Limit parse depth in mbstring fuzzer

author Nikita Popov <nikita.ppv@gmail.com>

Fri, 13 Dec 2019 15:09:28 +0000 (16:09 +0100)

committer Nikita Popov <nikita.ppv@gmail.com>

Fri, 13 Dec 2019 15:09:28 +0000 (16:09 +0100)
author Nikita Popov <nikita.ppv@gmail.com>
Fri, 13 Dec 2019 15:09:28 +0000 (16:09 +0100)
committer Nikita Popov <nikita.ppv@gmail.com>
Fri, 13 Dec 2019 15:09:28 +0000 (16:09 +0100)
diff --git a/sapi/fuzzer/fuzzer-mbstring.c b/sapi/fuzzer/fuzzer-mbstring.c

index 3ec0c42c4e5802b420549e807b595e9c0aee88e1..5821024ec39a4b391a8f56c4020c0c08db679458 100644 (file)
--- a/sapi/fuzzer/fuzzer-mbstring.c
+++ b/sapi/fuzzer/fuzzer-mbstring.c
@@ -20,6 +20,7 @@
  #include "Zend/zend.h"
  #include "main/php_config.h"
  #include "main/php_main.h"
+#include "oniguruma.h"
  
  #include <stdio.h>
  #include <stdint.h>
@@ -67,6 +68,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
  int LLVMFuzzerInitialize(int *argc, char ***argv) {
         fuzzer_init_php();
  
+       /* The default parse depth limit allows stack overflows under asan. */
+       onig_set_parse_depth_limit(1024);
+
         /* fuzzer_shutdown_php(); */
         return 0;
  }
author	Nikita Popov <nikita.ppv@gmail.com>
	Fri, 13 Dec 2019 15:09:28 +0000 (16:09 +0100)
committer	Nikita Popov <nikita.ppv@gmail.com>
	Fri, 13 Dec 2019 15:09:28 +0000 (16:09 +0100)