From: Nikita Popov <nikita.ppv@gmail.com>
Date: Thu, 7 Nov 2019 19:47:04 +0000 (+0100)
Subject: Reduce size limit in parser fuzzer
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=11649a6d779997fac59f487c76dd361cdefe73fb;p=php

Reduce size limit in parser fuzzer

Avoid stack overflows during compilation of deeply nested
expressions.
---

diff --git a/sapi/fuzzer/fuzzer-parser.c b/sapi/fuzzer/fuzzer-parser.c
index 155bd991cc..19f685f967 100644
--- a/sapi/fuzzer/fuzzer-parser.c
+++ b/sapi/fuzzer/fuzzer-parser.c
@@ -27,7 +27,7 @@
 
 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 	char *s;
-	if (Size > 64 * 1024) {
+	if (Size > 32 * 1024) {
 		/* Large inputs have a large impact on fuzzer performance,
 		 * but are unlikely to be necessary to reach new codepaths. */
 		return 0;
diff --git a/sapi/fuzzer/generate_parser_corpus.php b/sapi/fuzzer/generate_parser_corpus.php
index 39cd605438..699c121901 100644
--- a/sapi/fuzzer/generate_parser_corpus.php
+++ b/sapi/fuzzer/generate_parser_corpus.php
@@ -9,11 +9,13 @@ $it = new RecursiveIteratorIterator(
 $corpusDir = __DIR__ . '/corpus/parser';
 @mkdir($corpusDir);
 
+$maxLen = 32 * 1024;
 foreach ($it as $file) {
     if (!preg_match('/\.phpt$/', $file)) continue;
     $code = file_get_contents($file);
     if (!preg_match('/--FILE--\R(.*?)\R--([_A-Z]+)--/s', $code, $matches)) continue;
     $code = $matches[1];
+    if (strlen($code) > $maxLen) continue;
 
     $outFile = str_replace($testsDir, '', $file);
     $outFile = str_replace('/', '_', $outFile);