archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
122087 commits 526 branches 1434 tags 865 MiB
Commit graph

36 commits

Author SHA1 Message Date
Nikita Popov
4643c0aac5 Add additional entries to unserialize corpus 
These are useful to seed typed property fuzzing.
 2020-11-30 14:32:07 +01:00
Nikita Popov
99a68775bf Fix mbstring fuzzer 
mb_ereg can throw now, so we need a dummy frame and need to
free the exception afterwards.
 2020-09-11 18:35:16 +02:00
Nikita Popov
af0ba0b2d3 Reduce input size limit in execute fuzzer 
We only have 4 Zend test cases > 8k. Large inputs tend to just
make things slower.
 2020-09-07 22:58:34 +02:00
Nikita Popov
9475bcbef7 Avoid large eval inputs in fuzzer 
While we limit the size of the main compilation input, the size
of eval inputs was not limited. This could result in stack
overflows, e.g. oss-fuzz #25464.
 2020-09-07 11:53:01 +02:00
Nikita Popov
2f95af996f Disable InfiniteIterator class while fuzzing 
The combination of LimitIterator and InfiniteIterator can cause
effectively infinite loops that bypass the executor step limit.
 2020-09-04 10:59:55 +02:00
Nikita Popov
05cd31ef64 Extend function blacklist in execute fuzzer 
Add pfsockopen and stream_socket_server.
 2020-09-02 17:30:19 +02:00
Nikita Popov
f0dfdca0ae Fix execute fuzzer on i386 
Opcode handlers use the FASTCALL calling convention...
 2020-08-28 17:03:54 +02:00
Nikita Popov
bb1d0319d7 Fix typo 
This was supposed to include the header, not the C file...
 2020-08-27 16:57:09 +02:00
Nikita Popov
a88226d116 Generate execute corpus in generate_all.php 
And add crypt() to the function blacklist, it can be very slow.
 2020-08-27 16:34:36 +02:00
Nikita Popov
c29838c561 Add experimental "execute" fuzzer 
This is an end-to-end fuzzer that executes arbitrary PHP code.

We replace the executor with a finite-step executor to avoid
getting stuck in loops or recursion.
 2020-08-27 13:06:24 +02:00
Nikita Popov
b0b836175c Extract some common fuzzer code 2020-06-30 15:05:02 +02:00
Eddie Kohler
75ada661b9 Add unserializehash fuzzer. 
Unlike the straight unserialize fuzzer, this runs only on HashContexts,
and it does an update and finalize on the contexts it creates.

Co-authored-by: Nikita Popov <nikic@php.net>
 2020-06-30 14:30:33 +02:00
Nikita Popov
ccf3e01216 Update fuzzer readme 
Drop --enable-json flag and make it more obvious that clang needs
to be used.
 2020-06-12 10:08:34 +02:00
twosee
88355dd338 Constify char * arguments of APIs 
Closes GH-5676.
 2020-06-08 10:38:45 +02:00
Nikita Popov
7562679b45 Remove json checks in fuzzer SAPI 
JSON is now always enabled
 2020-05-29 12:08:45 +02:00
Nikita Popov
318fe06042 Create memory stream in exif fuzzer 
At least one segfault observed because temp file creation failed.
Switch to using a memory stream, which should be more robust, and
more efficient for that matter.
 2020-02-19 10:24:12 +01:00
Christoph M. Becker
dabc28d182 Fix #78880: Spelling error report 
We fix the most often occuring typos according to a recent codespell
report[1] in tests, code comments and documentation.

[1] <https://fossies.org/linux/test/php-src-master-f8f48ce.191129.tar.gz/codespell.html>.
 2019-12-21 11:58:00 +01:00
Nikita Popov
7df8f952ae Further reduce parse depth limit in mbstring fuzzer 
Depth limit of 1024 still causes optimize_node stack overflows
when running under asan.
 2019-12-14 22:43:15 +01:00
Nikita Popov
9de4f87aca Limit parse depth in mbstring fuzzer 
The default depth of 4096 is large enough to cause optimize_node
stack overflows under asan. Reduce to 1024.
 2019-12-13 16:09:28 +01:00
Nikita Popov
11649a6d77 Reduce size limit in parser fuzzer 
Avoid stack overflows during compilation of deeply nested
expressions.
 2019-11-07 21:20:34 +01:00
Nikita Popov
991a0250b5 Reduce oniguruma retry limit in fuzzer 
For some patterns matching may take quite long even at retry limit
100000 and it seems that this is not easy to fix on the oniguruma
side.

Reduce the retry limit by another factor of 10 in hope of reducing
timeouts.
 2019-11-02 10:40:41 +01:00
Nikita Popov
f1aff654be Use php stream in exif fuzzer 
This has the main benefit that we don't go through the
realpath cache, which will cause leak checking to be
disabled.
 2019-10-10 12:33:15 +02:00
Nikita Popov
bd21e202b9 Reduce oniguruma limits in fuzzing sapi 
The defaults are fairly conservative and may still take quite a
bit to match a single expression. Reduce them by a factor of 10x
to speed up fuzzing.
 2019-10-08 17:38:49 +02:00
Fabien Villepinte
76c8f2ed34 Fix regex in generate_parser_corpus.php 
The next section after --FILE-- is not necessarily --EXPECT--.
Accept any section.

Closes GH-4770.
 2019-10-02 16:56:41 +02:00
Nikita Popov
872a759f88 Limit input size in exif fuzzer 
Probably still too much...
 2019-10-01 18:29:23 +02:00
Nikita Popov
4d49ec208e Add --enable-fuzzer-msan flag 
To build fuzzers with memory sanitizer.
 2019-10-01 13:04:47 +02:00
Nikita Popov
15761ef359 Pass mode to open() in exif fuzzer 
Funny how despite all those sanitizers running, nothing ever
caught this...
 2019-09-30 18:23:47 +02:00
Nikita Popov
61f8f68a79 Make fuzzing sapi i386 compatible 
* Avoid an unnecessary -lstdc++ dependency. It's not going to be
   used in the end anyway, and is an unnecessary hassle to set up.
 * Use $LIB_FUZZING_ENGINE instead of hardcoding -lFuzzingEngine.
 2019-09-27 23:58:48 +02:00
Nikita Popov
7e295da81c Limit max length for parser fuzzer 
We're getting some very large inputs (~500KB) on OSS-Fuzz, which
slot down performance a lot. Let's try limiting this, starting
with a still fairly large value of 64KB.

Also remove the max_execution_time limit, so that slow test cases
cause a genuine libfuzzer timeout and we may investigate them.
 2019-09-26 10:45:47 +02:00
Gabriel Caruso
5d6e923d46
Remove mention of PHP major version in Copyright headers 
Closes GH-4732.
 2019-09-25 14:51:43 +02:00
Nikita Popov
1fe47ad233 Add new entries for exif and unserialize fuzzing corpus 2019-09-24 12:34:30 +02:00
Nikita Popov
418d243e37 Change instructions to use oniguruma from git 
Some bugs are already fixed there.

[ci skip]
 2019-09-18 14:56:25 +02:00
Nikita Popov
d7b4cdff3f Add instructions for building an instrumented libonig 
[ci skip]
 2019-09-18 12:49:42 +02:00
Nikita Popov
c1adb7a74e Move scripts out of corpus/ directory 2019-09-16 20:18:29 +02:00
Nikita Popov
c4e2ca607f Various improvements to fuzzer SAPIs 2019-09-16 16:04:10 +02:00
Stanislav Malyshev
41f45647f9 Add fuzzer SAPIs to the core 2019-09-16 16:04:09 +02:00