In 6fc8d014df, pakutoma added specialized validation functions for
ISO-2022-JP, JIS, UTF-7, and UTF7-IMAP text. In the future, it is
possible we might add such functions for more legacy text encodings.
Allowing them to be tested by php-fuzz-mbstring may help to catch
bugs, both now and in the future.
Currently, php-fuzz-mbstring only confirms that no crashes (including
ASAN violations) occur when converting text from one encoding to
another.
Try performing each conversion operation with two different sizes for
the intermediate buffer which is used to pass data from the decoder to
the encoder. If the encoding conversion code is correct, the size of
that intermediate buffer shouldn't matter; we should always get exactly
the same results.
This is a much stricter test, which is more likely to catch bugs.
Add additional zend_compile_position argument, which can be either
AT_SHEBANG, AT_OPEN_TAG or AFTER_OPEN_TAG. The previous behavior
corresponds to AFTER_OPEN_TAG.
Closes GH-7462.
While the cwd-relative lookup worked for the oss-fuzz docker images,
it doesn't seem to work on the cluster infrastructure. Try finding
opcache.so relative to the binary instead.
It's easy to cause stack overflows with degenerate cases like
"$$$$$x" repeated thousands of times. We have no interest in
addressing these.
Make the input size smaller to hopefully avoid these stack
overflows.
We don't want the current working directory to change during
fuzzing, as that breaks corpus access unless an absolute path is
used. I'm not sure why this issue never came up before.
Having zend_execute_ex set is normally not a problem for the
function JIT, but there is an edge case leak due to special
RELEASE_THIS handling during generator creation. As this is an
unsupported mode of operation, reset to the original handler
for the function jit fuzzer as well.
Now that we have generic --enable-address|undefined|memory-sanitizer
options, let the user pick one of these instead of making the fuzzer
enable one implicitly.
Restrict the size of string arguments in the hope of avoiding some
very common timeouts with pcre. If this doesn't work, the functions
need to be disabled entirely.
This is what we normally do for fatal errors. The reason why this
became necessary now, is that a bailout can switch from a fiber
back to the main stack. In that case we do not want to try
destroying the fiber.
Fixes oss-fuzz #33917.
1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier".
3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted.
4. fixed indentation in some files before |
This PR corrects misspellings identified by the check-spelling action.
The misspellings have been reported at jsoref@b6ba3e2#commitcomment-48946465
The action reports that the changes in this PR would make it happy: jsoref@602417c
Closes GH-6822.
We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.
Of course, zend_bool is retained as an alias.
While we limit the size of the main compilation input, the size
of eval inputs was not limited. This could result in stack
overflows, e.g. oss-fuzz #25464.
