Generate execute corpus in generate_all.php

And add crypt() to the function blacklist, it can be very slow.

diff --git a/sapi/fuzzer/README.md b/sapi/fuzzer/README.md
index 710a10f053a603da61c487cd60eae28b8f6882d2..f79baa6c00dffee737a5c6273d20bfa93fff563d 100644 (file)
--- a/sapi/fuzzer/README.md
+++ b/sapi/fuzzer/README.md
@@ -25,7 +25,8 @@ When running `make` it creates these binaries in `sapi/fuzzer/`:
 * `php-fuzz-unserializehash`: Fuzzing unserialize() for HashContext objects
 * `php-fuzz-json`: Fuzzing JSON parser (requires --enable-json)
 * `php-fuzz-exif`: Fuzzing `exif_read_data()` function (requires --enable-exif)
-* `php-fuzz-mbstring`: fuzzing `mb_ereg[i]()` (requires --enable-mbstring)
+* `php-fuzz-mbstring`: Fuzzing `mb_ereg[i]()` (requires --enable-mbstring)
+* `php-fuzz-execute`: Fuzzing the executor
 
 Some fuzzers have a seed corpus in `sapi/fuzzer/corpus`. You can use it as follows:
 

diff --git a/sapi/fuzzer/fuzzer-sapi.c b/sapi/fuzzer/fuzzer-sapi.c
index ff81073744ef667e6a602f403dc55a5737936f00..93d7d09e6ea0ded5287342fe173d74c5f1d721c6 100644 (file)
--- a/sapi/fuzzer/fuzzer-sapi.c
+++ b/sapi/fuzzer/fuzzer-sapi.c
@@ -50,6 +50,8 @@ const char HARDCODED_INI[] =
        ",chgrp,chmod,chown,copy,file_put_contents,lchgrp,lchown,link,mkdir"
        ",move_uploaded_file,rename,rmdir,symlink,tempname,touch,unlink,fopen"
        ",fsockopen,stream_socket_pair,stream_socket_client"
+       /* crypt() can be very slow. */
+       ",crypt"
        /* openlog() has a known memory-management issue. */
        ",openlog"
 ;

diff --git a/sapi/fuzzer/generate_all.php b/sapi/fuzzer/generate_all.php
index eef2ddf24321a4ea2834480957ade012c787981b..589781b004068d38bd38472b465da97f6365aaf3 100644 (file)
--- a/sapi/fuzzer/generate_all.php
+++ b/sapi/fuzzer/generate_all.php
@@ -2,3 +2,4 @@
 require __DIR__ . '/generate_unserialize_dict.php';
 require __DIR__ . '/generate_unserializehash_corpus.php';
 require __DIR__ . '/generate_parser_corpus.php';
+require __DIR__ . '/generate_execute_corpus.php';