archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

sapi/fuzzer: Fetch function and call it directly instead of using a zval to hold the name (#19030)

Browse source
This commit is contained in:
Gina Peter Banyard 2025-07-06 01:29:48 +01:00 committed by GitHub
parent 5a2a150829
commit c33805791d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 10 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

9
sapi/fuzzer/fuzzer-execute-common.h
View file

@ -127,15 +127,16 @@ ZEND_ATTRIBUTE_UNUSED static void create_file(void) {
ZEND_ATTRIBUTE_UNUSED static void opcache_invalidate(void) { ZEND_ATTRIBUTE_UNUSED static void opcache_invalidate(void) {
steps_left = MAX_STEPS; steps_left = MAX_STEPS;
zend_exception_save(); zend_exception_save();
zval retval, func, args[2]; zval retval, args[2];
ZVAL_STRING(&func, "opcache_invalidate"); zend_function *fn = zend_hash_str_find_ptr(CG(function_table), ZEND_STRL("opcache_invalidate"));
ZEND_ASSERT(fn != NULL);
ZVAL_STRING(&args[0], FILE_NAME); ZVAL_STRING(&args[0], FILE_NAME);
ZVAL_TRUE(&args[1]); ZVAL_TRUE(&args[1]);
call_user_function(CG(function_table), NULL, &func, &retval, 2, args); zend_call_known_function(fn, NULL, NULL, &retval, 2, args, NULL);
ZEND_ASSERT(Z_TYPE(retval) == IS_TRUE); ZEND_ASSERT(Z_TYPE(retval) == IS_TRUE);
zval_ptr_dtor(&args[0]); zval_ptr_dtor(&args[0]);
zval_ptr_dtor(&retval); zval_ptr_dtor(&retval);
zval_ptr_dtor(&func);
zend_exception_restore(); zend_exception_restore();
} }

9
sapi/fuzzer/fuzzer-sapi.c
View file

@ -292,11 +292,13 @@ int fuzzer_do_request_from_buffer(
// Call named PHP function with N zval arguments // Call named PHP function with N zval arguments
void fuzzer_call_php_func_zval(const char *func_name, int nargs, zval *args) { void fuzzer_call_php_func_zval(const char *func_name, int nargs, zval *args) {
zval retval, func; zval retval;
zend_function *fn = zend_hash_str_find_ptr(CG(function_table), func_name, strlen(func_name));
ZEND_ASSERT(fn != NULL);
ZVAL_STRING(&func, func_name);
ZVAL_UNDEF(&retval); ZVAL_UNDEF(&retval);
call_user_function(CG(function_table), NULL, &func, &retval, nargs, args); zend_call_known_function(fn, NULL, NULL, &retval, nargs, args, NULL);
// TODO: check result? // TODO: check result?
/* to ensure retval is not broken */ /* to ensure retval is not broken */
@ -304,7 +306,6 @@ void fuzzer_call_php_func_zval(const char *func_name, int nargs, zval *args) {
/* cleanup */ /* cleanup */
zval_ptr_dtor(&retval); zval_ptr_dtor(&retval);
zval_ptr_dtor(&func);
} }
// Call named PHP function with N string arguments // Call named PHP function with N string arguments