Accueil Explorer Aide
Connexion
SoftwareDesign
/
csu3_am335x
8
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Branche: master
Branches Tags
csu3_am335x
/
EVSE
/
GPL
/
php-8.1.12
/
sapi
/
fuzzer
/
fuzzer-unserialize.c

fuzzer-unserialize.c 1.9 KB
Lien permanent Historique Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667 
  1. /*
    2. 

  2.    +----------------------------------------------------------------------+
    3. 

  3.    | Copyright (c) The PHP Group                                          |
    4. 

  4.    +----------------------------------------------------------------------+
    5. 

  5.    | This source file is subject to version 3.01 of the PHP license,      |
    6. 

  6.    | that is bundled with this package in the file LICENSE, and is        |
    7. 

  7.    | available through the world-wide-web at the following url:           |
    8. 

  8.    | https://www.php.net/license/3_01.txt                                 |
    9. 

  9.    | If you did not receive a copy of the PHP license and are unable to   |
    10. 

  10.    | obtain it through the world-wide-web, please send a note to          |
    11. 

  11.    | license@php.net so we can mail you a copy immediately.               |
    12. 

  12.    +----------------------------------------------------------------------+
    13. 

  13.    | Authors: Johannes Schlüter <johanes@php.net>                         |
    14. 

  14.    +----------------------------------------------------------------------+
    15. 

  15.  */
    16. 

  16. 

  17. 

  18. #include "fuzzer.h"
    19. 

  19. 

  20. #include "Zend/zend.h"
    21. 

  21. #include "main/php_config.h"
    22. 

  22. #include "main/php_main.h"
    23. 

  23. 

  24. #include <stdio.h>
    25. 

  25. #include <stdint.h>
    26. 

  26. #include <stdlib.h>
    27. 

  27. 

  28. #include "fuzzer-sapi.h"
    29. 

  29. 

  30. #include "ext/standard/php_var.h"
    31. 

  31. 

  32. int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
    33. 

  33. 	unsigned char *orig_data = malloc(Size+1);
    34. 

  34. 	memcpy(orig_data, Data, Size);
    35. 

  35. 	orig_data[Size] = '\0';
    36. 

  36. 

  37. 	if (fuzzer_request_startup() == FAILURE) {
    38. 

  38. 		return 0;
    39. 

  39. 	}
    40. 

  40. 

  41. 	fuzzer_setup_dummy_frame();
    42. 

  42. 

  43. 	{
    44. 

  44. 		const unsigned char *data = orig_data;
    45. 

  45. 		zval result;
    46. 

  46. 		ZVAL_UNDEF(&result);
    47. 

  47. 

  48. 		php_unserialize_data_t var_hash;
    49. 

  49. 		PHP_VAR_UNSERIALIZE_INIT(var_hash);
    50. 

  50. 		php_var_unserialize(&result, (const unsigned char **) &data, data + Size, &var_hash);
    51. 

  51. 		PHP_VAR_UNSERIALIZE_DESTROY(var_hash);
    52. 

  52. 

  53. 		zval_ptr_dtor(&result);
    54. 

  54. 	}
    55. 

  55. 

  56. 	free(orig_data);
    57. 

  57. 

  58. 	fuzzer_request_shutdown();
    59. 

  59. 	return 0;
    60. 

  60. }
    61. 

  61. 

  62. int LLVMFuzzerInitialize(int *argc, char ***argv) {
    63. 

  63. 	fuzzer_init_php();
    64. 

  64. 

  65. 	/* fuzzer_shutdown_php(); */
    66. 

  66. 	return 0;
    67. 

  67. }
    68.