File: fuzzer-function-jit.c

package info (click to toggle)
php8.4 8.4.11-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 208,108 kB
  • sloc: ansic: 1,060,628; php: 35,345; sh: 11,866; cpp: 7,201; pascal: 4,913; javascript: 3,091; asm: 2,810; yacc: 2,411; makefile: 689; xml: 446; python: 301; awk: 148
file content (69 lines) | stat: -rw-r--r-- 2,630 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
 
/*
   +----------------------------------------------------------------------+
   | Copyright (c) The PHP Group                                          |
   +----------------------------------------------------------------------+
   | This source file is subject to version 3.01 of the PHP license,      |
   | that is bundled with this package in the file LICENSE, and is        |
   | available through the world-wide-web at the following url:           |
   | https://www.php.net/license/3_01.txt                                 |
   | If you did not receive a copy of the PHP license and are unable to   |
   | obtain it through the world-wide-web, please send a note to          |
   | license@php.net so we can mail you a copy immediately.               |
   +----------------------------------------------------------------------+
   | Authors: Nikita Popov <nikic@php.net>                                |
   +----------------------------------------------------------------------+
 */

#include "fuzzer-execute-common.h"

int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
	if (Size > MAX_SIZE) {
		/* Large inputs have a large impact on fuzzer performance,
		 * but are unlikely to be necessary to reach new codepaths. */
		return 0;
	}

	zend_string *jit_option = ZSTR_INIT_LITERAL("opcache.jit", 1);

	/* First run without JIT to determine whether we bail out. We should not run JITed code if
	 * we bail out here, as the JIT code may loop infinitely. */
	steps_left = MAX_STEPS;
	bailed_out = false;
	zend_alter_ini_entry_chars(
		jit_option, "off", sizeof("off")-1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
	fuzzer_do_request_from_buffer(
		FILE_NAME, (const char *) Data, Size, /* execute */ 1, opcache_invalidate);

	if (!bailed_out) {
		steps_left = MAX_STEPS;
		zend_alter_ini_entry_chars(jit_option,
			"function", sizeof("function")-1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
		zend_execute_ex = orig_execute_ex;
		fuzzer_do_request_from_buffer(
			FILE_NAME, (const char *) Data, Size, /* execute */ 1, opcache_invalidate);
		zend_execute_ex = fuzzer_execute_ex;
	}

	zend_string_release(jit_option);

	return 0;
}

int LLVMFuzzerInitialize(int *argc, char ***argv) {
	char *opcache_path = get_opcache_path();
	assert(opcache_path && "Failed to determine opcache path");

	char ini_buf[512];
	snprintf(ini_buf, sizeof(ini_buf),
		"zend_extension=%s\n"
		"opcache.validate_timestamps=0\n"
		"opcache.file_update_protection=0\n"
		"opcache.jit_buffer_size=128M\n"
		"opcache.protect_memory=1\n",
		opcache_path);
	free(opcache_path);

	create_file();
	fuzzer_init_php_for_execute(ini_buf);
	return 0;
}