzer/corpus/unserialize/splobjectstorage_negative_count b/sapi/fuzzer/corpus/unserialize/splobjectstorage_negative_count
new file mode 100644
index 00000000000..29a3ac47afa
--- /dev/null
+++ b/sapi/fuzzer/corpus/unserialize/splobjectstorage_negative_count
@@ -0,0 +1 @@
+C:16:"SplObjectStorage":25:{x:i:-9223372036854775808;}