Various improvements to fuzzer SAPIs

sapi/fuzzer/fuzzer-parser.c

@@ -23,56 +23,26 @@
 #include <ext/standard/info.h>
 #include <ext/standard/php_var.h>
 #include <main/php_variables.h>
-#ifdef JO0
-#include <ext/standard/php_smart_str.h>
-#endif
 
 #include "fuzzer.h"
-
 #include "fuzzer-sapi.h"
 
-int fuzzer_do_parse(zend_file_handle *file_handle, char *filename)
-{
-	int retval = FAILURE; /* failure by default */
-
-	SG(options) |= SAPI_OPTION_NO_CHDIR;
-	SG(request_info).argc=0;
-	SG(request_info).argv=NULL;
-
-	if (php_request_startup(TSRMLS_C)==FAILURE) {
-		php_module_shutdown(TSRMLS_C);
-		return FAILURE;
-	}
-
-	SG(headers_sent) = 1;
-	SG(request_info).no_headers = 1;
-	php_register_variable("PHP_SELF", filename, NULL TSRMLS_CC);
-
-	zend_first_try {
-		zend_compile_file(file_handle, ZEND_REQUIRE);
-		//retval = php_execute_script(file_handle TSRMLS_CC);
-	} zend_end_try();
-
-	php_request_shutdown((void *) 0);
-
-	return (retval == SUCCESS) ? SUCCESS : FAILURE;
-}
-
-int fuzzer_do_request_d(char *filename, char *data, size_t data_len);
-
 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 	char *s = malloc(Size+1);
 	memcpy(s, Data, Size);
 	s[Size] = '\0';
 
-	fuzzer_do_request_d("fuzzer.php", Data, Size);
-	//fuzzer_do_parse(&file_handle, "fuzzer.php");
+	fuzzer_do_request_from_buffer("fuzzer.php", s, Size);
 
-	free(s);
+	/* Do not free s: fuzzer_do_request_from_buffer() takes ownership of the allocation. */
 	return 0;
 }
 
 int LLVMFuzzerInitialize(int *argc, char ***argv) {
+	/* Compilation will often trigger fatal errors.
+	 * Use tracked allocation mode to avoid leaks in that case. */
+	putenv("USE_TRACKED_ALLOC=1");
+
 	fuzzer_init_php();
 
 	/* fuzzer_shutdown_php(); */