Generate execute corpus in generate_all.php

And add crypt() to the function blacklist, it can be very slow.
php · Aug 27, 2020 · a88226d · a88226d
1 parent ac98ac7
commit a88226d
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 1 deletion.
diff --git a/sapi/fuzzer/README.md b/sapi/fuzzer/README.md
@@ -25,7 +25,8 @@ When running `make` it creates these binaries in `sapi/fuzzer/`:
 * `php-fuzz-unserializehash`: Fuzzing unserialize() for HashContext objects
 * `php-fuzz-json`: Fuzzing JSON parser (requires --enable-json)
 * `php-fuzz-exif`: Fuzzing `exif_read_data()` function (requires --enable-exif)
-* `php-fuzz-mbstring`: fuzzing `mb_ereg[i]()` (requires --enable-mbstring)
+* `php-fuzz-mbstring`: Fuzzing `mb_ereg[i]()` (requires --enable-mbstring)
+* `php-fuzz-execute`: Fuzzing the executor
 
 Some fuzzers have a seed corpus in `sapi/fuzzer/corpus`. You can use it as follows:
 

diff --git a/sapi/fuzzer/fuzzer-sapi.c b/sapi/fuzzer/fuzzer-sapi.c
@@ -50,6 +50,8 @@ const char HARDCODED_INI[] =
 	",chgrp,chmod,chown,copy,file_put_contents,lchgrp,lchown,link,mkdir"
 	",move_uploaded_file,rename,rmdir,symlink,tempname,touch,unlink,fopen"
 	",fsockopen,stream_socket_pair,stream_socket_client"
+	/* crypt() can be very slow. */
+	",crypt"
 	/* openlog() has a known memory-management issue. */
 	",openlog"
 ;

diff --git a/sapi/fuzzer/generate_all.php b/sapi/fuzzer/generate_all.php
@@ -2,3 +2,4 @@
 require __DIR__ . '/generate_unserialize_dict.php';
 require __DIR__ . '/generate_unserializehash_corpus.php';
 require __DIR__ . '/generate_parser_corpus.php';
+require __DIR__ . '/generate_execute_corpus.php';