Reduce size limit in parser fuzzer

Avoid stack overflows during compilation of deeply nested
expressions.

diff --git a/sapi/fuzzer/fuzzer-parser.c b/sapi/fuzzer/fuzzer-parser.c
index 155bd991cc97183a3d7e982afbf629ed32597926..19f685f967fb988cc66918da746261101b28a178 100644 (file)
--- a/sapi/fuzzer/fuzzer-parser.c
+++ b/sapi/fuzzer/fuzzer-parser.c
@@ -27,7 +27,7 @@
 
 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
        char *s;
-       if (Size > 64 * 1024) {
+       if (Size > 32 * 1024) {
                /* Large inputs have a large impact on fuzzer performance,
                 * but are unlikely to be necessary to reach new codepaths. */
                return 0;

diff --git a/sapi/fuzzer/generate_parser_corpus.php b/sapi/fuzzer/generate_parser_corpus.php
index 39cd60543832e9f30202b640efdc4ae2afc26473..699c1219014b75c1fe02d8c1cf2682c2835a3a8c 100644 (file)
--- a/sapi/fuzzer/generate_parser_corpus.php
+++ b/sapi/fuzzer/generate_parser_corpus.php
@@ -9,11 +9,13 @@ $it = new RecursiveIteratorIterator(
 $corpusDir = __DIR__ . '/corpus/parser';
 @mkdir($corpusDir);
 
+$maxLen = 32 * 1024;
 foreach ($it as $file) {
     if (!preg_match('/\.phpt$/', $file)) continue;
     $code = file_get_contents($file);
     if (!preg_match('/--FILE--\R(.*?)\R--([_A-Z]+)--/s', $code, $matches)) continue;
     $code = $matches[1];
+    if (strlen($code) > $maxLen) continue;
 
     $outFile = str_replace($testsDir, '', $file);
     $outFile = str_replace('/', '_', $outFile);