Add additional zend_compile_position argument, which can be either
AT_SHEBANG, AT_OPEN_TAG or AFTER_OPEN_TAG. The previous behavior
corresponds to AFTER_OPEN_TAG.
Closes GH-7462.
While the cwd-relative lookup worked for the oss-fuzz docker images,
it doesn't seem to work on the cluster infrastructure. Try finding
opcache.so relative to the binary instead.
It's easy to cause stack overflows with degenerate cases like
"$$$$$x" repeated thousands of times. We have no interest in
addressing these.
Make the input size smaller to hopefully avoid these stack
overflows.
We don't want the current working directory to change during
fuzzing, as that breaks corpus access unless an absolute path is
used. I'm not sure why this issue never came up before.
Having zend_execute_ex set is normally not a problem for the
function JIT, but there is an edge case leak due to special
RELEASE_THIS handling during generator creation. As this is an
unsupported mode of operation, reset to the original handler
for the function jit fuzzer as well.
Now that we have generic --enable-address|undefined|memory-sanitizer
options, let the user pick one of these instead of making the fuzzer
enable one implicitly.
Restrict the size of string arguments in the hope of avoiding some
very common timeouts with pcre. If this doesn't work, the functions
need to be disabled entirely.
This is what we normally do for fatal errors. The reason why this
became necessary now, is that a bailout can switch from a fiber
back to the main stack. In that case we do not want to try
destroying the fiber.
Fixes oss-fuzz #33917.
1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier".
3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted.
4. fixed indentation in some files before |
This PR corrects misspellings identified by the check-spelling action.
The misspellings have been reported at jsoref@b6ba3e2#commitcomment-48946465
The action reports that the changes in this PR would make it happy: jsoref@602417c
Closes GH-6822.
We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.
Of course, zend_bool is retained as an alias.
While we limit the size of the main compilation input, the size
of eval inputs was not limited. This could result in stack
overflows, e.g. oss-fuzz #25464.
This is an end-to-end fuzzer that executes arbitrary PHP code.
We replace the executor with a finite-step executor to avoid
getting stuck in loops or recursion.
Unlike the straight unserialize fuzzer, this runs only on HashContexts,
and it does an update and finalize on the contexts it creates.
Co-authored-by: Nikita Popov <nikic@php.net>
