Added new fuzzer to work with OSS-Fuzz #5785

DavidKorczynski · 2020-06-30T21:29:35Z

I added a new fuzzer that works with OSS-FUzz. It goes for the perl-compatible regular expressions by targetting preg_match.

I would be happy to add more fuzzers, so please let me know if contributions like these are appreciated and sought for.

nikic · 2020-07-01T07:36:05Z

pcre2 is already being directly fuzzed via https://github.com/google/oss-fuzz/tree/master/projects/pcre2, which should be a lot more efficient than going through PHP, with all the overhead that entails.

We generally shouldn't be fuzzing 3rd-party libraries and might want to consider dropping our mbregex fuzzer now that https://github.com/google/oss-fuzz/tree/master/projects/oniguruma exists.

nikic · 2020-07-01T07:48:44Z

That said, while I don't think we should be fuzzing pcre, improving fuzzing coverage in general would be great. There is some pending work:

Add PHAR fuzzer #5424 implements a phar fuzzer, which has historically been a bit of a security hotspot. This needs a fix for a leak, and looking through coverage reports to check that it doesn't get blocked by checksums.
Add experimental "execute" fuzzer #5030 implements an end-to-end execution fuzzer. This can reach all the code, but probably needs some fine-tuning.

For new fuzzers, one area that would be useful to tests is the mbstring extension. For example, the encoding conversion functionality.

nikic · 2020-09-23T10:35:38Z

As said above, I don't think we should be fuzzing PCRE, as it already has dedicated fuzzing.

DavidKorczynski added 4 commits June 30, 2020 21:36

added a pregmatch fuzzer.

55621d2

Generalise preg fuzzer.

cefdceb

Added pregmatch.

adb4b1f

Fixup author name.

b524708

nikic closed this Sep 23, 2020

Provide feedback